Category Archives: Nonsense

Repository for the uncategorizable.

Update 6.28.11: Yes! The Tribune just posted an article by Jodi S. Cohen that validates all the suspicion and skepticism: Family, friends got head start in Bright Start match Thanks for keeping at it, Jodi.

Well, it looks like those of us who didn’t receive the matching funds from the Bright Start Savings Direct Save and Match program are left with two options: leave the funds in the 529 plan or accept a refund. According to all reports, Bright Start/Oppenheimer Funds will not be doing the stand-up thing and matching the contributions made before the Bright Start and Office of the Illinois State Treasurer web sites were updated to state that the promotion had ended.

The Chicago Tribune wrote a follow-up article, Treasurer to refund Bright Start contributions, that again gives voice to the nagging idea that people closely connected to Bright Start or the Illinois State Treasurer’s office were among the only account owners to benefit from the promotion.

A telling fact in the article is that “About 7,300 account holders, who unknowingly invested too late, are eligible for the refund.” I’m surprised the number isn’t higher, but it still indicates the degree to which the Treasurer’s office underestimated the response.

Also, the Tribune article is clear about where the blame is being placed for not giving account owners up-to-date information. “Oppenheimer, the program manager for Bright Start, was supposed to update the website to reflect when the limit had been reached, Byron has said.”

Oppenheimer, as we all know by now, has been sued by the state of Oregon and eventually settled with Illinois and five other states over mismanagement of the conservative “Core Plus” bond fund when it lost 38% of its value in 2008.

It’s probably time to start turning the screw on Oppenheimer or shopping around for other managers. Is T. Rowe Price available? Two of the top five 529 plans, as rated by Morningstar in their Morningstar Analyst Rating for 529 College Savings Plans 2010, are managed by T. Rowe Price. (But go with them only if they’re willing to offer Vanguard index funds.)

As of June 20, the Bright Start and Office of the Illinois State Treasurer web sites have been updated with what seems like the final word on the matter.

Contribution Reversals for Bright Start June Save and Match Promotion

Participants of the Bright Start June Save and Match Promotion who did not qualify for the match but made contributions prior to the time that the plan’s website was updated to reflect that the promotion had ended, may be eligible to request a reversal of their contribution.

You are eligible to request a reversal of your entire unmatched contribution amount, without being subject to any fees or penalties if:

(a) You made an online contribution prior to the brightstartsavings.com website update at 1:20pm CT on Saturday, June 4, 2011, informing visitors that the match limit had been reached, and you were not allocated the matching funds.

(b) We received your contribution check in good order before close of business June 10, 2011, and you were not allocated the matching funds.

Please contact your own legal or tax advisors to learn more about the rules about how a reversal might affect individual situations.

To request a reversal or for additional information, participants can call 1.877.43.BRIGHT (1.877.432.7444). Reversals must be requested by 8:00pm CT, July 8, 2011, and may take up to 30 days to process.

This material is not intended to provide legal, tax or investment advice, or to avoid penalties that may be imposed under U.S. federal tax laws. Please contact your own legal or tax advisors to learn more about the rules that may affect individual situations.

I don’t have any evidence that either the Bright Start or the Office of the Illinois State Treasurer web site was updated at 1:20pm CT on Saturday, June 4, 2011. If I recall correctly, the Treasurer’s web site was still displaying the incorrect data as of Sunday, June 5th.

What to do?

I’ve already decided to leave the money in the 529 plan. I’m concerned that there would be unforeseen tax implications for withdrawing it.

Thankfully, I have all of my 529 funds invested in the Vanguard age-based index portfolio, so hopefully Oppenheimer gets no more of my money than is absolutely necessary.

Dan Rutherford, if you’re listening, your office and Oppenheimer really borked this up. Distributing the scholarship funds back to Bright Start account owners was a great idea, but the decision to restrict the matches to 2,500 accounts was awful, and it will not soon be forgotten. Both the Bright Start and Office of the Illinois State Treasurer web sites are pretty lousy. Hiring someone with some internet savvy to identify and resolve some of their problems them would be a smart move.

The last official word…

Update: An appropriately humble letter was sent by Bridget Byron to account owners this week. The text of the letter, along with a scan, is below.

June 20, 2011

Dear Account Owner:

I have personally spoken with many of you and understand your frustration with the execution of our recent promotion and that you did not qualify for a match. I want to personally apologize and assure you that the sole intention of the Illinois State Treasurer’s Office in offering this promotion was to give back to current Illinois account holders. The promotion was announced on the Bright Start website on May 27, 2011, and eligible account owners were sent a letter, via first class mail, on May 31, 2011.

The promotion began on June 1, 2011, at 12:01am CT and offered matching contributions for the first 2,500 contributions up to $250. We now know that the maximum number of contributions as set out in the promotion’s rules, 2,500, was reached by the close of financial markets at 3:00pm CT on Friday, June 3, 2011. Unfortunately, due to standard transactional procedures, this information was not available until the afternoon of Saturday, June 4, 2011, and the brightstartsavings.com website was updated at 1:20pm CT on Saturday, June 4, 2011.

We wish we had the funds to accommodate all contributions but we must abide by our promotion’s restrictions. Nonetheless, we have heard and empathize with your frustration and have worked diligently on a solution for participants who did not qualify for the promotion, but who made contributions prior to the time that the website was updated to reflect that the promotion had ended. Therefore, if (a) you made an online contribution prior to the brightstartsavings.com website update at 1:20pm CT on Saturday, June 4, 2011, or (b) we received your contribution check in good order before close of business June 10, 2011, and you were not allocated the matching funds, you are eligible to request a reversal of your entire contribution amount (without being subject to any fees or penalties). Please contact your own legal or tax advisors to learn more about how a reversal might affect individual situations.

You may contact 1.877.43.BRIGHT (1.877.432.7444) if you decide to request a reversal. Reversals must be requested by 8:00pm CT, July 8, 2011. Please be aware that reversals may take up to 30 days to process.

Thank you for your feedback and candid comments. We appreciate you choosing Bright Start to help save for your child’s college education.

Sincerely,
Bridget Byron
College Savings Program Director
Illinois State Treasurer’s Office

This material is not intended to provide legal, tax or investment advice, or to avoid penalties that may be imposed under U.S. federal tax laws. Please contact your own legal or tax advisors to learn more about the rules that may affect individual situations.

Bright Start Contribution Reversal Offer Letter of June, 2011

You can listen to Rutherford’s interview on WJBC about what caused the problems. It starts with some babble about what he eats for breakfast, but then gets into some good information misinformation.

Update 6.28.11: Rutherford and Byron had a number of chances to come clean about Treasurer’s office employees’ friends and family getting a head start on the matching funds, but did not.

So I finally watched The Social Network over the weekend, and it’s made me feel jealous and a bit guilty.

In a meager effort to console myself for so far failing to be a billionaire, I’m assembling the short list of web-application type things I’ve built here.

  1. A dice roller: rollforit. Enter a name, create a room, invite your friends, and start rolling dice. For people who want to play pen and paper, table-top RPG dice games with their distant friends.
  2. A URL shortener: Minifi.de. Minifi.de comes with an API and a bookmarklet. It really works, too! The technical explanation has more details.
  3. A social networking site: Snapbase. Snapbase is a social site that shows you what’s going on in your city or anywhere in the world as pictures are uploaded by your friends and neighbors. The application extracts location information from the EXIF data embedded in images and displays recent images taken near your present location.
  4. A trouble-ticketing system for an IT help desk or technical support center. It’s really pretty extensive, with asset management, user accounts, salted encrypted passwords, and all sorts of nifty things. I really must write a full description of it at some point, but until then, the documentation is the next best thing.
  5. An account-based invoice tracking and access system for grouping invoices according to clients, then sharing invoice history with those clients and allowing them to easily pay outstanding invoices via Paypal.
  6. An account-based invoice access system where clients can view paid and unpaid invoices, and even easily pay an outstanding invoice via Paypal. I actually use this almost every day.
  7. A simple method for protecting a download using a unique URL that can be emailed to authorized users. The URL can be set to expire after a certain amount of time or any number of downloads.
  8. An update to the above download protection script to protect multiple downloads, generate batches of keys, leave notes about who received the key, the ability to specify per-key the allowable number of downloads and age, and some basic reporting.
  9. An HTML auction template generator called Simple Auction Wizard. It helps you create HTML auction templates for eBay, and uses SWFUpload and tinyMCE.

I have another project in the works that promises to be more financially viable, but the most clever thing on that list is Snapbase. It’s in something akin to alpha right now; barely usable. I really wish I had the time to pursue it.

Update 6.28.11: Yes! The Tribune just posted an article that validates all the suspicion and skepticism: Family, friends got head start in Bright Start match
Update 6.20.11: A refund of contributions is the best we’re going to get from Bright Start and Office of the Illinois State Treasurer: Illinois Bright Start Match Promotion Update – Refunds
Update 6.11.11: The AP article has been picked up by Forbes and Businessweek. HuffPost Chicago also has a post that references both the AP and Chicago Tribune articles. Bright Start College Savings Program Contributors Feel Duped Over Matching Funds Promise
Update 6.9.11: The AP has written a story about this that has been picked up by The State Journal-Register. Thousands miss out on Illinois college savings offer
Update 6.8.11: The Chicago Tribune has written a story about this. Bright Start contributors angry over missed matches

When I got home from work on Friday, June 3, 2011, I found a letter from Bright Start, Illinois’ 529 College Savings Plan, that announced a really promising contribution-matching promotion. The text of the letter, along with a scan, is below.

Dear Valued Bright Start Account Owner:

As your Illinois state treasurer, thank you for your continued support and investment in the Bright Start College Savings Program. When I took office, I made a commitment to not only the people of Illinois, but also to the over 100,000 Bright Start account owners and their families.

While I am very pleased with the current financial health of the Program, rest assured I will continue to monitor the Program’s progress very closely in order to fulfill my promise to safeguard you investments. Bright Start continues to offer account owners some of the lowest fees in the nation, making it one of the best ways for you to save for your child’s college education.

As we get ready to kick off the summer season, I have some exciting news to help you get your summer off to a BRIGHT START:

We have a new College Savings Programs Director!

Bridget Byron brings 14 years of investment experience to the Bright Start Program. She was employed at UBS Financial Services for the past 11 years and specialized in fixed income securities. Bridget is a graduate of the University of Chicago with a degree in Economics.

We want to help you jumpstart your college savings!

As your state treasurer, I have decided to use our scholarship funds to help you get a little further ahead with your Bright Start account.

For the month of June, any current Bright Start Direct Sold account owner within the state of Illinois can make a onetime, special contribution to each of their beneficiaries’ Bright Start accounts and we will match that contribution, up to $250. If you have been meaning to put extra money away to help your child get to college, make your money worth more in the month of June.

Participation in the matching promotion for current Bright Start Direct Sold account owners within the state of Illinois is limited to the first 2,500 one-time contributions made during the month of June 2011. Please visit brightstartsavings.com to make a one-time contribution.

As you start to plan your summer vacations, please plan for some extra savings for your child’s Bright Start account!

Sincerely,
Dan Rutherford

Illinois State Treasurer IL0000.117.0511 June 6, 2011

Bright Start Match Promotion Letter

Bright Start Match Promotion June, 2011 Letter

Realizing that with 100,000 accounts, the 2,500 available matches were going to be used up quickly, I immediately went to the Bright Start web site, found the little blurb mentioning the promotion on the home page, logged in and contributed $250 to each of my two 529 beneficiary accounts. This was probably around 6:15 pm on Friday, June 3.

False assumption #1: that the letter was the first public announcement of the promotion

The Bright Start web site stated that the number of contributions matched so far would be reported on the Office of the Illinois State Treasurer web site.

When I checked the page at http://treasurer.il.gov/programs/college-savings/college-savings.aspx around 6:30 pm on Friday, June 3, it displayed an image of a stylized thermometer showing that 893 contributions had already been matched. The meter came from a third-party site, and there was a hyperlink at the bottom of the meter to that site. I now deeply regret not taking a screenshot of this meter at the time. I would very much like to know why this company’s data was so wrong and to contact as many of their clients as possible with this story.

Thank you, Google! Below is a screenshot of Google’s cached page as it appeared on Jun 4, 2011 16:48:56 GMT.

Office of the Illinois State Treasurer

Office of the Illinois State Treasurer page as of June 4, showing 893 contributions

Dear www.easy-fundraising-ideas.com, you and someone at the Treasurer’s office have some explaining to do.

Based on the information at the Office of the Illinois State Treasurer web site, I was confident that more than half of the remaining matches were available as of June 3, 2011 and that my contributions would be matched.

False assumption #2: that the information on the Office of the Illinois State Treasurer web site was up-to-date

When I checked the meter again on Sunday, June 5, it had not changed. This sort of made sense, as I didn’t expect that any more contributions would be processed until the following business day, so it was reasonable to believe that the meter was accurately reporting only processed contributions from the previous Friday.

But, it now appears that the meter was not dynamic and was not updated as of the close of financial markets at 3:00 pm C.S.T. on Friday, June 3, 2011. The reported number of contributions as of 6:00 pm Friday was, and probably always was, inaccurate.

Already too late

Today, June 7, 2011, at 5:03 pm, I receved an email from [email protected]:

Bright Start Match Promotion Update

Dear Valued Account Owner,

On May 31st, 2011, the Illinois State Treasurer’s Office mailed hard copy letters to all of our Illinois Bright Start Direct Sold account owners via first class mail announcing a June Matching Contribution promotion.

Due to an overwhelmingly positive response, the maximum number of contributions as set out in the promotion’s rules, 2500, was hit by close of financial markets at 3:00 pm C.S.T. on Friday, June 3, 2011.

We are thrilled that so many account owners chose to participate in this first-ever matching promotion. While we wish that we had the funds to accommodate all contributions, we must abide by our promotion’s restrictions.

Those contributions that were received, either electronically or via hard check, before the cap was reached will be matched. Please check your upcoming account statements or call 1.877.43.BRIGHT (1.877.432.7444) to verify if your contribution was matched.

We appreciate your continued support of the Bright Start program and hope that you will take advantage of any future incentive programs.

Sincerely,

Bridget Byron
College Savings Program Director
Illinois State Treasurer’s Office

http://ebm.e.oppenheimerfunds.com/c/tag/hBN7p$hB7vEh4B8bk1gEDXGPe7X/doc.html?t_params=&om_rid=EDXGPe&om_mid=_BN7p$hB8bk1giF&heartbeat_id=

So basically, by the time I opened and read my letter (and for those people who received their letters on Saturday, before it was even delivered), this promotion had already been fulfilled.

Bridget, I fervently assure you that I will be very wary of taking advantage of any future incentive programs if they appear as poorly thought-out as this one happened to be.

According to the hard copy letter, there are “over 100,000 Bright Start account owners”. I’ll look for more accurate numbers, but assuming for the sake of argument that all 100,000 owners were citizens of Illinois, that each account owner had only a single beneficiary account, and that each account owner made a contribution of $250 in order to receive the maximum match, that means that only 2.5% of the beneficiary accounts would benefit from the match.

Furthermore, I would venture to guess that a good number of account owners have more than one beneficiary account and contributed $250 to each (as I did), so that the matching funds probably went to far fewer than 2,500 families. If the average account owner has 2.5 kids, then only 1 percent of account owners would have seen any of this money. Now, these estimates are purely hypothetical, but at best, only 2.5% of the families who are saving for college benefited from this.

Would it not have been better to lower the amount of the match and thereby increase the number of accounts that could receive some of the $625,000 in available funds. Halving the match to $125 would benefit 5% of the beneficiary accounts, and reducing it to $25 would have spread it among 25% of the accounts.

Now, it probably wouldn’t have maxed out so quickly, but Bright Start still would have gotten their $625,000 in new contributions, and they wouldn’t have so many pissed-off people, either.

Pats on the back

As of Monday, June 7, 2011, the Bright Start web site has been changed, with the information about how to take advantage of the match replaced with the following text:

Save and Match
Promotion Ends!

Thank you for your interest in the Bright Start Savings Direct Save and Match program. Due to the positive response to this offering, we have met the maximum match offers. Thank you for your continued interest and check back regularly for future promotions.

Hooray! What a huge success!

I feel particularly bad for Bridget Byron, who joined Bright Start as the College Savings Program Director only last month, and who had to put her name on the bottom of the email that must have been among the least favorably received emails in all of Illinois today.

Amusingly, Bright Start has a twitter account: http://twitter.com/#!/Bright_Start but hasn’t used it yet. Also, according to the Illinois State Treasurer’s Office company page at LinkedIn, “Treasurer Alexi Giannoulias serves as the state’s banker”. So maybe it’s no wonder that the office can’t make web sites work. However, I am delighted to find that there are frustrated people on Twitter and elsewhere complaining about this.

There are a few things that I find particularly disappointing about this whole debacle.

First is that there is an expectation that easily measurable data, such as the number of entries submitted so far in a promotion, should be accurate and updated in real-time. There is absolutely no reason that the time-sensitive information on the IL Treasurer’s web site should be so incredibly inaccurate for days at a time.

Second is that the Illinois State Treasurer’s Office/Bright Start makes no apologies for running a promotion that did not distribute the available funds to a sufficient number of account owners. You contacted a huge number of people who even if they had acted as fast as reasonably possible to participate still had no realistic way of getting their contributions in on time.

Third is that the Illinois State Treasurer’s Office/Bright Start did not offer to refund the contribution amount to account owners who had contributed between close of business on Friday and when the web sites were updated and/or the email announcing the end of the promotion was distributed on Tuesday. I feel that this would be just and fair. I participated in this promotion because I saw a high likelihood of getting a 100% return on my investment. Now, as that return is no longer possible, I want to invest that money somewhere else. Sour grapes? Maybe. But Bridget Byron/Bright Start’s attitude in the Tuesday email of “thanks for the money, suckers” is hard to swallow.

I rather expect that Bright Start will consult with some lawyers and decide on a course of action that will compensate the people who made contributions between Friday and Tuesday. I hope that this will get some attention in the Tribune, as it’s not the first time that Bright Start has seriously disappointed its participants.

Update: It seems that the promotion was first announced on the Bright Start website on May 27, 2011, at https://www.brightstartsavings.com/OFI529/PN/generated/en_us/PrimaryNavigation_05-27-11-101806.xml in a post titled “Bright Start wants to jump start your summer savings by matching your special contribution!”.

This would explain how certain account owners were able to take advantage of the promotion before the letter was distributed. So if they were willing to announce it on the web site, why couldn’t they also send an email on June 1st and then follow up with a letter?

The official rules from https://www.brightstartsavings.com/OFI529/PN/generated/en_us/PrimaryNavigation_05-27-11-102113.xml are below:

Illinois Bright Start® College Savings Program Deposit Match Offer Official Rules
The first 2,500 Illinois residents with existing Bright Start Direct-Sold Accounts to make a manual contribution into a Bright Start College Savings Program 529 Direct-Sold Account between 12:00am (CT) June 1, 2011 and 11:59pm (CT) June 30, 2011, will receive a matched deposit, up to $250, from the Bright Start College Savings Program. Manual contributions include both electronic and hard copy check contributions. Please check brightstartsavings.com and treasurer.il.gov to see when the 2,500 limit has been reached. Automatic Investment Purchases and Payroll Deduction Contributions into the Bright Start College Savings accounts are excluded. Limit one (1) deposit match per account. If an account owner has more than one (1) Bright Start account, each account is eligible for one (1) match up to $250 each. Deposit match amount will be deposited to the Bright Start account no later than 90 days after the qualifying deposit. This promotion is only available to existing Account Owners that are Illinois residents with Bright Start Direct-Sold Accounts and is limited to the first 2,500 participating accounts. Accounts opened after 11:59pm (CT) May 31, 2011 or under the Bright Start Advisor-Sold Plan are not eligible. Employees of the Illinois State Treasurer’s Office are not eligible to receive matching funds. Void where prohibited. This material is provided for general and educational purposes only, and is not intended to provide legal, tax or investment advice, or for use to avoid penalties that may be imposed under U.S. federal tax laws. Contact your attorney or other advisor regarding your specific legal, investment or tax situation. Sponsor: Bright Start College Savings, Program PO Box 6498, Chicago, IL 60680-6498.

Seriously, what about the poor saps who sent in checks? They probably haven’t even arrived yet.

The more I think about this, the more it seems like someone came up with this promotion in order to distribute funds to well-connected people who were privately informed of the promotion in advance of the hard copy letter. Bright Start had gained at least an additional $625,000 in the first three days of June, not to mention all of the contributions made by people on Friday evening and over the weekend while both the Bright Start and the Treasurer’s sites still implied that their contributions would be matched. If I were trying to scam people, I’d certainly time the mailing of the letters so that they were delivered on Friday and Saturday, and – oops – forget to update the web site all weekend. It’s pretty outrageous.

And I still want my contributions matched.

If you sign up for GameFly using this referral link, we both get a free month: http://gamefly.tellapal.com/a/clk/cxlkm. Even if you are signed up on the One Game Out plan, if someone uses your referral code to join, your reward is a free month at the Two Games Out plan (so you get an extra game, too).

The GameFly Refer-A-Friend Program is completely legit, even though the tellapal.com site is primitive and cheesy. Due mostly to this little blog post, I’ve been coasting along on free months for the last year, so if you can find a way of getting the word out (blog post, facebook, etc.), I would highly recommend it. It’s basically like having a free Gamefly account.

All told, as of June, 2012, I’ve been a Gamefly customer for 17 months and have only paid for five. I originally signed up using the free trial code in March, 2011, which I converted into the One Game Out plan in April. And that was fine for me, as I really only had time to play a few nights a week. But once I put this post up in May, 2011, the free months started pouring in. By July, 2011, they stopped billing my credit card and I was getting two games per month, which frankly was more than I needed.

My only gripe is that it seems to take one day longer than I’d expect to receive the games, as I live in Chicago and they’re usually shipped from Pittsburgh, PA. But they were awesome in that they sent Skyrim as soon as it was available (which I’ve had since last October). They sell older games for basically what you’d pay at Gamestop or whatever, and you earn more discounts by being a customer for a while.

So, be good to each others and get a free month for each friend who joins GameFly! (They get a free month too!)

Typically, your ISP provides DNS services. In an ideal world, this would work well, as your ISP’s DNS server ought to be geographically close to your machine and should be able to perform look ups quickly. However, there are a number of reasons why you might want to use a public DNS server instead of your ISP’s server. The two big public DNS servers are OpenDNS and Google Public DNS.

OpenDNS

The OpenDNS nameserver IP addresses are:

  • 208.67.222.222
  • 208.67.220.220

http://www.opendns.com/support/article/197

You can confirm that you are using OpenDNS as your DNS resolution service by visiting http://www.opendns.com/welcome/.

Google Public DNS

The Google Public DNS nameserver IP addresses are:

  • 8.8.8.8
  • 8.8.4.4

http://code.google.com/speed/public-dns/docs/using.html

Speed test

So which DNS servers are faster for you?

Try out namebench. It hunts down the fastest DNS servers available for your computer to use. (For Mac OS X, Windows, and UNIX.)

http://code.google.com/p/namebench/

Using OpenDNS to filter (whitelist/blacklist) content

If you have an account with OpenDNS, you can whitelist and blacklist IP addresses. A free account allows you to whitelist or blacklist 25 addresses; paid accounts allow more.

  1. Create an account at OpenDNS.
  2. Set up a network for your physical location (your current IP address).
  3. Configure your machine to use the OpenDNS servers.
  4. Install the client software for updating a dynamic IP in an OpenDNS network – https://support.opendns.com/entries/23282614-Where-do-I-download-an-OpenDNS-Dynamic-IP-updater-client-.

Technically more sophisticated users may discover that manually setting the DNS servers on a computer allows that computer to circumvent the OpenDNS filtering. To prevent a machine from bypassing the OpenDNS filtering, you could configure the DNS servers directly on the router and then block all outgoing DNS requests to all DNS servers except the OpenDNS servers.

OpenDNS system status

It’s a good idea to be able to check the condition of your DNS server.

The OpenDNS system status page’s IP address is http://208.69.38.170/.

Seriously restricting internet access

What I really want to do is severely restrict internet access on a single machine on my LAN. For this machine, I want to manage a small whitelist of domains and block access to everything else. OpenDNS doesn’t seem to offer this type of functionality.

Just a few notes to myself about monitoring web sites for infections/malware and potential vulnerabilities.

Tools for detecting infections on web sites

Google Webmaster Tools

Your first stop should be here, as I’ve personally witnessed alerts show up in Webmaster Tools, even when all the following tools gave the site a passing grade. If your site is registered here, and Google finds weird pages on your site, an alert will appear. You can also have the messages forwarded to your email account on file, by choosing the Forward option under the All Messages area of the Home page.

Google Webmaster Tools Hack Alert

Google Safe Browsing

The Google Safe Browsing report for ardamis.com: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=ardamis.com

Norton Safe Web

https://safeweb.norton.com/

The Norton Safe Web report for ardamis.com: https://safeweb.norton.com/report/show?url=ardamis.com

Tools for analyzing a site for vulnerabilities

Sucuri Site Check

http://sitecheck.sucuri.net/scanner/

The Sucuri report for ardamis.com: http://sitecheck.sucuri.net/scanner/?scan=www.ardamis.com.

Nearly a year ago, I wrote a post on how to detect and fix Word add-in problems with a macro and batch file, in a Windows XP and Office 2007 environment.

This was sufficiently effective, but it was also overly complicated, requiring four separate components:

  1. an autoexec Word 2007 macro that runs each time Word is opened
  2. a batch file that runs the registry merge file and writes an entry to a log file
  3. the registry merge file that contains the correct LoadBehavior settings for the add-ins
  4. a text file that acts as a log

This month, I decided to rewrite the macro to handle the registry changes and write to the log file. It was also a good opportunity to dig a bit deeper into VBA, and I also wanted to confirm that it would work in a more modern environment of Windows 7 and Office 2010 (that code is near the bottom of the post). The new system has only two components:

  1. an autoexec Word 2007 macro that runs each time Word is opened
  2. a text file that acts as a log

Background

First, a bit of background.

Many of the problems with Word 2007 are due to Word’s handling of add-ins. When something unexpected happens in Word, and Word attributes the problem to an add-in, Word will react by flagging it and prompting the user for a decision the next time Word opens. Depending on the severity of the problem and the user’s response, the add-in can be either ‘hard-disabled’ or ‘soft-disabled’.

Microsoft explains the differences between Hard Disabled vs Soft Disabled in a MSDN article at: http://msdn.microsoft.com/en-us/library/ms268871(VS.80).aspx.

I’ve explained a bit about the process by which Word disables add-ins at the end of this post, and I’ve written a shorter post about the basics behind the registry keys responsible for disabling add-ins.

Handling disabled add-ins programmatically

A Word macro can access the condition of an add-in via an Application.COMAddIns object, and it can read and write to the registry. This allows us to tell when an add-in has been disabled and re-enabled it.

My macro has some admittedly hackish parts that need to be cleaned up, there is the matter of unsetting variables to be addressed, and it could certainly be made more elegant, but it works. Note that a file named addinslog.txt must exist in the %TEMP% directory in order for the macro to write the log file. This is what the Word 2007 macro looks like, using the COM add-in installed with Adobe Acrobat 8 Standard as the required add-in…

Option Explicit

' Set up a function to search for a key and return true or false
Public Function KeyExists(key)
    Dim objShell
    On Error Resume Next
    Set objShell = CreateObject("WScript.Shell")
        objShell.RegRead (key)
    Set objShell = Nothing
    If Err = 0 Then KeyExists = True
End Function
    

Sub AutoExec()
'
' FixMissingAddins Macro
' Display a message box with any critical but not 'Connected' COM add-ins, then fix them programatically
'
' Oliver Baty
' June, 2010 - April, 2011
'
' Information on the Application.COMAddIns array
' http://msdn.microsoft.com/en-us/library/aa831759(v=office.10).aspx
'
' Running macros automatically
' http://support.microsoft.com/kb/286310
'
' Using Windows Scripting Shell (WshShell) to read from and write to the local registry
' http://technet.microsoft.com/en-us/library/ee156602.aspx

   
' Declare the WshShell variable (this is used to edit the registry)
    Dim WshShell
    
' Declare the fso and logFile variables (these are used to write to a txt file)
    Dim fso
    Dim logFile

' Create an instance of the WScript Shell object
    Set WshShell = CreateObject("WScript.Shell")
   
' Declare some other variables
   Dim MyAddin As COMAddIn
   Dim stringOfAddins As String
   Dim listOfDisconnectedAddins As String
   Dim requiredAddIn As Variant
   Dim msg As String

   
' Notes on deleting registry keys and values in VB
' http://www.vbforums.com/showthread.php?t=425483
' http://www.tek-tips.com/viewthread.cfm?qid=674375
' http://www.robvanderwoude.com/vbstech_registry_wshshell.php

' Create a string containing the names of all 'Connected' COM add-ins named "stringOfAddins"
   For Each MyAddin In Application.COMAddIns
      If MyAddin.Connect = True Then
          stringOfAddins = stringOfAddins & MyAddin.ProgID & " - "
      End If
   Next
   
' Create an array to hold the names of the critical (required) add-ins named "requiredAddIns"
' Example: change to "Dim requiredAddIns(0 To 4)" if the macro is checking 5 total add-ins)
   Dim requiredAddIns(0 To 0) As String
   
' Add each required AddIn to the array
   requiredAddIns(0) = "PDFMaker.OfficeAddin"
'   requiredAddIns(1) = ""
'   requiredAddIns(2) = ""
'   requiredAddIns(3) = ""
'   requiredAddIns(4) = ""
   
' Cycle through the array of required add-ins, and see if they exist in the connected add-ins list
   For Each requiredAddIn In requiredAddIns
      If InStr(stringOfAddins, requiredAddIn) Then
        ' The required add-in is in the string of connected add-ins
         msg = msg
      Else
        ' The required add-in is not in the string of connected add-ins, so add the add-in name to a string named "listOfDisconnectedAddins"
         msg = msg & requiredAddIn & vbCrLf
         listOfDisconnectedAddins = requiredAddIn & " " & listOfDisconnectedAddins
         listOfDisconnectedAddins = Trim(listOfDisconnectedAddins)
      End If
   Next
   
' If the msg variable is not blank (it contains at least one add-in's name) handle it, otherwise, do nothing
   If msg = "" Then
        ' There are no critical, unconnected add-ins (yay!)
        ' The script can now exit
   Else
        ' There are critical add-ins that are not connected, so handle this
        MsgBox "The following critical Word Add-In(s) are disabled: " & vbCrLf & vbCrLf & msg & vbCrLf & vbCrLf & "To correct this problem, please save any documents you are working on, then close Word and reopen Word."

            ' I find it extremely hackish to check for each possible key and delete it if found... need to research how to delete the tree
            ' One potential obstacle to this method is that I've seen a DocumentRecovery subkey under Resiliency (only once, while editing this macro), that I haven't researched yet
            
            
            ' Note: Since the WSH Shell has no Enumeration functionality, you cannot
            '       use the WSH Shell object to delete an entire "tree" unless you
            '       know the exact name of every subkey.
            '       If you don't, use the WMI StdRegProv instead.
            ' http://www.robvanderwoude.com/vbstech_registry_wshshell.php

            ' More info on WMI StdRegProv at:
            ' http://msdn.microsoft.com/en-us/library/aa393664(v=vs.85).aspx
            
        ' This is hackish, but it effectively deletes a registry key, if it exists
        If KeyExists("HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Resiliency\DisabledItems\") Then
            WshShell.RegDelete "HKCU\Software\Microsoft\Office\12.0\Word\Resiliency\DisabledItems\"
        ElseIf KeyExists("HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\") Then
            WshShell.RegDelete "HKCU\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\"
        ElseIf KeyExists("HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Resiliency\") Then
            WshShell.RegDelete "HKCU\Software\Microsoft\Office\12.0\Word\Resiliency\"
        End If
        
        ' To be completely thorough, we can also set the desired LoadBehavior for certain add-ins
        ' This can be done selectively, and only if the LoadBehavior was incorrect, but the quick and dirty way would be to just force the values
        
        WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Office\Word\Addins\PDFMaker.OfficeAddin\LoadBehavior", 3, "REG_DWORD"

        ' Release the WshShell object
        Set WshShell = Nothing
        
        ' Declare a few variables for the log file
        Dim user, machine, datetime, output
        
        Set WshShell = CreateObject("WScript.Shell")
        user = WshShell.ExpandEnvironmentStrings("%USERNAME%")
        machine = WshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
        temp = WshShell.ExpandEnvironmentStrings("%TEMP%")
        ' Convert the slashes in Now to hyphens to prevent a fatal error
        datetime = Replace(Now, "/", "-")
        ' Create the string that will be written to the log file
        output = datetime + ", " + user + ", " + machine + ", " + listOfDisconnectedAddins

        ' Write the event to a log file
        logfile = temp + "\addinslog.txt"
        ' http://msdn.microsoft.com/en-us/library/2z9ffy99(v=vs.85).aspx
        ' http://www.devguru.com/technologies/vbscript/quickref/filesystemobject_opentextfile.html
        Set fso = CreateObject("Scripting.FileSystemObject")
        Set logFile = fso.OpenTextFile(logfile, 8, True)
        logFile.WriteLine (output)
        logFile.Close
        Set logFile = Nothing
        Set fso = Nothing
        
        ' Should we clear the variables?
        
        ' Release the WshShell object
        Set WshShell = Nothing
   End If
   
   ' Ardamis.com - We're in your macros, fixing your COM add-ins.
End Sub

While working on this, I found that there were some gaps in my understanding of the sequence of events that occur when Word 2007 disables a COM add-in. Please comment if you find that any of this is inaccurate or incomplete.

What happens when Word launches

A critical key to the whole business of Word add-ins is HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Resiliency

When Word launches, it looks for data under the Resiliency key and a subkey: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems

If the StartupItems subkey contains a REG_BINARY value that corresponds to an add-in, Word throws the familiar warning:

Microsoft Office Word
Word experienced a serious problem with the ‘[addin name]’ add-in. If you have seen this message multiple times, you should disable this add-in and check to see if an update is available. Do you want to disable this add-in?
[Yes] [No]

Choosing No at the prompt removes the Resiliency key and allows Word to continue to launch, leaving the LoadBehavior for that add-in unchanged.

Choosing No also writes an Error event to the Application Event Viewer log:

Event Type:	Error
Event Source:	Microsoft Office 12
Event Category:	None
Event ID:	2000
Date:		5/23/2011
Time:		3:15:29 PM
User:		N/A
Computer:	[WORKSTATION_NAME]
Description:
Accepted Safe Mode action : Microsoft Office Word.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Choosing Yes at the prompt removes the StartupItems subkey and creates a new DisabledItems subkey. This DisabledItems subkey will contain a different REG_BINARY value, the data of which contains information about the disabled add-in.

Choosing Yes also writes an Error event to the Application Event Viewer log:

Event Type:	Error
Event Source:	Microsoft Office 12
Event Category:	None
Event ID:	2001
Date:		5/23/2011
Time:		3:12:36 PM
User:		N/A
Computer:	[WORKSTATION_NAME]
Description:
Rejected Safe Mode action : Microsoft Office Word.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

At this point, the add-in is ‘hard-disabled’, but not ‘soft-disabled’.

Word then continues to launch, but without loading the add-in.

To see which add-ins have been hard-disabled, click on the Office Button | Word Options | Add-Ins, and scroll down to “Disabled Application Add-ins”.

To see which add-ins have been soft-disabled, click on the Office Button | Word Options | Add-Ins. Select “COM Add-Ins” in the Manage menu and click Go.

Word is somewhat tricky in this regard, as the add-in will not have a checkmark, but the LoadBehavior registry value will be unchanged. At any other time, the presence of a checkmark is an indication of the LoadBehavior, but when an add-in has been hard-disabled, the box will always be unchecked.

What users can do at this point

Going through Word Options and enabling the hard-disabled COM add-in will remove the Resiliency key. This may not make the add-in immediately available in Word, however.

To immediately load the add-in and gain its functionality, you can check the box. Otherwise, close and reopen Word, which will cause Word to launch with the add-in’s specified LoadBehavior.

In case you were curious about the keyboard shortcuts used to enable the first disabled add-in in the list of disabled add-ins (maybe you wanted to do something with SendKeys, for example), they are:
Alt+F, I, A, A, Tab, Tab, Tab, D, Enter, G, Space, Alt+E, C, Alt+F4.

In summary, deleting the Resiliency key after the “serious problem” prompt, then closing and reopening Word, returns Word to a normal operating state.

What I intend to accomplish with the macro is to re-enable the hard-disabled add-in, return any LoadBehavior values back to the desired settings, then prompt the user to save their work and close and reopen Word.

This should return Word to a working state.

Word 2010 on 64-bit Windows 7

As a bonus, here’s the same macro, with some minor adjustments to run in Word 2010 on Windows 7 64-bit, with Adobe Acrobat 9 Pro’s COM add-in acting as one of the required add-ins. The OneNote add-in is not enabled in Word by default, and the macro below does not attempt to enable it, but does consider it a required add-in. This is done to demonstrate the pop-up window. Note that a file named addinslog.txt must exist in the %TEMP% directory in order for the macro to write the log file.

Option Explicit

' Set up a function to search for a key and return true or false
Public Function KeyExists(key)
    Dim objShell
    On Error Resume Next
    Set objShell = CreateObject("WScript.Shell")
        objShell.RegRead (key)
    Set objShell = Nothing
    If Err = 0 Then KeyExists = True
End Function

Sub AutoExec()
'
' FixMissingAddins Macro
' Display a message box with any critical but not 'Connected' COM add-ins, then fix them programatically
'
' Oliver Baty
' June, 2010 - April, 2011
'
' Information on the Application.COMAddIns array
' http://msdn.microsoft.com/en-us/library/aa831759(v=office.10).aspx
'
' Running macros automatically
' http://support.microsoft.com/kb/286310
'
' Using Windows Scripting Shell (WshShell) to read from and write to the local registry
' http://technet.microsoft.com/en-us/library/ee156602.aspx

' Declare the WshShell variable (this is used to edit the registry)
    Dim WshShell

' Declare the fso and logFile variables (these are used to write to a txt file)
    Dim fso
    Dim logfile

' Create an instance of the WScript Shell object
    Set WshShell = CreateObject("WScript.Shell")

' Declare some other variables
   Dim MyAddin As COMAddIn
   Dim stringOfAddins As String
   Dim listOfDisconnectedAddins As String
   Dim requiredAddIn As Variant
   Dim msg As String

' Notes on deleting registry keys and values in VB
' http://www.vbforums.com/showthread.php?t=425483
' http://www.tek-tips.com/viewthread.cfm?qid=674375
' http://www.robvanderwoude.com/vbstech_registry_wshshell.php

' Create a string containing the names of all 'Connected' COM add-ins named "stringOfAddins"
   For Each MyAddin In Application.COMAddIns
      If MyAddin.Connect = True Then
          stringOfAddins = stringOfAddins & MyAddin.ProgID & " - "
      End If
   Next

' Create an array to hold the names of the critical (required) add-ins named "requiredAddIns"
' Example: change to "Dim requiredAddIns(0 To 4)" if the macro is checking 5 total add-ins)
   Dim requiredAddIns(0 To 1) As String

' Add each required AddIn to the array
   requiredAddIns(0) = "PDFMaker.OfficeAddin"
   requiredAddIns(1) = "OneNote.WordAddinTakeNotesService"
'   requiredAddIns(2) = ""
'   requiredAddIns(3) = ""
'   requiredAddIns(4) = ""

' Cycle through the array of required add-ins, and see if they exist in the connected add-ins list
   For Each requiredAddIn In requiredAddIns
      If InStr(stringOfAddins, requiredAddIn) Then
        ' The required add-in is in the string of connected add-ins
         msg = msg
      Else
        ' The required add-in is not in the string of connected add-ins, so add the add-in name to a string named "listOfDisconnectedAddins"
         msg = msg & requiredAddIn & vbCrLf
         listOfDisconnectedAddins = requiredAddIn & " " & listOfDisconnectedAddins
         listOfDisconnectedAddins = Trim(listOfDisconnectedAddins)
      End If
   Next

' If the msg variable is not blank (it contains at least one add-in's name) handle it, otherwise, do nothing
   If msg = "" Then
        ' There are no critical, unconnected add-ins (yay!)
        ' The script can now exit
   Else
        ' There are critical add-ins that are not connected, so handle this
        MsgBox "The following critical Word Add-In(s) are disabled: " & vbCrLf & vbCrLf & msg & vbCrLf & vbCrLf & "To correct this problem, please save any documents you are working on, then close Word and reopen Word."

            ' I find it extremely hackish to check for each possible key and delete it if found... need to research how to delete the tree
            ' One potential obstacle to this method is that I've seen a DocumentRecovery subkey under Resiliency (only once, while editing this macro), that I haven't researched yet

            ' Note: Since the WSH Shell has no Enumeration functionality, you cannot
            '       use the WSH Shell object to delete an entire "tree" unless you
            '       know the exact name of every subkey.
            '       If you don't, use the WMI StdRegProv instead.
            ' http://www.robvanderwoude.com/vbstech_registry_wshshell.php

            ' More info on WMI StdRegProv at:
            ' http://msdn.microsoft.com/en-us/library/aa393664(v=vs.85).aspx

        ' This is hackish, but it effectively deletes a registry key, if it exists
        If KeyExists("HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DisabledItems\") Then
            WshShell.RegDelete "HKCU\Software\Microsoft\Office\14.0\Word\Resiliency\DisabledItems\"
        ElseIf KeyExists("HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems\") Then
            WshShell.RegDelete "HKCU\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems\"
        ElseIf KeyExists("HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\") Then
            WshShell.RegDelete "HKCU\Software\Microsoft\Office\14.0\Word\Resiliency\"
        End If

        ' To be completely thorough, we can also set the desired LoadBehavior for certain add-ins
        ' This can be done selectively, and only if the LoadBehavior was incorrect, but the quick and dirty way would be to just force the values

        WshShell.RegWrite "HKCU\Software\Microsoft\Office\Word\Addins\PDFMaker.OfficeAddin\LoadBehavior", 3, "REG_DWORD"

        ' Release the WshShell object
        Set WshShell = Nothing

        ' Declare a few variables for the log file
        Dim user, machine, temp, datetime, output

        Set WshShell = CreateObject("WScript.Shell")
        user = WshShell.ExpandEnvironmentStrings("%USERNAME%")
        machine = WshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
        temp = WshShell.ExpandEnvironmentStrings("%TEMP%")
        ' Convert the slashes in Now to hyphens to prevent a fatal error
        datetime = Replace(Now, "/", "-")
        ' Create the string that will be written to the log file
        output = datetime + ", " + user + ", " + machine + ", " + listOfDisconnectedAddins

        ' Write the event to a log file
        logfile = temp + "\addinslog.txt"
        ' http://msdn.microsoft.com/en-us/library/2z9ffy99(v=vs.85).aspx
        ' http://www.devguru.com/technologies/vbscript/quickref/filesystemobject_opentextfile.html
        Set fso = CreateObject("Scripting.FileSystemObject")
        Set logfile = fso.OpenTextFile(logfile, 8, True)
        logfile.WriteLine (output)
        logfile.Close
        Set logfile = Nothing
        Set fso = Nothing
        
        ' Should we clear the variables?

        ' Release the WshShell object
        Set WshShell = Nothing
   End If

   ' Ardamis.com - We're in your macros, fixing your COM add-ins.
End Sub

The recent news that Yahoo! has sold Del.icio.us to the guys who founded YouTube got me thinking about another former big name in link sharing, Technorati. Does anyone still use either of these sites? I did back in 2006, but mostly just half-heartedly to promote ardamis.com. It would seem that in 2011, we’ve found other, more directly social means for sharing sites.

http://www.delicious.com/ardamis
http://www.delicious.com/search?p=ardamis
http://technorati.com/blogs/www.ardamis.com

A quick glance around Technorati today for sites ranked similarly with ardamis.com turned up little other than spam sites, just like everything else.

Attempting to run the W3C Link Checker against //ardamis.com/ returns an error message.

Error: 406 Not Acceptable

This is what the W3C says about the 406 HTTP status header:

406 Not Acceptable
The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

In other words, the W3C Link Checker requests the web page, and tells the web server that, by the way, it can only accept a responses in a certain format. The web server then regrets to inform the requestor that it cannot fulfill this request, because it cannot return a response that would be acceptable to the requestor. It does this in the form of a 406 Not Acceptable HTTP header. The W3C Link Checker then outputs this error.

Other W3C apps, like Unicorn – W3C’s Unified Validator and the W3C HTML Validator don’t seem to be sending the same HTTP headers. (But I did note that there were a few small issues preventing the home page from passing the test, which I then fixed.)

Ardamis runs on WordPress, with a custom theme originally developed years ago from the Kubrick theme and a handful of plugins (as more completely described at the colophon page). I tinker with the site, from time to time, trying to speed it up or what-have-you. But no amount of tinkering seemed to resolve this problem. Over the course of a few months, I’d try various changes to the site to see if there was something I could do to fix this problem. I had pretty much convinced myself that it was going to be an issue for my web host when, miraculously, after making some changes to the .htaccess file, my theme and disabling one of the plugins (which I can’t see how would possibly affect the HTTP headers) the Link Checker began working.

In the results page for www.ardamis.com, it lists some of the headers used:

Settings used:

  • Accept: text/html, application/xhtml+xml;q=0.9, application/vnd.wap.xhtml+xml;q=0.6, */*;q=0.5
  • Accept-Language: en-US,en;q=0.8
  • Referer: sending
  • Sleeping 1 second between requests to each server

I’m not sure what I did to make this work, or even if it was something I did. But further troubleshooting would have involved disabling all plugins, trying a different theme, and then ruling out WordPress entirely.