Friday, July 02, 2010

Review on the Dell Studio 15 laptop

So I bought a new laptop from Dell two weeks ago.  Here are the highlights:

The good

  1. Very speedy (of course I paid for that).
  2. Sleep/wake finally works well.  Waking is very fast, and actually reliable!
  3. The propping back legs on the laptop are conveniently placed and the heat on the underside of the laptop are also lending to holding the laptop on your lap without getting hot spots on your legs.
  4. The face recognition auto-login feature is cool, but I suspect a photo of me would log me in, which makes it more of a toy than a tool.
  5. I like the backlit keyboard.  And the touchpad has two-finger zoom (which can be disabled) and a scroll circle feature which is pretty cool (although I haven’t used it).
  6. It’s remarkably lightweight, especially considering how souped up the hardware is.

The Bad

  1. When left on for long periods, the mouse touch pad grows to be burning hot, making it unusable.
  2. It didn’t come with a TPM chip.  These things were invented and shipping in laptops years ago.  What’s up with that?
  3. No room for a smart card slot, that combined with no TPM chip, means I have to use a flimsy USB card reader to remote into work. 
  4. It doesn’t come with a Windows DVD, or software to burn a recovery DVD based on the backup partition on the hard drive.
  5. No hardware lights for disk access, or caps lock or anything else.  The lack of classic feedback for whether the computer is busy is a little unnerving.
  6. When the caps lock key is pressed, a small display appears that permanently steals focus from the active window (at least when you’re in Remote Desktop), so you’re typing away, press caps lock, and suddenly your typing isn’t going anywhere.  Whoops.
  7. The face recognition auto-login feature (and webcam) remains active while the screensaver is on.  This keeps the CPU hotter than it needs to be, and it means if you approach your laptop (perhaps to see your loved ones in your photo screensaver) the screen saver exits and you get logged in.  Where the real problem here though is that if the screen saver reduced your screen resolution and the face recognition auto-login exits the screen saver to log you in automatically, the screen resolution isn’t restored to normal, and the desktop is wacked.

The Ugly

  1. The WiFi is very unreliable.  It frequently drops the connection entirely and can’t find any hotspots.  I have to disable/re-enable the Wireless Connection to get back online.
  2. Bluetooth is even more unreliable.  Pairing with my Bluetooth mouse was an exercise in patience.  And it keeps losing the mouse, requiring a restart.  In the meantime, most Bluetooth dialogs/windows hang, making troubleshooting the problem virtually impossible.
  3. YouTube HD videos hang in the middle for minutes with a black screen mid-movie, and the video driver can otherwise randomly crash the machine for no apparent reason at all.

Verdict

I really like this laptop, but for me, the Ugly bits are deal-breakers.  I rely on the Internet for most of my work, and my Bluetooth mouse is much more usable than a touch pad.  When neither work well or reliably, the laptop is of very limited use.  Tech support suggested I upgrade the drivers on my brand new laptop to resolve the problems, which doesn’t make sense to me anyway given they should have put the latest drivers on when they shipped it, but that didn’t help anyway.

2 comments Labels: ,

Tuesday, April 13, 2010

DotNetOpenAuth v3.4.3 released

DotNetOpenAuth has just seen a minor release to v3.4.3.  Fixes center around corner case interoperability issues that cause a very small percentage (<0.5%) of OpenID users to be unable to log into your relying party web sites.  A few other random fixes as well. 

Go download it now.

The OpenID “dot bug”

The most noteworthy fix was a very difficult one to pull off, namely the bug where OpenIDs with trailing dots being unsupported.  Back in the 1990s, classic ASP had the infamous “dot bug” where a trailing dot appended to a URL path would reveal the source code of the server-side script, which was a fatal security hole that was (of course) patched.  I think that this might have inspired the .NET Framework’s Uri class design to include automatically removing trailing dots from each path segment in a Uri instance.  Since FAT and NTFS file systems don’t support trailing dots on filenames, this doesn’t cause any issue if the web is run by Windows file systems. 

But when these URLs are actually OpenIDs, and those OpenIDs contain path segments that are base64 encoded where one of the two assignable characters is a period (ala Yahoo’s pseudonymous OpenIDs), then approximately 1.5% of base64-encoded OpenIDs have trailing periods.  So what’s the problem?  When an OpenID positive assertion comes into an OpenID relying party web site based on .NET with a claimed_id that ends with a period, .NET will quietly strip the period from the claimed_id, causing the login to fail or (arguably worse) to succeed but with OpenID discovery misdirected to the wrong URL (one where the trailing dot is stripped). 

The .NET Framework provides no (supported) way to turn off this dot-stripping behavior.  If your relying party web site is running with Full Trust you can set some internal flags using reflection to suppress the behavior, but it has some nasty side-effects.  If you’re on medium trust, you’re sunk.

But I’m pleased to say that DotNetOpenAuth has a solution, handling both medium and full trust, that is as good as the .NET Framework will allow until a fix in the platform is made.  I won’t bore you with all the gory details on this post, but suffice it to say, that if you just download and use the new version, you’ll be working with OpenIDs even with trailing dots.  Phew.

4 comments Labels: , ,

Tuesday, March 09, 2010

How to upgrade your Blogger OpenID to a decent one

If you host your blog on Google’s Blogger service you may have discovered that your blog is an OpenID you can use to log into various web sites that act as OpenID relying parties.  But Blogger’s support for OpenID is limited to OpenID 1.1, which is very old and not supported by many relying parties nowadays.

You can upgrade your Blogger hosted OpenID to the new OpenID 2.0 version and log into many more web sites, all while still using your Google account to log in, thanks to Google Profiles.

Here’s how to upgrade your Blogger OpenID to OpenID 2.0:

  1. Create a Google Profiles profile if you haven’t already done so.
  2. Visit http://www.blogger.com/, logging in if necessary.
  3. On the blog you use for an OpenID click Layout.
  4. Click Edit HTML.
  5. In the Edit Template area, add the following HTML within the <HEAD> tag of your template: 
    <link rel='openid2.provider' href='https://www.google.com/accounts/o8/ud?source=profiles' /> 
<link rel='openid2.local_id' href='http://www.google.com/profiles/YOURGOOGLEPROFILE' />
<link rel='openid.server' href='http://www.blogger.com/openid-server.g' />
  6. Click Save Template.

Once you add OpenID endpoints to your blog, Blogger will automatically deactivate its own OpenID 1.1 support. Since Google Profiles only supports OpenID 2.0 RPs, the above instructions also re-asserts Blogger as the OpenID 1.1 Provider so that 1.1 RPs still work. So what we have is the best of both worlds now.

Thanks to Breno de Medeiros of Google for the tip on how to keep OpenID 1.1 RPs working.

10 comments Labels:
Subscribe to: Posts (Atom)