www.geekybob.com

Just a short, simple blog for Bob to share his thoughts.

FrontPage Server Extensions and UNC Content

28 April 2010 • by Bob • FrontPage

How to get the FPSE2002 AllowUNC feature to work with Windows Server 2008

I've had a few questions about getting the FrontPage 2002 Server Extensions (FPSE2002) AllowUNC feature to work with Windows Server 2008, so I thought that I would put together a blog from some of the information that I had been giving out whenever someone was having problems.

As a little bit of background information, Windows 2003 Server shipped with a later version of FPSE2002 than had previously been released, and that version of FPSE2002 was used as the code base for the version of FPSE2002 that was later shipped for Windows Server 2008. One the great features of this release was the ability to host your content on a remote server using a UNC share, which is something that web administrators had been requesting for years. Microsoft wrote a full whitepaper that details all of the possible configurations and steps to configure FPSE2002 with this feature at the following URL:

http://technet.microsoft.com/en-us/library/cc768023.aspx

That being said, that whitepaper is quite large, and not all of it is necessary if you simply want to host FPSE2002-based content on a UNC path. With that in mind, I have come up with an abbreviated set of steps that uses the whitepaper as a base for enabling this feature. To be more specific, I was able to implement this feature by using only the following sections of that whitepaper:

  1. "Configuring the File Server"
  2. "To Share the Folder"
  3. "Creating and Configuring a Virtual Server in IIS"
  4. "Configuring Security Settings for the Virtual Server"
  5. "To Configure the Registry for the Web server"
  6. "To Enable FrontPage Server Extensions 2002"

The body of this blog post is an excerpt from the whitepaper, and contains only the steps that I used to get my test scenario up and running. For my test, I set up a domain controller, a file server, and a web server; all running Windows Server 2008 or Windows Server 2003. I include notes when necessary to highlight issues that I ran into.

Additional Notes:

CONFIGURING THE FILE SERVER

You must configure a shared folder on the file server and grant the Web server access to the contents of that folder. Note that you must set the permissions for the folder itself, not a parent folder. It is recommended that you also implement IP Security on the file server, so that only the Web server, the domain controller, and other administrator computers can access the file server over TCP/IP. For more information about configuring IP Security, see Setting Up IPsec Domain and Server Isolation in a Test Lab.

To create a folder and set the folder ACLs
  1. In My Computer, create or locate the folder that will contain the Web site content.
  2. Right-click the folder, and click Properties.
  3. In the Properties dialog box, click the Security tab.
  4. Click Advanced. If you are using Windows Server 2008, click Edit.
  5. Click Add.
  6. Type Administrators, and then click OK.
  7. Select Full Control, and then click OK.
  8. Click Add.
  9. Click Object Types, and then in the Object Types box, select the Computers check box, and then click OK.
  10. In the Enter the object names to select box, type the Web server computer name, followed by a dollar sign ($) and then click OK.
  11. Select Full Control, and then click OK.
  12. Clear the check box for allowing inheritable permissions to propagate to the folder.
    • On Windows Server 2008 this check box is labeled "Include inheritable permissions from this object's parent".
    • On Windows Server 2003 this check box is labeled "Allow inheritable permissions from the parent object to propagate to this object and all child objects".
  13. Click Remove to clear the inherited permissions for the folder.
  14. Click OK, and then click OK again to close the Properties dialog box.
  15. The folder now only allows file access to the Administrators group and the Web server computer you specified. When you extend the virtual server on the Web server computer, the access control list (ACL) will be automatically updated with any additional required users or security principals.
To share the folder
About File System Security

Giving Everyone full control to your server share is necessary so that all users of your Web site can view the Web site information and run the ASP pages required to use FrontPage 2002 Server Extensions. However, you do not want to allow other computers or other servers access to the file share and those ASP pages. It is recommended that you implement Internet Protocol (IP) Security to help prevent users and computers from circumventing the FrontPage 2002 Server Extensions and Internet Information Services security for the file share and ASP pages.

Note - The separate user management feature for FrontPage 2002 Server Extensions also helps secure the process for accessing ASP pages through the file system. It is recommended that you implement this feature if you are connecting Web sites to UNC shares. For more information about managing users separately, see Authenticating Users Separately For Each Virtual Server.

CREATING AND CONFIGURING A VIRTUAL SERVER IN IIS

You use Internet Information Services (IIS) to create your new virtual server. You must also decide how to configure the security settings for your virtual server.

To create a virtual server on Windows Server 2008
  1. Click Start, point to Administration Tools, and then click Internet Information Services (IIS) Manager.
  2. Click the plus sign (+) next to the server name in the Connections pane that you want to add the virtual server to.
  3. Right-click Sites, and then click Add Web Site.
  4. In the Site name box, enter the name of the Web site.
  5. In the Physical path box, type the path to the network share where the site content will go. Note that if you used the format name$ for the share, you cannot browse to the share. You must type the path exactly.
  6. In the Type box, choose HTTP or HTTPS.
  7. In the IP address box, select the IP address you want to use.
  8. In the Port box, type the port number to assign to the virtual server.
  9. In the Host name box, type the host name that you want to use (if any).
  10. Click OK.
  11. Highlight the Web site you just created in the Connection pane.
  12. Double-click the Authentication feature in the Web site's Home pane.
  13. Highlight Anonymous Authentication in the Authentication pane.
  14. Click Edit... in the Actions pane.
  15. Click Specific user, and then click Set.
    • Enter the domain and user name of your domain-level IUSR account in the User name box.
    • Enter the password of your domain-level IUSR account in the Password and Confirm Password boxes.
    • Click OK.
  16. Click OK.
  17. Verify that the application pool for the new Web site is running as Network Service:
    1. Highlight the web site that you just created in the Connections pane.
    2. Click Basic Settings... in the Actions pane.
    3. Make a note of the application pool name, and then click OK.
    4. Click Application Pools in the Connections pane.
    5. Highlight the application pool from the step that you completed previously.
    6. Click Advanced Settings... in the Actions pane.
    7. Verify that IIS lists NetworkServicein the Identity field. If it does not, use the following steps:
      1. Click the ellipsis (...) to the right of the Identity field.
      2. Click Built-in account, and then select NetworkService from the drop-down menu.
      3. Click OK to close the Application Pool Identity dialog box.
    8. Click OK to close the Advanced Settings dialog box.
To create a virtual server on Windows Server 2003
  1. Click Start, point to Administration Tools, and then click Internet Information Services (IIS) Manager.
  2. Click the plus sign (+) next to the server name that you want to add the virtual server to.
  3. Right-click Web Sites, click New, and then click Web site.
  4. Click Next.
  5. In the Description box, type the description of your virtual server, and then click Next.
  6. In the Enter the IP address to use for this Web site box, select the IP address you want to use.
  7. In the TCP port this web site should use (Default: 80) box, type the port number to assign to the virtual server.
  8. In the Host Header for this site (Default: None) box, type the host name that you want to use (if any), and then click Next.
  9. In the Path box, type the path to the network share where the site content will go. Note that if you used the format name$ for the share, you cannot browse to the share. You must type the path exactly.
  10. If you do not want to allow anonymous access to your virtual server, clear the Allow anonymous access to this Web site check box.
  11. Click Next.
  12. On the Web Site Security Credentials panel, verify that the Always use the authenticated users credentials when validating access to the network directory check box is selected, and then click Next.
  13. On the Permissions panel, select the permissions to use, and then click Next. If your virtual server allows scripts to be run, you must also select the Run scripts (such as ASP) check box. If you want to allow ISAPI applications or CGI scripts to be used on your virtual server, you must also select the Execute (such as ISAPI applications or CGI) check box.
  14. Click Next, and then click Finish.

Note - If you chose to allow anonymous access for the virtual server, you must specify the domain account to use for anonymous users. When you use a local folder, you can use the default anonymous user (usually IUSR or IUSR_Machinename). To connect to a shared resource on a domain, however, you must specify an account with rights to the domain. Be sure to use an account with limited rights to the computers and resources in your domain. Do not unintentionally give anonymous users the ability to administer your server or print to your network printers.

Note from me:

As stated by me earlier, this entire article does not appear to work unless you specify a domain-level IUSR account in IIS, even if you are going to not allow anonymous access. In my testing, it seems to fail when anonymous is disabled and the anonymous user had been local, whereas it succeeded when the anonymous user is a domain-account with rights to the share, even though anonymous is disabled for the site.

CONFIGURING SECURITY SETTINGS FOR THE VIRTUAL SERVER

After you have created the virtual server, you must configure the security settings. When a Web site user requests a file that actually resides on a network share, there are two methods that FrontPage Server Extensions can use to provide the required authentication information:

Warning - Basic authentication forwards the requestor's username and password over the network. This means that usernames and passwords can be captured using a network packet analyzer. Only use basic authentication if you are sure that potential hackers don't have access to your network cabling or wireless media.

To configure the new virtual server to use basic authentication on Windows Server 2008
  1. In Internet Information Services (IIS) Manager, highlight the Web site you just created in the Connection pane.
  2. Double-click the Authentication feature in the Web site's Home pane.
  3. Highlight Basic Authentication in the Authentication pane.
  4. Click Enable in the Actions pane.
To configure the new virtual server to use basic authentication on Windows Server 2003
  1. In Internet Information Services (IIS) Manager, right-click the Web site you just created, and then click Properties.
  2. On the Directory Security tab, under Authentication and Access Control, click Edit.
  3. Check the Enable anonymous access check box.
  4. In the User name box for the anonymous user, type a domain user account to use for anonymous access. Note that because you are allowing access across computers, the default anonymous account (which is specific to each server) will not work. You must use a domain account for anonymous access.
  5. In the Password box, type the password that corresponds to the user account.
  6. In the Authenticated Access section, clear the Integrated Windows authentication check box, and check the Basic authentication (password is sent in clear text) check box.
  7. Click Yes to verify that you want to enable Basic authentication, and then click OK.
  8. Type the password again to confirm it, and then click OK.
  9. Click OK again to close the Properties dialog box.

Note from me:

As stated by me earlier, I only tested with Basic Authentication; I did not try Kerberos. Since we are making a single hop to another server, I would expect simple NTLM to fail. See KB 315673 for a description of single versus double hop setups when working with IIS configurations. But that being said, Windows Authentication in an Internet environment is impractical, so in most scenarios this point is moot.

After you create the virtual server, and before you can extend it with FrontPage 2002 Server Extensions, you must set the following registry entries to enable your Web server to work with a shared UNC folder:

Both subkeys are under the following path in the registry depending on your version of Windows:

If these subkeys do not exist yet, you can add them as new string values, and then set them to 1.

To configure the registry for the Web server
  1. Open the Registry Editor on your Web server computer. To do so, click Start, click Run, and then type regedit.
  2. Open the correct subkey for your version of Windows:
    • On a 32-bit server:
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\All Ports
    • On a 64-bit server:
      • HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Shared Tools\Web Server Extensions\All Ports
  3. If you see the NoMachineGroups and AllowUNCkeys, skip to step 4. If not, you must create these keys as described in the next step.
    1. Right-click in the right pane of the Registry Editor Window, click New, and then click String value.
    2. Type the name for the new entry: NoMachineGroups
    3. Right-click in the right pane of the Registry Editor Window, click New, and then click String value.
    4. Type the name for the new entry: AllowUNC
  4. In the right pane, right-click NoMachineGroups, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. In the right pane, right-click AllowUNC, and then click Modify.
  7. In the Value data box, type 1, and then click OK.

EXTENDING THE VIRTUAL SERVER

After the virtual server has been created and configured, you are ready to extend it with FrontPage 2002 Server Extensions. You must extend the virtual server before you can publish Web site content to it.

To enable the FrontPage Server Extensions 2002 Web Server Extension on Windows Server 2003
  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS).
  2. In the console tree, click the name of the computer where you will create the virtual server, and then click Web Server Extensions.
  3. In Web Server Extensions, click FrontPage Server Extensions 2002, and then click Allow.
To extend the new virtual server and create a Web site
  1. Click Start, point to Administrative Tools, and then click Microsoft SharePoint Administrator.
  2. Click Extend next to the virtual server you just created in IIS.
  3. In the Administrator user name box, type the user name, and then click Submit.

After you extend the site, it is recommended that you run server health to make sure the permissions are set correctly and do not allow unauthorized access. To run server health, use the following command-line operations:

cd /d "%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\50\bin"

owsadm.exe -o check -p 80 -w /

As I mentioned in the beginning of this post, there are a lot of steps to get this working, but it's possible to do so.

I hope this helps. ;-]

IIS 6.0 WebDAV and Compound Document Format Files

22 April 2010 • by Bob • IIS, WebDAV, IIS 6

We recently ran into a situation where a customer thought that they were seeing file corruption when they were transferring files from a Windows 7 client to their IIS 6.0 server using WebDAV. More specifically, the file sizes were increasing for several specific file types, and for obvious reasons the checksums for these files would not match for verification. Needless to say this situation caused a great deal of alarm on the WebDAV team when we heard about it - file corruption issues are simply unacceptable.

To alleviate any fears, I should tell you right up front that no corruption was actually taking place, and the increase in file size was easily explained once we discovered what was really going on. All of that being said, I thought that a detailed explanation of the scenario would make a great blog entry in case anyone else runs into the situation.

The Customer Scenario

First of all, the customer was copying installation files using a batch file over WebDAV; more specifically the batch file was copying a collection of MSI and MST files. After the batch file copied the files to the destination server it would call the command-line comp utility to compare the files. Each MSI and MST file that was copied would increase by a small number of bytes so the comparison would fail. The customer computed checksums for the files to troubleshoot the issue and found that the checksums for the files on the source and destination did not match. Armed with this knowledge the customer contacted Microsoft for support, and eventually I got involved and I explained what the situation was.

The Architecture Explanation

Windows has a type of file format called a Compound Document, and many Windows applications make use of this file format. For example, several Microsoft Office file formats prior to Office 2007 used a compound document format to store information.

A compound document file is somewhat analogous to a file-based database, or in some situations like a mini file system that is hosted inside another file system. In the case of an MST or MSI file these are both true: MST and MSI files store information in various database-style tables with rows and columns, and they also store files for installation.

With that in mind, here's a behind-the-scenes view of WebDAV in IIS 6.0:

The WebDAV protocol extension allows you to store information in "properties", and copying files over the WebDAV redirector stores several properties about a file when it sends the file to the server. If you were to examine a protocol trace for the WebDAV traffic between a Windows 7 client and an IIS server, you will see the PUT command for the document followed by several PROPPATCH commands for the properties.

IIS needs a way to store the properties for a file in a way where they will remain associated with the file in question, so the big question is - where do you store properties?

In IIS 7 we have a simple property provider that stores the properties in a file named "properties.dav," but for IIS 5.0 and IIS 6.0 WebDAV code we chose to write the properties in the compound document file format because there are lots of APIs for doing so. Here's the way that it works in IIS 5 and IIS 6.0:

So believe it or not, no harm is done by modifying a compound document file to store the WebDAV properties. Each application that wants to pull information from a compound document file simply asks for the data that it wants, so adding additional data to a compound document file in this scenario was essentially expected behavior. I know that this may seem counter-intuitive, but it's actually by design. ;-]

The Resolution

Once I was able to explain what was actually taking place, the customer was able to verify that their MST and MSI files still worked exactly as expected. Once again, no harm was done by adding the WebDAV properties to the compound document files.

You needn't take my word for this, you can easily verify this yourself. Here's a simple test: Word 2003 documents (*.DOC not *.DOCX) are in the compound document file format. So if you were to create a Word 2003 document and then copy that document to an IIS 6.0 server over WebDAV, you'll notice that the file size increases by several bytes. That being said, if you open the document in Word, you will see no corruption - the file contains the same data that you had originally entered.

I hope this helps. ;-]

Why I love my job...

08 April 2010 • by Bob • Rants

I had originally written the following for a Facebook note, but I think that it's better as a blog post:

Let's face it, if you have known me for any period of time during the past two decades you would quickly realize that outside of church, family, and music, working with computers is my next biggest passion. Being been hired by Microsoft in late 1995 was one of those moments where I smacked myself on the head and questioned why I hadn't thought of that before. It's just great when it turns out that you can actually make a living doing one of your hobbies. (Making a living making music would be great, too, but I work with a large number of people who have all realized that having a normal day job means that you can actually afford your music hobby. Whereas trying to make a living at music often means wondering where your next meal is coming from. But I digress...)

Anyway, I've had several different jobs since I joined Microsoft, which always leads to the following question from friends and family: "So, what do you do for Microsoft?"

Over the past few years I have worked on a team with several gifted people that create several technologies that perform a lot of the behind-the-scenes work for the Internet, and these days I spend my time writing about these products and telling people how they can use them. With that in mind, I thought that I'd answer a little bit of the "What do you do for Microsoft?" question by way of illustration.

The following blog post that I wrote recently branches off into several links where I discuss writing a bunch of code to do a variety of things that many people would probably find... well... less than exciting:

MSDN Blog: Merging FTP Extensibility Walkthroughs

As I said, you might not find it exciting - but for me, this why I get up in the morning, and at the end of the day it's why I still love my job.

;-)

FTP Clients - Part 7: Kermit FTP Client

24 March 2010 • by Bob • FTP

Since I started reviewing FTP clients I've had a few requests to look at a few different FTP clients, and I've managed to analyze a few of those clients in my blog. A few weeks ago I had a request from one of my readers that really caught my interest - Shabbir Talib contacted me through my blog and asked me to review the Kermit FTP Client. I found his request especially appealing because I used to use Kermit before the public learned about the Internet; back then I was using Kermit to access dial-up Bulletin Board Systems (BBS's) and to connect to my college's VAX system. That being said, I hadn't used Kermit in years so I couldn't resist taking a look.

To start things off, the Kermit Project is developed and distributed by Columbia University in New York City. More information about the project, downloadable installation packages, and software licenses for purchase are available from:

http://www.columbia.edu/kermit/

I need to stress here the Kermit is actually a full suite of connectivity applications, the Kermit FTP Client is only one part of that communications suite. So from the outset the Kermit is more than overkill if you're just looking to transfer some files to and from your FTP site. The Kermit Dialer takes the place of what most FTP clients would have as a Site Manager, and opening that application will display a large number of templates for various connection types.

Rephrasing my earlier statement, saying that Kermit is overkill is really an unfair assessment when you consider the sheer number of options that Kermit gives you. If you are used to creating and configuring FTP site connections in most FTP clients, you generally have a small handful of options that you can specify. This is not true for Kermit 2.1.3 - the wizard for creating a new FTP connection in the Kermit GUI led me through eleven wizard-based pages of options before the connection was created.

Once you connect, however, the Kermit GUI is just a wrapper for command-line FTP functionality - so you have to know what you're doing in FTP to get around, and there is no explorer-style functionality like you get with graphical FTP clients like Core FTP or FileZilla.

Command-Line and Scripting Support

Since the Kermit GUI is just a wrapper for the command-line, you may have already guessed correctly that the Kermit FTP Client (ftp.exe) works just fine from a command prompt. What's more, Kermit has a built-in scripting language that far surpasses the scripting capabilities for the built-in Windows command-line ftp client (also named ftp.exe.) For example, you can script what action to take if something goes wrong - like retrying a failed upload. More information about scripting the Kermit FTP Client is available at the following URL:

http://www.columbia.edu/kermit/ftpscripts.html

From what I've seen of Kermit's scripting support, this appears to be an extremely rich feature for people that need more options for scripting an FTP client.

Using FTP over SSL (FTPS)

The Kermit FTP Client supports FTPS, and it allows you to configure options such as separate protection levels for the command and data channels for a connection.

Once you have the security options specified for the connection, connecting to an FTP site using FTPS is pretty straightforward.

No Implicit FTPS Support

I could find nothing in the Kermit FTP Client documentation that referenced support for implicit FTPS, and when I configured one of my FTP sites to use implicit FTPS I could not connect to it using Kermit. (But in all fairness, you may recall from some of my earlier blog posts that Implicit FTPS is often considered deprecated.)

Using FTP Virtual Hosts

Like the MOVEit Freely FTP client, everything is happening from a command-line, so you can use both FTP7's Virtual Hosts and the actual FTP HOST command. (As I have mentioned in previous blog posts, you should take a look at my Virtual Hosts and Host Names in FTP7 blog post for more information about FTP Virtual Host Names and FTP True Host Names, and see https://datatracker.ietf.org/drafts/draft-hethmon-mcmurray-ftp-hosts/ for more information about status of the FTP HOST command.)

That being said, FTP7 virtual hosts are supported by using the "ftp.example.com|username" syntax when specifying your username, and when you connect to the FTP7 server it will route your requests to the correct FTP virtual host site.

True FTP hosts can be used by specifying the FTP HOST command using the Kermit FTP Client's support for custom commands. The syntax for this command is listed below:

ftp quote host ftp.example.com

Note: You need to send the HOST command before sending USER and PASS.

Scorecard for the Kermit FTP Client

This concludes our quick look at some of the features that are available with the Kermit FTP Client, and here's the scorecard results:

Client NameDirectory
Browsing		Explicit
FTPS		Implicit
FTPS		Virtual
Hosts		True
HOSTs
Kermit FTP Client 2.1.3 N Y N Y Y 1
1 As noted earlier, true FTP HOSTs are available when using the "ftp quote HOST ftp.example.com" syntax.

Note: Keeping with my standard disclaimer, there are a great number of additional features that the Kermit FTP Client provides - I'm just keeping the focus on those topic areas that apply to FTP7.

Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

Blog SPAM

22 February 2010 • by Bob • Blogging

This blog isn't that old, I only created the site a few months ago, but it's amazing how much spam I get. It seems like every other day I have another spammer that is pretending to post comments, when they are actually just posting links to their (often bogus) business web sites.

Fortunately I have comment moderation turned on so their posts are never actually posted to the web site, but spammers are never deterred - they continue to post new comments to my site in the hopes that maybe something will get through. So I fully expect that some spammer is going to post so innocuous piece of worthlessness to this blog post within the week.

[Heavy sigh.]

Spammers suck.

For My Wife: Growing Old Together

02 February 2010 • by Bob • Family, Marriage

Valentine's Day is just around the corner, which is always an occasion for me to become a little introspective. With that in mind, I remember the days of our courtship when we would promise to love each other forever and to grow old together; yet now as I look back on our lives, I realize that we had no idea what we were saying. We were young and in love and completely clueless about what being in love really meant.

30 - Rings

Mark Twain once wrote that "No man or woman really knows what perfect love is until they have been married a quarter of a century," and now that we have passed that milestone I can look back and begin to catch a glimpse of this elusive concept called "true love."

Love has meant staying together through times of destitute poverty when we didn't know from where our next meal would come. Love has meant enduring months of separation when I was serving abroad in our country's armed forces. Love has meant countless sleepless nights raising children and meeting their every need. Love has meant staying by each other's bedside to nurse one another back to health. Love has meant walking side-by-side through that timeless season of joy mixed with pain that all parents must suffer when watching their children grow up and leave home.

Over the years I have learned that true love is not the offspring of well-meant promises made hastily in your youth; true love is borne of a thousand little things over thousands of days and nights as you grow older together, until you find that so much time has passed that you cannot remember a time when you were ever apart.

Will Durant wrote that "The love we have in our youth is superficial compared to the love that an old man has for his old wife," and I have found my greatest joy in growing old with you.

The Twelve Commandments of Flaming (Revisited)

20 January 2010 • by Bob • Blogging

Twenty years ago or so, even before the time of Al Gore, there was this thing called "The Internet." There were two kinds of people that used it: the military types and college types. As I was transitioning out of the military following the first Gulf War, I fell into both categories. There was no "World Wide Web" then - which some of today's younger generation cannot understand. ("How could you find anything before companies had websites?")

Back then you pretty much had to be a geek to be on the Internet; it had not yet been reduced to the fewer-than-140-character drivel that is so prevalent on today's Internet. That being said, I spent my time on the Internet using four technologies:

Gopher is long-since deceased, FTP is still in use but its power is waning, and if you're younger than the age of 20 then you probably spend more time with Facebook, Twitter, and cell phone texting than sending emails. (But wait until you move out, get a job, and start having to make a living and pay for your own existence - which includes things like rent and food, not just Starbucks and cell phone service.)

In any event, I used to spend a lot of time hanging out in various newsgroups arguing all sorts of issues and topics. Even when I agreed with someone I argued with them. That's really what newsgroups were for - so geeks from all over the planet could argue with each other. Over the years newsgroups have mostly been replaced by web-based forums, although the comments sections on blogs seem to have grown into the avenue-of-choice where the real arguing takes place.

Back in the pre-WWW days, someone put together the "The Twelve Commandments of Flaming," and I wish that I knew the original author's name. (I have seen it attributed to many different people over the years.) What is most amusing about this list is how true it was both then and now. For examples of such behavior, read this list, then browse to your favorite blog and read the comments section.

The Twelve Commandments of Flaming

  1. Make things up about your opponent: It's important to make your lies sound true. Preface your argument with the word "clearly."

    "Clearly, Fred Flooney is a liar, and a dirtball to boot."

  2. Be an armchair psychologist: You're a smart person. You've heard of Freud. You took a psychology course in college. Clearly, you're qualified to psychoanalyze your opponent.

    "Polly Purebread, by using the word 'zucchini' in her posting, shows she has a bad case of penis envy."

  3. Cross-post your flames: Everyone on the net is just waiting for the next literary masterpiece to leave your terminal! From the Apple II RoundTable to X-10 Powerhouse RoundTable, they're all holding their breath until your next flame. Therefore, post everywhere.
  4. Conspiracies abound: If everyone's against you, the reason can't possibly be that you're a jerk. There's obviously a conspiracy against you, and you will be doing the entire net a favor by exposing it.
  5. Lawsuit threats: This is the reverse of Rule #4 (sort of like the Yin & Yang of Flaming). Threatening a lawsuit is always considered to be in good form.

    "By saying that I've posted to the wrong group, Bertha has libeled me, slandered me, and sodomized me. See you in court, Bertha."

  6. Force them to document their claims: Even if Harry Hoinkus states outright that he likes tomato sauce on his pasta, you should demand documentation. If Newsweek hasn't written an article on Harry's pasta preferences, then Harry is obviously lying.
  7. Use foreign phrases: French is good, but Latin is the lingua franca of flaming. You should use the words "ad hominem" at least three times per article. Other favorite Latin phrases are "ad nauseum," "veni, vidi, vici," and "fetuccini alfredo."
  8. Tell 'em how smart you are: Why use intelligent arguments to convince them you're smart when all you have to do is tell them? State that you're a member of Mensa, or Mega, or Dorks of America. Tell them the scores you received on every exam since high school.

    "I got an 800 on my SATs, LSATs, GREs, MCATs, and I can also spell the word 'premeiotic' ."

  9. Accuse your opponent of censorship. It is your right as an American citizen to post whatever the hell you want to the net (as guaranteed by the 37th Amendment, I think). Anyone who tries to limit your cross-posting or move a flame war to email is either a communist, a fascist, or both.
  10. Doubt their existence: You've never actually seen your opponent, have you? And since you're the center of the universe, you should have seen them by now, shouldn't you? Therefore, THEY DON'T EXIST! This is the beauty of flamers' logic.
  11. Lie, cheat, steal, leave the toilet seat up.
  12. When in doubt, insult: If you forget the other 11 rules, remember this one. At some point during your wonderful career as a Flamer you will undoubtedly end up in a flame war with someone who is better than you. This person will expose your lies, tear apart your arguments, make you look generally like a bozo. At this point, there's only one thing to do: INSULT THE DIRTBAG!!!

    "Oh yeah? Well, your mother does strange things with vegetables."

An Example for the Rookie Flamer

> Dear Joe,
I object to your use of the word "dear." It shows you are a condescending, sexist pig. Also, the submissive tone you use shows that you like to be tied down and flagellated with licorice whips.
> While I found your article "The Effect of Belly-Button Lint
> on Western Thought" to be extremely thought-provoking,
"Thought-provoking?" I had no idea you could think, you rotting piece of swamp slime.
> it really shouldn't have been posted in rec.scuba.
What? Are you questioning my judgment? I'll have you know that I'm a member of the super-high-IQ society Menstruate. I got an 800 on my PMS exam. Your attempts constitute nothing less than censorship. There is a conspiracy against me. You, Riff Raff, and Simon Sinister have been constantly harassing me by email. This was an ad hominem attack! I have therefore cross-posted this to alt.flame, rec.nude, comp.graphics, and rec.arts.wobegon.
> Perhaps you should have posted it in misc.misc.
It is my right, as granted in the Bill of Rights, the Magna Carta, the Bible and the Koran, to post where ever I want to. Or don't you believe in those documents, you damn fascist? Perhaps if you didn't spend so much time sacrificing virgins and infants to Satan, you would have realized this.
> Your article would be much more appropriate there.
Can you document this? I will only accept documents notarized by my attorney, and signed by you in blood. Besides, you don't really exist anyway, you AI project, you.

And in closing...

Flames should be witty, insulting, interesting, funny, caustic, or sarcastic, but NEVER, EVER, should they be boring.

And the walls came tumbling down...

09 November 2009 • by Bob • Military

Today is November 9th - which marks the 20-year anniversary of the re-opening of the borders in Germany, which ultimately resulted in the fall of Soviet Communism. While most of us remember where we were on 9/11/2001, I also remember where I was on 11/9/1989 - I was on the East German border, helping to keep the Russian 8th Guards Army at bay...

For all the hype about the Cold War, Nuclear Proliferation, and Mutually-Assured Destruction that we had way back when, at least we knew who they bad guys were and where they were hiding. I have often said that I loved what I did back then, and that’s still a true statement. That being said, I must admit that I have enough memories to last a dozen lifetimes of sleepless nights in sub-zero temperatures chasing signals through the RF spectrum or standing guard duty in some dark corner of the world where even the evil empire had the good sense to avoid. But the simple fact is - business was good during the Cold War, right up to the time when peace broke out and ruined my life and I had to get a real job. ;-)

In any case, I tip my hat to my fellow members of the Fulda Fighting 511th and the Bat Cave Dwellers of Fort Huachuca. Even though it’s grammatically incorrect to express it this way, it seems appropriate for me to say: "We did good."

School in 1959 versus 2009

19 October 2009 • by Bob • Humor

I was sent this list of how several things have changed in our educational system and lives over the past 50 years, and it's a sad but true observation of how "Trying to Make Things Better™" ultimately makes things worse...

SCENARIO 1: Jeffrey will not be still in class, he disrupts other students.

SCENARIO 2: Johnny and Mark get into a fist fight after school.

SCENARIO 3: Mark gets a headache and takes some aspirin to school.

SCENARIO 4: Jack goes quail hunting before school and then pulls into the school parking lot with his shotgun in his truck's gun rack.

SCENARIO 5: Billy breaks a window at his school and his Dad gives him a whipping with his belt.

SCENARIO 6: Pedro fails high school English.

SCENARIO 7: Johnny takes apart leftover firecrackers from the Fourth of July, puts them in a model airplane paint bottle and blows up a red ant bed.

SCENARIO 8: Johnny falls while running during recess and scrapes his knee. He is found crying by his teacher, Mary. Mary hugs him to comfort him.

Whatever happened to common decency?

16 October 2009 • by Bob • Rants

I realize that we live in a stressful time - so many people are concerned about major events such as the war, the spiraling economy and housing market, the erosion of employer loyalty in an ever-changing job environment, etc. But every once in a while you are treated so badly by your fellow person that it's enough to make you sit up and wonder aloud at what's going on. On two separate occasions within the last week I have been witness to some of the rudest actions that I have seen in recent months. Either event was remarkable by itself, but compounded so much more so by the severity of the discourteous behavior that I witnessed in such a short time.

This past week my wife and I took our children to the movies. As we pulled into the theater's parking lot, I chose a space next to a large SUV that had managed to squeeze into a space that was clearly designed and labeled for a compact car. This space was at the end of a row of cars, and I pulled in so close to the sidewalk on the opposite side of the gas-guzzling gargantuan that my tires were grazing the curb as I parked; because of this action I was able to make sure that there was still plenty of room between both vehicles for people to enter or exit safely.

After the movie we walked to the parking lot where I noticed a note attached to my windshield. I read the note aloud which stated, "I have your license information and pictures. I'll call the police if there's any damage." My initial thought was, "Oh no, someone hit my car." For some reason it just didn't register with me at first what was actually being said, so my son and I walked around our car to inspect for damage. We didn't see anything wrong, so I reread the note aloud a couple more times and then it hit me - the author of the note was threatening me not to damage their car.

Never mind the fact that this automotive monster was located in a space too small for its size, the driver of this mammoth on wheels was concerned that I might somehow injure their precious beast. I looked at my son and joked, "If I wasn't such a nice person, I'd kick the door on the other side of their car." We both laughed at the thought, and since I had parked so close to the curb on the opposite side of the behemoth, my son was able to make use of the ample room between the vehicles to open our car door and get in for the short drive home. (Note: Because of my disbelief that the parking lot event actually occurred, I kept the threatening note and it now adorns the bulletin board in my office.)

The fact of the matter is, however, that even though the driver of that SUV didn't really need to write that note, it was up to me to choose how best to react. In some aspects, this could have provided ample opportunity for an angry "Pay It Forward" approach to the rest of my evening or the days ahead. I could have left an equally threatening note, or I could have damaged their vehicle out of spite. Instead, I chose to make a short joke to voice my frustration and drove home peaceably.

But sometimes it's hard to remain so detached.

Recently I needed to catch a flight home on Southwest Airlines, which prides itself for on-time flights and unassigned seating. Since I fly on Southwest Airlines fairly often, I know that I should get to the airport a little earlier to get in line for general boarding. When I arrived at the gate, I found a half-dozen people sitting in line already, and I dropped my carryon luggage at the end of the queue and sat down in the line. Over the next hour, several other travelers showed up and orderly took their places behind each other. Occasionally a person or two would mistake where the line was and walk to the front of the line, and would happily relocate to the end of the line when notified of their mistake by the people ahead of me.

A few minutes before general boarding was to begin, a few of the passengers at the front of the line began to stand up. Right as I got to my feet, a couple walked up to the gate and proceeded to get in line in front of the row of waiting passengers. I pointed to the people that were sitting in line and said, "These people are in line already; the end of the line is back there" and motioned to the back of the queue. The would-be line jumper remarked that none of the passengers that I had just pointed to were actually standing in line, they were sitting, so therefore they weren't really in line. I informed him that all of these people had been there at least an hour already, and that he needed to relocate to the rear of the column. He reluctantly obliged after a brief and curt exchange of words with all of the surrounding passengers, albeit complaining the entire way that he travels 120 flights per year on Southwest Airlines. After taking his place at the end of the line, he loudly exclaimed in my direction, "Yeah, don't even look this way, ---hole!" I turned around and stared at him in disbelief, while the other people in line began to laugh at him for creating such a ruckus over having to board the plane perhaps one or two minutes later. Was any of this really called for?

Once again, however, this left me with the choice on how I was going to react. I could have followed his example and launched into a tirade of expletives, but why stoop to that level? (I must admit, however, that I did take advantage of a situation that happened moments later. A person came running up just as I was about to board the plane, and he was holding a large, boxed painting. He said that he was supposed to pre-board but had trouble getting through security. I could see that he had a pre-boarding stamp on his boarding pass, and I just couldn't resist the situation - I looked at him, then I looked back at the would-be line jumper, then I looked back at the gentleman with the boarding pass and said, "Please - be my guest," and gestured for him to board ahead of me.)

Okay, I must admit - perhaps the last part of that story was a bit over the top on my part, but I just couldn't help myself. But once again, the line jumper was way out of line. He was wrong, but insisted that everyone accept his behavior. When the surrounding crowd forced him to take his rightful place in line, he did so with a never-ending stream of complaints, insults, and expletives. That just isn't right.

So I have to ask the question again; whatever happened to common decency?

Blog Navigation

You are on page 62 of 71 pages.

1 ... 60 61 62 63 64 65 ... 71