Ali Alvi's WebLog

A friend of mine once mentioned to me that there's a website that you go to and just tell them what song or artist you like and they create a playlist of songs that match your song's musical qualities and stream those to you. I didn't believe him and we had a bit of a discussion how it is really hard to sample recorded music because of the different instruments involved and the overlapping tones of those different musical instruments mixed with the vocal stream. I did acknowledge that it would be pretty neat if I can have some software that I can feed in a song in recorded format (mp3 or wma etc) and it filters out the different instruments and splits them into different tracks for me. What would be neater would be if the same software can transcribe the music for me. Being a bit of a guitar player, it would be really neat to have a software which I can simply feed any song and get the tablature for the guitar solo, for example.

Anyway, I forgot about that conversation until recently when my very good friend and guitarist Saad Ansari mentioned it again to me. Afterwards, I decided to visit Pandora's website to see what the fuss was all about. It wasn't what I originally thought it would be. They don't have a dynamic algorithm that samples music and attaches musical attributes to it. Instead, what they have done is gone through millions of songs and analyzed the musical qualities of each song and bucketed them based on their musical attributes - these attributes were assembled by the folks at MGP and number in the hundreds including attributes that relate to melody, harmony, rhythm, instrumentation, orchestration, arrangment, lyrics and vocals. This way, they are able to categorize individual songs and not just artists.

Anyway, the website was a simple page that just popped up this flash control that asked me to name a song or an artist that I liked. Being a huge Hendrix fan, I decided to put in Voodoo Child (is it Child or Chile, I can't still figure it out). It immediately popped up a couple of options since it found multiple entries with that name. I chose the one by Jimi Hendrix and then it gave me a message telling me that it is creating music that matches the qualities of Voodoo Child. After a couple of seconds, it started playing music. It started off with Manic Depression by Jimi Hendrix and I thought to myself, "big deal, anyone can play another hendrix song to tell me it matches Jimi Hendrix's musical qualities", but I noticed that it popped up a message saying that it is starting me off with a Hendrix song deliberately and it thinks that this song closely matches Voodoo child's qualities of electric guitar riffs, an electric guitar solo and a dynamic male vocalist. This got my attention since those were they key things that I think of when I think about Hendrix's songs like Voodoo Child. So I decided to let it play songs that it deemed fit. After Manic Depression, it played a song by Pat Travers titled Snortin' Whiskey. I had never heard this song before and I really liked the song. The tone of the guitar matched very closely to what Jimi produced in Voodoo and I actually found myself really enjoying the song. The first thing that popped to my mind was to write down the name of the song and the artist so that I could get it off of iTunes or wherever I can find it the cheapest. This is when I noticed that if I hovered over the currently playing song (or any other song in the list that is playing currently), I gives me a couple of options. There is a thumbs up and a thumbs down icon to signal whether I like this song or not. I presume they use that information to dynamically update the currently playing station. Other than the two options there is a third option that pops up a menu that lets me do more actions on this song. One of the key things in there was that it lets me bookmark the song or the artist. If I decide to bookmark the song, it adds it to my profile which lists all the songs and artists that I have bookmarked with neat options like links to buy them from different sites or play a sample if you've forgotten what the song sounded like. I also get the option of buying the song from iTunes or Amazon directly from the same menu that lets me bookmark the song. It will also tell me why it played this particular song by specifying the key qualities of the song and how they match the qualities of the song that I used to create the station. If you think one song does not properly describe the kind of music you want to listen to, it lets you add songs to the station and then uses the qualities from all these songs to stream new music to you.

After spending an hour or so listening to music streamed by Pandora which included songs by artists like Neil Young, Ted Nugent and the like and after realizing that I hardly got a song that I didn't like(it passed my personal baseline test of playing SRV's version of Voodoo Child), I was sold on the idea and thoroughly convinced by the work of Music Genome Project. I signed up so that I could have free streaming for life and maintain upto 100 different stations. I created a Rock Ballads stream using some of the songs that I like. Also created a Metal Station using Judas Priest and Iron Maiden's music, although I found Pandora to be lacking in that department since it couldn't find some of the songs that I mentioned. It does find almost all artist that you throw at it, so thats still good enough for me.

Just fiddling around on the Pandora's website I found this neat utility that lets you get the bookmarked songs of any user and put them on your blog site. So just to promote my own musical taste and Pandora itself, I've decided to add my Bookmarked songs to my blog and you can find them in the side bar under my photo. I think that I will never again need to DJ songs for myself at work since Pandora is doing a great job of it and is simultaneously exposing me to so many songs and artists that I have never heard before. The only thing is that I have to go and open the website and have a browser window open all the time to keep the music playing.

Good work MGP ... cheers !!

Ali

P.S. Just as I was typing this post, I got news on PandoraBrowse. Someone went out and built a minibrowser to drop Pandora into your systray. Its far from pretty but it's nice to have for someone like me who doesn't want to have a browser window open all the time just for this.

Mozilla released FireFox 2.0 today and it is available for download from their website. I haven't used Firefox much to know what has changed from 1.5 but they do talk about improved tabbed browsing, session restore, RSS and Live Titles as some of the key things in 2.0. It also has a spell checker built in and provides search suggestions. Also built in is phishing protection which warns the user about suspected forgery.

IE team sent mozilla a cake to congratulate them on shipping Firefox 2. Hope they enjoyed it! It has been a good couple of days for the browsing world.

 Cheers

 Ali

I was recently asked this question by someone so I did a bit a of look around to find the answer to this and thought I'd share it with the rest of you.

A quick word to clarify what I am talking about. In Internet Explorer, there are 5 Security Zones that are basically trust namespaces. A certain URL can end up in one of these 5 zones and then conforms to the policies described in that particular zone for all its URLActions. All but one of these security zones are exposed through the UI in inetcpl under the Security Tab which shows the Local Intranet, Trusted, Internet and Restricted zones in there. You can either set these zones to one of the predefined template setting or you can control the policies in these zones for individual URLActions by setting the level to 'Custom' and editing the policies. My Computer (aka Local Machine) zone, however, is not shown in this UI. That is the way it has always been. The reason this was the case was because Local Machine Zone was a zone of extremely high trust and we did not want the user making any changes to the security policies in that zone. The settings were historically low to begin with, and this was one of the reasons why in XPSP2, we came out with the idea of Local Machine Zone Lockdown (LMZL) to clamp down on some of the key settings in this zone for IE. Long story short, it was deemed unsafe to make the My Computer zone visible in the UI. But that does not mean that it can't be done. It used to be a simple registry tweak that would make it show up but due to LMZL, its become a little bit non-intuitive and somewhat less useful in actual terms of being able to modify active Local Machine Zone policy from the UI.

 Every zone has some attributes like the name, description, icon that are used to describe the zone. These attributes sit in the registy at the following location:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\[0-4] 

The last number is the zone ID which is 0 for Local Machine Zone. This is the same location where the actual URLAction policy set is stored as well. One of the DWORDs under these keys is the Flags DWORD that is a bitmask of the Zone Attribute Flags (ZAFLAGS). One of these attributes is the ZAFLAGS_NO_UI  attribute which is defined as 0x00000020. This attribute controls whether that particular zone shows up in the inetcpl UI or not. So really, unsetting that particular bit on the Flags DWORD should make the zone appear, right? WRONG!!! It used to be that way and it would still work if you are running inetcpl inside of a rundll32.exe to see the changes. But if you are running it from inside of iexplore.exe, you will notice that the My Computer icon does not show up on the Security Tab inside inetcpl. So whats going on? Why is it showing up? The answer is LMZL. Due to LMZL, now inetcpl uses the Zone Attributes from the Lockdown zone settings instead of the normal zone settings for Local machine to decide whether to show it in the UI or not. So in order to make My computer show in the UI, you will need to change the Flags DWORD under the Lockdown_Zones\0 .. so the location you need to change is at the following registry location:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0

Change the Flags DWORD to remove the 0x00000020 flag and now you should be able to see the My computer icon in the Security Tab in inetcpl UI. So what does that give you? It gives you the ability to click Custom Level button and change the settings for individual URLActions for My Computer Zone just like you can do for other zones. So picture this, you don't want scripts to run in the Local Machine Zone, So you open up inetcpl and go to the Security tab and click on My Computer icon and then click the Custom Level button that takes you to the Security Settings dialog. On that dialog, you scroll down to the Scripting section and change the value for Active Scripting to Disable. You apply the settings and then load up a local html file with a script in it. The script doesnt load and you see an Information Bar telling you about it. Working as expect you think, until you click on the information bar and it gives you an option to "Allow blocked content". You click it and your script runs. What just happened??? Didn't you just block scripts from running? Did that setting not take effect? Is there something else that needs to be done? Well, what just happened is that you just edited the settings for the Normal Local Machine from the UI. But since you're running inside IE, LMZL is turned ON for the process and the setting for LMZL dictates that you simply prompt the user about scripts in the page and if the user chooses to allow it, it goes ahead and allows it. So even though inetcpl reads the Attributes from the Lockdown_zones, it still read the policy settings from the Normal Zone hive in the registry and all changes made from the UI take effect in the normal zones\0 hive as well. So really all that hussle to make My Computer show up in the UI achieves little if anything at all as far as IE is concerned. The changes that you make through it will affect other processes that do not have Local Machine Zone Lockdown turned ON for them. But due to security reasons and the entire concept of "Locking Down" the local machine, inetcpl does not allow you to change the active LMZL policies from the UI. This is consistent with the original intent of not allowing the users to mess with the Local Machine Zone polices. The only 'weird' thing is that you have to change the NO_UI attribute under the Lockdown_zones\0 for the UI to show My Computer, but changes to settings work in the opposite way.

All part of a grand plan to obfuscate the settings from the user? Not really. The original idea was simple: set the flag so that it doesnt show up, advanced users can make it appear by flicking a bit in the registry. But since the default behavior was to not show, it became a bit of an unsupported scenario and subsequent changes have made things more complicated than they need to be. At the end of the day, though, I think its best not to mess with the Local Machine Zone policies at all. But that doesn't stop us from knowing how to do it if we ever decide to :)

 Cheers

Ali

P.S. I appeared to have lost the password to my account on the image server, so I am currently unable to add images to the text. I will update the post once I sort the password issues out.

The Microsoft Security Response Center has posted a blog entry that talks about this vulnerability that is being reported in the news in IE7. This is a publicly disclosed vulnerability which is actually in Outlook Express (OE) and uses Internet Explorer as a vector. Its not an issue with IE7 or any other version of IE. There's no known exploit that uses this vulnerability, one which is classified as 'less critical' by secunia.

Just to clarify, the claim that this is a vulnerability found in IE7 is incorrect. Its a known issue with OE and as of typing this blog post, its not being used by any malicious exploit to attack the user.

Cheers and happy browsing with IE7.

Ali

I'm deliberately late in blogging this since I wanted to make sure I wasn't jumping the gun, but doesn't mean I am the least bit less excited about saying this. After 5 years in hibernation, Internet Explorer is finally back with a major version update. Internet Explorer 7 (IE7) has been released today for Windows XP. Its available for download on the Microsoft website. There isn't anything that I can say here thats going to be additional about IE than whats been posted on the IE blog. So I'll spare everyone the redundancy of that. I just want to share my excitement on achieving this milestone. When I joined Microsoft over 5 years ago as part of the IE team, we were at the brink of releasing IE6. I was part of the excitement that surrounded shipping XP and IE6 but I hadn't been a part of the team long enough to really experience the emotions of releasing something as major as IE to the world. 5+ years later and at the end of a long and hard journey that invovled Windows Server 2003, IE6sp1, XPSP2, ServerSP1, Security related releases and countless fixes released to Corporate Customers before finally getting the focus on track to the next version of IE, I feel very proud to be a part of a team that endlessly strives to make the lives of end users better and more comfortable. There have been ups and downs along the way but I can safely say that yesterday and today are definitely an UP.

 I hope you will download and use IE7 and I look forward to hearing from our users and reading their feedback. This is just the beginning of a new world for IE and I hope you are as excited about being a part of it as I am.

Happy browsing and Cheers!

 Ali 

Hello everyone

Dean just posted a message on the IE Blog about IE7 for XP .. enjoy!!

Its been a very sad and tragic week for my country. Most of you must know about the terrible earthquake - the worst in its history - that hit Pakistan on the morning of October 8, 2005. The magnitude of the quake was measured at 7.6 on the richter scale and it was centered 60 miles north of the capital city of Islamabad (which is also my hometown). While most of Islamabad survived the scare, the northern parts of the country weren't so lucky. The cities of Muzaffarabad and Balakot were completely grounded within seconds of the earthquake. The infrastructure was damaged so badly that these cities were completely cut off from the rest of the country, making it impossible for help to get there. The death toll so far is 24000 and is expected to rise to about 35000. There are more than 60000 injured and millions who are homeless and in the open. Those who survived are in dire need of food and shelter. Relief work is on going and will take months, even years to complete. There are a number of organizations that are participating in the relief efforts and they need support from all over the world to carry on this daunting task. Here are links to a few organizations through which you can help with the relief effort. This is a very poor part of the country, so anything you give will be of extreme importance.

Islamic Relief : https://www.irw.org/donate/

Edhi Foundation & President of Pakistan Earthquake Relief : http://developpakistan.org/Default.aspx?tabid=149 (goes through PayPal)

These organizations are eligible 501(c)(3) nonprofit organizations, so if your employers have a matching program, you can even get these charities matched.

For update information about the earthquake, check with Pakistan's news channel GeoTV or on BBC and CNN

Updated on October 13, 2005 @ 1630hrs: The deathtoll has gone up past 40,000 and an estimated 4 million ppl have been left homeless. 147 aftershocks were registered after the initial quake. One of which measured of 6.2. Another 21 occurred with a magnitude greater than 5. Cold weather and snow is making life even tougher than it already is. PLEASE HELP!!! I am adding a link to Microsoft's earthquake donations page for those who wish to get a bigger list of relief agencies.

Its been a while since my last post here. I guess Beta 2 work has been taking most of my time. But I thought I should take some time to point people to the work that I have been doing for Internet Explorer 7. Eric Lawrence, our team's feature Program Manager recently posted on the IE Blog about the implementation of IUri interface inside of IE and how it affects the overall URL parsing and handling experience for IE. As always, Eric has articulated it better than anyone else could dare. Thats why I'm fixing bugs and he's posting on the IE Blog [:)]

Please take a moment to review his post here.

Hope you guys are enjoying Beta 1. Its just the tip of the iceburg, I am super excited about Beta 2 !!

Today, the IE team decided to share some of the details of its upcoming release. Chris Wilson posted on the IE blog about the Alpha PNG support and CSS improvements that have already made it into the product. There are a lot of other things that are waiting for their turn to be unveiled, but for now I am sure that the web developer community will welcome this information since these two things were right at the top on feedback coming from all medium. These two were top hitting requests on my own blog when I solicited feedback on features desired in IE.

I am very excited and can't wait for more features to make the limelight and then finally for Beta 1 to get released. A common denominator to all this is definitely security and trustworthy browsing and all these new features are built around these key demands in today's browsers. I hope you all are as excited about this as the entire IE Team (including myself :)) are.

Stay tuned for more in the upcoming weeks and months! 

So my wife got me a new iPod Photo as my anniversary gift (gotta love her for knowing me so well - albeit my incessant drooling while looking at the iPods in the Apple Store in Bellevue Square might have given her an idea or two - but nevertheless it was lovely of her to be so considerate)

Anyway, so I finally got something that would allow me to carry my music with me where I go. The nicely equipped package came with all the necessary accessories like USB 2.0 and Firewire Connector cables, a docking station, carrying case and a pair of headphone (not really the best, but will do until I get my hands on the Bose Noise Filtering ones). The sleek colored screen and the associated support for downloading and carrying photos is a HUGE plus for someone like me who has tonnes of photos and dozens of relatives in different parts of the world always asking for high res photos. The bigger storage means there's a lot o more weight than a 20GB one, but its not that much to cause a problem. The display quality has improved manifolds from the previous generation iPods. There are nice smooth transitions between menus and photos (while viewing a slideshow). The sound quality is fantastic with very easy to understand and use controls on the touchpad (which is also the navigation pad for menus).

However, there were a few disappointments too. The biggest one being that you can only view slideshow of photos with selected playlists. I thought the most obvious thing would be that I would be able to view a slideshow while listening to my currently playing songs, but that is evidently not the case, the slideshow stops the currently playing song and starts playing the pre-selected playlist which is kinda absurd (and something to improve on). The screen - with all its nice colored resolution, seems like something that will easily get scratched. To avoid scratching, you can put the iPod in the carrying case, but the one that came with the package would then make the song selection impossible - but its still a good thing to have if you always play select playlists of songs - unlike me who changes to a new song manually everytime. The chrome is very fancy, but you cannot use the iPod without putting your fingerprints ALL over the chrome finish. That makes it look less stylish to say the least.

I have already copied about 5 GB of high quality images as well as abouit 20GB of songs (iTunes makes it a lot easier to organize and copy songs over). I had to write a utility to make the song names and the artists information accurate for most of my song collection. But copying of 20GB in two days is not bad going.

Finally I can listen to pretty much any song I have without having to carry a CD case with me. I have already ordered the monster iCarPlay accessory that comes with a charger and the ability to broadcast songs over FM, plus it has a huge FM range to select from and you can even save up to 3 in memory for quick switching. Can't wait for it to arrive.

It was a good anniversary :)

Bill Gates announced Microsoft's plan for the next version of Internet Explorer in a speech at a security conference. See this link for more on that announcement.

Key point to note .. Internet Explorer 7 will be available on XPSP2 !! Read IE blog for announcement from Dean Hachamovich on this.

For updated information in the future about IE and related announcements, visith the Internet Explorer Homepage.

IE7 is on the way !!

We released two critical updates to Internet Explorer yesterday as well as one critical security update to the Shell code.

Read the Security Bulletin or check out the Bruce's Post on the IE Blog for more details.

I encourage everyone to download and install all these updates if you haven't done so already.

Ali

Go to the following page to read more about Windows Server 2003 Service Pack 1 (SP1) Release Candidate 2(RC2) and instructions on how to download it. This version of the software is intended only for installation in a test environment. We advise against installing and evaluating beta software on any production computers.

http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx

It is a good time to install and test your environment so that the RTM deployment goes without any glitches. It will also give you a headstart to making sure that all your applications are working fine with the new security features. This page also has a link that lists Top 10 reasons to install Windows Server 2003. There's another link that talks about the New Networking Features in Microsoft Windows Server 2003 SP1.

RTM is not too far away either.

Ali

Join the chat room on the day of the chat: http://www.microsoft.com/windowsxp/expertzone/chats/chatroom.aspx

Other Expert Zone Chats: http://www.microsoft.com/windowsxp/expertzone/chats/default.mspx

Hope to see you all there.

Ali

Just read this article :

http://www.bbspot.com/News/2005/01/microsoft_antispyware.html

This is a hoax ofcourse not true (BBlog is a site that provides humor via interesting concoctions). There is (obviously) no truth to this .. IE does NOT get detected as Spyware by Microsoft AntiSpyware software and it will not be removed. The funniest comment in the post was :

"It shows how powerful our AntiSpyware program is," said Weatherbee. "Not only is it able to remove spyware from the system, but also the source of most spyware. Our competitors can't match that."

Do not get deceived by this, but it is quite amusing :) The AntiSpyware is in beta and does have issues, but this certainly is NOT one of them.

Just updated my POST to give an accurate description of the story. It is intended to be funny, not an actual news report !