An Architect's View

Another ex-Microsoft Google blogger sounds off but this time about Microsoft's inability to actually ship software. Aside from the fact that trying to compare packaged desktop (or even server) software with web applications is, well, a bit tenuous, he does make an interesting point about .NET which, since he's ex-Microsoft, I'm inclined to give some weight to:

"You see, the .NET Framework isn't widely deployed. It is present on a small fraction of machines in the world. Microsoft built the software, tested it, released it to manufacturing. They "shipped it", but it will take years for it to be deployed widely enough for you, the ISV to be able to take advantage of it. If you want to use .NET, you need to ship Microsoft's software for them. Isn't this an odd state of affairs?"

When you consider the huge number of "legacy" PCs out there this is a pretty obvious conclusion (I mean, no consumer is likely to download 23Mb for no good reason and the vast majority of existing machines did not ship with .NET pre-installed). Sometimes this seems to get lost in the hype about .NET

Well, it didn't take very long, did it? A new piece of trojan malware is targeting Microsoft's brand new anti-spyware software, turning off the protection and then installing a keystroke recorder for various websites.

Microsoft gets into the spyware detection game but how good are they really?

According to security specialist Secunia, three flaws in IE 6 should now be considered "extremely critical" because of the public availability of code showing how to exploit the flaws. Microsoft was made aware of the flaws in October and the exploit code became available in late December. Secunia "also suggests using another browser product." Got Firefox?

---

Microsoft have posted two critical fixes...

Some poor Microsoftie tries to make Firefox's install process look insecure and asks how can he trust Firefox? Given the anti-trust suits against Microsoft, that struck me as a very ironic title. Of course, his blog post has attracted a huge number of comments, nearly all of which accuse him (and Microsoft in general) of a myriad crimes against security and users. I'm sure that's what he expected... at least, I hope he didn't think his post would get people going "Oh gosh, Microsoft, you're absolutely right - I won't use Firefox!" Naturally Microsoft are keen to discredit Firefox but the post seems ill-advised and ill-informed - as highlighted by so many of the comments. One of the key issues to come out of the thread is that spyware etc can have a Verisign certificate just as easily as 'legitimate' software so IE's reliance on certificates encourages a false sense of security. The comments are long but the vast majority are not direct flames - somewhat to my surprise - and there are some very interesting points made about Internet security issues in several of the comments.

Back in 1997, Scott McNealy told Upside magazine:

"I'm trying to ban e-mail attachments. I just want an ASCII e-mail. If you want to show me something, put it in a Web page, publish it, give me the URL, and I'll look at it. That's the new model."

I've always been a great proponent of that and will often chide my colleagues when they send me (and usually a dozen or more other team members) some 200K document instead of sticking it up on a website and sending me the URL. Living Without Microsoft touches on the same subject, reworking Richard Stalman's famous note about sending proprietary format attachments. It definitely sums up how I feel. Sure, use Microsoft products if you want but don't blindly assume your entire audience has MS Office installed. One addition I might make to LWM's response is "or FlashPaper" since that's a format that can be viewed in pretty much every web browser without needing a download...

The International Herald Tribune carries a story about the successes of open source and notes that Microsoft told the SEC recently that "the success of noncommercial software could significantly affect our results of operations and financial condition". For all that Microsoft has been very bullish about how it isn't worried about Linux, MySQL, OpenOffice.org etc, this is a pretty stunning admission - and confirmation that people are turning away from Microsoft in favor of open source, open standards and open choices. I was pretty surprised to read this - I'd felt that the bullishness of the Linux crowd (amongst others) was unfounded in terms of toppling the great software giant...

With all the hype surrounding Microsoft's .NET product offerings, it's very interesting to read this commentary from Scott Hanselman about why many VB6 developers will not migrate to VB.NET. Migration paths are very important for programmers. If they feel they don't have a reasonable migration path for their skills, they will consider changing their core skills instead of simply upgrading them. Microsoft is taking a big gamble on .NET because for both VB and ASP, the .NET versions are in many ways radically different - more of a reskill than an upgrade. They're gambling that developers using Microsoft technologies are prepared to reskill - still using Microsoft technologies - rather than stay put (with older MS technologies) or changing completely to non-MS technologies. A few recent notes I've seen on blogs indicate that there are likely five times as many Java developers than C# developers out there which is an interesting data point (and the trends don't look like changing that ratio in the near future).

Virtual PC for Mac: the first new version since Microsoft bought the product from Connectix. It doesn't seem to have a huge amount of new stuff in it although it promises performance improvements, especially for G5 owners. The upgrade (from v5 onwards) is $99 on pre-order. I'll have to think about that. I don't run VPC very often but a little extra performance would certainly be nice...

Macromedia - Developer Center: Upcoming Changes in Microsoft Windows XP Service Pack 2: reported on other blogs but I've only just found time to read through this article myself. It's really good to see Microsoft getting serious about security but after reading this, I have to wonder how much end users will really benefit. First off, end users are clearly going to find XP SP2 quite disruptive at first as they are bombarded with alert dialogs asking them if all sorts of incomprehensible operations should be allowed. If they say "no", they'll probably find a lot of their programs stop working. So they'll probably get into the habit of just clicking "yes" and allowing pretty much everything to happen. That will make them very vulnerable again since they'll almost certainly click "yes" on an invalid operation and yet another worm / virus will be on the rampage. I bet that virus writers will simply make sure that whatever SP2's security dialogs ask a user contains some very plausible program name. But it is a step in the right direction I suppose and it looks as if Microsoft have taken this opportunity to enhance Internet Explorer with some of the privacy, security and pop-up blocking features that many other browsers have had in place for years and that is definitely a good thing, no matter what you might think of IE (Uncle Bob likely won't switch from IE so let's at least make it a bit safer for him to use).