Tag: microsoft

Microsoft Security

Security is the new number 1 concern for Microsoft. The repercussions of this are still some time off, but the Windows is insecure jokers will have to look elsewhere for amusement. Security has so far been the domain of anal-retentive folks, and was not exactly hot. Maybe we can finally move away from crappy pointer-based languages? Yeah, one can hope.
2003-08-23: Very interesting perspective on the security of DCOM after last week’s worms:

Microsoft has made some pretty strong claims about the improved security of our products as a result of these changes. And then the DCOM issues come to light. Unfortunately, it’s still going to be a long time before all our code is as clean as it needs to be.
Some of the code we reviewed in the DCOM stack had comments about DGROUP consolidation (remember that precious 64KB segment prior to 32-bit flat mode?) and OS/2 2.0 changes. Some of these source files contain comments from the 80s. I thought that Win95 was ancient!

2004-02-17: You’ve got to hand it to these guys that they have sense of humor.

2004-06-24: Turns out Microsoft really means it this time. I had an older SQL Server 2000 running that stopped working after the update. Turns out XP detected the missing service packs for MSSQL and disabled TCP access on the default MSSQL port. Commendable, although the error message could have been displayed more prominently (maybe as part of the new security center)
2007-11-30: Microsoft continues its old lies about security. Why do they bother? Their products have become better, why piss into their own well?

Do people in charge of security strategy at Microsoft really believe that aggressively concealing the count of fixes that do make it out makes a product more secure? Shouldn’t they be trying to fix more bugs, rather than writing reports that would “punish” them for actively improving the security of their users rather than hoping that defects aren’t found by someone who they can’t keep quiet?

Technical webcasts

killing some time at the office, i came across technetcast.com which has some good webcasts available for download. the top 30 streams are:

  1. God and Computers, Lecture 1: Introduction
  2. The Golden Penguin Bowl
  3. It’s 2001. Where Is HAL?
  4. ReconBots
  5. Donald Knuth: MMIX, A RISC Computer for the New Millennium
  6. codebytes: Bjarne Stroustrup
  7. CodeBytes 0x02: Developers React to MacOS X
  8. Spiritual Robots: Ralph Merkle Presentation
  9. Bjarne Stroustrup: C++, A New Language for the New Millennium
  10. Spiritual Robots: Doug Hofstadter Presentation
  11. Danny Hillis on Game Software Development
  12. XBox, One Year Later
  13. Essential XML/SOAP with Don Box
  14. God and Computers, Lecture 2: Randomization
  15. The Nautilus Project
  16. Consoles vs. PCs: Is the PC Really Dead?
  17. ORA P2P: jxta – From UNIX to Java to XML
  18. The Technology Behind Google
  19. The Semantic Web
  20. Keeping Software Soft
  21. Linus Torvalds: The Latest Linux Technical Report
  22. codebytes: GNU Hurd with Thomas Bushnell
  23. Python 9: Interview with Bruce Eckel
  24. Spiritual Robots: Bill Joy Presentation
  25. Spiritual Robots: Ray Kurzweil Presentation
  26. SOAP Programming with Java: A Foundation for Web Services and UDDI
  27. Early Computer Crime
  28. Bill Gates Keynote at GDC 2000
  29. XML in eCommerce and Enterprise (Panel)
  30. Silicon Snake Oil: A Skeptical View of Computing

.net beta 2 first impressions

scott guthrie (ms):

Our goal with Beta2 is to have as high-quality release as possible. Specifically, we have decided to not postpone any bugs to be fixed after the Beta2 milestone — and instead try to get all known V1 bugs fixed for the beta2 release. An ambitious goal — but one that we think will really deliver a great quality product.
We are also doing a lot of work to make sure that ASP.NET Beta2 will support production deployment of high-volume projects. Specifically, we are working with 11 MSN Applications (each with a significant customer volume) that will go live before Beta2 ships — to allow us to find any nasty stress issues remaining (ones that just don’t show up in a simulated test lab).

it looks like MS did their homework on this release. a quick look into the help files does not show any TBDs like it did with beta 1. also, many stupid bugs that were in visual studio beta 1 seem to have been eliminated. i think that with the missing docs in place and critical bugs fixed, .net will reveal its secrets more willingly than before.

tech ed day 5

i had to wait until the last day of tech ed to experience a speaker that has such a cult following that he can get away with holding is talk from a bathtub on stage. of course i’m talking don box here.

besides being a great speaker don is known for soap co-authorship and sitting on the xml schema working group. don spoke at length about how massive the transition from traditional win style programming to .net will be. in his view it compares only to the change from DOS to windows nt.

besides cracking jokes all the time don showed how the move to richer metadata in the type system transfers the intent of a programmers code better than current approaches do. in his words, understanding the matrix helps you to understand the clr. there is an (idealized) world inside the clr, and tough reality beneath. much as there has been a distinction between userland and kernel mode, don argues that adding another layer of abstraction will help to get better results. while it is certainly true that higher levels of abstraction give you more leverage, you cannot avoid to wonder how layers upon layers of cruft (.net was basically bolted onto com implementation-wise to maintain compatibility with the installed base) make for a stable system…

Tech Ed Day 4

due to the attractions of barcelona’s nightlife, i missed out on most of the talk about attributed programming. would have been interesting, but like it was it went over my head a bit..

uddi was touted as a solution for finding out about web services and to facilitate integration of applications across the network. while a directory of services is certainly useful it remains to be seen how many directories will be vying for attention and thus reduce the reach of each of them. wsdl, which is the standard to describe the actual apis turns out to be a “throw everything in” kind of standard. even microsoft’s implementations (there are 3 of them) have no interop..

the talk on java vs .net was very well done and while the 2 platforms look remarkably similar, java does not currently have a web services strategy. what became evident though is that all major vendors bet on web services and have at least agreed on soap for interop.

the evening held a gigantic party in store. microsoft had rented the olympic stadium and the surrounding area and threw a party for all 9000 tech ed attendees. attractions ranged from spacing
to foods of all sorts, including an attempt to produce the largest paella ever made (with a diameter of 5m they seem to have succeeded) to clowns, to a concert by a queen lookalike band, to the final fireworks.

tech ed day 3

the day started off with an in-depth session about c#. c# has some nice properties that can stand on their own, but industry support will be crucial. versioning of classes is an approach to tackle the fragile base class problem where changes in a base class lead to bugs in derived classes because the derived classes expect certain methods or variables to be there. versioning can at least give the programmer a hint where problems may arise. if i understood this correctly this versioning information is part of the metadata that is stored alongside the classes and can therefore be used at runtime. another nifty feature are xml comments. extending on the javadoc idea,

they can contain structured comments which can then be transformed with an xsl stylesheet. besides this there are some minor cleanups of c++ like requiring boolean values with each if while construct or escaping entire strings like this: string bla = @”\servershare.la.txt”;

the next presentation was quite impressive, with mark russinovich of sysinternals.com fame at the helm. he gave a walk through for some of his tools, like filemon, regmon to monitor file / registry accesses, respectively. his tools are even used within microsoft. also his process explorer does a lot more than the built in task manager, like killing any process without giving stupid access denied errors. he even has some nifty tool to remotely execute commands. this little hack works by auto-installing a service via the admin share of a remote computer and then carrying out the requested operation.

after his session i tried to charge my notebook but only got to 50 % meaning i had to look for power strips all day 🙂 the lunch session was very informally held by mark russinovich. his first slide surely caught our attention.

he then went on to demonstrate how far windows has come in terms of architecture, stability and scalability. he threw in lots of tidbits like the fact that the build number for windows is being continuously increased since 1992, the most current is 2505 (XP RC1). so this basically means that the windows os has had 2500 complete builds in 10 years. locking has been made more fine-grained in XP, resulting in scalability increases. i can see it now: a new round of windows benchmarks stacked against linux benchmarks. it came to light that the nt kernel is written somewhat object-oriented (it even uses exception handling i hear) if details like these interest you you should check out the nt resource kit as it comes with great documentation.

the rest of the afternoon was spent in 2 sessions about debugging, one called analyzing crash dumps and the other .net debugging. the first one was quite interesting, i learned that microsoft has a tool to analyze crashes which uses heuristics to determine error patterns in your application. somewhat similar to dawson engler’s meta-level compilation except that it analyzes the binary and is therefore most likely
less powerful than dawson’s approach.

in between we squeezed a meeting with jose osuna, responsible academic manager for switzerland. we had a good talk and i hope we can have some events with him in the future.

now i am off to catch some of barcelona’s nightlife. i’ll skip the graveyard session for once.

TechEd day 2

notes on .net and how open source may counter the threat, some stats and great food. we hurried to the conference area after a much too early rise. it was on the way to the conference that we realized for the first time how huge teched is.

the main room was just gigantic.

we were greeted by queens barcelona anthem followed by some dull marketing fluff. among reams of uninteresting tidbits we learned that there were some 9000 attending teched. after a while anders hejlsberg entered the stage to give the first keynote. considered by some to be one of the best programmers, his performance left a lot to be desired. of course, he had to remain on the surface, this being the keynote he had no chance to demonstrate some of his considerable talents as a language / systems architect. he was quite successful to give a glimpse of the .net framework and its far-reaching impact, however. all of the days sessions centered around .net. the point that microsoft believes in open standards was driven home many times, with some credible demonstrations like microsoft’s early involvement in xml standardization and its increasing reliance on established standards like kerberos, ldap, dynamic dns, wbem (web based enterprise management), xpath, xslt, http (the list goes on) over the course of these presentations it became very clear that microsoft has unleashed something much larger than it can ever hope to handle like it has in the past when it introduced the concept of web services. web services have all the ingredients of a disruptive technology. they place simplicity where complexity and opaque systems have reigned for so long.

their complete reliance on xml for all aspects has brought them some criticism from some quarters that they are not being efficient and that xml adds nothing that was not there before. i was wondering along these lines as well. however when i saw how the concept of web services has evolved in one year i started to notice similarities to the classic and incredibly successful osi model. web services start where osi ends, but they share the concept of piling independent services on top of each other. this has been a very powerful architecture in networking systems, especially tcp/ip. since xml is such a simple representation of data it has been very easy to extend web services with additional layers and make them increasingly powerful. i believe that the benefits from a large scale adoption of xml will be reaped with ever more layers stacked on each other, with ever increasing power.

although web services are an active area for the w3c, it remains doubtful how the industry will counter microsoft’s .net juggernaut. declaring support for soap, as ibm, sun, oracle and others have done, is not going to cut it. what is needed is a credible architecture that can compete feature by feature with .net. although all the components like apache (web server), soap for apache, jabber (xml messaging), kdevelop (ide), postgresql (database), ldap (directory) exist in the open source community, they are not part of an overall architecture. it would be a major undertaking to get the developers of the respective components to talk to each other and agree on common interfaces. the old unix argument about never setting policy looks quite silly when you realize what productivity gains microsoft will be leveraging with their .net platform.

it also became quite evident that we have seen nothing yet in terms of the web services architecture. many key pieces are missing, like meta data to enable the retrieval and processing of semantics from
data (to support agent technology for instance), the questions of payment for web services and global, fine-grained security matrices (who has access to which of my data). web services are loosely coupled
but they have no mechanism to guard against api changes or to facilitate negotiations on usage terms for web services.

besides all these lofty ideas we came back to reality quickly when we saw the enormous amount of logistics that went into this conference. details like having a dining hall for 9000 people
or being so well organized that leaving my camera in the computer area was not a complete disaster (i struck it lucky when i got it back from the lost & found counter) made a big impression on me. the all you can eat buffets every few meters had their influence as well..

i learned a few interesting details about eai (enterprise application integration) an area where bea systems has been strong and microsoft made their debut with their biztalk server. for instance most people that believe that they need synchronous interfaces (ie immediate access to results) actually don’t.
you can fool these people with clever tricks like pretending to be synchronous on the front end via http redirects while your backend interface is in fact asynchronous. the graveyard session for the day was actually quite funny even though the main speaker had to boast about his accomplishments all the time. they shared many anecdotes like being used as a spam relay during scalability testing, their isp wrongly throttling their bandwidth on the incoming mail connection to 70 kps for 500 concurrent users 🙂 they made up for that with their end to end ipsec deployment (would have been too lovely to sniff passwords in a lan with 6000 mobile ethernet clients..) and replicating several databases in real time to london. after this session we were driven to a nice location just opposite our hotel for the swiss country dinner. it was basically one of the nicest places i have been to in quite some time. great job microsoft.

tech ed day 1

submitted directly from the conference floor via wireless ethernet.. 🙂 that’s the power of wireless i guess..
we entered barcelona after a refreshing flight with sensational view over the alps around 10. after checking into the hotel we went to the conference center where we were greeted by bunches of geeks sitting on the floor, huddled over their notebooks or their newly acquired geek toys (aka compaq ipac).

we were handed a monstrous conference backpack in bright yellow. the backpacks were just too offensive for our visual cortexes so we had to dispose them soon afterwards. we queued to get a hot new compaq ipac with a wireless ethernet card. soon afterwards we were successfully checking into the abstrakt portal. does this rule or what. somewhat relieved and with our ipacs we headed back to the hotel to chill out and play with the ipacs.

although they have a high coolness factor and it was great fun playing around with them we concluded that using the analog conference schedule still beats the online version by a lot in regard to usability. besides, the paper version does not forget your notes after a reset. after hunger sent us out to fetch some food (we found some selection of tapas) we headed back to the conference for a special student welcome dinner. microsoft must have taken a page from other conferences since we were greeted by nice hostesses. what a contrast to all these shy geeks.. unfortunately though there were not too many female geeks around, as had to be expected.
we were then driven to a restaurant and a large buffet was quickly consumed. we shared the table with 2 guys from cambridge who are working as microsoft consultants during summer break. they are currently implementing voice over ip application over gprs using the compaq ipac. to our great amusement they were avid slashdot regulars and the rest of the evening was thus spent in merry geek lore. topics ranged from umts to the singularity to debian installs. in short, a very refreshing discussion. we were then
advised as to what sessions out of the 264 we should attend. clearly there will be some hard choices to be made as some interesting sessions collide.
after we were handed a fancy schmancy jacket in brightest yellow (we kept it because it looked kinda neat for a change) we were dismissed and spent the rest of the evening catching up with various projects each of us had been silently advancing. barcelona is one heck of a nice city by night.
so many decent places to hang out.