All posts by onlyconnect

blogging, microsoft, software development

.NET history: Smack as well as Cool

2 Comments

Microsoft’s Jason Zander comments on my piece on the early history of ASP.NET:

  • The CLR was actually built out of the COM+ team as an incubation starting in late 1996.  At first we called it the “Component Object Runtime” or COR.  That’s why several of the unmanaged DLL methods and environment variables in the CLR start with the Cor prefix.
  • There were several language projects underway at the start.  The C++ and languages teams both had ideas (Cool was one of them), and in the CLR we wrote Simple Managed C or SMC (pronounced ‘smack’).  We actually wrote the original BCL in SMC.

He says these are corrections though they seem more like supplementary information to me. I don’t have any inside knowledge of this history other than what people who should know say to me (though I do also have my own recollections of what was said publicly). He may be reacting to the idea that the CLR came out of the VB team, which Mark Anders kind-of implied.

One of the reasons I love blogging is that multiple authors can have a crack at getting the facts right. A great personal example is when I asked the question Who invented the wizard; and a good candidate came forward over a year later. If you see something inaccurate or misleadingly incomplete on this site, please do comment or let me know by email.

Technorati tags: , , ,

internet, microsoft, software development, web authoring

Microsoft vs Mozilla Javascript wars

My comment is here.

Note this debate is not only about the merits of different versions of Javascript/ECMAScript. It is also about power and responsibility. However you spin it, and however far Adobe and/or Microsoft succeed with Flash/Silverlight/AIR, I think we can agree that the browser has an important role for the foreseeable future. It is also likely (though less certain, I guess) that Internet Explorer will continue to have a large market share. The company does have a responsibility not to hold back the Web, and that surely includes not obstructing the evolution of a high-performance Javascript runtime.

It is disappointing that Microsoft says so little about IE8, presuming it exists. If the company sticks by its undertaking to leave no more than two years between IE releases, we should expect it no later than October 2008, less than one year away. It would help web developers to know more about what will be in it.

amazon

Long-term implications of the Kindle

2 Comments

Thought-provoking post by Danny Bradbury:

Is a butt-ugly $400 electronic prison for books going to get America reading again, or cause those kids to suddenly get interested in Thomas Pynchon? Survey says no. If publishers are driven by anything to look at new and innovative ways to deliver content, that problem will be what drives them. And if they do figure out a way to deliver content in different forms more suitable to the net generation, it’s unlikely to look anything like a book. Which is unfortunate, given that Amazon just invested in a device designed to mimic it as closely as possible.

Curious thing, the book. So easy to digitize; so hard to digitize well.

Technorati tags: , ,
security

15m UK bank details lost – but what’s the risk?

6 Comments

The UK is in a panic right now because data containing 15m recipients of child benefit has been lost. It’s a serious incident and the chairman of HM Revenue and Customs has resigned.

Even so, I’m a little confused. I watched TV news over lunch and several identity theft experts came on and warned us to scrutinize our bank statements with extra care because of what has happened.

So what is in these records? We don’t know, yet, though the BBC says:

names, addresses, date of birth and bank accounts

Now, none of these experts has explained to me how Mr Fraudster takes these details and translates them into cash extracted from my bank account. Perhaps he approaches my bank, posing as myself, and asks to withdraw money? He would have to produce some kind of additional fake identity to do so. Perhaps he embarks on a more complex fraud involving, say, a change of address and a replacement debit card? Fair enough, but it is non-trivial.

Further, how difficult is it to obtain such details anyway? Names and addresses are easy enough to find; so are dates of birth. Nor are bank account details normally regarded as highly confidential. They are on every cheque you sign. Some companies include bank details on their invoices or on their web site for all to see.

I’d have thought that credit card details were far more valuable to criminals, especially when they include things like expiry dates. But they won’t be part of these records, surely, and nor will passwords or PIN numbers, unless there is a lot that we have not yet been told.

I don’t mean to diminish the seriousness of the incident. This is a huge amount of confidential information to lose. But I’d like a bit more explanation about why these details are so dangerous in the wrong hands, before I rush out and close all my accounts.

Security expert Bruce Schneier would I think call these details “semi-secret”. His consistent message is that you should authenticate the transaction, not the person. See his (old) post on Identity Theft in the UK.

Update

Here’s the official advice:

What can an ID fraudster do with this data?
No password, security details or card details have been compromised, so a fraudster cannot access your bank, building society or card account. However, HMRC is advising customers that if they use any personal data, like child’s name or date of birth in their password, they may wish to consider changing their password.

If this data were in the hands of a fraudster – and at present there is no evidence that it is – this type of information might help them to commit account takeover fraud, although additional information would be needed. There is also a risk of a fraudster using those details to set up other credit or financial agreements, e.g. mobile phone accounts.

Further postscript

As it happens, I was at a meeting this evening and spoke to someone who works for a bank. He says there are several risks. A smooth-talking fraudster might persuade a cashier to release funds, though it would be a failure of policy. We also discussed direct debits. These are vulnerable, because the bank might not be involved in checking the authenticity of the instruction at all. In both cases though, these are existing weaknesses in the system. It’s possible that heightened risk of fraud could result in better procedures, so some good may come out of it.

Another thought: surely a smart thief would have copied the data and returned the CDs to the envelope. That way, nobody would know. Put another way, how much data theft occurred without it ever coming to light? It just happens that this one is very large and very public.

Technorati tags: ,
borland, codegear, delphi, internet, software development

Is CodeRage the future of tech conferences?

CodeRage 2007 starts next week. It’s a technical conference covering CodeGear’s products, including Dephi, JBuilder, C++ Builder and 3rdRail, the new Ruby on Rails IDE.

The conference is both free and virtual.

A virtual conference is no substitute for human contact. I’ve learnt this paradox over many years: even if the same content is freely available on the Web, there is substantial benefit in physical attendance. You are more focused, you learn more, you can easily ask questions, and you pick up all those indefinable signals from others who are attending.

Equally, the global fuel crisis and concern about the environmental cost of travel surely means that virtual conferencing is an idea whose time has come. Another benefit is that it includes an array of people for whom a typical tech conference is just not feasible, for financial or other reasons.

I’d like to see more of these.

Technorati tags: , , , ,
security, software development

How to write secure (and less buggy) code

Thought-provoking paper [PDF] from Daniel J Bernstein, the author of qmail, covering software security and addressing topics such as premature optimization and bug reduction along the way.

In March 1997, I took the unusual step of publicly offering $500 to the first person to publish a verifiable security hole in the latest version of qmail: for example, a way for a user to exploit qmail to take over another account. My offer still stands. Nobody has found any security holes in qmail. I hereby increase the offer to $1000.

He attributes his success to minimizing the amount of trusted code, in contrast to running code with least privilege which he says is ineffective.

(from Schneier on Security).

microsoft, software development, windows

How Akamai Download Manager hides your downloads (VS 2008 downloaders take note)

23 Comments

Yesterday I downloaded the hot new release in the Microsoft development community: Visual Studio 2008.

At least I thought I did. I used the MSDN “Top Downloads” feature, which promises:

… a more direct way to initiate a download of a limited set of selected products

The service uses a plug-in called the Akamai Download Manager. This guy is annoying, especially if you use Windows Vista. First, it doesn’t seem to work at all. Then you realize that you have to disable the IE pop-up blocker. Next, you try to select a download location but it will not let you. It respects some setting in IE that restricts downloads to “safe” locations. You had better have lots of space in your user directory, otherwise this is not going to work.

Fortunately, I do have lots of space, so even the 6GB or so I was downloading should have been OK. I gave in and let it choose the location it wanted. The next thing you see is curious – see here for a screenshot. A message appears telling you the file has been saved (note past tense, though the download is just starting) to the Temporary Internet Files folder, and invites you to open it. I knew the file could not be downloaded yet, but opened it anyway. You get an Explorer window onto a weird location that claims to be in the Windows folder (it isn’t) and shows a single folder labeled C. If you are like me, you shrug, and close it. Don’t do that.

Why not? Well, after several hours or perhaps overnight, the download completes and you look for your files. Where are they?

I looked in Documents, the supposed location. Not there.

I looked in IE’s Temporary Internet Files folder. Not there.

I looked in my Virtual Store, a feature of Vista that supports legacy software which tries to write to locations like the Windows folder. Not there.

I performed a search of my entire User folder, set to show hidden files and folders. Not there.

Before giving up, I opened an administrative command prompt, navigated to the root folder, and typed:

dir *.iso /s

Ah! There they are, in (wait for it):

C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Username\Documents

where “Username” is the current user.

Why didn’t the Explorer search find it? The problem is, you have to have the option:

Hide protected operating system files (Recommended)

set to unchecked in folder options, passing the dire warning that tells you not to do it.

Why do I normally have this checked? The dire warning doesn’t bother me, but I do mind that having this unchecked shows files like desktop.ini on the Vista desktop. Ugly. So I normally have this checked.

Hey, wouldn’t it be good if Microsoft had a single checkbox in its “Advanced” search: to just search everywhere?

What is this nonsense?

So I found the downloads. But honestly, what is this nonsense? The truth is, Akamai Download Manager is not really Vista-compatible; why is Microsoft using it on its premier developer site, for its premier developer product? Ironically, this is the community most likely to be running Microsoft’s latest and [possibly] greatest.

Further, what it is the message here? That Vista adoption is so modest that Akamai can’t be bothered to fix its utility? Or that Microsoft’s own in-house developers can’t build a decent download manager? Or offer to fix the Akamai one?

Excuse my temper. It is no fun to complete a long download and then lose the files.

Update: I also sent a comment and query to the email address given for feedback. It was msdnreply(at)eu.subservices.com. Guess what? Bounced with “User unknown”.

internet, microsoft, software development, web authoring

REST vs WS*

The REST vs WS* wars get ever more interesting, with Dare Obasanjo from the Windows Live team announcing (or confirming) his conversion to RESTful ways, and Project Astoria demonstrating that Microsoft is now building REST services into ASP.NET and ADO.NET (see here for further comment).

Microsoft is still committed to WS*, but equally seems to recognize that much of the world wants to do REST. I’m glad that pragmatism is winning over dogged determination to stand by technology choices.

Technorati tags: , ,
amazon, internet, multimedia

First thoughts on Kindle: Amazon’s play for downloadable content

5 Comments

I’ve read the blurb, downloaded and read the manual, and watched the video. Here’s my first reaction.

Let’s take it on trust that Kindle, Amazon’s new eBook reader, is light and compact, easy on the eye, simple to use, has long battery life, and is highly readable in low light or bright sunlight. That’s no small achievement, but even if that is the case I have reservations. Here goes.

1. Documents

Here is what Kindle can read:

  • Kindle (.AZW)
  • Text (.TXT)
  • Unprotected Mobipocket (.MOBI, .PRC)
  • Audible (.AA)
  • MP3 (.MP3)

So what do you do if you have a Word document you want to transfer? Answer: you send it to Amazon, which converts it and emails the result. It’s a free service unless you want it emailed direct to your Kindle, when there is a small charge. What can Amazon convert:

  • Microsoft Word (.DOC)
  • Structured HTML (.HTML, .HTM)
  • JPEG (.JPEG, .JPG), GIF (.GIF), PNG (.PNG), BMP (.BMP)

If you have a PDF you are out of luck. Not even RTF is supported, which is bizarre since it is a subset of .doc, which is supported. Don’t bet on your CSS-formatted HTML converting nicely.

Note: you can connect your Kindle to a computer and transfer documents. So there is a way to grab existing text documents such as those at the Gutenberg project and transfer them for free.

But it’s just plain text. Fine for novels, but not too good for other kinds of content. The .AZW document type on the other hand supports formatting. What is .AZW? I am guessing, but let’s consider three things:

  • Kindle supports the Mobipocket formats
  • I downloaded an .AZW document and opened it in an editor. It contains the word BOOKMOBI in the header.
  • I downloaded a .MOBI document and opened it in an editor. It contains the word BOOKMOBI in the header, in the same position.

Looks like Amazon did a deal with Mobipocket.* That’s good, in that you can download a free document creator from there. You can also convert documents (including PDF) to .MOBI using the free Mobipocket reader. Maybe if you change the extension to .AZW it might still work? Perhaps I’m too optimistic, but you never know; it’s not a big issue since the Kindle reads .MOBI anyway.

How about books you purchase from the Kindle store, are they DRM-protected? My guess is yes, but I’ve yet to confirm. I don’t see anything in the manual about reading your .AZW documents on your PC. (Update: Yes they are DRM-protected).

Personally I will not consider purchasing a book from the Kindle store if I cannot read it on other devices as well. No matter how great the Kindle is, I may be out and about with just my laptop, or just my Smartphone. I may be at my desk and want to read my Kindle content from a desktop computer. If it is similar to Mobipocket, that may be possible to some extent, but there is all that activation/DRM stuff to deal with.

*Update – Amazon actually owns Mobipocket. So why is it not using a single format with compatible DRM (or better still, no DRM) throughout? Curious.

2. Design

Even if Kindle fixes things like daylight reading (which I believe Sony has also fixed), there is still an issue with design. I was convinced by a session at Mix07 that design is a huge issue for bringing print content to the web or other electronic formats. Kindle is at a disadvantage because it is currently monochrome. Further, I’d encourage anyone to have a play with the Times Reader to see how this WPF-based application makes for a better reading experience than PDF, which is essentially an on-screen rendering of print design and combines the disadvantages of both, or even HTML.

3. Value for money

Is an .AZW book good value at $9.99? That’s not a bad price, but when I picked one at random (Musicophilia) I found that I could buy the real book for $15.60 (free shipping) or second-hand for $11.60; a lot less than the $26.00 the Kindle store claims. If I buy the physical book, I can sell it or give it away when I’m done. The deal is more marginal than it first appears. If the content is locked to the Kindle device, that’s a deal-breaker.

What if Kindle goes colour in future, as is hinted, and better Kindle editions appear as a result? Will I be expected to buy the same content again?

4. Reading blogs and browsing the Web

Using Kindle you can subscribe to a blog for $.99 per month at the Kindle store. As a professional writer and blogger, I must say I like the idea of folk paying a subscription to read my stuff. As a user, I hate it. Why should I pay for what I can get for free on any other web-connected device? Further, my blog isn’t a “Kindle blog”, and I’m not sure how I can get it on the list.

Never mind, Kindle also has a web browser:

Your Kindle comes with an Experimental application called Basic Web which is a Web browser that is optimized to read text-centric Web sites. It supports JavaScript, SSL and cookies but does not support media plug-ins (Flash, Shockwave, etc.) or Java applets.

So you can browse to http://www.itwriting.com/blog and read it anyway. Hmmm, why would I pay for a subscription if I can browse to the blog for free? Just for offline?

Especially as the blurb says:

No monthly wireless bills, service plans, or commitments—we take care of the wireless delivery so you can simply click, buy, and read.

So Kindle has free mobile data access? Now that really gets my interest, especially if it goes global. Just wait for some hacker to convert Kindle into a free wireless modem for your laptop.

5. Device convergence

I’m longing for convergence. I’m fed up with carrying a phone, a laptop, a camera, an MP3 player. We are seeing some convergence – better cameras built into phones, Apple’s iPhone which is also an iPod – but it is early days. Unfortunately Kindle is the opposite: yet another gadget to carry. I don’t mind the existence of the reader, but Amazon needs to support other devices too (as Mobipocket does) so that the convergence dream is not lost.

Amazon’s play for downloadable content

Now we see another facet to Amazon’s music download store. The company wants to be your one-stop online shop for downloadable content: music, periodicals, books, the lot. Note that Kindle plays music too.

Will it work? I have huge respect for Amazon; it has the infrastructure, the customers and the vision to make something like this work. At the same time there seem to be some awkward gaps in this initial release, and to date the public’s enthusiasm for electronic books has been limited. I doubt that Kindle 1.0 will change that. Kindle 3.0 maybe. Even so, I can’t wait to try one.

Technorati tags: , ,
microsoft, software development

Visual Studio 2008 is done

4 Comments

Microsoft says you can now download the release version of Visual Studio 2008 from MSDN subscriber downloads (presuming you have a subscription, of course).

I believe it, because this is what I get when I try:

vs2008

Looks like the server is a little stressed. But I thought you were not meant to expose your stack trace to the world?

Never mind, I’m sure I’ll get this thing downloaded soon.

Update: Edited link for one that is not broken

Technorati tags: , ,