Quickies of the day

Lately, I’ve only been blogging about what’s going on in my
world. Time to go through the last few days of blog postings that I
found interesting for one reason or another:

  • pHatidic writes
    about
    the fact that Wikipedia does work, despite all the
    theoretical arguments detailing why it cannot. It’s like the
    bumblebee
    , which by the law of physics cannot fly (well, actually
    of
    course they can
    ), but since the bumblebees have never taken even
    remedial physics, they are blissfully unaware of this fact.
  • At first, I thought Microsoft was patenting
    su
    . After further examination, it’s not as bad as it
    looks. Still, if you subscribe to the newly
    granted Microsoft patents RSS feed
    , you’ll get several examples each week
    of why software patentability is not a good idea.
  • Spamamusment continues
    to churn out brilliant
    spam-inspired comics
    .
  • A new beta of the next-generation
    windows shell (Monad)
    is out. I no longer have MSDN beta access,
    but I’m really looking forward to trying this out when it becomes more
    widely available. I just hope they focus as much on the accompanying
    programs as the core shell technology. If one has do download
    Monad-compliant utilities from all over the place, much of the value
    of the shell will be lost. I’m looking forward to see how the
    functionality of tools like sed and awk could be expressed in a .Net
    object environment.
  • Raymond is shocked to find out that Swedes are mis-using the right
    to sick leave
    . ”Everyone” has known that the sick-leave system is
    widely abused, but this is the maybe the first time that the
    politicans in charge admit it. But I’m mainly linking to this since
    I, like most Swedes, am deeply curious about how this country looks
    through the eyes of someone outside of it.
  • Scoble continues
    to act as the Kibo of the
    blogosphere. This post is yet another cheap attempt to get mentioned
    on his blog.
  • This story about scientific experiments with swimming in syrup has
    been seen everywhere today, but I first read it in jwz’s
    livejournal
    , as usual.
  • Cedric’s talking about his
    experiences after 6+ months of working with JDK 5.0. Interesting
    stuff.
  • Edward W. Felten has an interesting
    take
    on the recent story about online-poker-playing
    bots
    . ”There’s a sucker at every poker table, and if you can’t see
    him, it’s probably you”

And some links to interesting swedish blog posts. If you’re not a
swedish speaker, take a page from Raymond
Chen’s book
🙂

  • My friend and colleguage Erik has published his report on
    the state
    of the web security
    of swedish political parties. It has sparked
    some
    debate
    , and Erik has also published a follow-up
    article
    detailing why it’s important to fix security problems,
    even if they can’t be exploited right away.
  • Karl Jonsson writes about
    the latest controversy involving swedish bittorent site The Pirate Bay. The TPB guys
    come off more immature than ever in their email exchange with
    Uppsala Universitet. Those advocating stronger copyright protection
    must love TPB, since they provide so many examples of how
    irresponsible the filesharing community can behave.
  • Niklas Lundblad is holding a lecture about information security
    and philosophy, and has put up his slides with
    comments. Certainly a unique perspective on security, I would have
    loved to attend the lectures.

Some parts of Microsoft still doesn’t get it

So, I’m setting out to do interesting stuff on the PocketPC/Windows
Mobile platform, mostly to do with hardware integration, particularly
bluetooth and IrDA communication, so I’m not interested in that sissy
Compact Framework stuff that MSDN seems to want to push. Through
MSDN Home > Mobile &
Embedded Developer Center
 > Product
& Technology Information
 > Platforms > Windows
Mobile
,
I finally get to ”Windows
Mobile Developer Resource Kit
”, which sounds about right:


The Windows Mobile Developer Resource Kit is essential for developers
seeking knowledge about the latest platform advances for mobile
technologies.

Bring it on!, I say. But it turns out that the Windows Mobile
Developer Resource Kit (WMDRK) is only available on DVD, you can’t
download it
. Hello? This is 2004, why do I have to wait for a physical
disc (and pay $16 for S&H) to get the bits? This is so Amish!

Of course, i understand that the entire WMDRK is a big download, but I
really don’t need it all. I have the IDE’s and the SDK’s
already, I just want to have a look at the case studies, technical
articles and developer power toys. Of course, I’m not sure of any of
these actually are, as there is hardly any information about them at
all. Hell, those things might already be available for download
somewhere else (the SDK’s are), but where?

It feels like I’m back developing for the Epoc/Symbian platform, circa 2000. And that’s not a compliment.

Microsoft and transparency

Noone in the Microsoft development space can have missed the big change that has taken place within Microsoft during the last year. The company goes further in trying to build ties with the developers, employees are blogging, they are trying to get people involved.

Now, I have a healthy amount of suspicion towards Microsoft. I feel I’ve been fucked over by MS a number of times, from when I tried to use Perl with ASP 1.0, through when I tried to make sense of CDO (sparsely documented, 300+ byte IDs,…), to when I tried to use Pocket Outlook Object Model (POOM) on PocketPC for real-world scenarios (ID’s that change when record contents change — you’ve got to be KIDDING me??!).

Posts like Chris Pratley’s post about Word file format disclosure: ”We don’t do that because it is our intellectual property. People who want to work with us can get it by contacting us; people who want to compete with us need to work harder. That’s business. We might change our minds […] but really it is our prerogative” do nothing to change my suspicion

Microsoft, look; if you’re going to be both platform provider and competitor, you’ll have to accept that people care more about your position as a competitor rather than your position as a platform provider. In that sense, Robert Scoble’s post about ”Mozilla should adapt Longhorn tech” was spectacularly naive considering the history of Internet Explorer and Netscape.

I don’t take anything that Microsoft says at face value any longer. I always factor in what they have to loose and what they have to win. In the POOM case, we were doing a product that competed with Microsoft, so it makes sense (from a shareholder-earning standpoint) that they wouldn’t go to any great length to make my life easier. I’m thinking about this when reading the email thread that wasn’t ”created with public consumption in mind”. I can’t help to think that it was — it seems pretty sanitized to me.

When it comes to redefining Microsoft’s public image, comment’s like Chris Pratley’s don’t help. You’re an established monopoly, now deal with the new rules and expectations. If you want to be a platform vendor, then document your platform. This includes full documentation of the Office formats, CDO, Extended MAPI, and Pocket Outlook Object Model (POOM). This will undermine your position as a application vendor on that platform. Deal with it. Don’t make us rely on undocumented properties and sites like CDOLive. Don’t just skirt the issue by saying that ”it’s your prerogative” to keep things secret.

Microsoft PAG on ”Improving Web Application Security”

Anil John points me to the Microsoft Pattern and Practices site. I’ve stumbled over the ”Application blocks” examples that they have up once or twice, but I never went to their front page to see what it’s all about. I took a glance at the ”Improving Web Application Security: Threats and Countermeasures” guide, and… godDAMN this is a comprehensive guide (900+ printed pages, not much filler) to just about everything you need to know about secure web development on the Microsoft platform, including how to harden the base services (like IIS and MS SQL Server) your application uses. Much of the stuff (like the chapters on Code Access Security and Data access) is useful in non-web development as well. So far I’ve only skimmed through it, but it looks to be a must-read.