Archives


Atom Feed

Associated Blogs
 
Edge City
 
Numbering Peano
 
Praxis101
 
Prof. von Clueless in the Blunder Dome

Recent Items
 
Dear Microsoft: What Trumps Security as Job #1?
 
Opening Science
 
An Office-ODF Converter Regatta
 
Latest OOX-ODF FUD-Spat: States Prepare to Ban Zip and PDF Files
 
Raymond Chen: Celebrating the Old in the New
 
Awesome Breakthrough: Lousy Estimates
 
Don Ferguson: Near Death Experience
 
What's Not To Love About Seattle?
 
2007-01-18 Seattle Geek Dinner Cancellation
 
Five Things You Didn't Know About Me

Dear Microsoft: What Trumps Security as Job #1?

In my darker, cynical moments, I doubt that security and safety will ever make it to Job #1 at Microsoft.  On the other hand, I think they have the greatest opportunity and commitment to having it work.  Especially against clueless scoffers.

{tags: orcmid Microsoft software safety software security dependable computing}

I’m looking for a serious corporate cultural shift to have security and safety for the customer be the dominating context of every action by a customer-facing employee, including every developer, web site/service designer, and manager of every stripe.  Knowing how much it is in our nature to skip steps that don’t satisfy our immediate wants, I must remind myself that this is a rare quality in any software provider and producer.   Since Microsoft asserts their commitment, I think we can hold them to account and also expect them to provide the model for others to follow.

Microsoft seems determined.  Yet all too often other factors trump security.  That clash between words and deeds is unsettling.  For this commitment to work, nothing must trump security.  For the journey to succeed, there need to be signs of pro-active bar-raising in how the commitment to Job #1 is reflected in the experiences of customers in every interaction with Microsoft and its products.

Here are some of the ways that security as theater and/or producer paternalism has been distracting me of late:

• Urging Visual Studio 2005 SP1 as a high-priority download.  Microsoft Update (takes longer, widens my threat surface for defective downloads, and is strongly urged if I don’t install it) does find more updates than the narrower Windows Update.  So I drank the Cool-Aid and accept update advice for more products, but high priority?   This reminds me of pushing out the Genuine Advantage call-home feature as a high-priority security (whose?) update when it was apparently in beta.  Fortunately, my OneCare Firewall detected it and blocked it and it stays that way. I’m not aware of any security alert against VS 2005.  Did I miss the memo?  Who decides what’s high-priority, anyhow?
     
• Demanding Automatic Updates.  Speaking of Microsoft Live OneCare, it really frosts me that it declares anything short of fully-automatic downloading and installation as Condition Red.  My not backing up regularly is only Condition Yellow?  What bozo made that decision for me?   I feel bullied into turning on automatic updates so that the Condition Red doesn’t mask every other problem that might be noticed (like an actual detection of a virus, worm, or spyware).  Of course, my computers are never left running idle overnight and so the install time rarely arrives.  I usually do get to review the updates before they are installed after all [;<). 
    
  I’m also annoyed that I can’t condition the OneCare firewall (or even learn that there has been blocking) when a newly-installed application reaches out to the Internet for the first time.  Well, I can get around this by letting Daddy OneCare consult its list of what is considered a safe application.  I grudgingly did that on Vicki’s computer, because she doesn’t want to have to think like an administrator.  But what happened to informed consent as a customer-care principle?  I want to be advised and have the option to block, since I don’t want anyone but Microsoft to be installing automatic updates for me.  I want something more like what ZoneAlarm Pro permitted (very much like the Vista UAC approach), but I don’t want to go back to ZoneAlarm.  
     
  To be clear, I love the OneCare approach.  Where it works seamlessly, it is super. It is the unexpected discontinuities in a quality product that throw me.   I doubt that I will ever go back to Symantec.  I will probably need Microsoft Home Server to conquer my backup negligence and I’m waiting to see product announcements.  It’s the paternalistic daddy-knows-best part that frosts me.
    
• Insisting on Installing under the Administrator Account.  We all know that you have to be an administrator to install most software.  Unfortunately, the installers for too much software sets up its software to configure and operate in every account on the machine, including the administrator accounts.  If there’s an option to configure for a single account, unfortunately it is always the account (an administrator) being used to do the install.  Duh?  
    
  My workaround for this is to always install under my everyday least-privilege user (LUA) account by elevating that account to administrator just long enough to do the install.  I religiously avoid installing anything but administrative software under my administrator account.  No development software, no games, no commonly-attacked productivity software, not anything that I might be tempted to foolishly run while in my administrator account.  For generic-installing software, I will move the shortcut, startup, and all-programs items out of “all users” to my solo everyday account profile and delete everything else I can that shows up in the administrator-account profile.  I would remove Internet Explorer from the administrator account if I could, but it is needed for Microsoft/Windows Update (see above). 
    
• My Latest Admin-Configuring Horror is Microsoft LiveCam VX-6000.  I applied all of my practices for keeping consumer software out of the administrator account, but I have not been able to put a stake through the heart of this baby.  Every time I log into my administrator account, the configuration dialogs for LiveCam setup pop up.  I cancel them every time.  I cannot find where this on-startup crap is installed so I can kill it.  With the privileges this puppy has to operate on my computer, I have to declare it to be spyware.  Hmm, I guess I should report it through Windows Defender. 
    
  I chose to get a webcam after seeing how well a Logitech device worked on Vicki’s new Media Center PC.  I’ve gotten a little tired of Logitech’s semi-spyware craplets and call-home for updates automation, so I figured that Microsoft probably doesn’t do that (although I worried that the coupling with Windows Live Messenger might make Skype integration problematic, but Skype hooks it up just fine).  But the Logitech software does play far nicer installed under Vicki’s everyday LUA account.  That’s a welcome surprise.
    
  Yes, I’m keeping the webcam too.  I will probably upload a video about how much I like the parts I like.  And another on how to have it installed safely, once I find out how that is done.
    
• Web Security Changes.  Just to make my morning complete, the overnight tune-up with OneCare said it was unable to download high-priority updates.  I was in my LUA account and it couldn’t fetch updates from there because it needs an administrator, of course.  
     
  I logged into the administrator account and ‘lo!  Microsoft Update was failing in IE7 after working for months.  I was informed that my IE 7 settings weren’t allowing Microsoft Update to do its ActiveX and scripting magic.  Hmm, so I followed the advice on the failure page about adding some URLs to my trusted-sites list.  On closing IE7 and re-trying Microsoft Update from scratch, I still reached the failure-advice page.  OK, maybe my trusted-site settings are set too high in the aftermath of some previous ActiveX and JavaScript exploit panic.  So I set trusted-site security to the default.  Nope.  I’m still getting the failure-advice page. 
     
  Oh, lookie!  The failure-advice page has a URL for a domain that is not in the list it gives me.  Maybe I need to trust that (non-https) site too?  Ahh.
    
  It could have been worse.  The greatest difficulties around web security measures, redirection for Passport/WindowsLive sign-on especially, arise when a Microsoft application is using the Internet under the covers and I can’t freakin’ see the URLs that the failures are about.  Windows Media Player is a great example.  For several months I couldn’t buy anything from MSN Music because I couldn’t figure out the various Passport redirects that were suddenly failing to log me in to purchase and download songs.  I saved a lot of money, and now MSN Radio Plus is no more.  I really liked the ease of purchasing individual tracks and even complete albums on that service.  I did not switch to Real and I did not subscribe to URGE after the free trial (though I buy URGE tracks from time-to-time).  PS: I don’t expect to ever own a Zune or an iPod but I would consider a Plays-for-Sure device.  I really like Pandora and I’ll like it better when I can run it in Media Player (you can show me the ads there, I’m fine with that) instead of a browser window.

So there’s my current litany of Microsoft security ills.  I feel better now.  How about you?

In many ways, Microsoft’s security arrangements lead the way.   But I’m never quite sure whose security and convenience it is all about.  I don’t even mind, considering the nature of end-user security practices and all of our tendencies to expedient behavior, that the default let-daddy-take-care-of-it paternalistic option is available.  What I don’t like is having no choice in the matter when I am perfectly willing to take responsibility for the security of my own systems.  When some Microsoft developer, project management, and product marketing review process makes inconsistent choices that trump security, it justs tells me that security isn’t Job #1 after all.  And, frankly, as a customer I don’t give squat whatever that trump card is.  And I don’t want to hear any “Well, security is Job #1 but … .”  Job #1 is supposed to be Job #1 with no buts about it.

I’m waiting.  I appreciate that this is probably one of the most difficult challenges any corporation has had to face.  Microsoft says they get it.  There is no question in my mind that Microsoft does address software quality and security.  For a mega-corporation like Microsoft, it takes a serious cultural challenge to transform the corporate persona that is experienced in each-and-every customer engagement.  The paternalistic tendency and mixed agendas are undermining Job #1.  There’s more to be done. 

I’m still waiting.  I’m very patient because I don’t want to give up the joys of computing that are now available to me.  I understand that most Microsoft detractors don’t know what they are talking about and don’t match Microsoft quality in the products that matter to me.  But nobody waits forever.

Opening Science

There is a movement to open up the scientific literature for free and public access.  I suppose that many people are surprised that this is even a question. Indeed it is.

{tags: orcmid Just Science open access BOAI self-archiving}

There are many difficulties in shifting the activities of scientists, their institutions, and their support (often involving substantial dependence on public funds) to models that provide for open access to research materials and results.  The Internet and the web make it possible.  There are institutional, commercial, and cultural realms where the breakthrough must actually occur.  It is disruptive, as all breakthroughs are, although the direction of movement is pretty clear.

As an independent scholar and self-styled scientist, I am aware of the self-archiving movement.  I am essentially my own archivist and self-publisher on the Internet.  I am also aware of semi-institutional vehicles, such as arXiv, that provide open access with generously-low barriers to contribution (and some scientific software projects publish their work on SourceForge).  This provides another way to preserve the work of investigators like myself.  (We add the entertainment value that gives spice to crackpot science when we happen to stumble or rush headlong into that particular pitfall.)

In the larger realms of science policy, there are efforts to legislate the public archiving of scientific papers and other results.  In the European Union, the European Commission is being petitioned to mandate public access to publicly-funded research results shortly after publication.  Obviously, the most effective endorsements will come within the European Union itself. 

I am a bystander.  I won’t cloud the value of the petition by adding my signature.   I do applaud this move toward the opening of science in this broad and internationally-meaningful way.  As a spectator in this particular game, I am proud to wave their banner from my seat high in the back of the North American cheering section:

An Office-ODF Converter Regatta

Hmm, “Regatta” might be a good interoperability-product name.  You saw it here first.

I have grave doubt about the efficacy of da Vinci, the Open Document Foundation’s cut at making ODF a native format for Microsoft Office. 

{tags: orcmid ODF OOX Sun MicroSystems OpenOffice StarOffice conversion technology}

But this announcement from Sun Microsystems gets serious attention.  The remaining test is whether it can provide pure ODF or at least pure ODF with clearly-documented extensions so that OpenOffice.org and Star Office won’t be the only ODF-using applications that can play.  If Sun’s approach works, we can finally stop listening to the raving about da Vinci’s legendary fidelity.

What I like about the approach at Sun, the largest code contributor to open-source projects on the planet, is how their OpenOffice.org participants quietly and publicly chug along doing the work.  Simon Phipps can rant all he wants.  I’ve stopped reading him.  What I care about is what the developers do and how responsibly they do it.

I can still see needs for other converters, and also for special-purpose applications that ingest either (i.e., both) OOX or ODF. 

I think there’s more to look at later.  I want to go on record that this is the kind of work that it is important to pay close attention to and to work to understand how the different document models of OOX and ODF are reconciled.

Thanks, Sun.  This works sounds very promising and I look forward to being able to put the preview through its paces.

Latest OOX-ODF FUD-Spat: States Prepare to Ban Zip and PDF Files

It seems that a new early-Spring pastime is watching State legislatures come up with bills that are designed to secure and preserve the digital documents of civil administration in open formats.   These initiatives (among thousands of bills that are put in the hopper in each State’s legislative session every year) come and go, except for the Commonwealth of Massachusetts where the serious work of mandating such a transition made it into law and is (quietly?) underway.  Other State governments might want to wait a while until Massachusetts gains some serious experience over the course of this year and probably into 2008 as well.  That would be the prudent, taxpayer-sensitive approach.

News of these new governmental undertakings is usually accompanied by enthusiastic rejoicing.  It is proclaimed how the Microsoft-originated Office Open XML format for document interchange (OOX here) can never qualify, har, har, hardy har.  It is conveniently over-looked that various, if not all, ODF implementations are disqualified using precisely the same rationale.

{tags: orcmid ODF OOX Zip open formats Texas Minnesota legislation ECMA OASIS ISO}

In this week's exciting developments, Bob Sutor points to Elizabeth Montalbano’s InfoWorld article: Texas, Minnesota eye move to ODF.  The body of the article does admit that ODF (the OASIS/ISO Open Document Format) is not mentioned in the draft legislation, nor is any specification or standard cited in the drafts.  One sponsoring State Senator in Minnesota confesses that ODF is indeed intended to be the only solution.

Montalbano’s coverage is well-balanced.  I recommend it as a source on these early 2007 legislative efforts.  There are links to the specific legislative proposals, as currently written, and that’s a rare demonstration of good journalism when digging into these controversies.

  Minnesota H.F. No. 176 (85th Legislative Session) is succinct, requiring an “open, XML-based file format, as specified by the chief information office of the state.”  The explanation of what qualifies for such a format is given in four points:

1. interoperable among diverse internal and external platforms and applications;
2. fully published and available royalty-free;
3. implemented by multiple vendors; and
4. controlled by an open industry organization with a well-defined inclusive process for evolution of the standard.

This document is published on the web in XHTML (1.0 transitional) and Adobe PDF format.

The Texas offering is published on the web in HTML 4.01, Adobe PDF, and (ahem), Microsoft Word (apparently as a Document Template, not an ordinary document) format.  It is recorded as Texas Bill 80(R) SB 446.  This bill also calls for (pay attention now), an “open, Extensible Markup Language based file format, specified by the department, that is:

1. interoperable among diverse internal and external platforms and applications;
2. published without restrictions or royalties;
3. fully and independently implemented by multiple software providers on multiple platforms without any intellectual property reservations for necessary technology; and
4. controlled by an open industry organization with a well-defined inclusive process for evolution of the standard.

I thought you’d like to see exactly what Montalbano politely notices as “similar wording to describe the file format the states intend to support.”  Uncanny, isn’t it?  We can be thankful for open government and the Internet.

At the moment, I don’t think anyone, depending on the level of State-sponsored scrutiny and accountability, can hurdle the bar written into Texas item (3), likely to be rewritten for that reason alone, so I will stick with the simpler common wording from Minnesota.

Before continuing, I want to point out that I am fully in favor of civil authorities adopting standardized open formats, with appropriate profiles for their use among qualified products for use in interchange and preservation of public documents that arise in the course of civil administration.  My testimony for unreserved opening of Microsoft document formats (not merely for governmental use) is a matter of public record. 

There have been some promising legislative proposals for adopting open standards for digital documents.  These two are not among them.  [update 2007-02-08T00:03Z Microsoft’s Brian Jones has posted a wonderful analysis of what Texas could have said it was out to accomplish.  He provides a positive reading in contrast with my nit-picking.  Brian’s positive interpretation of these legislative adventures, along with the positive elements of an earlier Minnesota bill deserve careful attention.  I think there are goals that could be aligned on and also made actionable in a way that fosters interoperability and encourages competition.]

Let’s talk about the language of criterion (1) and a minor little technical problem with criterion (4). 

First, document formats don’t interoperate.  Sorry, they don’t do that.  Computers and software systems interoperate.  With luck, the document formats are usable in interchange and can be migrated from one platform to another. There, they can ideally be accessed/manipulated in some fashion by different suitably-coordinated applications so as to fulfill some useful mutual purpose of the human participants in the scenario. 

Furthermore, without applications meeting some suitability-for-the-task criteria, nothing about supporting a common format guarantees, of itself, that the applications will preserve whatever it is the task requires in order to be successful.  Round-trip editing of arbitrary office documents, for example, is a challenge to the applications.  The format may be an enabler, but support of a common (standard or not) format does not ensure fulfillment of the requirement.

And finally, none of the standard formats can pass (4) whether or not the ECMA Office Open XML specification ever becomes the ECMA/ISO Office Open XML standard.

This is the hippopotamus under the carpet: ODF and OOX both depend on a non-XML, privately-specified, binary format for their operation.  They both use a Zip archive as a package for all of their XML parts and other content.  The OOX *.docx file and the ODF *.odt files, for example, are Zip files with special filename extensions.  Taken literally, both of these over-specific legislative proposals would prohibit the use of Zip, a proprietary, privately-defined format and it is not clear how ODF and OOX could be adopted in their Zip-packaged form.  The legislation would also ban Adobe PDF in any of its current instantiations.  This is a wonderful demonstration of the ridiculousness of using legislation to implement a technology agenda.  [update 2007-02-08T03:30Z Thanks to Bill Anderson for requesting clarification of why Zip matters in his comment, below.]

Now, we can agree that Zip has all of the qualities of a de facto standard.  But this legislation can’t honor a de facto standard.  It can’t even allow PDF, even although Adobe is now in the process of submitting PDF to AIIM for ultimate AIIM/ISO standardization, because PDF is not based on XML.  Sorry.  There’s just no way to allow a de facto standard, without leaving room for adoption of OOX and even Microsoft Office binary formats.  And of course, naming the enemy in an act of legislation would be an act of legislative self-immolation (and probably be regarded, with or without the immolation, as illegal to boot).

The OASIS Open Document Format specification (version 1.0 and the newly-approved version 1.1) include the following concession to Zip (section 17.1):

As XML has no native support for binary objects such as images, [OLE] objects, or other media types, and because uncompressed XML files can get very large, OpenDocument uses a package file to store the XML content of a document together with its associated binary data, and to optionally compress the XML content. This package is a standard Zip file, whose structure is discussed below.

Notice the little “standard Zip file” twist.  I love the concessions to OLE objects and DDE (both Microsoft protocols) that are wired into the ODF specification.  We didn’t need to specify spreadsheet formulas, but by golly we’ve got OLE covered.  Also, if you think there are no binary chunks in an ODF document, stop kidding yourself.

Meanwhile, there is no profile about the precise aspects of the Zip format that must or must not be present for ODF.  There is a Zip hack though.   It is accomplished with this language (from version 1.1, section 17.4):

If a MIME type for a document that makes use of packages is existing, then the package should contain a stream called "mimetype". This stream should be first stream of the package's zip file, it shall not be compressed, and it shall not use an 'extra field' in its header (see [ZIP]).

The purpose is to allow packaged files to be identified through 'magic number' mechanisms, such as Unix's file/magic utility. If a ZIP file contains a stream at the beginning of the file that is uncompressed, and has no extra data in the header, then the stream name and the stream content can be found at fixed positions.

 The use of “should” and “shall not” is technical standardese and in this particular place means that no processor of ODF can count on this being there, but a producer of ODF had better provide it.  Of course, there is no means to ensure that “standard Zip file” processes might not break this arrangement.

The Microsoft approach for ECMA Office Open XML (officially “ECMA-376 Office Open XML File Formats” [corrected 2007-02-08T02:16Z]) is based on the Microsoft Open Packaging Conventions (OPC) defined in Part 2 of the specification.  There is an abstract packaging model that could be implemented in a variety of ways, including on servers containing humongous documents that one might very much want to use only individual parts from and also be able to access collaboratively in interesting ways.  The attention to distributed access of packages and their parts is just one of the features that I find very interesting in OPC.   To support distributed use, there is a Pack URI scheme that allows for pretty arbitrary cross-referencing within, among, and into an OPC package.   The OOX specification also specifies a physical mapping of OPC to Zip, referencing “the Zip specification.”  This mapping even allows producers to leave growth space in the Zipped parts so that some update-in-place is possible.

Appendix C of the OPC portion of the Office Open XML specification provides a comprehensive, 11–page profile of the appropriate use of Zip as a physical mapping of an OOX document.  The information is in reference to a PKware Appnote.txt document.  Unfortunately, I cannot find a proper citation of that document anywhere in my copies of the OOX specification.  It’s a mystery.  [update 2007–02–11T07:23Z I found the citation.  It is in the Part 1, Appendix A Bibliography.  The entry gives the URL of the PKware site without any indication of the version of the Appnote that is relied upon.]  There is a PKware page on the subject [AppNote], and one must trust that this is applicable for OOX.  PKware do refer to themselves as “the creator and continuing innovator of the Zip standard.”

How unfortunate that Zip format doesn’t satisfy certain high-minded criteria for qualification as an open standard! 

[ZIP] Info-ZIP Application Note 970311, ftp://ftp.uu.net/pub/archiving/zip/doc/appnote-970311-iz.zip, 1997.
     What’s beyond cool for this reference from the ODF specification (apart from it being in a Zip archive at a decidedly unofficial location), is this disclaimer: “This file is based on PKWARE's appnote.txt of 15 February 1996.  It has been unofficially corrected and extended by  Info-ZIP without explicit permission by PKWARE.”  Then there’s this: “PKWARE therefore expressly disclaims any warranty that the information contained in the associated materials relating to the subject programs and/or the format of the files created or accessed by the subject programs and/or the algorithms used by the subject programs, or any other matter, is current, correct or accurate as delivered. … Furthermore, the information relating to the subject programs and/or the file formats created or accessed by the subject programs and/or the algorithms used by the subject programs is subject to change without notice.”
      This is, of course, the hammer that some insist Microsoft will drop on OOX after everyone drinks the Cool-Aid.

[AppNote]  APPNOTE.TXT – .ZIP File Format Specification, version 6.3.0, September 29, 2006.  Available at <http://www.pkware.com/documents/casestudies/APPNOTE.TXT>, accessed on 2007-02-07.
     If you don’t think this is a proprietary format, consider that the first paragraph provides this injunction: “The use of certain technological aspects disclosed in the current APPNOTE is available pursuant to the below section entitled ‘Incorporating PKWARE Proprietary Technology into Your Product’.” 
     Although there are disclaimers of the kind already mentioned in the case of [ZIP], there is this additional important statement of intent: “This specification is intended to define a cross-platform, interoperable file storage and transfer format.  Since its first publication in 1989, PKWARE has remained committed to ensuring the interoperability of the .ZIP file format through publication and maintenance of this specification.  We trust that all .ZIP compatible vendors and application developers that have adopted and benefited from this format will share and support this commitment to interoperability.” 
     It would appear that the commitment to interoperability has been quite successful.