I was shocked to learn that Microsoft has
torn
the IE rendering engine out of the Outlook 2007 e-mail client. Going forward,
HTML e-mails will be rendered using the rendering engine in Microsoft Word.
The move could have security implications, since it takes the well-targeted
IE browser out of the loop. But Microsoft says the move is really an effort
to unify the display and creation of rich e-mail content. Until now, Outlook
has displayed HTML e-mail using the IE renderer, but rich format e-mails were
created using the Word rendering engine.
Says a Microsoft spokesperson: "While IE7 is great, it was never intended
to be an editing tool. That's why we made the decision to use Word's new HTML
rendering engine for both reading and authoring content, which had been improved
based on HTML and CSS standards. This allowed us to unify the rendering and
editing engines together, rather than forcing customers using Outlook to use
two different rendering engines (one for rendering HTML, the other for editing)."
Of course, a lot of businesses are unhappy about losing functionality.
The Word engine doesn't recognize Cascading Style Sheets, and display features
like page background are unrecognized. That means more work for e-mail designers
and Web developers, who may need to dumb their layouts down so everything looks
consistent across Outlook 2007, older versions of Outlook, as well as various
browsers.
I want to hear your thoughts on this one! Do you think Microsoft is making
a mistake by pulling the IE rendering engine? Do you think this is a sign that
Redmond is really putting security first? Or maybe it's a sign that e-mail should
be plain text, and plain text only. Speak up and we may feature your answers
in our next issue. E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 01/17/20070 comments
In the drowsy space between the Christmas and New Year's holiday, a little presentation
by Italian security researchers nearly went unnoticed, despite the fact that
it unearthed a
show-stopping
security hole in a nearly ubiquitous application.
That application is the Adobe Acrobat browser plug-in, which does its thing
whenever you click on a link to a PDF file on a Web site. The plug-in accepts
JavaScript to do things like open a linked PDF and jump down in the document
to a bookmark described in the JavaScript code, or to open the Print dialog
box once the file has loaded. The JavaScript that gets executed is contained
directly in the URL.
Sounds useful, right? The problem is the Acrobat plug-in doesn't discriminate
what JavaScript code it will run. So a malicious party can present a trusted
link to a legitimate PDF file - say, tax forms at a major bank's Web site --
and use the JavaScript in their link to do...well, just about anything. Including
displaying an HTML Web page that looks exactly like the legitimate login page
of the bank. It can even change the appearance of the address so everything
looks kosher to the user.
Now you're phishing with hand grenades.
JavaScript cross-site scripting attacks are hardly new. But this one is unique
in that any site that hosts a PDF is vulnerable, and there is simply no way
to detect whether or not an attack has occurred.
"The scary thing about this attack is regardless of me as a bank or a
financial services provider, no matter how secure I made it, if I host PDFs
I now have a vulnerability," says Billy Hoffman, lead R&D engineer
for SPI Dynamics.
Adobe has scrambled to patch the vulnerability, which affects Acrobat 4.0 and
later, but Hoffman questions how many millions of unpatched clients are still
out there. He also says that Adobe's lesson is one that corporate developers
need to take to heart. In short, development managers need to think more critically
when it comes to connected apps, and avoid crafting open-ended functionality
that can get terribly misused.
"I would say the big [mistake] was they really didn't think through the
repercussions of this feature," Hoffman says. "I've never seen a PDF
need to use JavaScript or have JavaScript render or manipulate a PDF. They were
putting in features that really didn't need to be there. They put this in, but
really no one thought of what the security implications would be."
What are your thoughts on the Adobe plug-in vulnerability? Did Adobe royally
muck it up, or is it simply making the same mistakes as the rest of us on a
bigger stage? E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 01/17/20070 comments
I was fresh out of graduate school when I first met Rex Farrance at
PC World
magazine in 1992. A trim man with an easy smile and measured speech, Rex and
I shared a cubicle wall for a couple of years in the magazine's sixth-floor
offices in San Francisco.
I'll never forget how Rex would calmly set aside everything to greet me as
I approached. As a young editor struggling to understand the technical workings
of PC technology at the time, I benefited greatly from Rex's patient and gracious
explanations. Despite all the stress and deadlines, it seemed that Rex was always
willing -- always -- to make time for people in his life.
I bring this up because Rex Farrance was killed Wednesday night, the victim
of an apparent home invasion robbery at his house in Pittsburg, Calif. Farrance
was shot in the chest and his wife, Lenore, pistol-whipped by four assailants
who broke through the door at 9 p.m.
It's always hard to come to terms with the sudden and violent loss of a friend
and co-worker. But when that loss strikes someone as honest, as patient and
as positive and good-natured as Rex Farrance, it's simply a shock.
I don't think I've ever met someone who was at once so calm, measured, gracious
and positive. No matter how tight the deadline, Rex always gave you his full
attention when you came by. He was always smiling, always positive and always
young. At nearly 50 years old when I worked with him last, he looked all of
35.
Rex was truly one of the good guys, a person who made a place better just by
being in it. I think we can all learn a little something from Rex. He made time
for people first, even if it meant setting aside his own cares.
I'll have to take that lesson forward with me, because it's honestly one I've
forgotten.
Rest in peace, Rex Farrance. You will be missed.
Posted by Michael Desmond on 01/12/20070 comments
Contrary to popular reports,
some
fueled by our own Stuart Johnston, Microsoft's once-loudly touted Live effort
hasn't hit the skids. As reported in her blog by regular Redmond Developer News
contributor Mary Jo Foley, Microsoft has once again begun talking about the
Live platform, specifically during briefings at the CES show in Las Vegas.
In her posting, Mary
Jo recounts that Microsoft adCenter will sit at the foundation of two freshly
minted categories of Live APIs focused on infrastructure (identity, relationship,
storage, communications, payment/points, advertising and domain APIs) and application
services (instant-messaging/VoIP, search, blogging, mapping, mail/calendar and
classifieds).
When I asked Mary Jo about her thoughts on the change, she said the key thing
was the position of adCenter in all this. Before, Microsoft's ad serving engine
was an optional component of the Live development platform stack. Now it's cooked
into the foundation. This looks like Microsoft Technology Marketing 101. Leverage
one product to open an opportunity for another.
All this is still early action -- Microsoft won't roll out a finished vision
until the Mix 07 conference in April -- but the larger statement is clear. Microsoft
Live, and the Live development platform, are back.
What are your thoughts? Do you plan to kick the Live tires and perhaps start
building online services using the new dev platform? E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 01/10/200710 comments
Some time in the next couple of months, Microsoft is likely to release an updated
CTP of its forthcoming
PerformancePoint
Server 2007 product. A business performance monitoring, analysis and planning
application destined to hook deeply into SharePoint, Office and Windows Server,
PerformancePoint Server could really shake up a business intelligence marketplace
currently served by heavyweights like Cognos and Business Objects.
What's important about the next CTP release is that it'll be the first to include
analytics technology acquired from Microsoft's purchase last year of BI software
vendor ProClarity.
There's a lot here to like -- particularly for companies struggling to integrate
BI packages with their software stack.
We'll be keeping an eye on PerformancePoint over the next few months, and so
should you. Look for more coverage of this product and Microsoft's efforts to
boost BI and data management capability in its Server products over the next
year.
Does your company employ a BI platform? What things would you need in PerformancePoint
Server to consider a migration? E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 01/10/20071 comments
In our January issue, we cover the latest beta of an intriguing, human-centric
BPM tool that integrates with core Microsoft technologies like BizTalk Server.
Called K2.net, the first beta of this next-generation platform from SourceCode
Technology Holdings Inc. out of Redmond, Wash., reached select customers and
partners in late December. The beta (codenamed "BlackPearl," and I'll
keep the Jack Sparrow jokes to myself, thank you very much) is built on the
.NET 3.0 Framework and integrates with SQL Server 2005 and the 2007 Office System.
BlackPearl is good stuff, and honestly deserves more space than we were able
to provide it in print. Redmond Developer News senior editor Kathleen Richards
dove deeper into the beta and provides more detail:
A major upgrade of the K2.net 2003 Enterprise Workflow Platform, the beta
includes a K2.net Studio design environment, Server, Workspace and Service
Manager. While all of these components will be revamped, multiple design environments
are central to the new platform. BlackPearl allows users to design, build
and customize processes in several environments including Microsoft Visio
2007, a browser-based interface, SharePoint Server 2007 and Visual Studio
2005.
Significantly for developers, SourceCode is now a Visual Studio Industry
Partner. This gives developers access to a build and design environment within
Visual Studio that supports integrated debugging, the VS2005 project system,
and full C# and VB.NET language support.
Developers can use pre-built design canvases (from third-parties, too) for
process flows, swimlane diagrams, documentation and role-based process modeling,
or build their own. The K2.net 2003 design canvases and toolbox will be included
with BlackPearl components and wizards in the new platform.
BlackPearl supports .NET 3.0 development technologies such as Windows Workflow
Foundation with schedules and rules wizards, a hosted runtime environment
and XOML integration. Other new features enable source-controlled process
designs, controlled build and development processes (MSBuild), and InfoPath
and AJAX-enabled form designs.
The new design environments allow developers to expose data as SmartObjects
(for example, a customer and their attributes) or SmartFunctions (business
logic, such as calculate total invoices) to business analysts, who can then
access and reuse the information without worrying about where it resides on
backend systems.
Many BPM products today are designed so that business users can at least
get involved in the design process, observes Forrester Research analyst Colin
Teubner. "Whether they can build an application is another story, but
they can at least get involved in mapping the process before it gets handed
off to a developer," he explains. "I think K2.net's older product
didn't have as much business user friendly development, so they've added there.
Microsoft relies on third parties as add-ons to its BPM and SOA platforms
because these deployments are services-heavy initiatives, and not something
"Microsoft can sell in a box," Teubner says. "We constantly
see Microsoft pointing people in the direction of K2.net, especially in the
area of workflow, when their own products fall short."
Under development for about three years, K2.net BlackPearl is compatible
with all processes and applications designed in K2.net 2003, according to
SourceCode. K2.net Enterprise Workflow users can download Additional Components
for K2.net 2003 that support Microsoft Office SharePoint Server 2007 and InfoPath
2007.
General availability of the commercial version of BlackPearl is expected
by the end of the first quarter. SourceCode
has not disclosed licensing information. According to company, K2.net 2003
licensees with a maintenance agreement will be able to download the BlackPearl
platform for free when it becomes available.
Posted by Michael Desmond on 01/10/20070 comments
Last time we counted, Microsoft has been in the development space for 31 years.
Seattle Post-Intelligencer reporter Todd Bishop has managed to sum up Microsoft’s
history from Altair Basic to .NET and Vista in a short, easily navigable presentation.
Bishop injected some real methodology into the process, as he wrote: "We
collected dozens of key Microsoft-related speeches, interviews, internal e-mails
and other documents from the past three decades, and put them through a program
that generated a timeline of tag clouds showing the 64 most commonly used words
in each."
The result is a nifty scrolling timeline, built with the open-source (gasp!)
Tagline Generator -- that provides a graphic representation of Microsoft’s
most valuable verbiage, along with links to the original document.
Bishop has written a blog posting outlining the project's history here.
The scrolling timeline is available here.
Does this unique accounting of Microsoft history offer useful context? What
changes in the vocabulary over the years at Redmond surprise you most? E-mail
us at mdesmond@reddevnews.com.
Posted by Michael Desmond on 01/03/20070 comments
The battle for the embedded OS market between Windows and Linux is moving into
high gear with reports that Ford is putting its full corporate weight behind
Microsoft. Citing sources familiar with the matter, the Wall Street Journal
reported recently that Ford Motor Co. will unveil Sync, an in-car operating
system developed by Microsoft.
Sync will allow in-vehicle, hands-free phone communication and other types
of information transfers, such as e-mail or music downloads, according to the
report.
Microsoft's Windows Automotive division has been around for a while. Sync is
based on its existing automotive operating system, the WSJ wrote. The automotive
division struck a deal with Fiat in 2004.
Burton Group analyst Peter O'Kelly says that while Sync isn't groundbreaking
technology, it could have some appeal, and fits into Microsoft's game plan of
late. Here's what he wrote to us in an e-mail, basing his comments on the WSJ
article and not an official company briefing:
"While the rumored capabilities of the offering don't seem revolutionary
-- many people already have Bluetooth-based phone integration in their cars
today, for example -- I expect the option of having an end-to-end Microsoft
solution will be attractive to some customers using Windows Mobile phones, and
perhaps there will at some point be integration options for Windows laptops
and other PC-centric devices as well (e.g., for expanded and simplified Microsoft
Outlook synchronization, and perhaps music/other media synchronization as well)."
What do you think about Microsoft's move into automotive software? Will corporate
coders soon be writing custom apps on top of the Sync OS for their automotive
fleets? And what kind of applications would you like (and not like!) to see
developed for an in-car OS? E-mail your thoughts to mdesmond@reddevnews.com.
Posted by Michael Desmond on 01/03/20070 comments
When .NET Framework 3.0 arrived in November, a lot of readers expressed concern
about the rapid-fire pace of updates. The jump from .NET 1.1 to 2.0 was tough,
requiring IT and development shops to take careful measure before making a shift.
While the move to .NET 3.0 has been far less dramatic, dev shops face a lot
of questions as they move to support Windows Presentation Foundation, Windows
Communication Foundation and Windows Workflow Foundation.
In fact, the answers to those questions have yet to arrive. According to Jay
traband at .NET tools provider IdeaBlade, Microsoft has adopted a fresh strategy
that seeds strategic technologies ahead of the tools that implement them. .NET
3.0, he says, is just such an effort.
"I think Microsoft is doing an elegant job of building something with
the core of .NET. Microsoft gets a lot of things in with one release, but it
isn't usable until the following release. A lot of that stuff isn't usable until
[the Visual Studio] Orcas release," traband said.
It makes sense. As operating system platforms and applications become more
complex, the need to lay down foundation technologies increases. For traband,
whose company is involved in extending .NET into the realm of distributed applications,
Web services and SOA, the new Microsoft approach seems to be paying dividends.
"It's really very impressive. I actually come from the Java world and
love Java, but I think Microsoft has done a truly elegant job in exposing the
primitive concepts," traband said. "We feel internally [that WCF]
is a much better infrastructure, but we find people are interested because it
has much better [Web services] standards compliance."
Posted by Michael Desmond on 12/20/20060 comments
From the infamous virus upload scene in
Independence Day, to the cringe-worthy
Jurassic Park line -- "This is a Unix system. I know this."
-- filmmakers just can't seem to get coding and computing right.
What silver screen moments left you shocked and dismayed? And which films managed
to impress you with their realistic depictions of programming and hacking? Let
me know and we may publish your insights in the next issue of Redmond Developer
News. E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 12/20/20060 comments
A couple of weeks ago, Microsoft took a moment to help support computer science
studies and achievement. On Dec. 4, Microsoft Research Cambridge and the University
of Cambridge Computer Laboratory hosted the Think Computer Science! event, which
featured talks, demos and interactive sessions for 250 grade-school students from
19 schools. The goal: to help motivate students to pursue studies and careers
in computer science.
A day later, Microsoft hosted scholars, researchers and programmers from Europe,
as part of a program that awards scholarships to European students entering
Ph.D. studies. Currently, Microsoft Research sponsors 56 students, with as many
as 25 scholarships to be awarded in 2007.
The effort to bolster computer science studies is sorely needed. According
to a study
cited by the Computer Research Association, the percentage of incoming undergraduates
in the U.S. who planned to major in computer science plummeted between 2000
and 2005, by a staggering 70 percent. No surprise, the number of graduating
students with computer science degrees has taken a hit, following years of steady
gains. Between academic year 2003-2004 and academic year 2004-2005, the number
of total CS degrees granted fell by 17 percent. We can expect those losses to
mount.
"One of our goals is to inspire and educate the scientists of tomorrow,"
said Andrew Herbert, managing director of Microsoft Research Cambridge. "Through
events such as the Think Computer Science! Lectures, in partnership with the
University of Cambridge, and the European Ph.D. scholarships and fellowships
that we're announcing to support the top students and scientists in Europe,
we aim to help fuel future discovery and ensure that Europe continues its heritage
of scientific and technological innovation."
What is your experience? Are you concerned about the building developer brain
drain? Have you noticed any change in the number and talent of your programmers
entering the field? E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 12/20/20060 comments
When it comes to rich Web media development, it seems like Microsoft has been
fighting with two hands tied behind its back. Like the ill-fated Black Knight
from Monty Python and the Holy Grail, Redmond has been forced to fend of competition
with little more than its legs and teeth, facing mature Flash-based development
tools from Adobe to the white-hot popularity of AJAX development. Six months ago,
the folks at Adobe were probably asking: "What are you going to do? Bleed
on me?"
They aren't asking any more. Thanks to the emerging set of tools in Microsoft's
Expression Studio suite, Redmond is becoming relevant in the rich Web design
and development space. Built on four components -- Web, Blend, Design and Media
-- Expression is a classic bit of Microsoft maneuvering. When caught at an obvious
disadvantage, shift the playing field.
Expression does just that, by tying into the rich Windows Presentation Foundation
layer in Vista and .NET 3.0 Framework to enable sophisticated GUIs, 3-D visuals
and other effects previously limited to the realms of DirectX game development.
WPF, however, is a rich client play -- the stuff to make Office sing and desktop
graphic design soar. In the Web space, the secret sauce is WPF/Everywhere, a
subset of WPF that will enable ubiquitous playback of rich visual and programmatic
interfaces on all manner of Web clients.
Why would anyone shift from Flash interface development to the Expression suite?
In a word: XAML. Short for Extensible Application Markup Language, XAML describes
rich interfaces in a human- and machine-readable markup format, while enabling
Flash-like animation, graphics and video. And just like that, Flash-based sites
that were utterly opaque to Google searches can be fully indexed. What's more,
designers who build interfaces using XAML tools like Expression can turn their
work over to developers who can readily tune, tweak and twist the underlying
interface code.
There's a workflow play here. Microsoft envisions a mingling of roles, as designers
use Expression to engage functional tasks that in the past belonged strictly
to programmers, and programmers ease themselves into the design arena. Where
the two sides once lobbed work orders at each other, like hand grenades tossed
across a river, tomorrow folks could be walking right across the bridge to do
touch-up work themselves on the other side.
Is it a good thing? I'm not so sure. I'm pretty certain plenty of developers
will be ready to man the approach to that bridge and shout "None shall
pass!" But it does offer that choice.
What are your thoughts? Will you ditch Flash for Expression Web? Let me know at mdesmond@reddevnews.com.
Posted by Michael Desmond on 12/06/20060 comments