Microsoft Banishes IE HTML Renderer from Outlook

I was shocked to learn that Microsoft has torn the IE rendering engine out of the Outlook 2007 e-mail client. Going forward, HTML e-mails will be rendered using the rendering engine in Microsoft Word.

The move could have security implications, since it takes the well-targeted IE browser out of the loop. But Microsoft says the move is really an effort to unify the display and creation of rich e-mail content. Until now, Outlook has displayed HTML e-mail using the IE renderer, but rich format e-mails were created using the Word rendering engine.

Says a Microsoft spokesperson: "While IE7 is great, it was never intended to be an editing tool. That's why we made the decision to use Word's new HTML rendering engine for both reading and authoring content, which had been improved based on HTML and CSS standards. This allowed us to unify the rendering and editing engines together, rather than forcing customers using Outlook to use two different rendering engines (one for rendering HTML, the other for editing)."

Of course, a lot of businesses are unhappy about losing functionality.
The Word engine doesn't recognize Cascading Style Sheets, and display features like page background are unrecognized. That means more work for e-mail designers and Web developers, who may need to dumb their layouts down so everything looks consistent across Outlook 2007, older versions of Outlook, as well as various browsers.

I want to hear your thoughts on this one! Do you think Microsoft is making a mistake by pulling the IE rendering engine? Do you think this is a sign that Redmond is really putting security first? Or maybe it's a sign that e-mail should be plain text, and plain text only. Speak up and we may feature your answers in our next issue. E-mail me at mdesmond@reddevnews.com.

Posted by Michael Desmond on 01/17/20070 comments


Phishing with Hand Grenades

In the drowsy space between the Christmas and New Year's holiday, a little presentation by Italian security researchers nearly went unnoticed, despite the fact that it unearthed a show-stopping security hole in a nearly ubiquitous application.

That application is the Adobe Acrobat browser plug-in, which does its thing whenever you click on a link to a PDF file on a Web site. The plug-in accepts JavaScript to do things like open a linked PDF and jump down in the document to a bookmark described in the JavaScript code, or to open the Print dialog box once the file has loaded. The JavaScript that gets executed is contained directly in the URL.

Sounds useful, right? The problem is the Acrobat plug-in doesn't discriminate what JavaScript code it will run. So a malicious party can present a trusted link to a legitimate PDF file - say, tax forms at a major bank's Web site -- and use the JavaScript in their link to do...well, just about anything. Including displaying an HTML Web page that looks exactly like the legitimate login page of the bank. It can even change the appearance of the address so everything looks kosher to the user.

Now you're phishing with hand grenades.

JavaScript cross-site scripting attacks are hardly new. But this one is unique in that any site that hosts a PDF is vulnerable, and there is simply no way to detect whether or not an attack has occurred.

"The scary thing about this attack is regardless of me as a bank or a financial services provider, no matter how secure I made it, if I host PDFs I now have a vulnerability," says Billy Hoffman, lead R&D engineer for SPI Dynamics.

Adobe has scrambled to patch the vulnerability, which affects Acrobat 4.0 and later, but Hoffman questions how many millions of unpatched clients are still out there. He also says that Adobe's lesson is one that corporate developers need to take to heart. In short, development managers need to think more critically when it comes to connected apps, and avoid crafting open-ended functionality that can get terribly misused.

"I would say the big [mistake] was they really didn't think through the repercussions of this feature," Hoffman says. "I've never seen a PDF need to use JavaScript or have JavaScript render or manipulate a PDF. They were putting in features that really didn't need to be there. They put this in, but really no one thought of what the security implications would be."

What are your thoughts on the Adobe plug-in vulnerability? Did Adobe royally muck it up, or is it simply making the same mistakes as the rest of us on a bigger stage? E-mail me at mdesmond@reddevnews.com.

Posted by Michael Desmond on 01/17/20070 comments


Remembering Rex Farrance

I was fresh out of graduate school when I first met Rex Farrance at PC World magazine in 1992. A trim man with an easy smile and measured speech, Rex and I shared a cubicle wall for a couple of years in the magazine's sixth-floor offices in San Francisco.

I'll never forget how Rex would calmly set aside everything to greet me as I approached. As a young editor struggling to understand the technical workings of PC technology at the time, I benefited greatly from Rex's patient and gracious explanations. Despite all the stress and deadlines, it seemed that Rex was always willing -- always -- to make time for people in his life.

I bring this up because Rex Farrance was killed Wednesday night, the victim of an apparent home invasion robbery at his house in Pittsburg, Calif. Farrance was shot in the chest and his wife, Lenore, pistol-whipped by four assailants who broke through the door at 9 p.m.

It's always hard to come to terms with the sudden and violent loss of a friend and co-worker. But when that loss strikes someone as honest, as patient and as positive and good-natured as Rex Farrance, it's simply a shock.

I don't think I've ever met someone who was at once so calm, measured, gracious and positive. No matter how tight the deadline, Rex always gave you his full attention when you came by. He was always smiling, always positive and always young. At nearly 50 years old when I worked with him last, he looked all of 35.

Rex was truly one of the good guys, a person who made a place better just by being in it. I think we can all learn a little something from Rex. He made time for people first, even if it meant setting aside his own cares.

I'll have to take that lesson forward with me, because it's honestly one I've forgotten.

Rest in peace, Rex Farrance. You will be missed.

Posted by Michael Desmond on 01/12/20070 comments


Windows Live is Back...Sorta

Contrary to popular reports, some fueled by our own Stuart Johnston, Microsoft's once-loudly touted Live effort hasn't hit the skids. As reported in her blog by regular Redmond Developer News contributor Mary Jo Foley, Microsoft has once again begun talking about the Live platform, specifically during briefings at the CES show in Las Vegas.

In her posting, Mary Jo recounts that Microsoft adCenter will sit at the foundation of two freshly minted categories of Live APIs focused on infrastructure (identity, relationship, storage, communications, payment/points, advertising and domain APIs) and application services (instant-messaging/VoIP, search, blogging, mapping, mail/calendar and classifieds).

When I asked Mary Jo about her thoughts on the change, she said the key thing was the position of adCenter in all this. Before, Microsoft's ad serving engine was an optional component of the Live development platform stack. Now it's cooked into the foundation. This looks like Microsoft Technology Marketing 101. Leverage one product to open an opportunity for another.

All this is still early action -- Microsoft won't roll out a finished vision until the Mix 07 conference in April -- but the larger statement is clear. Microsoft Live, and the Live development platform, are back.

What are your thoughts? Do you plan to kick the Live tires and perhaps start building online services using the new dev platform? E-mail me at mdesmond@reddevnews.com.

Posted by Michael Desmond on 01/10/200710 comments


Start Minding PerformancePoint Server

Some time in the next couple of months, Microsoft is likely to release an updated CTP of its forthcoming PerformancePoint Server 2007 product. A business performance monitoring, analysis and planning application destined to hook deeply into SharePoint, Office and Windows Server, PerformancePoint Server could really shake up a business intelligence marketplace currently served by heavyweights like Cognos and Business Objects.

What's important about the next CTP release is that it'll be the first to include analytics technology acquired from Microsoft's purchase last year of BI software vendor ProClarity. There's a lot here to like -- particularly for companies struggling to integrate BI packages with their software stack.

We'll be keeping an eye on PerformancePoint over the next few months, and so should you. Look for more coverage of this product and Microsoft's efforts to boost BI and data management capability in its Server products over the next year.

Does your company employ a BI platform? What things would you need in PerformancePoint Server to consider a migration? E-mail me at mdesmond@reddevnews.com.

Posted by Michael Desmond on 01/10/20071 comments


Retooled K2.net Targets Developers and Business Users

In our January issue, we cover the latest beta of an intriguing, human-centric BPM tool that integrates with core Microsoft technologies like BizTalk Server. Called K2.net, the first beta of this next-generation platform from SourceCode Technology Holdings Inc. out of Redmond, Wash., reached select customers and partners in late December. The beta (codenamed "BlackPearl," and I'll keep the Jack Sparrow jokes to myself, thank you very much) is built on the .NET 3.0 Framework and integrates with SQL Server 2005 and the 2007 Office System.

BlackPearl is good stuff, and honestly deserves more space than we were able to provide it in print. Redmond Developer News senior editor Kathleen Richards dove deeper into the beta and provides more detail:

A major upgrade of the K2.net 2003 Enterprise Workflow Platform, the beta includes a K2.net Studio design environment, Server, Workspace and Service Manager. While all of these components will be revamped, multiple design environments are central to the new platform. BlackPearl allows users to design, build and customize processes in several environments including Microsoft Visio 2007, a browser-based interface, SharePoint Server 2007 and Visual Studio 2005.

Significantly for developers, SourceCode is now a Visual Studio Industry Partner. This gives developers access to a build and design environment within Visual Studio that supports integrated debugging, the VS2005 project system, and full C# and VB.NET language support.

Developers can use pre-built design canvases (from third-parties, too) for process flows, swimlane diagrams, documentation and role-based process modeling, or build their own. The K2.net 2003 design canvases and toolbox will be included with BlackPearl components and wizards in the new platform.

BlackPearl supports .NET 3.0 development technologies such as Windows Workflow Foundation with schedules and rules wizards, a hosted runtime environment and XOML integration. Other new features enable source-controlled process designs, controlled build and development processes (MSBuild), and InfoPath and AJAX-enabled form designs.

The new design environments allow developers to expose data as SmartObjects (for example, a customer and their attributes) or SmartFunctions (business logic, such as calculate total invoices) to business analysts, who can then access and reuse the information without worrying about where it resides on backend systems.

Many BPM products today are designed so that business users can at least get involved in the design process, observes Forrester Research analyst Colin Teubner. "Whether they can build an application is another story, but they can at least get involved in mapping the process before it gets handed off to a developer," he explains. "I think K2.net's older product didn't have as much business user friendly development, so they've added there.

Microsoft relies on third parties as add-ons to its BPM and SOA platforms because these deployments are services-heavy initiatives, and not something "Microsoft can sell in a box," Teubner says. "We constantly see Microsoft pointing people in the direction of K2.net, especially in the area of workflow, when their own products fall short."

Under development for about three years, K2.net BlackPearl is compatible with all processes and applications designed in K2.net 2003, according to SourceCode. K2.net Enterprise Workflow users can download Additional Components for K2.net 2003 that support Microsoft Office SharePoint Server 2007 and InfoPath 2007.

General availability of the commercial version of BlackPearl is expected by the end of the first quarter. SourceCode has not disclosed licensing information. According to company, K2.net 2003 licensees with a maintenance agreement will be able to download the BlackPearl platform for free when it becomes available.

Posted by Michael Desmond on 01/10/20070 comments


Microsoft, in Its Own Words

Last time we counted, Microsoft has been in the development space for 31 years. Seattle Post-Intelligencer reporter Todd Bishop has managed to sum up Microsoft’s history from Altair Basic to .NET and Vista in a short, easily navigable presentation.

Bishop injected some real methodology into the process, as he wrote: "We collected dozens of key Microsoft-related speeches, interviews, internal e-mails and other documents from the past three decades, and put them through a program that generated a timeline of tag clouds showing the 64 most commonly used words in each."

The result is a nifty scrolling timeline, built with the open-source (gasp!) Tagline Generator -- that provides a graphic representation of Microsoft’s most valuable verbiage, along with links to the original document.

Bishop has written a blog posting outlining the project's history here. The scrolling timeline is available here.

Does this unique accounting of Microsoft history offer useful context? What changes in the vocabulary over the years at Redmond surprise you most? E-mail us at mdesmond@reddevnews.com.

Posted by Michael Desmond on 01/03/20070 comments


Redmond at the Wheel

The battle for the embedded OS market between Windows and Linux is moving into high gear with reports that Ford is putting its full corporate weight behind Microsoft. Citing sources familiar with the matter, the Wall Street Journal reported recently that Ford Motor Co. will unveil Sync, an in-car operating system developed by Microsoft.

Sync will allow in-vehicle, hands-free phone communication and other types of information transfers, such as e-mail or music downloads, according to the report.

Microsoft's Windows Automotive division has been around for a while. Sync is based on its existing automotive operating system, the WSJ wrote. The automotive division struck a deal with Fiat in 2004.

Burton Group analyst Peter O'Kelly says that while Sync isn't groundbreaking technology, it could have some appeal, and fits into Microsoft's game plan of late. Here's what he wrote to us in an e-mail, basing his comments on the WSJ article and not an official company briefing:

"While the rumored capabilities of the offering don't seem revolutionary -- many people already have Bluetooth-based phone integration in their cars today, for example -- I expect the option of having an end-to-end Microsoft solution will be attractive to some customers using Windows Mobile phones, and perhaps there will at some point be integration options for Windows laptops and other PC-centric devices as well (e.g., for expanded and simplified Microsoft Outlook synchronization, and perhaps music/other media synchronization as well)."

What do you think about Microsoft's move into automotive software? Will corporate coders soon be writing custom apps on top of the Sync OS for their automotive fleets? And what kind of applications would you like (and not like!) to see developed for an in-car OS? E-mail your thoughts to mdesmond@reddevnews.com.

Posted by Michael Desmond on 01/03/20070 comments


Presetting the Table

When .NET Framework 3.0 arrived in November, a lot of readers expressed concern about the rapid-fire pace of updates. The jump from .NET 1.1 to 2.0 was tough, requiring IT and development shops to take careful measure before making a shift. While the move to .NET 3.0 has been far less dramatic, dev shops face a lot of questions as they move to support Windows Presentation Foundation, Windows Communication Foundation and Windows Workflow Foundation.

In fact, the answers to those questions have yet to arrive. According to Jay traband at .NET tools provider IdeaBlade, Microsoft has adopted a fresh strategy that seeds strategic technologies ahead of the tools that implement them. .NET 3.0, he says, is just such an effort.

"I think Microsoft is doing an elegant job of building something with the core of .NET. Microsoft gets a lot of things in with one release, but it isn't usable until the following release. A lot of that stuff isn't usable until [the Visual Studio] Orcas release," traband said.

It makes sense. As operating system platforms and applications become more complex, the need to lay down foundation technologies increases. For traband, whose company is involved in extending .NET into the realm of distributed applications, Web services and SOA, the new Microsoft approach seems to be paying dividends.

"It's really very impressive. I actually come from the Java world and love Java, but I think Microsoft has done a truly elegant job in exposing the primitive concepts," traband said. "We feel internally [that WCF] is a much better infrastructure, but we find people are interested because it has much better [Web services] standards compliance."

Posted by Michael Desmond on 12/20/20060 comments


The Coding and Computing Film Making Hall of Shame

From the infamous virus upload scene in Independence Day, to the cringe-worthy Jurassic Park line -- "This is a Unix system. I know this." -- filmmakers just can't seem to get coding and computing right.

What silver screen moments left you shocked and dismayed? And which films managed to impress you with their realistic depictions of programming and hacking? Let me know and we may publish your insights in the next issue of Redmond Developer News. E-mail me at mdesmond@reddevnews.com.

Posted by Michael Desmond on 12/20/20060 comments


Pushing the Science

A couple of weeks ago, Microsoft took a moment to help support computer science studies and achievement. On Dec. 4, Microsoft Research Cambridge and the University of Cambridge Computer Laboratory hosted the Think Computer Science! event, which featured talks, demos and interactive sessions for 250 grade-school students from 19 schools. The goal: to help motivate students to pursue studies and careers in computer science.

A day later, Microsoft hosted scholars, researchers and programmers from Europe, as part of a program that awards scholarships to European students entering Ph.D. studies. Currently, Microsoft Research sponsors 56 students, with as many as 25 scholarships to be awarded in 2007.

The effort to bolster computer science studies is sorely needed. According to a study cited by the Computer Research Association, the percentage of incoming undergraduates in the U.S. who planned to major in computer science plummeted between 2000 and 2005, by a staggering 70 percent. No surprise, the number of graduating students with computer science degrees has taken a hit, following years of steady gains. Between academic year 2003-2004 and academic year 2004-2005, the number of total CS degrees granted fell by 17 percent. We can expect those losses to mount.

"One of our goals is to inspire and educate the scientists of tomorrow," said Andrew Herbert, managing director of Microsoft Research Cambridge. "Through events such as the Think Computer Science! Lectures, in partnership with the University of Cambridge, and the European Ph.D. scholarships and fellowships that we're announcing to support the top students and scientists in Europe, we aim to help fuel future discovery and ensure that Europe continues its heritage of scientific and technological innovation."

What is your experience? Are you concerned about the building developer brain drain? Have you noticed any change in the number and talent of your programmers entering the field? E-mail me at mdesmond@reddevnews.com.

Posted by Michael Desmond on 12/20/20060 comments


Express Yourself

When it comes to rich Web media development, it seems like Microsoft has been fighting with two hands tied behind its back. Like the ill-fated Black Knight from Monty Python and the Holy Grail, Redmond has been forced to fend of competition with little more than its legs and teeth, facing mature Flash-based development tools from Adobe to the white-hot popularity of AJAX development. Six months ago, the folks at Adobe were probably asking: "What are you going to do? Bleed on me?"

They aren't asking any more. Thanks to the emerging set of tools in Microsoft's Expression Studio suite, Redmond is becoming relevant in the rich Web design and development space. Built on four components -- Web, Blend, Design and Media -- Expression is a classic bit of Microsoft maneuvering. When caught at an obvious disadvantage, shift the playing field.

Expression does just that, by tying into the rich Windows Presentation Foundation layer in Vista and .NET 3.0 Framework to enable sophisticated GUIs, 3-D visuals and other effects previously limited to the realms of DirectX game development. WPF, however, is a rich client play -- the stuff to make Office sing and desktop graphic design soar. In the Web space, the secret sauce is WPF/Everywhere, a subset of WPF that will enable ubiquitous playback of rich visual and programmatic interfaces on all manner of Web clients.

Why would anyone shift from Flash interface development to the Expression suite? In a word: XAML. Short for Extensible Application Markup Language, XAML describes rich interfaces in a human- and machine-readable markup format, while enabling Flash-like animation, graphics and video. And just like that, Flash-based sites that were utterly opaque to Google searches can be fully indexed. What's more, designers who build interfaces using XAML tools like Expression can turn their work over to developers who can readily tune, tweak and twist the underlying interface code.

There's a workflow play here. Microsoft envisions a mingling of roles, as designers use Expression to engage functional tasks that in the past belonged strictly to programmers, and programmers ease themselves into the design arena. Where the two sides once lobbed work orders at each other, like hand grenades tossed across a river, tomorrow folks could be walking right across the bridge to do touch-up work themselves on the other side.

Is it a good thing? I'm not so sure. I'm pretty certain plenty of developers will be ready to man the approach to that bridge and shout "None shall pass!" But it does offer that choice.

What are your thoughts? Will you ditch Flash for Expression Web? Let me know at mdesmond@reddevnews.com.

Posted by Michael Desmond on 12/06/20060 comments


Subscribe on YouTube