Entries from Nov 2005 ↓

Anti-phishing tactic helps the “Well Designed Url” cause

Today Joris Evers on CNET posted an article about the security developers for the four main web browsers discussing how to make surfing the Web safer. One of the tactics mentioned was Microsoft plans for IIS7 to show the URL in the address bar on all Internet windows to help users identify fraudulent sites. Whereas the trend has somewhat been for many websites to eliminate the address bar on their seconday windows to make their websites look slicker — see what happens when the bad marketing wonks get involved, and when techies become over-enamored by techniques like AJAX — this move will shine the light more brightly on the lowly URL.

In the past have blogged about Good URL design for websites and the related topics of wanting Mod_rewrite functionality for IIS and the tool ISAPI Rewrite that gives mod_rewrite functionality to IIS so it is clear I’m passionate about virtue of incorporating URL design into the overall design of a website. More specifically, my personal opinion is that URL design is one of the more important aspects of web design. This even though one person in this world disagrees with me, but Mark Kamoski is wrong. :)

What’s cool about IIS7 requiring the URL to be seen at all times besides the obvious anti-phishing benefits is it will hopefully cause more website stakeholders (marketers, developers, etc.) to think more about the design of their website’s URLs.

And that would be a good thing.

P.S. Actually, I’d love to see all Windows applications do what Windows Explorer does and support a URL of sorts (maybe call it an "LRL" as in Local Resource Locator?) Wouldn’t it be great to see apps like Word, Excel, QuickBooks, and even Visual Studio be written as a series of state changes where the URL/LRL could represent in a user readable format each uniquely-representable state (with some obvious caveats)? Just imagine how that would empower the creation of solutions by composing applications… but I digress as that is the topic for a future day’s blog post.

P.P.S. I almost don’t want to say this next thing as it could obviate the need for exposing URLs to guard against phishing, but I’m too intellectually honest not to. I see a huge market opportunity for Verisign, with the support of browser and server vendors, to enhance their SSL certificates to include a "Phishing-Safe" seal of approval. Today website owners only need pay for a certificate if they are collecting sensitive information, but in the future I could see it becoming a defacto requirement for any website with a login to need a "phishing-safe" certificate, raising the bar on lots of hobby forums sites, etc. But I once again digress… Oops, I should have read the whole article before pontificating here; looks like they are discussing just such a concept.

Borland gets Tod Nielsen, former bigwig in the Microsoft developer divison

What goes around, comes around.  Microsoft steals Anders Hejlsberg as C# chief architect; Borland picks up former Microsoft developer divison honcho Tod Nielsen as CEO. Admittedly not an apples-for-apples comparison, i.e. development vs. marketing, but it is interesting none-the-less. Given his tenure at MS’ devdiv, I’d be surprised it Tod doesn’t do a good job of making Borland a developer tools powerhouse once again.

All your Base are belong to Google?

When I saw that Google Base just went live, my first thought was "All your base are belong to us."  I fear this might be ironic.

After a quick Google I found I wasn’t the only one to have thought this.



Simple technologies recombined, not technological breakthroughs, spur disruptive innovations

Clayton Cristensen's Book - The Innovator's Dillema

Yesterday when I blogged about simplicity I forgot to mention Clayton Christensen’s take on simple technology. Clayton’s ground-breaking book was entitled "The Innovator’s Dilemma" and is a must-read for any developer who wants to understand the business dynamics between market incumbency and innovative uses of technology.

From his extensive research Christensen states in The Innovator’s Dilemma that disruptive innovations are almost never the result of technological breakthroughs but are instead recombinations of existing and often inexpensive technology in forms the former market leaders don’t pursue. He states the driving reason for the market leaders ignoring disruptive innovations the people in their sales organizations fight against pursuing them because they don’t see big enough market opportunities and/or they can’t make large enough margins compared to their incumbent business. That is, until it’s too late.

Christensen defines disruptive innovations as those "innovations1 that allow small companies to topple once strong, market leading companies and establish themselves as market leaders. His first example was 8" disk drives manufacturers who put out of business all 14" disk drive manufacturers. The latter sold to mainframe vendors at 60% margins, and their customers were interested in larger capacity and faster drives, not in more expensive slower smaller drives with less capacity (which had to be sold at only 40% margins!) But mini-computer manufacturers purchased the 8" disk drives and over time the 8" disk drive manufacturers improved their products to the point of being good enough (key phrase) that mainframe vendors decided to buy from them rather the pay for the increasingly feature rich and increasingly expensive 14" disk drives.  At that point, with cost structures requiring 60% margins, the 14" disk drive manufacturers couldn’t maneuver and they all failed.

Examples of recent disruptive innovations with which you might be familiar are:

  • Open-source ASP.NET apps and .NET developer tools such as DotNetNuke in the content management space, and NUnit and related for testing tools. Both of these started out much more simple than commercial alternatives, but are evolving.
  • Simpler .NET components. Five years ago most components vendors were US-based. Today, the Internet has empowered many vendors outside the US to compete on price alone for the simpler components. One only need look at the number of the vast number of Internet Email Components for .NET to see this trend for what it is.
  • Small-project Outsourcing. Another trend near and not-so-dear to many developer’s hearts - outsourcing - is all about being able to offer development services for less. Look at places like RentACoder where you can have small projects developed for literally a tiny fraction of what it would cost to hire a developer in the US to do the same work (smart and entrepreneurial developers should see this as an opportunity rather than a problem…)  Today RentACoder’s projects are simple and inexpensive; tomorrow, who knows?
  • RSS vs. incredibly fragmented and expensive alternatives to content syndication; RSS is simply XML, after all.
  • Wikis, "The simplest thing that could possibly work" according to the Wiki’s inventor Ward Cummingham have edged out many commerical collaboration solutions, and most people say they do it better than what came before.
  • MySQL started out as a simple and basic alternative to Oracle, SQL Server, and DB2.  When you look at all the people who deployed early versions of MySQL because of its price (optionally free) instead of going with one of the big three, you realized that good enough really was an important concept at play. Now MySQL v5.0 is out and has stored procedures, triggers, views, and more. And if MySQL ever becomes good enough for everybody, Oracle, Microsoft, and IBM can’t compete at their margins.

I could go on, but those should be enough to help you understand the concept if my abstract description wasn’t enough.

Actually, if you think of another example, it would be cool if you would make a comment here and let me and my readers know about it!


1 - Also note that Christensen defined the term "innovation" to encompass a broader scope than just what we think of as technologies. He included business models as innovations too. 

Technologies are best when they are simple

What’s the next big thing? AJAX? Ruby on Rails? PC Virtualization? Open-Source Software? Data Security? Open Office File Formats? Windows Vista? Windows Live? Apple’s iWhatever? Yeah, all those things will get lots of hype, but the next big thing is something we’ve had access to all along:


Are my thoughts revolutionary? Nah, I’ve been reading about it at places like Information Week and the other usual suspects. Even Bill Gates at Microsoft gets it, through Ozzie at least (though execution will be the key.) But unlike all that gets hyped, simplicity as a concept that is for real.

Let’s look at two of the best known examples:

  1. Simple Mail Transfer Protocol.
  2. Really Simple Syndication.

Over the years, the world’s Internet email infrastructure evolved from that simple little mail transfer protocol (spam and all!) And RSS exploded as a method to syndicate blog posts in a very short order instead of one of the many complex content syndication concepts most of us never even heard of.

To most people the Internet came out of nowhere ten (10) years ago yet it evolved for at least twenty (20) years prior. The Internet’s foundation protocol TCP/IP isn’t exactly simple, but once the simple protocols HTTP and HTML were layered on top, Internet use exploded because implementing websites was simple (by comparison.)

But it’s not just simple technologies, its also simple to install and simple to use applications: ASCII text editors (i.e. Notepad), web browsers, email clients (w/apps like Outlook Express), instant messenger clients, wikis, blogging apps, online forum apps, and QuickBooks (simple is relative; accounting is required yet QuickBooks doesn’t really require accounting expertise.)

And to many people this simplicity makes sense. Scott Cook (founder of Intuit) got it. The founders of the original Instant Messenger (ICQ) got it. Pierre Omidyar (founder of eBay) got it. Google gets it. The original author of PHP Ramus Lerdorf gets it. And a lesser known group also gets it; the developers of Basecamp (although 37 Signals could also be the poster child for when a group elevates a concept to an ideology, and like all ideologists, becomes blind and misinterprets the concept. But I digress…)

Okay this is all obvious, and well, it’s simple. So what’s the big deal? People recognize that simple is important but without a simple roadmap, most don’t know how (pun intended.) I don’t know that I can provide that roadmap, but at least I can get you started.

First, just for grins, let’s look at some counter examples:

  • MS-Access – Have you ever tried to develop an app is MS-Access? Yeah right.Access it pretty easy in where it allows you as a user to point and click, but once you hit its brick wall of end user functionality, you’ve got to be an Access guru to do anything more with it.
  • VB.NET – Thank god for the My namespace in VB 2005, albeit five years late, but VB.NET is still too damn difficult to use productively without weeks of learning.Don’t get me wrong, I love the power of VB.NET language, but it has very little transitionality.
  • ASP.NET – I know its blasphemy, but let’s be real: VIEWSTATE, __doPostBack(), Server Controls, @Register, @Import, WebForms, DataGrid, etc. etc. There’s so much complexity there, where does one start? It’s no wonder so many people still use ASP & VBScript.
  • Exchange Server – Oh my god! How complex a beast can you get? Most POP3/SMTP servers use files and directories; Exchange using some bastardization of an Access/Jet database that corrupts whenever the power fluctuates. And have you ever tried implementing server events?
  • SharePoint – I can’t even figure out SharePoint as a user, let alone as a developer. What was Microsoft thinking?
  • Active Directory – Need I say more?!?

I’ve bashed on Microsoft thus far, but let me not give them all the credit:

  • XML, though itself simple, has been complicated with namespaces which I’ve studying for literally years I but still can’t figure out how to use.
  • SOAP – Okay, Microsoft was heavily involved here. But why did they have to make web services so hard?I mean, what was wrong with HTTP POST?
  • J2EE – There’s a reason J2EE developers get paid the really big bucks.
  • Oracle – Have you ever tried to tune an Oracle database application?
  • Content Management Systems – Is there anything out that can pass for simple? I’ve been using DotNetNuke on one of my sites for a while and I can tell you, it isn’t.

This brings me to my key point. Aside from being intuitively obvious, what’s so great about simple?

The Benefits of "simple" are, quite simply:

  • For the User: Productivity
  • For the Platform Provider: Rapid and Widespread Adoption

But you say that all of my counter examples have widespread adoption?

Do not underestimate the institutional will of large organizations to implement tremendously complex technology, because they can.

On the other hand, departmental users, users in small businesses, college students, home users and more can’t deal with complex technology. If it’s too difficult, they don’t or can’t use it. And there are many, many more of them than there are large organizations. What’s more, large organizations are effectively made up of these small groups and individuals. Simple technologies benefit all.

Microsoft, with its Windows monopoly has been able to get away with complexity and consequent low user productivity and low platform adoption with many of its products for a long time. But with the new challenges from Google, SalesForce, et. al. they better get pragmatic religion, and they better get it fast.

And that roadmap to which I referred? To quote Albert Einstein:

As simple as possible, but not simpler


Next Generation Demo Software with VMware Player

I just spotted the new free VMware Player.  This is totally cool. 

Free VMWare Player

I can envision companies using VMWare Player to demo complete environments, like an ASP.NET & SQL Server Express application; just configure the virtual machine to have everything needed! This basically eliminates most potential configuration problems that could cause a vendor to loose a sale when the software is what the prospect needs but getting it to work is too difficult or time-consuming for the prospect.  This is especially important for lower priced software.

ISVs could even start shiping preconfigured software using VMWare Player.

This is definitely something to watch.

I wonder when/if Microsoft will do something like this with their Virtual PC/Server technology?

FolderShare bought by Microsoft, and now (currently) free!

I’ve been using FolderShare for a few months now and love it.  But I just heard that Microsoft bought it and that it is now free. Cool!

If you normally work on a desktop but need a laptop for travel, FolderShare is a "must have.’  If you need to share files with people who are not in the same location (or even if they there is network with shared rights), it works like a charm.   It’s also great for making backups on another machine in case your hard drive crashes (but like mirrored hard disks, it’s not great for protectings files against viruses, etc.)

Anyway, I need to add some people to my "Professional" account but now that it’s free I can’t figure out how.  Or maybe it doesn’t even matter anymore?

The other thing I want to know is, what’s the max number of users that can share a folder?  If anyone knows, I’d love to find out…

Talk about the Need for (De-facto) Standards…

News.com has a clip about a system which BMW is developing (see photo):

BMW is working on a communication system that will let one car convey information about road conditions to those behind it. In this photo, the LCD screen on the dashboard flashes up a warning to a moving car that the road is slippery ahead. Minutes before, another car did a power slide through a wet patch on the same path.

Talk about the need for (de-facto) standards! 

This is a really cool use of peer-to-peer technology; let’s hope that short-sighted greed doesn’t get in the way and have BMW and other automakers try and make such systems proprietary.


P.S. Let’s also hope that they design the UI well enough so that people don’t crash when sending out warnings!

Microsoft Still Doesn’t Get It.

Microsoft Still Doesn’t Get It.  I just read the article on C/Net News.com entitled  Microsoft pitches Web tools to hosting companies.  I saw this and got excited:

An update to its Web hosting program is designed to make the combination of Microsoft server products more attractive to hosting companies, which often use Linux and other open-source components, Microsoft executives said.

Then I read a bit further to find out exactly what the new deal will be and found:

The company will give Web hosting companies a free 30-day trial period to use Visual Web Developer 2005 Express, a new product in Microsoft’s Visual Studio product line. The product is aimed at boosting use of Microsoft tools by individuals and small companies. The program and the licenses associated with using its software will allow hosting companies to try Microsoft-based products with little or no up-front costs, Nandi said.

Microsoft just doesn’t get it!!!  A 30 day free trial in this age-of-plenty is useless and will not entice anyone who wasn’t already seriously considering.  Conversely, Linux and the open source components don’t cost web hosters a dime1. EVER!

If Microsoft really wants to make inroads into the web hosting market, here is what they need to do:

  • Offer a Window’s Hosting Kit for $295 that offers unlimited licenses for Windows Server 2003, Web Edition.
  • Offer Visual Web Developer for FREE for everyone forever, but ensure a migration path to Visual Studio 2005.
  • Offer an optional annual paid support agreement for web hosters mirroring similar to those offered by Red Hat and others.
  • Over time build into Visual Web Developer access to fee-based web services from Microsoft’s new Live initiative.
  • Finally empower Hosters to make more money from their customers by adding more value for their customers. This might be by letting hosters who offer Windows hosting to federal the Live services and take a cut off the top.

This last one is a key critical piece that’s missing in Microsoft’s approach to dealing with web hosters.  Microsoft knows how to get it’s Solution Providers and Resellers motivated by helping them make more money, but they still haven’t figured out how to motivate web hosters. 

The irony is it boils down to one thing: Empower them to make more money!

1 Ignoring optional support fees, of course.

Microsoft’s New Operating System: Singularity

Check this out: a new "In the Lab Only" operating system called Singularity.

From their website:

Singularity is a research project focused on the construction of dependable systems through innovation in the areas of systems, languages, and tools. We are building a research operating system prototype (called Singularity), extending programming languages, and developing new techniques and tools for specifying and verifying program behavior.

Advances in languages, compilers, and tools open the possibility of significantly improving software. For example, Singularity uses type-safe languages and an abstract instruction set to enable what we call Software Isolated Processes (SIPs). SIPs provide the strong isolation guarantees of OS processes (isolated object space, separate GCs, separate runtimes) without the overhead of hardware-enforced protection domains. In the current Singularity prototype SIPs are extremely cheap; they run in ring 0 in the kernel’s address space.

Singularity uses these advances to build more reliable systems and applications. For example, because SIPs are so cheap to create and enforce, Singularity runs each program, device driver, or system extension in its own SIP. SIPs are not allowed to share memory or modify their own code. As a result, we can make strong reliability guarantees about the code running in a SIP. We can verify much broader properties about a SIP at compile or install time than can be done for code running in traditional OS processes. Boarder application of static verification is critical to predicting system behavior and providing users with strong guarantees about reliability.

From Channel 9 (emphasis mine):

Besides Singularity’s kernel being successfully written in C# (how cool is that!), there are all kinds of interesting lessons learned with respect to what a managed OS enables. Again, this is a prototype research OS, not a full fledged OS that can run the typical applications you’ve come to expect of an OS (or even provide a user interface beyond, say, that of DOS).


P.S. I wonder if it could be compiled in Mono…