Good Money after Bad

George: We must do something! If we don’t do something, we’ll die eventually!

Nancy: Yes, if we don’t become immortal, we’ll die eventually.

George: I’m looking for the fountain of youth.

Nancy: That’s stupid.  You are always looking, abandoning your home, and you still haven’t found it.

George: You have no plan!  Your plan would have us die eventually.  At least my plan has us living forever.

Nancy: Your “stay the course” plan still hasn’t proven successful at achieving immortality.  And you’re not helping rebuild the damage here at home.

George: What use is rebuilding at home if we just die eventually?  Am I the only one with the vision to pursue the fountain of youth?

Nancy: Yes, you are.  Let us know when you find it.

Don’t Buy Vista for Security?

Joris Evers at CNET (that’s his e-mail) is now saying that you don’t need to upgrade to Vista; just keep your Windows XP machine patched.  He claims that experts support this claim.  The headline says “Experts: Don’t buy Vista for the security”.

If you only read the headline and first two paragraphs of his article, you’ll get an extremely misleading picture.  The fact is, a patched Windows XP SP2 machine is not even close to Windows Vista.  The operating system with Vista now sandboxes the user at medium integrity, and the web browser is sandboxed at low integrity.  These changes alone make any comparison between XP and Vista night and day.  To act as if a user is just as secure on XP as on Vista is insane and irresponsible.  Saying that someone will be “perfectly secure” is grossly negligent.  I wouldn’t even claim that Vista is “perfectly secure”.  I hope Joris is willing to take e-mails from all of the users who accept his advice.

And it’s his advice, not the advice of the experts he cites.  The “expert” who says XP SP2 compares to Vista is a computer repair guy.  The other person who says it’s not more secure is a student at some local college.

The actual experts Joris cites say the opposite.  Too bad he buries the experts at the bottom of the article where most people don’t read.  Quotes from four different experts he cites say:

  • “Vista is light-years ahead of XP from a built-in security perspective”.
  • “A lot of customers will prefer to either buy a new machine with Vista or upgrade a recently acquired XP machine with Vista in order to get at this added layer of protection”
  • “XP SP2 was not the systemic, top-to-bottom, scrub-everything experience that Vista is, XP SP2 secured the surface. Vista security goes much deeper. It’s a far bigger leap.”
  • “If you’re looking to buy a new computer, the security features built into Vista tip the balance in its favor over other options such as Mac OS X”

There you have it, four experts all say “Buy Windows Vista for the Security”.  And two non-experts say don’t.  So Joris tells you that “experts” think you shouldn’t buy Vista for the security.

I am sure Joris was just using provocative headlines to generate controversy.  That’s why I’m not linking the story.  Lying to people about security just to get on TechMeme is not cool.

Daily WTF: +1 URI not UorI

URIs are the words of the Internet.  Dare posts a WTF about Java’s URI comparison operator, which is horrendously wrong.  It’s like saying duck = electricity or “when I say bad, I mean good”.  That totally belongs in the daily WTF.

I’ve been struggling with the converse this week, which is nearly as bad.  MSDN pages have undergone yet another gratuitous URI change, so now when you say “bad” and you mean “bad”, the Internet says “I don’t understand you, bad is now pronounced szygyz”.

When it comes to communication and memory, exclusivity is the devil.  Communication is where two share one mind.  It’s not “u or i”, it’s “u r i”.  Running around using whatever vocabulary suits you without respect to shared terms and meaning is to poison the well.

Speaking of … WTF is up with saying that WTF means “Where’s The Fire”?  Is that supposed to be antibiotics in the well?


Intel Chip Fab: Goodbye Silicon Dioxide

Let’s give this video some link love.  I liked the Bad Sinatra video better, but this is newsworthy.

Valleywag got the details wrong, twisted and distorted the truth.  Why is everyone still hating on Scoble?  70 interviews with CEOs in 6 months.  That’s incredible.  It’s like a crash course in Silicon Valley business.  Valleywag should partner with Podtech.

Microsoft Payment System?

BillG makes a comment at Davos about a paper he read, and the world goes off into wild speculation.  It’s pleasing that people still give us so much credit.  But integrity is important; let’s not elevate an idle comment to the level of vaporware and FUD.  My responses to some of the speculation:

Undercutting credit card companies: That’s not what the remark says.  The point is that you can’t have an ecosystem of micropayments with high cost-per-transaction.  Xbox solves that problem by using Microsoft Points.  Apple solves the problem by batching up your purchases at iTunes music store and charging your card once certain limits have been met.  One is pre-pay, the other is post-pay.  Neither strategy is exclusive.  Prepay is not new; Starbucks floats hundreds of millions of dollars on Starbucks cards — but they aren’t about to wipe out Citibank.

More competitors, more intense: We’ll see.  The banks are nervous about Paypal; Paypal is nervous about Google Checkout.  The banks would probably be happier if Paypal’s space was fragmented, just like Paypal would be happy if Google didn’t have a search monopoly and a long tail of adoption.  Everyone is nervous because the trends are to centralize, not because there are more entrants.

Microsoft’s play: Microsoft has had payment systems for at least 5 years.  Points have been shipping for more than a year.  Obviously, having payment systems is strategic for our own business, and we would be insane to adopt Google Chekout (for example).  But between having internal-only systems and going public, there is a huge range of possibilities.  Since we have no product in the spaces where Citibank, Paypal, and Google checkout play; it’s a bit strange to think that we would launch a product that tries to compete with all of them at once (or even any of them).  Until you see a v1, and a v2, it’s just crazy to be speculating about the future direction.  It’s much more fruitful to look at where the established players already are, and what their competition dynamics are.

ASP.NET Application Looks Like Hell on IE7?

The other day, my wife explained that she has been telling her team to use IE6, since IE7 breaks her ASP.NET application.  She has been keeping this a secret from me, since obviously it is a grave violation of trust between mates.  She came to me only because IT is forcing upgrade of IE7 on her team, and she needed help.

It took me only a few moments to find the problem.  ASP.NET is pretending to issue XHTML and claims to adhere to strict doctype.  At the top of the .aspx page was an XHTML doctype (click the image to see it; curses on WordPresses buggy “security filter”):

XHTML doctype

I deleted it, and now the site renders the same in IE7 as in IE6.


This simple trick should fix your problem.  If you’re interested in hearing why, please read on. 

The short explanation is this: IE7 is far more standards-conformant than IE6, so pages that rely on conformance bugs in IE6 look bad on IE7.  ASP.NET pretends to be standards-conformant, but that really just means “IE6 bug-compatible”.  If you tell ASP.NET to stop pretending, then IE7 says “Oh, this page isn’t really standards-conformant — I’ll render it bug-compatible with older versions of IE”.

So, why does ASP.NET even bother adding that DOCTYPE if it is deceptive?  Well, there are two reasons, neither very satisfying.  The first is that the XHTML political lobby insisted that “XHTML gooood, HTML baaaad”.  So everyone was arm-twisted into emitting XHTML.  The problem is, when the political lobbying started, none of the web browsers actually supported XHTML, they just pretended.  So a server like ASP.NET could choose between emitting code that was XHTML, or emitting code that looked as much like XHTML as possible without breaking Netscape and IE.  Code that looks like XHTML without breaking the browsers is a tiny subset of “actual XHTML”.

Farcial as it may be, it was the best anyone could do, and it got the complainers to stop kvetching.  Now we can all live under the illusion that we support XHTML, even if trivial little changes and isomorphic infosets would break half the world.

The problem is, as soon as you claim to be XHTML, the modern browsers assume that you are also using real CSS.  This goes for Firefox as well as IE.  But IE6 didn’t support CSS properly; so now the GUI web designer tool had two choices:

  1. Emit good CSS, so the code that looks good in Opera but not IE6, and maybe looks good in Firefox
  2. Pretend to be good CSS (by the DOCTYPE), but emit code that looks good on IE6 and hope it works in Firefox or Opera

It’s clear which choice was made.

Enter IE7.  The newest version of IE, like the newest versions of Firefox and Opera, does a much better job of rendering standards-conformant pages.  Suddenly, writing code that looks good only in IE6 seems like a bad idea.  And even if that wasn’t such a bad idea, pretending that it’s standards-conformant sure seems silly.  It just makes our hard work to adopt standards in IE7 look bad.

Well, that’s the story.  Knowing this, you have two choices:

  • Use the legacy design tool and tell ASP.NET to stop pretending that it’s emitting real standards-conformant code.
  • Use more modern design tools (like Expression) and let ASP.NET rightly claim that the code is standards-conformant.


Firefox and Vista RSS Platform

I whipped up a quick tool to allow Firefox to integrate with Vista’s Common RSS Feed List.  You can download and install it here.

After installing, you need to select “Tools | Options” in Firefox, then click the “Subscribe … using” radio button, the “Choose Application” button.

Configure RSS Reader

Browse to C:Program FilesMicrosoftCommon Feed ListCommon Feed List.exe.  After selecting this, you can switch back to “Show me a Preview”.

Now every time you view an RSS feed, you will have the option to subscribe to it using the Common Feed List, which will make the feed show up in Vista Sidebar, Windows Live Mail Desktop, IE7, or any other client you have configured to sync with the feed list.

Firefox and Vista RSS

If you want to look at the source code, you can download it here.


When you subscribe using the Common Feed List, you are using the RSS engine built-in to IE7.  Feeds subscribed in this way save your machine bandwidth, since only one copy of each feed is downloaded even if multiple applications use the feed.  You also get multi-machine sync of feeds and read/unread status, and ability to read your feeds in the cloud or on Macintosh or mobile for free.

IE7 on Windows Vista runs in a “sandbox” called Protected Mode, which limits the amount of damage that can be caused by in-process exploits.  Since protected mode is an operating system level constraint applied on a per-process basis, protected mode does not apply to IETab running in Firefox on Vista.  Therefore, if you want Protected Mode, you should use IE7, which includes the subscribe experience shown above by default.


Update: The downloads linked above have been updated to support Firefox 3 (Thanks, Warren!).  The code should work on both Vista and Windows 7.  If you need the old version that works with Firefox 2, you can get it here

Jimmy Wales & CNN Punk’d?

Concerned about biased and inaccurate material in Wikipedia, Dough Mahugh contacted Rick Jellife (a long-time independent expert in the topic at hand) with a proposal.  He asked if Rick could review the Wikipedia article and make edits according to his own expert opinion, in exchange for money.  Doug further stipulated that he would not review or approve anything Rick said, and that Rick was welcome to discuss the offer publicly on his blog before coming back with counter-proposal or accepting.

In other words, Doug threatened to get an independent expert involved, and did so in the most transparent way possible.

The headlines scream “Microsoft PR pays money to manipulate Wikipedia!”.  All very exciting and predictable, but untrue.  Doug doesn’t work for PR, no money ever changed hands, and the article is finally accurate for the first time in many months.  In fact, it appears that most of the edits were made by someone from the opposing camp who suddenly decided to care about fairness and accuracy.

The real shame here is that it took a little prank like this to get Wikipedia contributors to self-police.  Several corrections were made by the opposing camp, which is admirable, but one must question how those inaccuracies got in there in the first place?  Is Jimmy Wales going to do an inquiry and find out which full-time employees of which organizations made the offending entries that needed to be corrected?  Was the sin of Doug that he simply was too transparent and open?

The truth is, Doug baited with the appearance of impropriety, which the press swallowed hook line and sinker — but ultimately did nothing wrong.  On the other hand, there apparently has been conflict-of-interest editing going on, while Wikipedia seemed primarily interested in avoiding the appearance of impropriety.  I am pleased that Wikipedia seem to be re-examining their rules for conflict of interest.


Should Firefox Support Vista RSS?

CNET recently wrote a review of Vista, where they complained that “IE7 RSS feeds get preferential treatment”.  They say:

“… there’s a Gadget for subscribed RSS feeds. We downloaded and installed Firefox 2, made Firefox our default browser, and quickly set up a few RSS feed subscriptions. Guess what? The Windows Vista Gadget was unresponsive to our efforts, displaying only the default MSN feeds from Microsoft. You have to use Internet Explorer 7 or choose a Firefox-friendly Gadget instead.”

I understand the disappointment, but this is a limitation in Firefox, not Vista.  And it’s easy to correct.  I would happily help anyone associated with Firefox add the required support.

If the reviewer had instead chosen to subscribe using Bloglines toolbar, Newsgator, FeedDemon, or any of a number of other non-Microsoft RSS readers, they would have seen the subscription update in the gadget.  The subscription in Microsoft Office Outlook and Windows Live Mail Desktop would update, too.  In other words, the fact that the gadget is able to share the feedlist is a demonstration that we have made the shared feedlist totally open — and plenty of ISVs already take advantage of this fact.

Firefox isn’t actually an RSS engine, which is why the reviewer seems confused.  Firefox simply allows you to associate feeds with an external reader.  On Vista, any app which wishes can register to tap into the shared feed list, and we support any number of applications all sharing the same list.  Allowing FF to register the shared feedlist on Vista as an external app would be trivial, and would enable Firefox to better integrate with the whole ecosystem of RSS readers — including cross-machine and cloud sync as supported by Newsgator.

I understand why Firefox might be hesitant to integrate with the shared feedlist.  It’s not available on Linux, after all.  But it’s certainly not a MSFT-only feature — in fact, quite the opposite.  It’s the feature that opens up our RSS platform to a whole ecosystem of vendors who are already taking advantage.


Update: I wrote the ten lines of code necessary to make Firefox integrate with Vista’s RSS platform.  Here it is.

Free Press Pass

Dave linked to the Mercury News article so I don’t have to.  The article is poorly-researched, poorly-written, and misleading.

For starters, it acts as if everyone (including Microsoft) is trying to catch up to Google in Mapping.  That is exactly opposite of truth.  Google is trying to copy and play catch-up to the previously-established players like MSN and MapQuest.  Google may be gaining market share from AOL in this space, but since they started with none you wouldn’t expect them to lose market share.

Google maps is not a bad product, to be sure, but according to all of the user testing and reviews, it’s not better than Microsoft’s.  Being “just about as good as Microsoft” is not a way to gain market share based on merit.  Finding one person on a trade show floor who anecdotally says “Microsoft’s product has more power than I need” is not a ringing endorsement.  Read about Redfin’s recent switch from Google (Zillow already used VE).

Of course, Google can leverage search monopoly to get share for their mapping product.  They apparently can also leverage slavish reporters.  But how well is that working for them?  Note that the Mercury reporter didn’t cite mapping market share numbers to support her theory that Microsoft’s mapping efforts are a failure — she cited search numbers.  That’s like saying “Google Earth is a failure, because Microsoft still have 90% market share in operating systems”.  If you want to know how well the mapping products are doing, look at share numbers for that product, product reviews, and reports from real people who tried both and switched.