Silverlight Sneakiness

•01Aug07 • 12 Comments

Today Scott Barnes of Microsoft posted an article to his blog about the new automatic updating feature in Silverlight. He says:

We are sneaky and I love it, but in a good way. You see with Silverlight RC1, one of things you may not of noticed is the “Silverlight Configuration”.

screenshot of silverlight dialog with automatic updates recommended

Choice is a great thing is it not 🙂

Now obviously Scott is being snide here, but I have to ask: why is this something to be proud of? Automatically updating software without notification is a bad idea, albeit not a new one: Windows Update in Vista does the same thing. IT organizations hate this kind of thing: there is nothing worse than having your help desk inundated with calls because your internal app stopped working when someone releases a new security patch. I hope the Silverlight team at least has some way for IT deparments to turn this behavior off (on Windows and Mac).

But making Automatic Updates a silent default as Silverlight now appears to do is an even worse idea – I’m surprised it got past the lawyers, honestly. Vista asks users on first-use whether or not they want this behavior, so at least there is some notion of an opt in. Of course, its also very unfortunate that neither the Silverlight dialog nor the Vista dialog shown below actually warn you of the possible consequences of enabling Automatic Updates. Instead, they use boldfaced text and the “(Recommended)” tag to make it seem like you’d be foolish to choose anything else. But that seems par for the course when you have a corporate culture that is proud of being “sneaky”.

Vista Update Settings Dialog

Finally, of course, I can’t resist engaging in a little taunting: is Microsoft so insecure about Silverlight upgrade adoption that they feel they have to sneak in updates through the back door like this? Flash Player has the absolute best upgrade adoption curve in the history of the computer industry, and we don’t have to resort to such sliminess to achieve it.

Posted in Rich Internet Applications
Tags:

Mozilla Monkeying Around with Tamarin

•26Jul07 • 4 Comments

But in a really good way. Brendan Eich has announced 3 cool new projects around the Tamarin engine Adobe contributed to the Mozilla project:

  • ActionMonkey, which will merge SpiderMonkey and Tamarin. Not really a new project, but lots more details are available.
  • ScreamingMonkey, which will allow Tamarin to be invoked from within IE. Not clear to me whether this is really Tamarin or ActionMonkey that gets integrated. Is it “just” Tamarin’s ECMAScript engine, or is there more?
  • IronMonkey, which is an effort to port IronPython and IronRuby to run on Tamarin.

Several people have wrote about this already, most notably Sam Ruby, Dion Almaer of Ajaxian.com, and Adobe’s own John Dowdell.

These are all very cool projects. Being able to use a modern, high performance ECMAScript engine within IE could be huge. I wonder if this will embarrass the IE folks into updating their ancient JavaScript engine?

But the project I’m most interested in is IronMonkey. I even talked about wanting such a thing way back in November 2006 in a comment on Sam Ruby’s blog:

Yes, a Ruby or Python environment that generated AVM2 bytecodes would be awesome as part of Firefox etc. No more need for things like RJS – just write your entire web app in Rails, using HTML and/or Flash for presentation.

It is interesting that Mozilla chose to use IronPython and IronRuby as the basis for this work, though. I have a lot of respect for Jim Huginin and company, but using the Microsoft languages means a lot of hassles:

  • since the languages are written in C#, they have to use Mono to compile the compilers. Not a big deal, but yet another dependency to manage.
  • although MsPL is a pretty open license, I don’t think the actual source repositories for the compilers allow contributions from anyone other than Microsoft employees. Thus Mozilla is going to have to make a downstream repository and deal with all the version skew issues. Be interesting to see if Microsoft fixes this problem eventually. I hope so. If they don’t they are missing out on a key benefit of open source.

Would have preferred them to use JRuby and Jython as the base, personally. Still, I applaud the Mozilla folks for coming up with such a compelling vision for JavaScript’s future, and look forward to the day when I can write AJAX apps using Ruby on the client.

Posted in Dynamic Languages, Openness, Rich Internet Applications

OOXML Standardization: still ugly

•20Jul07 • Comments Off on OOXML Standardization: still ugly

Groklaw has an interesting article discussing one of the key problems with OOXML as a proposed standard. It quotes some ECMA-376 goings on in India:

While we wait, there is more on that front, this time from India, where the technical committee there is still considering Ecma-376 issues. Earlier, we mentioned to you some questions that Dr. G. Nagarjuna, Chairman FSF India, submitted to the Working Committee, Board of Indian Standards on Wordprocessing. In this Issue Sheet [PDF], we find answers from Microsoft’s Vijay Kapur, followed by responses from Dr. Nagarjuna.

For example, here’s one such exchange:

Backward compatibility for all vendors: Can any third party regardless of business model, without access to additional information and without the cooperation of Microsoft implement full backward compatibility and conversion of such legacy documents into MS-OOXML comparable to what Microsoft can offer?

Mr V. Kapur: Implementing backward compatibility is an application function not a file format specification requirement. The ECMA 376 specification is capable of faithfully representing information in the legacy binary file formats. This point was treated in detail in the response to the question raised by Dr. Nagarjuna. Microsoft can offer? Availability of Binary File Formats — It is to be noted that Microsoft has made the .doc, .xls, and .ppt binary file format specifications available under a royalty-free covenant not to sue to anyone who wishes to implement all or part of these specifications in their products. Anyone can get access to the specification now, using the method described in the following Knowledgebase article at the link: http://support.microsoft.com/default.aspx/kb/840817 – How to extract information from Office files by using Office file formats and schemas (relevant extract below)With both format specifications being available for a developer, a converter can be written in such a way that a DOC or XLS document can be converted into an Open XML document with content and representation intact. This point should be treated as closed as there is no contradiction.

Dr. Nagarjuna: Availability of the specification of binary formats does not solve the problem of another vendor’s ability to implement. What is required is a mapping between the existing proprietary formats and OOXML if the stated objective of OOXML, namely, to faithfully represent legacy formats in XML is to be met. The link provided by MS is not an article. It is misleading to say so. MS did not publish the specification of proprietary documents at any accessible place. They are promising to provide to those who sign an MOU with the company. This is unacceptable since, implementing this standard mandates the need for private understandings. That is not the purpose for which standards are specified. They are specified precisely to eliminate such a requirement. The question asked was a very serious and a CORE issue: the answer given is not satisfactory. A satisfactory answer to this consists in publishing the mapping between OOXML and proprietary documents. Since this is not the case, the issue is open, and forms a sufficient reason to vote against OOXML.

Pretty compelling stuff. The article also discusses Microsoft’s recent spin on the whole ballet-stuffing issue Rob Weir brought up so eloquently recently. This is the same issue I raised obliquely a few months back, because I didn’t have the evidence to back up the rumors I’d heard, and I’m glad to see that Rob and company have managed to shine some light here.

[Updated 6-22-2007] some text in the first paragraph was inexplicably missing. Copy/paste error? Not sure, but I’ve added it back…

[Updated 7-27-2007] In related news, more shenanigans in Spain and Portugal. The article is a bit overheated in its rhetoric, but it does look like there is some basis for the accusations.

Posted in Document Formats, Openness
Tags:

iPhone’s Lack of SDK Explained?

•10Jul07 • 8 Comments

Ars Technica has published a very thorough review of the iPhone. Well worth reading for a balanced perspective on what it does and doesn’t do well.

There was one thing in there that caught my eye, though. Something that I hadn’t seen previously, and that might explain why Apple hasn’t released an SDK:

Some disturbing revelations from these discoveries and analysis of crash logs from the iPhone reveal that Apple are using SUID root executables inside their Cocoa apps (everything is effectively running as root) and that the real root account is enabled (and has a weak password that everyone knows now). As several individuals have noted, all it would take is a single nefarious exploit to gain root access to the iPhone and begin wreaking havoc. The fact that a few of the applications on the iPhone have been a little crash-prone for some (Safari?) means that exploits will probably surface quicker.

If it is true that apps need to run with setuid, then any native third party apps would have unfettered access to the entire system. It may take Apple quite some time to fix the iPhone architecture to work around these problems.

Posted in Uncategorized
Tags:

« Previous Entries
Next Entries »