Hold developers liable for flaws?

That’s what one so-called “expert” thinks should happen. While most people will agree that security is a major issue, not everyone agrees on what should be done to combat security problems. This suggestion has got to be the most creative and ridiculous one I’ve come across:

Software developers should be held personally accountable for the security of the code they write, said Howard Schmidt, a former White House cybersecurity adviser.

Speaking Tuesday at the SecureLondon 2005 conference, Schmidt, who is now CEO of R&H Security Consulting, also called for better training for software developers. He said he believes that many developers don’t have the skills needed to write secure code.

If we’re going to hold software developers liable for their code, why don’t we hold users liable for their mistakes and errors too? Heck, why stop there! We might as well hold the farmer who grew the potatoes used in McDonald’s french fries liable for making people fat! Seriously, Schmidt is just way off base with regards to the liability issue. Training is one thing, liability is quite another.

You just can’t look at a piece of code and say with absolute certainty that it’s secure, even if you have proper security training. First of all, the developer cannot anticipate all of the ways in which the code might be used, nor can he/she predict what future technologies might impact the code. Secondly, there is quite often more than one developer who touches a piece of code, so it may not be written with the same caution or mind for security each time. There’s just too much uncertainty. Software development is often called “Computing Science” but a large portion of it is more “art” than “science”.

Read: CNET News.com

Gennux

Today was a busy day for events. This evening Dickson and I attended a presentation at the University of Alberta by Gennux Microsystems Corp., a relatively new Edmonton-based company. They make an anti-spam product called eW@LL Mail which they say is unique in that it does not use content filtering like the vast majority of anti-spam technologies. They describe the product as a messaging firewall.

The developer who wrote most of the application and started the company is Sam Wong, and he gave the majority of the presentation tonight. He seems very smart, and excited about the work he is doing. Sam led us through some reasons for why spam exists, the numbers around how much spam is sent and recieved and the dollar value for related-costs (like lost productivity), the competition, and finally the Gennux solution. Dickson and I asked a bunch of questions about the technology, trying to find ways around it, but the product does seem very solid. They mentioned some statistics about how well it works, but I very much think that it’s one of those “you have to see it to believe it” things.

We didn’t ask them how much it costs, but I would imagine it’s not cheap. If it works like they say though, it would probably be worth it. They have quite a few installations already, including a fairly high profile one with an ISP in Taiwan. It’s good to see an Edmonton software company doing so well!

Read: Gennux

Upside Software

This afternoon the Faculty of Science hosted the first ever Executive Business Seminar for Computing Sciences. These seminars bring real executives from the computer industry to talk to students and faculty about their business, the challenges they have faced, and of course the technology they use. The Faculty of Science has been hosting similar seminars for other disciplines, like Chemistry, and they have apparently been quite successful prompting the start of seminars for CS. The seminars are around an hour in length, and include free pizza and pop.

Today’s speaker was Ashif Mawji, founder, president and CEO of Upside Software Inc., a very successful Edmonton-based software firm. They create software tools that help companies manage contracts. Ashif also brought Rob Brown along for the talk, who is the company’s Director of Team Development. The presentation was really quite interesting, and the success that Upside Software has had is quite impressive. Indeed one look at their customer list will give you an indication of how successful they have been!

After the presentation there was time for Q&A which was probably the most beneficial part of the seminar. Upside Software is looking to hire around 40 people in the coming year, so that was the pitch to students. All of their development is done on the .NET platform using C# – technologies which as you probably know are what I use and promote.

At the end of the session I introduced myself to Ashif and Rob, and invited their developers to attend the .NET Wizards upcoming events. It would be great to have their experience and leadership in our user group! I’d say today’s session was worthwhile, so I am planning to attend the next one too when it is announced.

Winamp Supports Podcasts

Podcasting News is reporting today that popular music player Winamp has added support for podcasting in their new version, 5.1:

WinAmp lets users play music and video files, features a media library, SHOUTcast radio and TV, skins, visualizations and an integrated podcast directory.

I don’t use Winamp, so the new feature doesn’t really make a difference to me. Except, it means Winamp and iTunes both support podcasts now, so it begs the question:

How long until Windows Media Player supports podcasting?

My guess is sooner rather than later.

Read: Winamp

Happy Birthday Microsoft

Today Microsoft rented out Safeco Field in Seattle to hold a company meeting with over 16,000 employees attending. In addition to talking about the incredible list of upcoming products, the company celebrated it’s 30th anniversary:

“As I think about the last 30 years,” said Gates, commenting on the anniversary, “I’m most proud of our making ‘big bets’ on technologies like the graphical user interface or Web services and watching them grow into something people rely on every day. And the long-term research we’re doing today on some of computer science’s toughest challenges – such as helping computers listen, speak, learn and understand – will lead to what I think will be the next wave of growth and innovation for our industry.”

Said Ballmer, “We’re more excited than ever about the opportunities ahead. We have an amazing pipeline of new products we’ll be releasing over the next 18 months. With our 30-year heritage of delivering low-cost, high-volume innovations, we’re in a great position to provide people and organizations with the software and services they need to achieve their potential.”

All of this just days after Microsoft announced a major reorganization. Here’s to another 30 years!

Read: Microsoft PressPass

Ford vs. Microsoft

Fellow blogger Larry Borsato and I have a friendly little discussion taking place in which we’re comparing Ford and Microsoft. It started with Larry’s comments on Microsoft’s $100 million campaign promoting the new version of Office and the comment I made on that post. Larry then posted a pretty indepth comparison of Ford and Microsoft:

He has an excellent point, and though it is difficult to compare the tangible Ford truck with the less tangible software, I feel it necessary to try.

And he does a pretty good job too, but there’s a few things I felt it was important to point out. Let me start with some of the things I disagree with.

Not Quite!

First of all, I guess it is technically correct that software doesn’t “wear out” in the same way a mechanical product does. On the other hand, the “platform” that your Ford truck requires to work will change very little in say, 20 years. What do I mean by that? Well your Ford truck requires roads and highways to operate on. Your operating system and by extension the software applications that run on top of it require a computer with certain hardware components. In 20 years, roads won’t change much, but your computer hardware sure will.

I’m not sure this is really a software issue:

So let’s use my laptop that died the other day as a basis for comparison. So basically my Ford truck has just stopped working, and a bunch of indicator lights are lit. The laptop indicated that the system file was corrupt; that I should use the Windows XP CD to restore it. Ok, but I didn’t get one with my PC, so now I had to buy a copy for $129.

Why didn’t you get a restore CD? Almost all major computer manufacturers provide a restore CD with their computers, so in the worst case, you can restore your machine to the state it was when you purchased it. And they work quite well too! I just restored a Sony laptop for a client last week, and it was extremely simple. Not having a restore CD isn’t so much a Microsoft issue as it is a vendor issue. It’s kind of like buying your Ford from a dealer that neglected to give you a spare tire (or donut spare). You can still use the truck, but if something goes wrong, you’ll likely need that spare tire.

I think patches are kind of like oil changes. You need an oil change once in a while to keep your vehicle running smoothly, just like you need a patch once in a while to keep your software running smoothly. I realize that an oil change doesn’t “fix” anything whereas a patch is usually repairing some problem, but intuitively they are the same – something that needs to be done once in a while. And in XP, Microsoft has made patches pretty painless with Automatic Updates – you can’t have your oil changed automatically.

The other argument is that a Ford truck never requires something like Service Pack 2, where the guts are changed and improved. While that’s true, think of it this way. If Ford decides to change the interface of the truck to make something easier, you have to buy a new truck to get it. With SP2, Microsoft made many things much simpler, like wireless connections for example, and they made it available for free (unlike Apple). That’s a feature thing though, what about problems? Well vehicles are not immune, and there have been many recalls over the years. Faulty tires, driving columns that would catch fire, etc. How to fix them? You’ve got to take your vehicle in to have it serviced. With your computer, you’ve just got to download and install a service pack. It’s fairly unobtrusive by comparison.

Room For Improvement

Now there are many areas that software, and in particular Windows, can be improved. One such area is in backups – they are far too hard. Restoring your computer from a CD may allow it to become operational again, but all of your data is lost. This is a problem, and it needs to be easier! Unfortunately, part of the problem lies with hard drives, which are not the most reliable pieces of machinery ever invented. Software plays an important role though too.

Most of all, a year after I buy an F-150, Ford may try to entice me with a new Ford based on more power, more features, or new body styling, just like Microsoft. But they won’t tell me how stupid I am to have bought last year’s model; that I’m a dinosaur because I’m not buying the newer model. In fact, Ford is proud of the fact that their cars are durable.

Good point. Microsoft doesn’t seem very proud of their old operating systems, but it is kind of related to what I mentioned above – the roads are still the same, but the computers are quite a bit different.

Software reboots need to be eliminated! So far the stuff I have read about Vista shows that progress is being made in this department – fewer reboots required when changing operating system files. This needs to get to zero reboots, but that will take time.

And my truck won’t start driving more slowly as the day goes on. Provided I get regular oil changes of course.

Too true. The operating system needs to do a much better job of keeping things running smoothly. In the software world, the “regular oil changes” are akin to defragmenting and memory management, both of which a user should never have to see. They should just happen automatically in the background.

It Takes Time

Ford wasn’t always very reliable (and some would argue they aren’t today either when compared to Toyota). It took time for Ford vehicles to get to the point they are at today – over 100 years in fact. By comparison, we’ve really only had ten years of widespread operating system use, since Windows 95. What will software look like in another 90 years?

Read: Larry Borsato

When should you release software?

When Dickson and I saw Google Talk the other day, an old discussion about when software should be released was renewed. The application was so basic and underwhelming that we couldn’t help but think they should have waited longer to release it. Usually Dickson thinks that software should be released when it’s more complete, whereas I think it’s okay to release sooner. So how do you determine when software is ready to release? Should you release very early, or just wait until the software is almost ready? What does the word “beta” really mean, anyway? Lots of good questions, and I don’t have answers for all of them. I do have some opinions though, and hopefully you’ll share yours too. Keep in mind that when I talk about “software” in this post, I don’t mean only things like Microsoft Outlook. Websites are software too.

It seems to me that the word “beta” has taken on new meaning in the world of software. In the past, releasing software as beta meant that you wanted it to have some real world use, to iron out the bugs that all software has. Lately though, I think that has changed, thanks in large part to Google. Take Google Talk, for example. The software “just works”. So why release it as beta? Well, for one thing, it has almost no features. And look at the discussion the release has generated in the blogosphere. It’s almost as if Google deliberately released software into the wild as “beta” to get some feedback on where to take it, feature-wise.

The meaning has changed in another way too. In the past, releasing something as “beta” meant essentially, “this is free because in exchange for you using the software, we’re going to get valuable feedback to improve it for eventual sale.” Now however, again thanks in large part to Google, that has changed to “we have no idea how to make money from this, so we’re calling it a beta.” Hence, why Google News has never gotten past it’s beta state. Lots of focus on Google, I know, but they are the new villain after all.

So what does “beta” really mean then? And more importantly, when has your software reached “beta”? Well, I think it depends in large part on what kind of software you have. Consider Microsoft Windows, for example. As we all found out the hard way with Longhorn, releasing an operating system too soon can be extremely detrimental. An operating system is too important a piece of software to release before most of the features are set in place. The Windows Vista beta that was released a couple weeks ago is a much better release – pretty stable, and very much focused on ironing out the bugs. Software like Google Talk however, is probably okay to release very early on, whether or not you call it “beta”, because at the end of the day it doesn’t affect nearly as many people.

Maybe what we have is not a question of what makes a release “beta” but instead, what kind of beta release is it? Consider tip #12 from Joel Spolsky’s Top Twelve Tips for Running a Beta Test:

Don’t confuse a technical beta with a marketing beta. I’ve been talking about technical betas, here, in which the goal is to find bugs and get last-minute feedback. Marketing betas are prerelease versions of the software given to the press, to big customers, and to the guy who is going to write the Dummies book that has to appear on the same day as the product.

Armed with that knowledge, maybe Google Talk and other applications like it are just different types of beta releases. Perhaps we should called Google Talk a “feature beta”, where the goal is to gather information on what sort of features the software should eventually have. I think that’s an interesting way of looking at software, as a series of different types of beta releases. Indeed a software application is never really finished, so maybe a “final release” is more like a “money beta”, where you start charging for the software. Of course, I could go on forever, creating endless types of betas. And there will always be anomolies, like Google News or even Flickr, which is in “beta” but costs money.

So let me try to answer the question, when should you release software? I think part of the answer is a question; what do you want to accomplish by releasing the software? If you want to gather information on what sort of features the application should have, release it early! The danger though is that you may create a negative image for yourself by releasing software that doesn’t really do anything, or which doesn’t meet expectations. If you want to iron out bugs, release the software later in what I would consider a “traditional beta”. And if you have software that you don’t know how to make money from, just release it as “free”. No need to confuse things by calling it a “beta”.

I also think releasing software is a very situational decision, in that no two pieces of software have the same set of circumstances surrounding them. While it may be okay to release one early, it might not be a good idea to release another so early. Deciding when to release software then, requires careful consideration of a number of variables, including what the goal of the release is, does the software work, who is it being released to, what other applications like this exist, etc. Once you’ve come up with a clear idea of all the variables, you can then decide to whether or not the time is right to release your software.

Happy Birthday Windows 95

Today is a special day in the world of technology. It was ten years ago today that Microsoft released Windows 95 to the world, and what a launch it was, as Joe Wilcox remembers:

Windows 95 was an event. People lined up for blocks outside computer stores (like Egghead) at midnight to get their copy of Microsoft’s newest operating system. Rolling Stones’ song “Start Me Up” set the tone for the launch (Colleague David Card reminded that the band is on tour again. What timing!).

Funny that at the time, Bill Gates hadn’t yet issued his infamous “we get the Internet” memo. Many of the large companies we interact with on a daily basis were still in basements and garages in 1995, like eBay and Amazon. And who could have forseen the incredible path Microsoft and Windows would take following the release, sometimes bumpy, others smooth.

Some interesting things to note about Windows 95:

There were actually five different versions of Windows 95 released. One release added USB support, another added IE 4.0, for example.
The codename for Windows 95 was “Chicago”.
Windows 95 was billed as a 32-bit operating system, but portions of the code remained 16-bit.

Perhaps the most interesting thing about Windows 95 is that it remains, essentially, the interface for computing today. Windows XP is far superior, but the look hasn’t really changed that much, nor the way you interact with the operating system. I mean, lots of things have been improved and simplified, but at the end of the day, you still click Start, switch applications on the task bar, look for files in Explorer, etc. Let’s hope Windows Vista makes some progress in those departments!

Read: Microsoft Monitor

Google Web Accelerator

Google announced on Wednesday the release of Google Web Accelerator,
beta of course. Basically it’s an Internet accelerator, designed simply
to make your web browsing experience faster. Here’s how it works:

Sending your page requests through Google machines dedicated to handling Google Web Accelerator traffic.
Storing copies of frequently looked at pages to make them quickly accessible.
Downloading only the updates if a web page has changed slightly since you last viewed it.
Prefetching certain pages onto your computer in advance.
Managing your Internet connection to reduce delays.
Compressing data before sending it to your computer.

As other have noted
however, the application also makes heavy use of Google’s servers, and
could allow them to collect some pretty interesting aggregate data on
the surfing habits of web users. Is that a good or bad thing? Who
knows. Maybe they’ll figure out a way to tie it into their advertising
network. Or maybe they’ll ignore it completely. At least they don’t
track you specifically.

Was Adobe's decision wise?

The big news in the tech world today is that Adobe has bought Macromedia for $3.4 billion. Many people seem to think
that the two make a perfect couple, and complement each other in a
number of ways. While I suppose that’s true, I think this might be the
beginning of the end for Adobe and Macromedia.

The first article I saw on the acquisition was this one,
from News.com. It tends to focus on how Adobe and Macromedia are
“making peace”, so that they can compete better together against, who
else, Microsoft. Indeed, Adobe’s CEO Bruce Chizen said “When I think
about competitors, there’s only one I really worry about. Microsoft is
the competitor, and it’s the one that keeps me up at night.”

Until now, Adobe has been pretty dominant with its PDF format, and
Macromedia has been pretty dominant with its Flash platform. Microsoft
has largely left the two alone, even using both technologies. I
wouldn’t say there has been too much competition So here’s my question:
how does this merger HELP the two compete against Microsoft?

The Adobe acquisition of Macromedia is like a smoke signal.
Microsoft will see it, and all of a sudden, the new Adobe is on the
radar in a much bigger way. Who is Microsoft more likely to pay
attention to, two smaller companies, or one large one? Who poses a
bigger threat to Windows, Adobe, Macromedia, or the two combined?
People describe Microsoft as a ship that constantly changes course to
mitigate new threats. Really, they are more like a fleet of ships. I’d
imagine they’ll dispatch a few to deal with the new Adobe now.

I think Adobe and Macromedia make some excellent products, and it
would be very difficult for Microsoft to come up with direct
competitors. Visual Studio is far beyond Dreamweaver, but other than
that, Microsoft doesn’t really make any competing products. At least
not yet. It’ll be interesting to see what happens now, to say the
least. Best of luck to Adobe and Macromedia, but I’m not sure the
merger is the start of better things!

Read: Adobe and Macromedia

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: