Because we can : Trustworthy Computing through Trustworthy Practices

Thursday, June 23, 2005 10:39 PM by malx

Trustworthy Computing through Trustworthy Practices

Today I read a newsgroup post by an academic at my former university, who I know reasonably well, and who I used to work for. In that post, he talks about things that Microsoft has done to him, and how he views Microsoft today; the fact that the subject he is lecturing and I used to tutor is a Linux subject should be a good indication of those views :).

The funny thing is, I read through it, and can't argue with it. Although I disagree with his interpretation of what's happening at the moment (discontinuation of UNIX/Linux support for new sales of Sybari products), his previous experience dealing with Microsoft is all too familiar. Trouble getting solid documentation, not adhering to standards properly, and of course, the legal challenge brought by the US government.

I remember my first Windows SDK shipped with a coupon for the DDK; that coupon had a space where you had to write down why you wanted a copy. This may have been just for statistics, but the idea of justifying why you need low-level product documentation seems a little strange.

On Tuesday Steve Ballmer was speaking to a bunch of us introducing the Engineering Excellence/Trustworthy Computing Forum. To summarise one of his points, Microsoft can't deliver trustworthy computing to customers who don't trust us; computers today will store and communicate the most intimate details of our lives, our financial information, and data related to our identity. When Microsoft talks about security, everyone needs to be able to believe that we're doing it with customer interests in mind - if customers don't believe we're serious about security, they'll switch to another product, not regularly apply patches, and not follow procedures designed to minimise risk. To deliver Trustworthy computing, Microsoft needs to adhere to the strictest business practice guidelines to foster trust and respect.

These two things came together in my head. Sure, when I bought my first SDK it retailed for around $1,000. Today, that documentation is freely available on the web, as are the tools. Compilers and linkers used to cost that much too. Now, they're a free download. So are debuggers, and debugging symbols. The DDK is available for the cost of shipping. If documentation for a particular Windows API or topic isn't public, then the other teams at Microsoft aren't allowed to use it either. Required by settlement, enforced at Microsoft. That helps provide great feedback for platform features, so that everyone else can benefit too.

Today Microsoft leverages standards in nearly all of our products. The recent announcement of Office moving to an XML-based file format should serve as an example, although there are many others. NFS support is another free download. Standards deliver the best experience to our customers, allow them to leverage existing tools, and deploy new Microsoft solutions. That provides great opportunities for Microsoft into new markets, and enables a smooth transition for our customers. It's win-win.

A lot of things have changed since the Antitrust case. It's visible looking around campus culture; culture is not an easy thing to change with such a large group of people. But here I am talking about these things, with a link so that anybody can contact me, ask me questions, ask for a feature, or anything. I read all of the posts here, and all of the comments I get. I follow them up. I've dug into source code to find answers for people multiple times - not because they pay me, but because Microsoft now understands the benefit of participating in the community to achieve great results.

Maybe we have the government to thank, in a twisted kind of way. Or maybe the open source community has shown the value of software as a community activity. Or maybe Steve's right - for Microsoft to grow into new markets, customers have to trust us more than ever, which demands ever more openness, honesty, and accountability.

Great software is the beginning, but a great user experience is what ultimately matters.

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: Trustworthy Computing through Trustworthy Practices

Saturday, June 25, 2005 5:15 PM by Anonymous

Steve was wrong...
"if customers don't believe we're serious about security, they'll switch to another product"

That's just BS.

malx:
"If documentation for a particular Windows API or topic isn't public, then the other teams at Microsoft aren't allowed to use it either"

That's just BS (unless you consider signing your soul to satan with an NDA for the IFS kit...).

"Today Microsoft leverages standards in nearly all of our products."

That indeed _is_ correct, if one defines "standards" as "something Microsoft defined and refuses to let anyone else use unless they sell 27 of their children to bill" (which is, coincidentially, the amount of money you need to buy a license just for SMB - something you can get for FREE in all senses from the SAMBA project).

I call BS.

"A lot of things have changed since the Antitrust case."

Oh yeah? Really? Name ONE, please. Your VB-hackers might no longer have direct access to the kernel code, but have to ask a kernel VB haver "do add this crap, I need it" and noone ever stops to ask "Why the hell do you need that crap?!". I've been told the NT5.3 kernel even exports thing no *sane* person would ever *add* to a kernel. Just diff exports between 5.2 and 5.3 and you'd know...

"I've dug into source code to find answers for people multiple times - not because they pay me, but because Microsoft now understands the benefit of participating in the community to achieve great results."

malx, don't get me wrong. I do appreciate you doing this. Hell, I'd *expect* you to do it if you want to be anywhere near a valuable coworker (as you blog about it). But so has Raymond and Larry in the past in their blogs (both have a history of digging up answers from code they don't usually work with) or Usenet newsgroups way before that.

That Microsoft hasn't seen the benefits of cooperation is more likely an error of MS not appreciating (more like hating) cooperation. USAians seems to detest cooperation (and define it as communism) and prefer killing (even literally) people before even considering them as potential business partners that could benefit the whole humanity.

That you *just now* realized cooperation might be beneficial displays what a sorry state you are in. I pity you. But if you indeed DO understand it now, please lobby your patent-hungry divisions before they destroy everything!

"Great software is the beginning,"
Is this a homage to Tops-10 and CP/M?

"but a great user experience is what ultimately matters."
and Then you create XP...

I think you by this piece have displayed just how disconnected and far from customers and reality MS might be. Why not add insult to injury and say Visual Studio 2005 is the greatest of all, when you know roughtly 30%-50% of *professional* C++ developers stay with VC7 (aka 98, from 1997).

Please malx, stay out of this mess. Stay with what you hopefully know - NTFS. :-)

# re: Trustworthy Computing through Trustworthy Practices

Sunday, June 26, 2005 11:11 PM by malx

"Please malx, stay out of this mess. Stay with what you hopefully know"

Sigh.

I know that VC7 didn't ship in 1997. It shipped as part of Visual Studio .NET 2002. VC5 shipped in 1997, VC6 in 1998.

I know that Windows Server 2003 has a 5.2 kernel, and LH has a 6.0, and I'm not really sure where to look for a 5.3 kernel to diff against.

You say "BS" a lot without backing it up. Other teams may not use undocumented Windows functions, period. If you know of an instance where that's not the case, let me know and I'll pass it on to the legal department. I take this point very seriously.

Your whole post is Anti-MS, which is fine, but you then dispute that people might consider a non-MS product? Seen /. recently?

I could go on and on about culture change. I find it quite fascinating (although my co-workers might not like to be analyzed in public ;). MS does understand the value of community involvement. That's why I'm talking to you. If you follow a blog like Raymond's or Larry's, you can see the benefit that provides.

If you still don't believe that MS is more serious than ever about openness, trust and transparency, go to http://lab.msdn.microsoft.com/vs2005/ , download the beta, file bugs, and suggest feedback. Look at other people's comments. Watch your bug get rated by the community.

And yes, I am excited about Visual Studio 2005. Why? Because the unprecedented amount of community involvement paves the way for a release that addresses concerns people actually have, rather than a release for its own sake - high quality input makes high quality products.

And if you're not excited about Visual Studio 2005, go to the feedback site and explain why.

# re: Trustworthy Computing through Trustworthy Practices

Monday, June 27, 2005 8:31 PM by I had one byte wrong...

As should have been obvious, I had one byte wrong. It should have been "6" after "VC".

<philosophical>
It does however in a very obvious way point out how vulnerable we are to spelling errors or even slip of a finger, making us seems like we are writing about something we most certainly are not.</philosophical>

OK, seems I also was wrong about what the LH kernel is to be called; not 5.3 but 6.0. Thanks. I hadn't seen it anywhere else previously.

> You say "BS" a lot without backing it up.

OK, then allow me to back it up.

Security. Can you seriously say MS have displayed a *really serious* committment to security, even after bill himself said so, considering the LARGE amount of 'sploits and what's worse, the way some of them has been handled by MS? Like "we don't _think_ this is serious so we won't give a shit about it, for now"?

Get real.

If you really want references, I could likely dig up at least a handful. As that'd take time, and I'm not paied for criticisin MS, just ask the ones reading /. and osnews.

> Other teams may not use undocumented Windows functions, period.

First of all; since when? I heard that became a "rule" back in around 1995-'98 (after Microsofts first "major setback" in US court). I've seen MS software use undocumented stuff after that. Not only API's, but registry keys too. :-<

> If you know of an instance where that's not the case, let me know and I'll pass it on to the legal department. I take this point very seriously.

YOU might do so. Legal might not, and trust me - the Office group don't give a fuck (they are the ones making the money, and Bill backs them up).

But, again, this depends on the timeframe we are looking at. You tell me a year and month this shoudl have been in place, and I tell you the software and undocumented API used.

> MS does understand the value of community involvement.

I know *parts* of it does. That's indeed the reason you (likely are even allowed to) write this blog. I had however hoped it'd stay a technical thing, and not the political playground your last post made it into - the politics that got me going. That not only worried me, but pissed me off. As I consider you partially a "fellow developer" I didn't bother to smooth my wording.

But to stand up and say "MS does understand the value of community involvement"? EVERY indication I have seen the last decade is that MS no longer gives a shit about developers and community, and only get their input from Gartner and similar companies gaining all their information from *just* "Fortune 500" companies (exactly the companies MS should *NOT* care about if they want to please the "majority").

If that wasn't true, how could ever the VC7 IDE been created? If half a decade after it was created, serious C++ developers still say "Yes, we hate the compiler, but we hate the 7.1 IDE even more, why we stay with 6"?

You say 2005 is much better. I obviously think you are lying, as you are an MS employee, and if I looked at the 2005 IDE would I not see a POS written in see-hash, requiring (as VC7.1) "merely" 80MB of RAM just to display the "configure keyboard" dialog, and would it not require over a frickin gigabyte of diskspace *without* the helpfiles?

The VC6 IDE (and compiler, headers and libs) I can just copy from one machine to another. Fuck COM, its registration and shit. Copy, and be done!

I dubt VC 2005 can provide one percent of that - not to mention it will likely require 2GB RAM, Half a billion CPU cycles for each keystroke in the editor, just to display a character, a version of "dot-not" not even yet released, and at least 4GB of disk.

Thanks, but I'd rather use even interpreted Java if that's the deal. If you really, _really_ suggest VC 2005 is as good as I demand it'll be, then I might look at it. If you tell me, personally "Do have a look at it, is _is_ good" then I'll dedicate a machine or two for it. Not multi-CPU 48GB RAM monsters, but machines that runs VC6 like a bat-out-of-hell. I expect you to consider that as the very first comparison I will do.

If it then (as I'm almost 100% sure) is not even 25% of what it should be after almost a decade of development (from VC6), where should I send my gripes? The "public group"?

[VS2005] Look at other people's comments. Watch your bug get rated by the community.

Are you serious? No, for real? If your majority in numbers C++ developers are really allowed to speak their mind, and MS listens to them, then I _might_ consider MS again. If MS on the other hand is again bunching C++ developers with VB and see-hash, not to mention FrontPage (that some MS idiots even put into the kernel via "winlogon"), then I'll sooner go with the absurdely primitive makefile's" in a *nix system before leaving VC6? The VC7.1 dudes did a really good job on the compiler - unfortunately the IDE dudes screwed it up to such a degree no amount of compiler improvements could have convinced me to use the POS. Do Microsoft really listens to those C++ developer gripes and do something about it? I could actually be considering buying licenses for VC 2005 is that was the case, and 2005 turned out to be "good". Fat chance, though. That would require a MAJOR improvement compared to the complete disaster MS did with VC6->VC7!

But again, we are discussing matters not even closely related to NTFS, why I wonder if you've gotten directives to make MS look like "good guys" in all areas, instead of staying within the area you were originally blogged about (and did it reasonably good I think).

> And if you're not excited about Visual Studio 2005, go to the feedback site and explain why.

Good rounding off. Seems you just have become a political officer (compare KGB/GRU).

If Microsoft needs over adecade to fix even the *simplest* of drawing bugs (I have one I reported in the Win95 beta program, and then for NT4sp3 - where I got the answer "too complex, will be fixed in NT5" - and now it's dtill present in XP), I dubt it has the competence, or even the will, to please the customers they *really* depend on - the developers.

# re: Trustworthy Computing through Trustworthy Practices

Monday, June 27, 2005 9:01 PM by Random Reader

Anonymous, I think you completely missed the point. So far, nobody has reason to believe much of what you just said -- because you look like a raving lunatic.

In your second post, you've basically done two things:
1) Conceded that you didn't back up any of your points, but made excuses for that ("I'm not paied"). Considering you are the one who is trying to argue, the onus is on YOU to back them up -- not expect someone else to blindly accept whatever you say at face value. Especially since the statements you are arguing against have already been backed up, more than once.
2) Admitted you haven't looked at Microsoft recently ("if ... then I _might_ consider MS again" "if ... then I might look at it"). Considering the topic of this blog post was about relatively recent events, you've basically just stated that you have no clue about the subject at hand.

Those two things are what make you look like a raving lunatic. Fix those, and it's more likely you'll be taken seriously (by anyone who happens to be reading this).

# re: Trustworthy Computing through Trustworthy Practices

Tuesday, June 28, 2005 9:39 PM by Bobby Marinov

malx> Other teams may not use undocumented Windows functions, period.
I know for at least one case where Microsoft used undocumented function.
I have discovered this with SAK for Windows 2000 several years back.
What we found out was that the NFS server (implemented by Microsoft) used "FileIdBothDirectoryInformation" and "FileIdFullDirectoryInformation" information classes which are not described anywhere in Windows 2000 documentation (DDK & IFS header files included).
As expected I was not surprised when I found the information in the Windows XP IFS kit.
So if Other teams may not use undocumented Windows functions, period. How come this particular function was not failing on Windows 2000?
Granted Microsoft does not use undocumented functions, they simply forget to publish them on time so they can have the competitive advantage for at least half product cycle. In this case, if I didnt know about this function, my NFS implementation would have been forced to do open, read File ID and close for each entry found during directory enumeration.
How many small things like that Microsoft have conveniently forgotten to publish on time?
btw. What is the need to pay for the DDK? It used to be a free download for so long. Isnt that a step back?

# re: Trustworthy Computing through Trustworthy Practices

Tuesday, July 05, 2005 4:08 PM by denis

I found this to be interesting reading:

http://homepages.tesco.net/~J.deBoynePollard/FGA/csrss-backspace-bug.html

The existence of this (rather awful) problem was independently confirmed by others than the author of the article.

I find the semi-final paragraph particularly disturbing:

"On 2002-09-24, Microsoft KnowledgeBase article ID Q311486, promised six months ago, finally appeared. Its publication date is falsified to claim that it appeared on 2001-10-26. It talks about programs that "pass invalid screen size parameters" when the sample program code that it gives for replicating the bug clearly contains nothing at all relating to screen size parameters. And the explanation that it gives for the actual cause of the problem is woefully incorrect. Were it not that it has taken over eleven months for Microsoft to produce it, one might think that this article was a very badly done rush job."

# re: Trustworthy Computing through Trustworthy Practices

Wednesday, July 06, 2005 7:04 AM by Mike

Just with these few documented "issues", can anyone at Microsoft seriously say they think Microsoft will be considered serious when even mentioning trustworthiness?

Good luck. Try get MS say "We take full responsibility for our software" in the EULA's first.

# Trustworthy Computing?

Thursday, July 14, 2005 8:08 AM by Emil

"Trustworthy Computing" is not about users trusting their computers, it's about transnationals trusting their customers' computers.

I'm sorry, but if a giant corporation "trusted" my computer, I wouldn't.

# re: Trustworthy Computing through Trustworthy Practices

Thursday, December 08, 2005 7:10 AM by Dinis Cruz

Hello Malcolm,

I just blogged a detailed comment to this post here http://owasp.net/blogs/dinis_cruz/archive/2005/12/08/276.aspx

Dinis Cruz
Owasp .Net Project
www.owasp.net