Ruminations on Mr. Safe
A few months ago
Tim Bray posted a conversation with a hypothetical
Mr. Safe which attempted to explain why a
conservative business manager such as the CIO of a
bank wouldn't deploy a technology like RSS. Tim
Bray points to reasons such as the fact that it
wasn't produced by a "standards organization",
there are ambiguities in the spec and the existence
of competing versions for justification for why he
believes the typical Mr. Safe would not deploy
RSS.
Shortly afterwards
Joshua Allen pointed the major shortcoming of Tim
Bray's arguments; most Mr. Safes are
pragmatists and late adopters (see the
Technology Adoption LifeCycle). Their decision
making process for choosing technologies is more
driven by following the pack and adopting tried
& tested solutions than it is by technical
specifics of a particular solution to a problem.
The CIO of a company is more likely to be impressed
by the fact that a technology is being deployed by
multi-billion dollar companies like Microsoft,
Yahoo and
Sun Microsystems or household names like The
New York Times,
BBC, and Rolling
Stone than it is by whether the spec is
considered to be well-written (for some subjective
definition of well-written) or how few flame wars
the people behind the spec have been in.
The more I think about this the more I agree with
Joshua's postion. I am definitely not impressed by
protestations that there are ambiguities in a
particular technology specification given that most
technology specs are full of holes. It doesn't
matter if it is an ANSI spec (e.g.
C++), a W3C spec (e.g.
W3C XML Schema) or an IETF RFC (e.g. RFC
2396) there are always ambiguities or flat out
errors in the spec that lead to conflicting
interpretations and in many cases user confusion.
The fact that the spec is produced by a standards
body does not prevent this from happening and in
many cases encourages it [especially if the august
body is the W3C with it's culture of compromise
between conflicting design goals].
I recently have had to deal with the .NET
Framework's equivalents of Mr. Safe. One of my job
duties at B0rg Central is responsibility for the
implementation of the W3C XML Schema recommendation
in the .NET Framework (i.e. the
System.Xml.Schema namespace). Due to the
complexity and inconsistency of the recommendation
there have been a large number of errata published
for the spec; over a hundred by my most recent
count which can be confirmed by checking the W3C
XML Schema Errata page. A number of these
errata change the behavior of W3C XML Schema
implementations and cause schemas that were valid
under the original versions of the spec to now be
invalid. Implementing these changes means that when
users upgrade the .NET Framework and get a new
version there is potential that their previously
working applications would be broken through no
fault of their own. At B0rg Central such changes to
the behavior of an API are considered to be
"Breaking Changes".
For a breaking change to go from a bug being
entered in my team's bug database to the fix being
checked in, it has to go through 4 different groups
of meetings where the impact of implementing the
change is weighed. Why? Because when you have
customers who spend millions of dollars buying your
software then deploy it on thousands of desktops
they want a very good reason when you break
their applications because they upgraded an
application component such as the .NET
Framework.
Sitting in a room trying to justify to a bunch of
folks who don't use XML why breaking working
customer applications to fix
Errata E2-12 (for example) of some W3C spec is
such a good idea is an enlightening experience.
Considering that I've had to deal with some of the
behavior changes between v1.0 and v1.1 of the .NET
Framework while working on RSS Bandit it is
interesting to be on both sides of the fence. On
the one hand I believe standards compliance is
important but on the other I'd be pissed if RSS
Bandit didn't work on the next version of the .NET
Framework due to some breaking change made because
framework more standards compliant especially if
the previous uncompliant versions worked just fine
for me.
Why aren't things ever just black and white?
#
File
Formats and Political Scandals
It's always interesting to see the different ways
features in software end up getting used outside
the core scenarios that were envisioned when they
were designed. I doubt the folks who designed the
various change tracking and revision history
features in Microsoft Word(R) would have
envisioned
the hubbub in the British government a few months
ago.
A related
Slashdot article has a number of posts from
people who've also taken advantage of information
leaked in this manner from people who share
documents with them. This reminds me of the one of
the sessions on security I attended during the
Security Push last year which talked about
"Information Disclosure" and how many people don't
consider it when designing applications
Anyway, if you share Word documents with people
and would like to reduce the amount of metadata in
the document that they can recover I suggest
reading the Microsoft Knowledgebase Article
290945 which points to ways to stop the
aforementioned information leaks from happening
when sharing documents.
#
SoBig: An Outlook
Virus?
Tim Bray has a post entitled
On Email where he writesEverybody knows that this week's
virus-storm has hit so hard because everyone runs
Outlook; so one way to improve the situation is
to not run Outlook. Herewith consideration of
some pros and cons, and a look at a few email
alternatives, including Eudora, Mozilla, and
Pegasus.
This was written during the height of the mail
storm generated by the
SoBig worm. From the various advisories I saw
the SoBig worm's primary method of spreading was
"social engineering", basically it sent mail
with generic titles and an attachment that people
were encouraged to click. On execution the worm had
its own built-in SMTP mail client and found email
addresses to send itself to by searching the web
browser cache for web pages with email addresses in
them.
I don't see anything to specific to Outlook in its
modus operandi unless Outlook is the only mail
client that allows you to receive
attachments.
#It's About
Time I Picked Up A New Scripting
LanguagePython
on the .NET Framework - How U Luv Dat?
#A Blast from the
Past
I was recently contacted by
Mark Wilson about an article I wrote a few
years ago when I was still in school and enamored
with XML database technologies. He liked it enough
to want to run it on his site. If you'd like to
read my opinions from two years ago when I was
still a starry eyed college kid fighting off
publishers who wanted me to write an XML database
book then you should check out
An Exploration of XML in Database Management
Systems currently on the
TopXML
webpage.
#
--
Get yourself a
News Aggregator and subscribe to my
RSSfeedDisclaimer:
The above comments do not
represent the thoughts, intentions, plans or
strategies of my employer. They are solely my
opinion.