Lorin Olsen

We finally have connectivity at the campus. So here is the day one “stream of conciousness” log. The event and the sessions deserves condensation and reflection. But in the meantime, here is the “Day 1” notes from the Roo.

March 16, 2005

Accommodations

  • Fabulous!
  • +40″ TV
  • Receiver + sound system
  • Sink/basin
  • Stocked mini-bar
  • _Digital_ walk-in shower
  • Jacuzzi
  • Coffee press
  • “Loose-tea” teapot
  • In-room safe
  • Walk-out patio
  • Turn-down service (eye pad, lotion, tea)
  • A real person doing the wake-up call

Kick-off mixer

  • Wine-tasting
  • Light appetizers
  • Cigars
  • Scotch


Martin Taylor (General Manager of Platform Strategy, Linux & Open Source R&D)

  • “12 years ago, Microsoft was more participatory.” There is an obvious conclusion: after that, we became less participatory. And the discussion implied an important corollary: Microsoft is now _more_ participatory.
  • “Every time I hire someone from the open source community, they have some apprehension. Then they say that they are impressed with the community, the enthusiasm, and the dedication to quality products.”
  • This is a non-NDA activity
  • Linux and open source issues vary worldwide.
  • Microsoft is in its third iteration of Linux response: 1) Denial, 2) Executive Overpowering, 3) Engaged response, dialog with the community
  • Attendee Larry Baker (Sprint) said, “I want to take away something ‘tactile’ and real.”
  • “We’re not looking to check a box. We don’t want to appear at Congress and say we had a conference with twenty Java developers…” laughter followed.
  • “This is not a conversion meeting.”

Who’s Here / Introductions

  • Server-side.com
  • JCP participants
  • Ben Galbraith, CTO of radiology company
  • South Florida Java User Group, President
  • Federal Reserve Bank (St. Louis)
  • Teachers of Borland, Visibroker, etc.
  • AG Edwards, SOA architect
  • Enterprise architects from a variety of corporations and public institutions
  • A lot of dual-job folks (architects + CTO’s)
  • President of Phoenix Java Users Group
  • Petroleum industry participants
  • David Braden, Megabyte Minute radio show
  • Macromedia ColdFusion conference lead
  • Rick Ross, JavaLobby.org, Java blogging, hosting for Java learning
  • Andy Hafer, Tampa Bay Technology Group (the “Switzerland” of technology)
  • Java blogging
  • “No Fluff, Just Stuff” Conference manager
  • Man, what a collection of Alpha Geeks!
  • Good humored Microsoft evangelists!
  • I need the list of attendees; I am sure I missed some of the luminaries that were present.


Michael Howard, Improving Security

  • Michael claims geek cred, and he demonstrates it.
  • Michael considers himself brutally frank – and he seems to live up to this claim.
  • He has spent thirteen years @ Microsoft
  • It is quite interesting that “security” is the first topic of the conference. After all, the largest complaint against Microsoft has been its fundamental insecurity.
  • Trustworthy Computing is about not “injecting the defects”
  • “Nineteen Deadly Sins of Security” McGraw-Hill (19 is a prime number)
  • “It’s amazing being at Microsoft and seeing the sea change happening.”
  • “We help product groups secure their products.”
  • They focus on threats to systems
  • “You’ll never get the code 100% correct.” “That’s an honorable thing to do.” “But screw the ego trips, you’ll never get the code 100% correct.”
  • SDL (Security Development Lifecycle) – Most software today is pretty lousy. Any hack can get a compiler and make it available to anybody. Developers have no discipline. Just publishing software doesn’t make it secure. The only way to make software more secure is to change the process.
  • SDL is fully supported by Bill and Steve. This team is the only team with open-ended staffing.
  • People who used a software methodology had the 1500 page volumes on their shelves. They weren’t used – but they were on the shelf.
  • “We suck a lot less than we did three years ago.”
  • Zone-age.org tracks compromises, not attacks. Based upon their statistics, IIS6 is more “secure” than Apache 1.3 and 2.0.
  • Excellent analogy regarding active defenses. Gates and locks are good. But there are no guards policing the premises. So there is nothing to stop someone who successfully breaches the perimeter.
  • Microsoft has over 1200 threat models. Some of these have been released, some have not.
  • Participants noted that community participation / review of the threat models would ensure sufficiency of the threat models.
  • Source code Annotation Language (SAL) in Whidbey provides excellent additional information.
  • SDL is under constant review.

Don Box, Indigo Architect

  • Blog-oriented introduction, typing + no audio/speaking
  • Microsoft sucks at… community involvement, security-by-default, and transaction management. Does MS believe in managed code? Poor delivery on products/roadmaps. Microsoft has given us a dependency hairball
  • Contract first. CORBA got it right. Separation of structural types and behavioral types. Indigo takes CLR and separates structure and behavior. Structural and behavioral contracts are explicit.
  • RelaxNG is better.
  • Indigo = .Net remoting + ASMX + MSMQ
  • Trends at Microsoft: Lots of RPC/messaging “shit” that needs to be consolidated; i.e., Biztalk will use Indigo
  • “DCOM on Unix was met with the body rejecting the organ.”
  • We invested millions to make Whidbey rock!
  • “If it’s in PowerPoint, be very skeptical.”
  • “Look at what’s in the DLL’s.”
  • A spirited discussion of OR mapping was held.
  • Prediction of lightweight languages and framework dominance (Ruby, Groovy, etc)
  • Microsoft Panel on Languages
  • CLR Development
    • Addition of delegates to CLR in Whidbey
    • New kind of delegate, virtual invocation at delegate execution
    • Anonymous methods
    • Lightweight code-generation + garbage collection on generated code
    • Metadata tokens for native filesystem runtime handles
  • Herb Sutter (C++ developer)
    • VC++ supports .Net code and native code
    • Managed platforms are not the only constructs; native code will continue
  • Anders Hopberg (C#)
    • Generics, parameterized in C# 2.0
    • Iterators (ala Python and Ruby generators)
    • Partial types (structured into files), split in different source files; useful for code generation at execution-time
    • Null-able value types
    • Lots of minor features
    • C# 3.0 (planned) – further eradicating wall between general-purpose programming languages and native database language constructs
  • Jim Hugenin (AspectJ and Jython –> Iron Python)
    • Realized that .Net does work for dynamic languages
  • Where is AOP going in Microsoft? Good discussion but incomplete answers. The discussion shifted focus to dynamic languages instead.
  • Type “inferences” in strongly typed languages would adopt features of dynamic languages. Typing could be inferred from first use, etc.
  • Substantial Python discussion (Python in the CLR via Iron Python) – Inference about Python being released under “terms that make sense” to the Python community.
  • A wonderful discussion regarding “certified” CLR ports to other platforms ensued. Discussion ranged the gamut from technical merits to political and/or legal realities. The attendees were in general agreement about the technical superiority of .Net to Java. Microsoft listened and interacted quite intently. This seemed to be a means for the panelists to obtain “ammo” for internal (Microsoft) discussions.

Sanjay Parthasarathy, Developer Community Outreach

  • Where do we suck? (*Note* 3rd MS exec to use this term)
  • During lunch, Sanjay’s team presented and discussed Channel9.msdn.com.
  • A good, but brief, Scobleizer entry ensued
  • Microsoft has over a thousand evangelists
  • Microsoft is increasing its investments in schools & communities
  • The conversation drifted towards a broad discussion of open source constructs and IP protection. While the discussion was interesting, it was not very pointed. Further, it blunted much of the collegiality inspired by the first two presenters of the day.
  • Per one of the MS evangelists, MS operates as a VC firm with divergent views and methodologies.
  • The tone of the session improved markedly when Sanjay adopted a less defensive posture.

SQL 2005 and the Developer

  • I spent the majority of this session in an out-of-conference discussion with Robert Scoble. I am amazed that Robert has been able to survive at Redmond. Indeed, he has received unprecedented access to Microsoft employees and executive. Credit goes to his management team for embracing non-traditional people and technologies. Like Groove (and Ray Ozzie), Microsoft is embracing lots of subtle but important changes. 10 points to the Scobleizer for handing me a “stealth” business card. I am sure that it is a rogue and “untyped” business card.
  • When I returned, I got to hear a good discussion of native XML datatypes. XML documents/streams are stored in binary form (thus improving indexing capabilities). These XML docs can be typed or untyped. Very cool.
  • Support of Xquery (November draft) will be an integral part of the product release.

Ian McDonald, Product Development Process

  • “PowerPoint is one of the evilest things ever.”
  • He apologized for the “lack of color” in his deck.
  • Multi-year, massive team development is easy. “The hardest thing is to understand the Microsoft licensing model.”
  • There was a very frank discussion about the processes that are needed and those that are onerous.
  • The basic process: one owner, one approver, multiple reviewers, group of participants.
  • How agile are you? “Frankly, we suck.” (*Note* 4th executive to use the term; with so much sucking, is there any blowing?)
  • Microsoft has not adopted the “maintainer as king” model prevalent in many open source projects. Development process features automated management and responsibility pushed to the individual developers.
  • Ian discussed field crash data. Bad memory causes a huge number of the reported errors. A kernel reviewer looks at all of the kernel dump data from the field data. In fact, Microsoft has over twenty-five people who review this data.
  • “Americans don’t care about privacy very much.” “In Europe, they care a whole lot more about privacy.” Ian noted that “callback” features are absolutely forbidden at Microsoft.
  • “Integrated Innovation” = “This shit works together.”
  • Ian is a great presenter. But the attendees are getting fatigued. Consequently, there is limited interaction between attendees and presenter.
  • Ian made an important point about open source distributions. Specifically, the distribution vendors are assuming the responsibility for integration testing. Microsoft OS/platforms ensure an “integrated test” experience since all of the components are developed internally – and have the ability to freely exchange information between projects.

Chris Anderson, Windows Architecture

  • “We are moving to a component-based model.”
  • “The way we chose to manage the Windows 2000 code base is killing us.”
  • There was a candid discussion of the desire to eliminate the registry, and the difficulties that will preclude its elimination from Longhorn. The registry is both cache and state. Subsequently, it elimination will require far more design and testing efforts.
  • Chris had a great discussion of surface management/handling in Longhorn.
  • The new window manager is a fully composite desktop (ala Apple) with 3D/D3 support.
  • 3D: “It’s easy to be gratuitous, it’s hard to be usable.”
  • There was a very genuine discussion about standards compliance and differentiation. It is very reminiscent of the “embrace and extend” motto that was amplified by ESR to “embrace, extend and extinguish.” But I would caution that the tone displayed during these sessions belies any sinister “hidden agendas.” The sense of this session was the “love” of tech stuff by the platform geeks.
  • There was an interesting follow-up re: XAML as a proprietary scheme from Microsoft. “Even if we were that evil, we’re not that good.”
  • WinFX deliverables will be sync-shipped to XP when Longhorn is available.
  • Will there be any SVG support? Microsoft does not have support for vector decoders. Consequently, it is not planned as of now. Secondarily, SVG could be passed through a converter to create XAML constructs. There was an interesting discussion about vector-based support as a native part of the presentation layer. Microsoft countered that they have designed an extensible platform that could be extended to support vector-based presentation.
  • IE team + Avalon team integration = great typographic support, markup, etc. (but there are downsides that were not completely discussed)
  • Focus IE updates on phishing, spyware, rootkits, etc.
  • There was a significant shift in participation during this session. Indeed, this became the biggest “geek-out” of the day.
  • The session drifted into a discussion of Jscript. While it was a rousing discussion, it was not directly relevant to the Avalon discussion that started the session. I attribute much of this to the “geek cred” established by the presenters. As they established credibility, all sorts of unrelated questions began to be lobbed at them. To their credit, they engaged each question as important and worth a good discussion. In my view, this was a good closer for the day…

And now, it’s off to the evening’s activities. We will be going to Teatro Zinzanni.

-CyclingRoo-

Related Posts

  • In the "Belly of the Beast"

    Willows Lodge - Woodinville, WA This enty's title is way too dramatic. But these are…

  • Podcasting

    It must be the week for software upgrades beacuse here comes another one. Doppler 2.0…