Microsoft Gets Security Religion, Part 2

The Trustworthy Computing Initiative

On Janauary 15th, Bill Gates sent out a memo outlining an inititiative for something he calls Trustworthy Computing. The memo can be read in its entirety here.

Here are some snippets which should give you the gist of the initiative…

Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.

“Reliable and secure as electricity?” Obviously he didn’t live in California during the start of 2001.

Today, in the developed world, we do not worry about electricity and water services being available. With telephony, we rely both on its availability and its security for conducting highly confidential business transactions without worrying that information about who we call or what we say will be compromised. Computing falls well short of this, ranging from the individual user who isn’t willing to add a new application because it might destabilize their system, to a corporation that moves slowly to embrace e-business because today’s platforms don’t make the grade.

Of course, what he doesn’t say is that a lot of the system destabilization that comes from installing new apps is Microsoft’s fault. I once had a customer call me with a problem where after installing an app I’d written, his printer was no longer working. And no, it wasn’t my fault.

That customer was a victim of what Windows developers call DLL Hell. The quickie explanation for non-technical people is that DLLs are software Lego blocks that are shared by many programs that perform functions that are common to many programs. For instance, the “Open” and “Save” dialog boxes you often see are services provided by the Windows Common Dialog DLL; by using this DLL, developers are saved from having to write, test and debug new “Open” and “Save” dialog boxes for each application and the users get a consistent experience every time they want to open or save. So far, so good. The problem is that DLLs are often upgraded, and sometimes the new version of a DLLs is not backwards-compatible with an old version. As a result, programs that relied on the old version of a DLL may suddenly stop working properly. A real-life analogy: imagine the kind of tragedy that would occur if someone changed all the coffee — a shared utility that many workers rely on — in your office from regular to decaf without telling anyone.

The events of last year — from September’s terrorist attacks to a number of malicious and highly publicized computer viruses — reminded every one of us how important it is to ensure the integrity and security of our critical infrastructure, whether it’s the airlines or computer systems.

The attacks on the World Trade Center and Pentagon, being “low-tech, high concept” operations — had nothing to do with computers, but they do make a convenient bogeyman. As for the highly publicized computer viruses, most of them took advantage of Windows systems.

Our new design approaches need to dramatically reduce the number of such issues that come up in the software that Microsoft, its partners and its customers create. We need to make it automatic for customers to get the benefits of these fixes. Eventually, our software should be so fundamentally secure that customers never even worry about it.

Well, duh…

More in upcoming postings. Lots of work to do today.


Microsoft Gets Security Religion, Part 1

Conway’s Law

My friend Adam Smith used to have this quote from The Mythical Man-Month as a .sig for his e-mails:

Conway’s Law: Organizations which design systems are constrained to produce systems which are copies of the communication structures of these organizations.

Adam summarizes this statement as “You build what you are.”

My own Microsoft security crack

Sometimes, when people find out that I’m a computer programmer, they ask if I’ve ever broken into any computer systems or cracked someone’s security. I reply that I’ve only done so once, but it was Microsoft headquarters. It is a tale that makes hacker boyz lick my Airwalks in abject worship and hacker girlz swoon and offer me backrubs and lap dances.

Okay, maybe not. But it’s a good story, and it does illustrate Conway’s Law in action.

Back in February 2001, the company for which I used to work was considered to be a leader in the P2P software development community. (Now, please remember that this is hardly cause to crow. I’m sure having the title “the brightest kid on the short bus” would carry more prestige.) Anyhow, I got sent to an invitation-only, covered-under-pain-of-death-NDA all-day seminar at their headquarters in Redmond.

I drove my rental car to building forty-something, where M$ holds its meet-and-greets. I unknowingly parked my car in the area reserved for employees, which meant that the door leading into the building was locked. Above it was a video camera, and to its right was a card scanner. I probably could’ve gone back to the car and driven to the correct garage or simply walked out the garage and circled the building and entered through the front. However, I decided to try something else.

I took my passcard for the company’s Toronto office and passed it over the card scanner. Naturally, it had no result. I tried it again, and then once more. I then looked up at the camera with a confused “howcum it don’t work no more?” big-eyed expression and pointed at my card.

I heard a loud click come from the door. I gave the door a try, and it opened easily. I smiled at the camera and gave the gullible security wonk a wave.

Just like their software,” I’m sure I said out loud, as I opened the door with a big “J03Y 0WNZ J00” grin.

Next: Microsoft’s “Trustworthy Computing” Initiative

(and yes, I still have some other “part two” postings to finish…)


He the Man!

Johnny Cash is one cool dude. Wore all black before the goths, wrote about shootin’ and killin’ before the gangsta rappers and has kicked more ass that all of Limp Bizkit, Korn, Kid Rock and the other poseur tough bands combined.

Here’s an ad he took out in Billboard magazine back in 1998. Click on it to see it close up.

It’s his message to the Nashville music establishment and country radio for all their support.

Remind me to do one of myself for the company for which I used to work.



If I’m unemployed, how come I have even less free time now? At any rate, I’m glad that I got to catch a bit of the very nice spring-like weather we had today.

More later. Just got back from a very hard rehearsal with Lindi and now have to get caught up with Peekabooty work for CodeCon.


Tuesday Randomness


I’m working on Peekabooty right now, but also enjoying Cake’s live webcast. They just opened with Comfort Eagle, and they’re sounding good!

Alas, I won’t be able to catch the whole thing. I have to run out to Pickering to rehearse with Lindi.

Hey guys from Cake, if you need an accordion player, I’m available…

It’s all a roll of the 3d6

I’ve been avoiding the wave of silly on-line tests, but couldn’t resist this one, which tells you what your real-life Dungeons and Dragons stats would be. Here’s how I rated:

Strength: 7

Intelligence: 11

Wisdom: 13

Dexterity: 11

Constitution: 8

Charisma: 16

I think my charisma rating is a little high, but hey, the machine said so!

I guess that orcs and even pissant little kobolds would be wiping the walls with me in a dungeon, but I’d be a hit at the local inns and taverns. Given that and the accordion playing, I’d probably make a good bard. Less killing and campaigning through the muck, and more wenches for me!


Dude, where’s my meme?

“Memes don’t exist. Tell your friends.”


Pronounced meem, a meme is an idea that replicates by planting itself in people’s minds and altering their behaviour so that they spread it to other people. Some examples of successful memes:

Richard Dawkins coined the term in his book The Selfish Gene, and my friend Cory Doctorow has the dubious distinction of being the person who carried out the most flagrant abuse of the term when he once talked about osmosing the meme (thankfully, he refrains from techno-striver-speak these days. Most of the time, anyway.).

My meme makes a round trip

In 1995, I was a programmer at Mackerel Interactive Multimedia, making interactive CD-ROMs back when they were all the rage. I was a subscriber to The Wombat, which was a little e-mail bulletin put out sporadically by and for the graduating class of Science ’91, my engineering class at Queen’s University. Face, the editor, asked me to write up a little joke to put in the next issue, something about being in the working world. I had just noted to Kevin Steele, one of Mackerel’s creative directors, that drug dealers and software developers both referred to their clientele as “users”. Taking that as a starting point, I came up with a cute little chart comparing the the two lines of work. It got some laughs, I got some e-mail responses along the line of “hey, that was funny.” I thought the joke would get passed around a small number of engineering and marketing offices and then disappear into the meme swamp.

Today, I was reading and older entry in Adam Curry’s blog, which had the following:

You know that age old joke about similarities between Drug Dealers and Software Developers?

I’m smokin’ the pipe dude.

I thought wait a minute… and clicked the “age old” link from the quote above. There it was, my joke, verbatim!

I did a quick Google search on “drug dealers” “software developers” and found a page after page of my gag. Some versions were word-for-word the same as mine, some were updated to use more current terminology, and some people had even inserted their own jokes. But they all had my little gag as their originator.

Who knows how much office productivity was lost by people’s forwarding my little joke? I’m sure the number crunchers would argue that millions of dollars have been wasted. Look at me, I’m sticking it to The Man!

Just for kicks, I’m going to have to look through my saved e-mail from the Mackerel days, which is sitting on an old 44-meg SyQuest cartridge disk (remember those?), just to see if I can find the original. Getting credit for it isn’t important to me; I just think that the original meme would be the socio-cultural equivalent of having the very first amoeba preserved in a petri dish.

But hey, if you really want to, say “Accordion Guy wrote that!” or “Dude, that’s Joey’s!” the next time you see it on a Web page or someone forwards it to you in an e-mail, go right ahead.

Recommended Reading A discussion board for people who love memetics.

Burying the Fish: Cory Doctorow’s very nice elegy for Mackerel. Written for Wired magazine, it was never published.

And one last thought: Don’t “just say no.” Say “No, thank you.” Drug dealers have feelings too.


Got Dream?
Happy MLK Day!

Happy 73rd, sir, and thank you very much.

I think I’ll let the good doctor do most of the talking today. Here’s the I Have a Dream speech, which he delivered on August 28th, 1963 at the Lincoln Memorial, Washington, D.C.

I Have a Dream

Five score years ago, a great American, in whose symbolic shadow we stand signed the Emancipation Proclamation. This momentous decree came as a great beacon light of hope to millions of Negro slaves who had been seared in the flames of withering injustice. It came as a joyous daybreak to end the long night of captivity.

But one hundred years later, we must face the tragic fact that the Negro is still not free. One hundred years later, the life of the Negro is still sadly crippled by the manacles of segregation and the chains of discrimination. One hundred years later, the Negro lives on a lonely island of poverty in the midst of a vast ocean of material prosperity. One hundred years later, the Negro is still languishing in the corners of American society and finds himself an exile in his own land. So we have come here today to dramatize an appalling condition.

In a sense we have come to our nation’s capital to cash a check. When the architects of our republic wrote the magnificent words of the Constitution and the Declaration of Independence, they were signing a promissory note to which every American was to fall heir. This note was a promise that all men would be guaranteed the inalienable rights of life, liberty, and the pursuit of happiness.

It is obvious today that America has defaulted on this promissory note insofar as her citizens of color are concerned. Instead of honoring this sacred obligation, America has given the Negro people a bad check which has come back marked “insufficient funds.” But we refuse to believe that the bank of justice is bankrupt. We refuse to believe that there are insufficient funds in the great vaults of opportunity of this nation. So we have come to cash this check — a check that will give us upon demand the riches of freedom and the security of justice. We have also come to this hallowed spot to remind America of the fierce urgency of now. This is no time to engage in the luxury of cooling off or to take the tranquilizing drug of gradualism. Now is the time to rise from the dark and desolate valley of segregation to the sunlit path of racial justice. Now is the time to open the doors of opportunity to all of God’s children. Now is the time to lift our nation from the quicksands of racial injustice to the solid rock of brotherhood.

It would be fatal for the nation to overlook the urgency of the moment and to underestimate the determination of the Negro. This sweltering summer of the Negro’s legitimate discontent will not pass until there is an invigorating autumn of freedom and equality. Nineteen sixty-three is not an end, but a beginning. Those who hope that the Negro needed to blow off steam and will now be content will have a rude awakening if the nation returns to business as usual. There will be neither rest nor tranquility in America until the Negro is granted his citizenship rights. The whirlwinds of revolt will continue to shake the foundations of our nation until the bright day of justice emerges.

But there is something that I must say to my people who stand on the warm threshold which leads into the palace of justice. In the process of gaining our rightful place we must not be guilty of wrongful deeds. Let us not seek to satisfy our thirst for freedom by drinking from the cup of bitterness and hatred.

We must forever conduct our struggle on the high plane of dignity and discipline. We must not allow our creative protest to degenerate into physical violence. Again and again we must rise to the majestic heights of meeting physical force with soul force. The marvelous new militancy which has engulfed the Negro community must not lead us to distrust of all white people, for many of our white brothers, as evidenced by their presence here today, have come to realize that their destiny is tied up with our destiny and their freedom is inextricably bound to our freedom. We cannot walk alone.

And as we walk, we must make the pledge that we shall march ahead. We cannot turn back. There are those who are asking the devotees of civil rights, “When will you be satisfied?” We can never be satisfied as long as our bodies, heavy with the fatigue of travel, cannot gain lodging in the motels of the highways and the hotels of the cities. We cannot be satisfied as long as the Negro’s basic mobility is from a smaller ghetto to a larger one. We can never be satisfied as long as a Negro in Mississippi cannot vote and a Negro in New York believes he has nothing for which to vote. No, no, we are not satisfied, and we will not be satisfied until justice rolls down like waters and righteousness like a mighty stream.

I am not unmindful that some of you have come here out of great trials and tribulations. Some of you have come fresh from narrow cells. Some of you have come from areas where your quest for freedom left you battered by the storms of persecution and staggered by the winds of police brutality. You have been the veterans of creative suffering. Continue to work with the faith that unearned suffering is redemptive.

Go back to Mississippi, go back to Alabama, go back to Georgia, go back to Louisiana, go back to the slums and ghettos of our northern cities, knowing that somehow this situation can and will be changed. Let us not wallow in the valley of despair.

I say to you today, my friends, that in spite of the difficulties and frustrations of the moment, I still have a dream. It is a dream deeply rooted in the American dream.

I have a dream that one day this nation will rise up and live out the true meaning of its creed: “We hold these truths to be self-evident: that all men are created equal.”

I have a dream that one day on the red hills of Georgia the sons of former slaves and the sons of former slaveowners will be able to sit down together at a table of brotherhood.

I have a dream that one day even the state of Mississippi, a desert state, sweltering with the heat of injustice and oppression, will be transformed into an oasis of freedom and justice.

I have a dream that my four children will one day live in a nation where they will not be judged by the color of their skin but by the content of their character.

I have a dream today.

I have a dream that one day the state of Alabama, whose governor’s lips are presently dripping with the words of interposition and nullification, will be transformed into a situation where little black boys and black girls will be able to join hands with little white boys and white girls and walk together as sisters and brothers.

I have a dream today.

I have a dream that one day every valley shall be exalted, every hill and mountain shall be made low, the rough places will be made plain, and the crooked places will be made straight, and the glory of the Lord shall be revealed, and all flesh shall see it together.

This is our hope. This is the faith with which I return to the South. With this faith we will be able to hew out of the mountain of despair a stone of hope. With this faith we will be able to transform the jangling discords of our nation into a beautiful symphony of brotherhood. With this faith we will be able to work together, to pray together, to struggle together, to go to jail together, to stand up for freedom together, knowing that we will be free one day.

This will be the day when all of God’s children will be able to sing with a new meaning, “My country, ’tis of thee, sweet land of liberty, of thee I sing. Land where my fathers died, land of the pilgrim’s pride, from every mountainside, let freedom ring.”

And if America is to be a great nation this must become true. So let freedom ring from the prodigious hilltops of New Hampshire. Let freedom ring from the mighty mountains of New York. Let freedom ring from the heightening Alleghenies of Pennsylvania!

Let freedom ring from the snowcapped Rockies of Colorado!

Let freedom ring from the curvaceous peaks of California!

But not only that; let freedom ring from Stone Mountain of Georgia!

Let freedom ring from Lookout Mountain of Tennessee!

Let freedom ring from every hill and every molehill of Mississippi. From every mountainside, let freedom ring.

When we let freedom ring, when we let it ring from every village and every hamlet, from every state and every city, we will be able to speed up that day when all of God’s children, black men and white men, Jews and Gentiles, Protestants and Catholics, will be able to join hands and sing in the words of the old Negro spiritual, “Free at last! free at last! thank God Almighty, we are free at last!”

Thank you too, Mahalia

Apparently Dr. King was going to go with a short and more formal speech when gospel singer Mahalia Jackson, sitting in the front row, yelled out “Tell them about your dream, Martin! Tell them about the dream!” Some people in the audience joined in, and in response, Dr. King extemporized the famous speech above. Ms. Jackson (I’d call you Mahalia, but I’m nasty), thank you very much.

Dr. King and Star Trek

Nichelle Nichols, who played the Enterprise’s communications officer Lt. Uhura, was considering leaving Star Trek after the first season. Dr. King convinced her to stay on the show, as she was one of the few black role models on TV. She stayed, paving the way for other black Trek actors characters such as Geordi LaForge, Michael “Worf” Dorn, Captain Sisko, Lt. Tuvok and most recently, Ensign Travis Mayweather. Not to mention other black sci-fi heroes such as the ultra-schmoove Lando Calrissian, Dr. Stephen Franklin from Babylon 5 and Red Dwarf’s Lister and Cat. And, of course, real spacewoman Dr. Mae Jemison, who in a strange twist, also guest-starred on an episode of Star Trek: The Next Generation.