I thought false positives were bad, but holy crap, letting a few pirates go with false negatives is so much worse! They may never get to experience the pleasures of those prompts or being prevented from downloading updates and utilities.
Why is this a problem for anyone but Microsoft (or those who have a perverse desire to be labeled as a pirate and then blog about it)? Do you suppose maybe he got a false negative because Microsoft is less willing to pull the trigger when in doubt?
I promised myself awhile ago that I'd stop replying to posts like these, but it's just so misleading, I can't help it.
You obviously didn't look at the page source as suggested. The parts of the page generated by blogs.msdn.com may have had validation errors, but only one of the errors actually came from the part that Word generated (and he later hand-tweaked). FTFA: "...look at the HTML starting with 'Word is a great tool...'," and later, "Did I mention that this was beta software and we were running hot?... I had to make a few hand tweaks to my post due to bugs (I'm sure our developer would blame it on user error)." In other words, you validated the wrong thing, and this is still just a preview of the final feature. The fact that he described it as "running hot" indicates that it's less finished than most features in Beta 2.
ObDisclaimer: I work at MS and I'm a developer in Office (although not on Word), so I have asbestos undies. Go ahead and flame away.
BTW, I'll save you some clicks. Here's the error that appeared in the actual body of the post:
Error Line 218, column 2: document type does not allow element "P" here; missing one of "APPLET", "OBJECT", "MAP", "IFRAME", "BUTTON" start-tag . <P><STRONG> </STRONG><STRONG>PS. A little honesty<BR></STRONG><FONT size=2> The mentioned element is not allowed to appear in the context in which you've placed it; the other mentioned elements are the only ones that are both allowed there and can contain the element mentioned. This might mean that you need a containing element, or possibly that you've forgotten to close a previous element.
One possible cause for this message is that you have attempted to put a block-level element (such as "<p>" or "<table>") inside an inline element (such as "<a>", "<span>", or "<font>").
IIRC, Electric Fence detects heap buffer overflows (presumably using guard pages). MS has AppVerifier, which allows you to turn that on for arbitrary programs at runtime. It also has a bunch of other settings you can tweak, like causing the OS to report a different version. It's a great tool for testing obscure boundary cases.
The security checks metioned here are at code-gen time. They do things like insert cookies on the stack to detect stack buffer overflows.
In the case of product support, whether you're using online help or phone support, it's another feature you're paying for with the box. My point with 2 and 3 is that if you plan to make money by charging for help installing or customizing your software, that kind of implies that it's hard to install or use out of the box. I think the service-based profit models for F/OSS reveal defficiencies in the products they're supporting.
An alternative approach is to try to make it easy out of the box and include the price of that convenience and ongoing support in the purchase price of the software. One of the nice things about this approach, as the original open letter pointed out, is that it puts the profits in the developer's pockets instead of consultants.
(OK, if you're a consultant, that's not so nice, but I'm a developer.)
Keep in mind that the $199 price includes a lot of the services that you want to charge for with F/OSS:
Charge for support - MS includes phone support
Charge for installation - ummm... setup.exe
Charge for customization - how about making it usable out of the box instead?
You can bash any of those if you want, but you're getting much more than a $0.10 piece of plastic. If you disagree, I could probably find some $0.10 pieces of plastic to trade for your CD's.
First of all, the version of Watson which reports crashes started in Office, so:P.
Second, unless the article was referring specifically to OS crashes, I think they're probably including all of the app crashes which get submitted. I know that a lot of top ranking crashes that we get even in Office apps are the result of badly behaving 3rd party add-ins. In some cases we can contact the 3rd party to fix their add-in, and sometimes we can try to work around it, but sometimes the only thing we can do is blacklist such add-ins. I imagine it's much the same with 3rd party drivers in Windows, but in that case we strongly encourage users to stick to drivers that we've at least signed.
Re:MS Tactic to end reverse-engineering?
on
Shared Source?
·
· Score: 2
ObBackground: I'm a Microsoft developer working in Office.
I doubt that polluting the college population is a large motivation for shared source licensing here at MS, but OTOH, since we're constrained in the same way, it seems perfectly fair to me. Rumor has it that the fastest way to get fired at MS that does not involve breaking the law would be to download Netscape/Mozilla source code.
The major advantage that I see to having read-only access to OS component sources is that you can more easily debug apps that depend on those components when they are more than a (possibly buggy) black box. The best I can do with my own limitted access to OS source code is to diagnose bugs more easily and possibly devise a work around if the bug is in the OS. In extreme cases, I might be able to get the OS bug escalated to get a fix there, which is something a large company with a shared source license would also be able to do.
Even though I could in theory build a custom version of some OS components, as an app developer, there's no way that I would be allowed to check in my changes or distribute my modifications with the app. In effect, any company that get's a shared source license is going to have resources on par with Microsoft's own app developers. IMO, that is a Good Thing (tm).
Slashdot Mirror
When will we learn to take care of our environment?!
I thought false positives were bad, but holy crap, letting a few pirates go with false negatives is so much worse! They may never get to experience the pleasures of those prompts or being prevented from downloading updates and utilities.
Why is this a problem for anyone but Microsoft (or those who have a perverse desire to be labeled as a pirate and then blog about it)? Do you suppose maybe he got a false negative because Microsoft is less willing to pull the trigger when in doubt?
Thank you. I am so glad I wasn't the only one who noticed that.
I promised myself awhile ago that I'd stop replying to posts like these, but it's just so misleading, I can't help it.
You obviously didn't look at the page source as suggested. The parts of the page generated by blogs.msdn.com may have had validation errors, but only one of the errors actually came from the part that Word generated (and he later hand-tweaked). FTFA: "...look at the HTML starting with 'Word is a great tool...'," and later, "Did I mention that this was beta software and we were running hot?... I had to make a few hand tweaks to my post due to bugs (I'm sure our developer would blame it on user error)." In other words, you validated the wrong thing, and this is still just a preview of the final feature. The fact that he described it as "running hot" indicates that it's less finished than most features in Beta 2.
ObDisclaimer: I work at MS and I'm a developer in Office (although not on Word), so I have asbestos undies. Go ahead and flame away.
BTW, I'll save you some clicks. Here's the error that appeared in the actual body of the post:
Error Line 218, column 2: document type does not allow element "P" here; missing one of "APPLET", "OBJECT", "MAP", "IFRAME", "BUTTON" start-tag .
<P><STRONG> </STRONG><STRONG>PS. A little honesty<BR></STRONG><FONT size=2>
The mentioned element is not allowed to appear in the context in which you've placed it; the other mentioned elements are the only ones that are both allowed there and can contain the element mentioned. This might mean that you need a containing element, or possibly that you've forgotten to close a previous element.
One possible cause for this message is that you have attempted to put a block-level element (such as "<p>" or "<table>") inside an inline element (such as "<a>", "<span>", or "<font>").
...you're talking about Microsoft.
IIRC, Electric Fence detects heap buffer overflows (presumably using guard pages). MS has AppVerifier, which allows you to turn that on for arbitrary programs at runtime. It also has a bunch of other settings you can tweak, like causing the OS to report a different version. It's a great tool for testing obscure boundary cases.
The security checks metioned here are at code-gen time. They do things like insert cookies on the stack to detect stack buffer overflows.
Perhaps you meant, "That's not a heatsink, that's a space station!"
In the case of product support, whether you're using online help or phone support, it's another feature you're paying for with the box. My point with 2 and 3 is that if you plan to make money by charging for help installing or customizing your software, that kind of implies that it's hard to install or use out of the box. I think the service-based profit models for F/OSS reveal defficiencies in the products they're supporting.
An alternative approach is to try to make it easy out of the box and include the price of that convenience and ongoing support in the purchase price of the software. One of the nice things about this approach, as the original open letter pointed out, is that it puts the profits in the developer's pockets instead of consultants.
(OK, if you're a consultant, that's not so nice, but I'm a developer.)
You can bash any of those if you want, but you're getting much more than a $0.10 piece of plastic. If you disagree, I could probably find some $0.10 pieces of plastic to trade for your CD's.
Speaking as a current developer in Office:
:P.
First of all, the version of Watson which reports crashes started in Office, so
Second, unless the article was referring specifically to OS crashes, I think they're probably including all of the app crashes which get submitted. I know that a lot of top ranking crashes that we get even in Office apps are the result of badly behaving 3rd party add-ins. In some cases we can contact the 3rd party to fix their add-in, and sometimes we can try to work around it, but sometimes the only thing we can do is blacklist such add-ins. I imagine it's much the same with 3rd party drivers in Windows, but in that case we strongly encourage users to stick to drivers that we've at least signed.
ObBackground: I'm a Microsoft developer working in Office.
I doubt that polluting the college population is a large motivation for shared source licensing here at MS, but OTOH, since we're constrained in the same way, it seems perfectly fair to me. Rumor has it that the fastest way to get fired at MS that does not involve breaking the law would be to download Netscape/Mozilla source code.
The major advantage that I see to having read-only access to OS component sources is that you can more easily debug apps that depend on those components when they are more than a (possibly buggy) black box. The best I can do with my own limitted access to OS source code is to diagnose bugs more easily and possibly devise a work around if the bug is in the OS. In extreme cases, I might be able to get the OS bug escalated to get a fix there, which is something a large company with a shared source license would also be able to do.
Even though I could in theory build a custom version of some OS components, as an app developer, there's no way that I would be allowed to check in my changes or distribute my modifications with the app. In effect, any company that get's a shared source license is going to have resources on par with Microsoft's own app developers. IMO, that is a Good Thing (tm).