Microsoft Reveals Its Engineering Approach: Good Enough

January 5, 2023

I was amused to read “State of the Windows: How Many Layers of UI Inconsistencies Are in Windows 11?” We have Windows 11 running on one computer in my office. The others are a lone Windows 7, four Windows 10 computers, four Mac OS machines with different odd names like  High Sierra, and two Linux installations with even quirkier names. Sigh.

The article does a masterful job of pointing out that vestiges of XP, Vista, Windows 7, and Windows 8 lurk within the Windows 11 system. I have shared my opinion that Microsoft pushed Windows 11 out to customers to deflect real journalists’ attention from the security wild fire blazing in SolarWinds. Few share my viewpoint. That’s okay. I have been around a long time, and I have witnessed some remarkable executive group think when a crisis threatens to engulf a bonus. Out she goes.

But the article makes very, very clear how Microsoft approaches the engineering of its software and systems. Think of a lousy cake baked for your 12th birthday. To hide the misshapen, mostly inedible mess, someone has layered on either Betty Croker-type frosting in a can and added healthy squirts of synthetic whipped “real” cream. “Real,” of course, means that it squeaked through the FDA review process. Good enough.

Here’s one example of the treasures within Windows 11. I quote:

The Remote Desktop Connection program is still exactly the same as it was 14 years ago, complete with Aero icons and skeuomorphic common controls.

Priorities? Sure, just not engineering excellence, attention to detail, or consistency in what the user sees.

Do I think this approach is used for Azure and Exchange security?

Now the key questions, “What engineering approach will Microsoft use as it applies smart large language models to Web search?”

Stephen E Arnold, January 5, 2022

Another Lilting French Cash Register Chime

January 2, 2023

An outfit call SC Magazine reported that the French cash registers — you know the quaint one with brass letters and the cheery red enamel — has chimed again. “Microsoft Fined $64 Million by France over Cookies Used in Bing Searches” reports:

France’s privacy watchdog fined Microsoft €60 million ($64 million) for not offering clear enough instruction for users to reject cookies used for online ads, as part of the move to enforce Europe’s tightening data protection law.

The write up noted:

Microsoft has been ordered to solve the issue within three months by implementing a simplified cookie refusal mechanism, or it could face additional fines of €60,000 a day…

It seems that some US companies do not take those French and EU regulations seriously. My suggestion to the Softies: France in not the US. Get on a couple of special lists and you may find some quality time in a glass room at CDG next time you visit. The good news is that US embassy personnel can visit you without too much red tape bedecking those gray suits.

Stephen E Arnold, January 2, 2023

In France, Tipping in Restaurants, Non. Showing Appreciation to the Government, Oui

December 23, 2022

Ah, France. Land of 200 cheeses, medallion bedecked chickens, and fat American high-tech creatures. Go to a French restaurant and order (in French certaInment) a cooked bird. Chow down. Do not tip the waiter. Say “merci” and smile. But if you a very fat, super large, very unpredictable American technology company tipping is mandatory.

Don’t believe me?

Read “Microsoft Hit with €60 Million Fine by France for Not Offering Cookie Opt Out on Bing.” Mais oui. The write up reports:

In addition, CNIL will fine Microsoft €60,000 per day within three months if it doesn’t ask users for consent to use an ad fraud detection cookie.

Will Microsoft’s paying up make the governmental doubt about Microsoft become like the mist in Verdon Gorge?

Ho ho ho.

In order to do business in France, American outfits have to go through a number of hoops. Some are easy; others require some bureaucratic finesse. One example is for an American company to sell something to the French government. There are hoops for American cheese. I have been informed that canned American cheese propelled by carbon dioxide is a hoot at some French parties. Mon dieu! Aerosol fromage. Interesting.

With the EU chasing some firms who say one thing and do another, fining some big tech companies is a way to get an allowance from mom. Amazon appears to decided to just pay up.

Microsoft may enter the fascinating French legal system to explain that its tracking devices are different. Oh, well. Some French judicial officials can use a mobile phone. But the cookie thing? Maybe not so much.

What’s the sound I hear? It is ka-ching.

Finding reasons to take legal action against US big tech companies is easy. The regret, as I understand it, is that it take a long time to get the money from the Americans.

What’s the outlook for 2023? That’s a softball question. The answer is more lawyers pecking on the confused Americans. The Monaco Grand Prix is in France right?

Stephen E Arnold, December 23, 2022

Microsoft Software Quality: Word Might Stop Working. No Big Deal

December 20, 2022

I read a short item which underscores my doubts about Microsoft’s quality methods. l have questions about security issues in Microsoft’s enterprise and cloud products and services. But those are mostly “new” and the Big Hope for future revenues. Perhaps games will arrive to make the Softies buy Teslas and beef up their retirement accounts, just not yet.

Microsoft Confirms Taskbar Bugs, Broken File Explorer, and App Issues in Windows 10” reports:

If you use Windows 10, you might experience the following symptoms:

  • ?The Weather or News and Interests widget or icons flickers on the Windows taskbar
  • ?The Windows taskbar stops responding
  • ?Windows Explorer stops responding
  • ?Applications including Microsoft Word or Excel might stop responding if they are open when the issue occurs

The weather and news are no big loss in my opinion. Microsoft believes that Windows 10 users want weather and news despite the mobile phone revolution. (Remember Microsoft and its play to create a mobile phone? Yeah, that was spun as fail early and fail fast. I think of that initiative as a basic fail, not a fast or early fail. Plain old fail.)

The Taskbar and file manager are slightly more interesting. A number of routine functions go south for some lucky Windows 10 users.

But the zinger fail is that Microsoft Word or Excel die. Now that’s just what’s needed to make the day of a person who is working on a report at a so-so consulting firm like one of the blue-chip outfits in Manhattan, a newbie at a big law firm with former government officials waiting for the worker bees to deliver a document for the bushy eyebrow set to review, or a Wall Street type modifying a model to make his, her, thems partners lots of money.

These happy users are supposed to be able to handle stress and pressure.

I wonder if Microsoft executives have been in a consulting firm, law firm, or financial services company when a must have app stops responding. Probably not because these wizards are working on improving Microsoft’s quality control processes. Could Redmond’s approach to quality be blamed on an intern, a contractor, or a part time worker? My hunch is that getting blamed is not a component of the top dogs’ job description.

Stephen E Arnold, December 20, 2022

Google to Microsoft: We Are Trying to Be Helpful

December 16, 2022

Ah, those fun loving alleged monopolies are in the news again. Microsoft — famous in some circles for its interesting approach to security issues — allegedly has an Internet Explorer security problem. Wait! I thought the whole wide world was using Microsoft Edge, the new and improved solution to Web access.

According to “CVE-2022-41128: Type Confusion in Internet Explorer’s JScript9 Engine,” Internet Explorer after decades of continuous improvement and its replacement has a security vulnerability. Are you still using Internet Explorer? The answer may be, “Sure you are.”

With Internet Explorer following Bob down the trail of Microsoft’s most impressive software, the Redmond crowd the Microsoft Office application uses bits and pieces of Internet Explorer. Thrilling, right?

Google explains the Microsoft issue this way:

The JIT compiler generates code that will perform a type check on the variable q at the entry of the boom function. The JIT compiler wrongly assumes the type will not change throughout the rest of the function. This assumption is broken when q is changed from d (an Int32Array) to e (an Object). When executing q[0] = 0x42424242, the compiled code still thinks it is dealing with the previous Int32Array and uses the corresponding offsets. In reality, it is writing to wherever e.e points to in the case of a 32-bit process or e.d in the case of a 64-bit process. Based on the patch, the bug seems to lie within a flawed check in GlobOpt::OptArraySrc, one of the optimization phases. GlobOpt::OptArraySrc calls ShouldExpectConventionalArrayIndexValue and based on its return value will (in some cases wrongly) skip some code.

Got that.

The main idea is that Google is calling attention to the future great online game company’s approach to software engineering. In a word or two, “Poor to poorer.”

My view of the helpful announcement is that Microsoft Certified Professionals will have to explain this problem. Google’s sales team will happily point out this and other flaws in the Microsoft approach to enterprise software.

If you can’t trust a Web browser or remove flawed code from a widely used app, what’s the fix?

Ready for the answer: “Helpful cyber security revelations that make the online ad giant look like a friendly, fluffy Googzilla. Being helpful is the optimal way to conduct business.

Stephen E Arnold, December 16, 2022

Microsoft and the London Stock Exchange: Lock In Maybe?

December 12, 2022

I believe everything I read on the Internet. That’s one way I keep in touch with my inner GenZ self. Sometimes, however, stories ring true; for example, “Microsoft buys Near 4% Stake in London Stock Exchange As Part of 10 Year Cloud Deal.” I read the title via my dinobaby translation system and understood, “Yep, lock in, kiddo. Oh, Amazon AWS and Google Cloud professionals. Do not bother to call us. We will call you, okay.”

You may disagree with my dinobaby translator. That’s okay. I let many flowers bloom, unlike the London Stock Exchange which goes at life in what appear to be 10 year contracts. That’s a long time in techno-cloud land in my opinion.

The write up says:

Scott Guthrie, Microsoft’s executive vice president for the Cloud and AI Group, will be appointed as a non-executive director of LSEG.

I wonder if he will demo Microsoft Teams egames features and the security systems for Microsoft Exchange Server? Will he offer helpful inputs to those who might want to give an off the shelf AWS Sagemaker system a spin? What about the ever reliable Google VPN service which is super reliable and in demand right now?

The answer to these questions strike me as obvious. Azure is better, faster, cheaper, more reliable, and easier. I wonder if these benefits entered into the negotiation. (Personally I like the security angle and the cheaper plus.) My instinct has a tiny voice too. It is whispering to me, “Microsoft will deliver premier service to the London Stock Exchange when (which is unlikely) the system Azure system hiccups.

I noted this passage too:

Microsoft and LSEG will also work together in developing new professional collaboration tools. LSEG has developed a product called Workspace, a data and analytics platform. The two companies will be working on advancing this product and integrating it with Microsoft Teams, the firm’s messaging app.

I am tempted to reference the source of the stake, but I won’t. The parties involved make content marketing hay around the “trust” word.

I have a couple of observations:

  1. Microsoft has added a neon underline to the old marketing concept of “lock in.”
  2. The Redmond security giant can point to a big time financial customer and market its secure cloud solutions. Well, they are secure… at this time.
  3. The Amazon and Google cloud professionals will definitely find a way to respond.

Net net: Isn’t it wonderful that big tech innovation involves owning financial plumbing and access?

Stephen E Arnold, December 12, 2022

France and US Businesses: Semi Permanent Immiscibility?

November 30, 2022

Unlike a pendulum, the French government and two US high-technology poster kids don’t see eye to eye. However, governments, particularly those in France, are not impressed with the business practices of some US firms. The tried and true “Senator, thank you for the question” and assurances that the companies in questions are following the ethical precepts of respected French philosophers don’t work. “France Directs Schools to Stop Using Microsoft Office & Google Workspace” reports:

In a recent response to an interrogation by a Member of the Parliament, the French Minister of Education clarified that French schools should not use Microsoft 365 and Google Workspace. The reasons behind the Ministry’s position are twofold. First, the Ministry is concerned about the confidentiality and lawfulness of data transfers. Second, reliance on European providers is coherent with the government’s “cloud at the center” policy.

The write up explains that France’s view of privacy and the practices of Apple and Google are not in sync. Then there is the issue of the cloud and where data and information “are.” Given modern network and data center technology, the “there” is often quite tricky to pin down. Tricky is not a word the current French government feels comfortable using when talking about schools, teachers, students, and research conducted by French universities.

How will this play out? France will get its way. That’s why some chickens have labels which mean conformance. No label on that chicken, no deal.

Stephen E Arnold, November 30, 2022

Microsoft Fancy Dances When Activision Plays a Tune

November 29, 2022

In order to convince the European Commission it should be allowed to acquire Activision Blizzard, Microsoft is sampling some humble pie. Android Authority reports, “Microsoft Admits Xbox vs PlayStation War Is Over and It Lost.” Write Ryan McNeal tells us:

“The EU’s European Commission has announced in a press release that it has opened up an in-depth investigation into Microsoft’s proposed acquisition of Activision Blizzard. This investigation was activated after the proposed deadline EU regulators set back in September when the deal was first being looked into. According to the press release, the new inquiry now has 90 working days — until March 23, 2023 — to make a decision. The Commission claims that it is concerned Microsoft’s acquisition could upset the balance in the market, causing a reduction in competition.”

Specifically, the commission suspects Microsoft might make successful PlayStation games like “Call of Duty” into Xbox-only titles. Heavens no, the company insists, it promises to make games available on both platforms simultaneously. This is all about giving the people greater access to games, a representative asserts. And here we thought it was all about creating a distraction. McNeal continues:

“Since the first time it hit a snag with European regulators, Microsoft has attempted to utilize an underdog strategy to delegitimize Sony’s arguments against the deal. In response to today’s investigation announcement, Microsoft attempted to drive that talking point home by admitting that Sony is the market leader.”

Will this self-effacing logic work? We should find out by the end of March. Nota bene: Our team thinks that the push for Activision was possibly a way to deflect attention from some interesting Microsoft security issues. Games are big money, but the issue of Teams in Microsoft 365 may be an even more sensitive issue.

Cynthia Murrell, November 29, 2022

LinkedIn Helps Users Spot Fake Accounts it Lets Slip Through

November 11, 2022

Fake LinkedIn accounts are a fact of life. One might wonder how it is a professional social media site does not require member verification. It seems like a must have, but then LinkedIn is a Microsoft property after all. Now the site is making at least a show of doing something about the issue. No, not increasing efforts to prevent or remove fake profiles; don’t be silly. This is a case of user beware. According to CNN, “LinkedIn Knows There Are Fake Accounts on Its Site. Now It Wants to Help Users Spot Them.” Reporter Clare Duffy writes:

“LinkedIn is rolling out to some users the opportunity to verify their profile using a work email address or phone number. That verification will be incorporated into a new, ‘About this Profile’ section that will also show when a profile was created and last updated, to give users additional context about an account they may be considering connecting with. If an account was created very recently and has other potential red flags, such as an unusual work history, it could be a sign that users should proceed with caution when interacting with it. The verification option will be available to a limited number of companies at first, but will become more widely available over time, and the ‘About this Profile’ section will roll out globally in the coming weeks, according to the company. The platform will also begin alerting users if a message they have received seems suspicious — such as those that invite the recipient to continue the conversation on another platform including WhatsApp (a common move in crypto currency-related scams) or those that ask for personal information.”

We are told detecting and removing bots or fake accounts is just too tricky and subjective to expect LinkedIn to get it right. It is funny how “empowering users” often translates to “passing the buck.” So for those who must use LinkedIn, just remember it is up to you to verify others are who they say they are.

Cynthia Murrell, November 11, 2022

A Flashing Yellow Light for GitHub: Will Indifferent Drivers Notice?

November 9, 2022

I read “We’ve Filed a Law­suit Chal­leng­ing GitHub Copi­lot, an AI Prod­uct That Relies on Unprece­dented Open-Source Soft­ware Piracy. Because AI Needs to Be Bair & Eth­i­cal for Every­one.” The write up reports:

… we’ve filed a class-action law­suit in US fed­eral court in San Fran­cisco, CA on behalf of a pro­posed class of pos­si­bly mil­lions of GitHub users. We are chal­leng­ing the legal­ity of GitHub Copi­lot (and a related prod­uct, OpenAI Codex, which pow­ers Copi­lot). The suit has been filed against a set of defen­dants that includes GitHub, Microsoft (owner of GitHub), and OpenAI.

My view of GitHub is that it presents a number of challenges. On one hand, Microsoft is a pedal-to-the-metal commercial outfit and GitHub is an outfit with some roots in the open source “community” world. Many intelware solutions depend on open source software. In my experience, it is difficult to determine whether cyber security vendors or intelware vendors offer software free of open source code. I am not sure the top dogs in these firms know. Big commercial companies love open source software because these firms see a way to avoid the handcuffs proprietary code vendors use for lock in and lock down without a permission slip. These permissions can be purchased. This fee irritates many of the largest companies which are avid users of open source software.

A second challenge of GitHub is that it serves bad actors in two interesting ways. Those eager to compromise networks, automate phishing attacks, and probe the soft underbelly of companies “protected” by somewhat Swiss Cheese like digital moats rely on open source tools. Second, the libraries for some code on GitHub is fiddled so that those who use libraries but never check too closely about their plumbing are super duper attack and compromise levering vectors. When I was in Romania, “Hooray for GitHub” was, in my opinion, one of the more popular youth hang out disco hits.

The write up adds a new twist: Allegedly inappropriate use of the intellectual property of open source software on GitHub. The write up states:

As far as we know, this is the first class-action case in the US chal­leng­ing the train­ing and out­put of AI sys­tems. It will not be the last. AI sys­tems are not exempt from the law. Those who cre­ate and oper­ate these sys­tems must remain account­able. If com­pa­nies like Microsoft, GitHub, and OpenAI choose to dis­re­gard the law, they should not expect that we the pub­lic will sit still. AI needs to be fair & eth­i­cal for every­one.

This issue is an important one. The friction for this matter is that the US government is dependent on open source to some degree. Microsoft is a major US government contractor. A number of Federal agencies are providing money to companies engaged in strategically significant research and development of artificial intelligence.

The different parties to this issue may exert or apply influence.

Worth watching because Amazon- and Google-type companies want to be the Big Dog in smart software. Once the basic technology has been appropriated, will these types of companies pull the plug on open source support and god cloud commercial? Will attorneys benefit while the open source community suffers? Will this legal matter mark the start of a sharp decline in open source software?

Stephen E Arnold, November 9, 2022

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta