Think of Computers as Biological Systems

Posted on September 17, 2011 by halberenson

One of the things we all struggle with is why do computers have bugs?  Why do they run perfectly well for months and then slow down?  Worse, why are they slow one day and fast another?  Or why does something work a dozen times in a row and then suddenly stop working?  Well, I have an experience yesterday that let me explain this to a Doctor and he suggested I share it.

I was in the Doctor’s office and he had his IT support person in looking at why something worked from the computer in his office but not the computer in the exam room.  Actually, it had been working in the exam room but had suddenly stopped working correctly.  He rhetorically directed this question at me and I rhetorically asked him why a cell suddenly goes crazy and starts reproducing out of control (i.e., Cancer) or why a drug can help 99.9% of patients and kill .1% of them?  Then I explained that software (and hardware) have become so complex, with so much state information lying around, that we can no longer completely understand nor control their behavior.  You could see the lightbulb go off and he said “I got it, they are Biological Systems”.  He, like all of us, think of computers as being ruled by the laws of physics (as he put it, or mathematics as I tend to think of it) and of course at some level (just as with biological systems) they are.  But when you look at things at the higher systems level they really have started to resemble a biological system in which no two instances (just like no two people) are exactly alike.

Now I understand why a doctor would so easily jump to this understanding of modern computer systems, but I’ll dive into it in case you aren’t comfortable with the analogy.

People (as an example of biological systems) are each unique individuals.  They receive their basic programming (e.g., DNA) from their parents and while each Homo Sapien inherits mostly the same programming we also inherit a bunch of unique programming.  There are hundreds of BRCA1 gene mutations. If a woman inherits one of the wrong ones then she has a 60% chance of developing Breast Cancer.  There are 20-25,000 genes in the human body, and I don’t know how many variations of each, and then the interactions between genes.  So our variety and complexity are quite high.   Well, you say, this doesn’t happen with computers?  And I say BS 🙂  Nearly every computer out there is at least a slight variation from every other computer.  They have different CPU chips, different graphics boards, different BIOS authors, different version of that BIOS, different hard drive models, different collections and versions of software installed on them, etc.  A PC is a PC in a similar way that a Person is a Person.  They are the same, yet actually quite different, even in the aspects we think of as invariant.

What is even more interesting is that both People and Computers run around with both temporary and persistent State information floating around, and that this state information alters their systems’ behaviors in seemingly unpredictable ways.  For example, there are many drugs which make people photosensitive.  For those not taking the drug 30 minutes in the sun helps their tan and produces nice amounts of Vitamin D.  For those taking the drug 30 minutes in the sun produces a sun burn.  Smoking produces all kinds of persistent state changes.  Combine all the persistent (over a lifetime) and temporary state changes and you get strokes, heart disease,  cancer, etc.  Or take Vioxx.  Like most drugs it induced a temporary state change to fight inflamation (e.g., from Arthritis).  Unfortunately it turned out that in some patients, the state change it caused interacted with other state (and perhaps genetic programming) in the body to cause heart damage.  So how does this work in computers?

Let’s take something as simple as an e-mail message.  Each message has a tremendous amount of state, and you are constantly altering that state.  Read the message and the computer switches the state from Unread to Read.  Reply and it records that the message has been replied to.  Flag or otherwise categorize the message and that’s recorded too.  Sync your Droid, our iPad, Outlook on your PC, access that same message from IE7, IE8, IE9, Firefox, Chrome, Safari, etc.  and you have a tremendous amount of both temporary and persistent state involved.  Things would likely be simple if programming always dealt with one state at a time, but often you deal with multiple states simultaneously.  Since the amount of state being kept in a typical computer is now so large, from a practical standpoint the variation is approaching dangerously close to infinity.  The programming of how to behave in light of all that state, and how to modify that state information, is different for each of the ways of accessing your mail.  And so you very quickly end up with things from minor bugs, like the iPad (and iPhone’s) email application not being able to correctly maintain the Read/Unread count, to more serious problems like having your iPhone or Outlook lose the ability to correctly sync with the email server without deleting and re-adding the email account, to disasters like email being completely lost.  Now multiply this idea through everything running on your system, and that even seemingly independent things can have state interactions, and you start to see the picture.  Why does killing and restarting an application, or rebooting your computer, often resolve problems?  Because it clears temporary state information.  Sometimes you never get back to that same set of temporary state and thus the problem never recurs.  Sometimes you get back to it eventually.  Occasionally you can reproduce it quickly, implying an interaction with more persistent state.  As annoying as rebooting is, think of it as an advantage Computers have People.  We can’t just throw away our temporary state, we have to alter it quite tediously using drugs, nutrition, lifestyle change, etc.  But if anything this strengthens the analogy.

Now you know why after decades of trying to make software bug-free they are still so unreliable.  30 years ago most bugs were straightforward coding mistakes, and those now rarely make it out of the software development process.  20 years ago most bugs were about localized mishandling of a single piece of state, and once again those rarely make it through the software development process.  But since then we’ve been struggling with the explosion of both temporary and persistent state on both a local and global basis.  The trend to new app models (IOS, Windows Phone 7, and now Windows 8’s Metro app model) is largely driven by the realization that the industry needed greater isolation of state-sharing between applications (and greater control over the application’s impact on system state).  That’s progress and explains a lot of why an iPhone or Windows Phone 7 device feels so much more reliable than either a Windows or Mac PC.  At the same time the move to cloud computing, and thus the greater amount of state sharing between various clients and the cloud, is increasing the amount of distributed state.  An explosion in the number of cores in a typical computer processor, and the growth in heterogeneity of cores (or auxiliary processors like GPUs) also is dramatically increasing complexity.  So when we look back 10 years from now I don’t expect the overall reliability of computer systems to have improved.  Doesn’t the fight to make computer systems reliable feel a lot like the fight to cure Cancer?

So the next time you wonder why computers aren’t more reliable, or try to explain it to a friend, keep the biological system analogy in mind.  Because those are the rules computer systems are now following.

 

 

Posted in Computer and Internet | Tagged , , , , | Comments Off on Think of Computers as Biological Systems

Windows 8 Defender

Posted on September 14, 2011 by halberenson

One of the end-user oriented features revealed in yesterday’s BUILD keynote that I’m particularly excited about is the expansion of Windows Defender capabilities.  Microsoft has had the limited Defender anti-malware capability built-in to Windows since Vista.  Defender, although it uses the same anti-Malware engine as Microsoft Security Essentials (MSE), is primarily targetted at preventing Spyware and contains just a small fraction of MSE’s anti-malware signatures (and monitors fewer Windows pathways than MSE).  This was an idea leftover from a decade ago when Anti-Virus and Anti-Spyware were considered two different problem spaces and users had to purchase two different solutions.  Microsoft purchased the Giant Anti-Spyware product and made it available to users, later releasing an equivalent capability set as Windows Defender.  User’s still had to install an anti-Virus product if they wanted protection from more than Spyware.  Over the years both Anti-Virus and Anti-Malware were subsumed into integrated Anti-Malware products, but Windows Defender stayed targetted at its original Anti-Spyware mission.   Since all Anti-Malware products now contain anti-Spyware capabilities, and with the threat threats now focused largely outside of its original scope, Windows Defender had become superfluous.  Microsoft essentially had two choices, remove Windows Defender entirely or bring it into the current age and move it from being just an anti-Spyware feature to being a more complete Anti-Malware offering.  With Windows 8 Microsoft is taking the Anti-Malware route with Windows Defender.  This means every Windows 8 system will have excellent basic Anti-Malware capability out of the box.  Finally!

How will Windows 8 Defender change the Anti-Malware landscape?  Well, along with other Windows 8 security changes, it makes it much harder for the bad guys to attack the Windows system universe.  If you look at the numbers each release of Windows (since XP SP2) has been less subject to Malware than its predecessor.   One of the biggests issues remaining is that a very large percentage (I don’t recall the number, but perhaps half) of PCs do not run Anti-Malware software (or have let their subscription lapse so that they don’t get updates).  Windows 8 mostly eliminates that situation.  Not only does this leave Windows systems better protected, it may actually shrink the opportunity for malware authors to profit from their work so substantially that they turn their focus elsewhere (Mac, Android, Linux, etc.).  This has already started to happen with Windows 7, Windows 8 should dramatically accelerate the trend.

For Anti-Malware product vendors I don’t think that Windows 8 Defender really impacts their strategies.  They will continue to appeal to consumers by providing what they position as premium capabilities compared to Windows Defender (or MSE).  And they will still primarily make their way onto systems by paying OEMs to pre-install trial versions.   They’ll continue to tweak their products to make them more attractive for certain types of users.  For example, I’d love to see an offering that lets me include the security status of my mother’s PC (2000 miles away) and alerts me when her system has a security issue.  That might be enough to get me to install a paid product on not just her PC, but every PC in my household.

So welcome to the world of fully built-in anti-Malware with Windows 8.

Posted in Computer and Internet, Microsoft, Security, Windows | Tagged , , , | Comments Off on Windows 8 Defender

What does Windows 8 have to do to succeed?

Posted on September 10, 2011 by halberenson

Following up from my previous post on why Windows 8 is so important I wanted to speculate on what we’ll see next week, or rather what we have to see in order to believe that Microsoft can succeed.  First we’ll talk about Microsoft’s strengths and weaknesses and how they need to exploit and/or correct them.  Then we’ll talk about the key characteristics of the (general purpose) NUI OS world.  And finally we’ll talk about a few key Windows 8 things we need to see.

Microsoft has two big strengths that they really need to exploit in order to make Windows 8 succeed.  The first is their classic strength around being a multi-vendor platform.  They need to get a large number of hardware manufacturers creating a substantial number of differentiated and interesting devices and pushing them heavily through all available channels (web/mail order, retail, distribution, direct corporate sales, etc.).    This is a key strength against Apple, though if done poorly (as with Vista) can turn into a key weakness.  They have to give the OEMs a lot of freedom to innovate and differentiate on hardware, but they have to keep enough control to make sure the OEMs don’t create devices that show off Windows 8 poorly.  This is something that the Windows Phone 7  guys addressed with their very restrictive “Chassis” definition.  Windows 8 can’t be as restrictive as Windows Phone 7, but they need to make some attempt to keep things from turning into the wild wild west.  Talking about the channel front a bit, this is where I think Android has stumbled in the tablet space.  Android Tablet manufacturers tied themselves too closely to the mobile phone sales channels, making it difficult for customers to find and purchase appropriate devices.  For example, for a long time Best Buy kept Android tablets displayed in a back corner of their mobile phone area.  This made them hard to find, and hard to find expertise to help you with them.  Or I know someone who wanted a WiFi-only Samsung Galaxy Tab.  Samsung withheld this device for many months in favor of 3G-enabled devices that you could only buy with 3G service.  Finally my friend gave up waiting and purchased a WiFi-only iPad.  Microsoft has well-developed channels in both the PC and Mobile spaces, with vendors like Dell able to work magic in the PC distribution space (even though it has bombed in the Mobile Phone distribution space).  If Samsung, Toshiba, and others use both their PC and Mobile businesses to create and sell Windows 8 tablets then Microsoft has a huge advantage over Apple or Android.

The second strength Microsoft has is the one that really has differentiated the target end-user successes of Microsoft and Apple over the years.  Apple targets multi-media consumption (and creation with the Mac) while Microsoft targets the Information Worker.  If Microsoft pulls off the trick of being truly competitive with Apple for consumption-oriented users while being the clear offering of choice for Information Workers, then it can recreate the success it had with Windows 3.0 and beyond in the new world.  And Microsoft brings many advantages to the table in trying to do this.  For example, the ability of a Windows 8 tablet to join an Enterprises’ Domain (and have all its management and security benefits) would immediately make Windows 8 the tablet favored by Corporate IT (including the Chief Information Security Officer) for all internal use.  But this won’t matter if end-users don’t love the devices, so Microsoft can’t count on Domains to overcome a weak end-user experience.  But if the end-user is excited about Windows 8, this becomes a huge differentiating feature.  Another factor will be how seriously Microsoft’s other products, particularly Office, embrace Windows 8 tablets.  Everyone of my friends and family who has switched to the Mac has also run Microsoft Office for Mac on them.  Imagine now that a full-fledged version of Microsoft Office (including Outlook) comes out that is fully usable on Windows 8 Tablets; suddenly carrying just a tablet with you on business trips becomes a real option.  So Microsoft has a lot to bring to the table, and bring it they must!

One more strength is Microsoft’s view of Windows as a general purpose platform.  Whereas Apple has been somewhat hostile to third-party e-book readers (e.g., they won’t let them actually sell you a book through their app) Microsoft is more likely to be telling Amazon et al  “Please come make Windows 8 Tablets the best e-book readers on the market; what more can we do to help you succeed?”  That attitude, spread across the entire application space, could be a huge advantage.

A final strength?  That docking station that turns your iPad into a Mac replacement I mentioned?  That could be a truly trivial thing for a Microsoft OEM to do with Windows 8.

I’ve already alluded to one weakness, that the same ecosystem that is such a strength can kill you by producing bad products.  Or by ignoring you.  One of the problems Microsoft initially had with Windows was that its ecosystem (e.g., Lotus) wasn’t developing for it.   Windows 8 has to be exciting enough that the ecosystem clearly favors it over Android.

Another weakness is Windows bloat.  This one has probably caused more advanced criticism about the idea of a Windows 8 tablet than anything else.  It is usually couched in terms of “why would you want something as bloated as Windows on a tablet”?  But then people forget that IOS is a reworked Mac OS.  So the real question is, has Microsoft reworked Windows sufficiently so that a Windows 8 tablet doesn’t suffer from Windows overall bloat?  There are promising signs.  In Windows 7 Microsoft introduced MinWin (part of a multi-version restructuring cleanup they’ve had underway) as well as made changes that allowed many services to not be started until they were needed.   Windows 7 was the first version of Windows to run well on smaller hardware configurations than its predecessor.  Assuming they’ve continued to invest in this restructuring work it would be easy to see how they could keep bloat from killing the Windows 8 tablet experience.  Even a recent reveal, that Windows 8 COLD boot time may be as low as 8 seconds, is evidence that Windows 8 is lean enough for tablets rather than suffering from the bloat we became accustomed to a decade ago.  But still, until we see otherwise most people will continue to worry that Windows is too bloated for tablets.

Another weakness is that from an end-user perspective Windows has been way too non-prescriptive and confusing as a platform compared to IOS.  For example, media experiences are spread across Windows Media Player, Windows Media Center, Zune, Silverlight, Flash, HTML5 and others.    While Windows 8 will no doubt continue to support all of these (and Windows 8 tablets most of them), is there a clear primary streaming media story for Windows 8 tablets?   This is a space where for decades Apple has really shined and Microsoft has continually shot itself in the foot.  Microsoft has no more toes to blow off and needs to have a clear preferred experience, in this area and in many others, to gain the consumer love that Apple currently enjoys.  And yes, I do realize that I’ve made openness of the platform both a strength and weakness.  One that Microsoft will have to navigate carefully.

Lastly I’ll mention “3 screens and a cloud” as both a strength and weakness for Microsoft.  Microsoft has talked about this for many years, but to date hasn’t shown much in terms of their offerings.  The 3 screens references the PC (which would include tablets), the phone, and the TV.  Unifying these can be a critical advantage for Microsoft, or an achilles heal.  If we see more unification around Windows 8 it becomes a powerful advantage.  If not, Apple (and Google) are pursuing their own “3 screens and a cloud” strategies that will eclipse Microsoft.  Fortunately there are both hard signs (e.g., XBox Live on Windows Phone 7) and many rumors that suggest Microsoft is finally getting its act together in this space.  Hopefully BUILD will offer us some more evidence this is true.

Ok, so what are the key elements that we now associate with a NUI environment that Microsoft must address?  The first is the most obvious, which is a modern visual and interactive style that takes advantage of TOUCH and GESTURES as the primary interaction method.  This must extend throughout (e.g., you can’t have people trying to touch little X boxes to close things or drag scroll bars as you would do with a pointer; either at the OS or app level).  One of my test experiences playing with a Windows 7 tablet was the NY Times Newsreader App.  On my iPad I just swipe to go to the next page.  On a Windows 7 tablet I have to find and tap (nee click) on an arrow to go to the next page.  On a Windows 8 tablet just swiping has to work.  Incorporation of voice recognition, use of the camera and other sensors, etc. are all pluses that Microsoft can (must?) use to differentiate.  Microsoft has good enough voice recognition to do free form speech-to-text.  Will we see that finally achieve widespread usage in a Windows 8 tablet?  Will Microsoft, or its OEMs, build support around Window 8 for virtual projected keyboards?   Or 3D video conferencing?  Or….

A second element is a more locked down application environment.  You may recall that apps were dead prior to the introduction of the second version of IOS and the App Store.  This was because Windows (and Mac OS and Linux and…) had such a wild west attitude towards applications that they made systems unreliable, slow, and non-secure.  Phrases like “DLL Hell” may still ring a bell.  And certainly you’ve experienced the inability to fully uninstall an application.  Any modern OS has to have an application model that can be sandboxed for reliability and security, can install apps simply and quickly, can uninstall apps just as simple and quickly, and doesn’t have side effects on unrelated apps.  Windows 8 must have such an app model or the end-user experience will suffer greatly compared to IOS.  In fact, the existence (and enforcement?) of such a model would do a great deal to eliminate most of the major issues that Windows has suffered over the last 20 years.

An “app store”.  Apps have been around forever.  But until the iPhone’s App Store came out there was no easy way to find them, know they weren’t laced with malware, know they weren’t likely to reduce system reliability, purchase them easily, download them easily, and install or uninstall them easily.  Attempts to create marketplaces for existing applications didn’t really work because they addressed few of these characteristics.  But with a new app model, and of course its own experience with the Windows Phone 7 Marketplace, Microsoft could introduce a Windows 8 “app store” that has all the characteristics necessary for a modern NUI-based OS to succeed.

Lastly, I’ll mention a design center for Consumption-oriented experiences.  The truth about the iPhone, iPad, etc. is that they are replacing newspapers, books, DVD players, portable game players, etc.  They are how you keep your kids entertained on a long road trip, and yourself on a long plane trip.  They have become our companions when dining out alone, and our personal shopping assistants when we are in a store.  Their larger screens make them more suitable for this than a Smartphone, yet they still are of a size and weight that you can carry in a purse or your hand.  And so it is critical that any modern OS put consumption experiences ahead of creation experiences (where such tradeoffs are required).

Microsoft has already revealed some key elements of Windows 8.  We know it will support the tablet form factor, including the use of ARM-based chipsets (a practical if not absolute necessity).  We know it will offer both a modern NUI-style user experience evolved from the Metro experience designed for Windows Phone 7 as well as the traditional GUI experience.  On the rumor level we’ve heard about a new app model reportedly called AppX, along with an associated “app store”.  There are also plenty of rumors about relationships with XBox and Windows Phone 7 (e.g., that Windows 8 will run WP7 apps, which is technologically trivial to accomplish).   I imagine tablets will always use the NUI interface, but that’s one thing we’ll have to wait on.  For example, will Microsoft do anything to enforce this (e.g., a tablet edition that doesn’t include the old interface while the Pro or Enterprise edition includes both).  I think we can assume this is all true, including the rumors.

But there is much we don’t know.  How deeply will the NUI experience extend?  Will new applications be NUI through and through?  What happens when you run them from within the GUI (aka, traditional) shell?  What happens when you run an existing GUI-based app in the NUI environment?  Did they alter the common dialogs and graphical elements to make them more finger friendly (as Windows Mobile did with 6.5)?   We should get answers to these questions next week.  And they better be good.

What is the new App model?  This is going to be the most revolutionary change to the Windows ecosystem since Windows itself.  What is happening with graphics?  This is one of the most awaited disclosures we’ve seen in a long time.  And tell us please about that “app store”.  This is the most important discussion next week because it impacts the expertise of the entire Windows developer ecosystem.  How much their existing knowledge and skills is still applicable vs how much they have to start from scratch will impact both their enthusiasm for Windows 8 and the time to market for apps that conform to the new model.

There is a lot we may or may not find out next week.  This is a developer conference, so Microsoft may withhold much in the way of end-user feature information.  Will they, for example, disclose what the primary media strategy for Windows 8 is?  I don’t know.  They will certainly save as much news as they can for nearer the launch of Windows 8, but it will be small compared to what we learn this coming week.

I’ve run out of steam so I’m going to leave things here.   Windows 8 will either be the release that propels Microsoft to leadership of the next two decades of computing or that confirms it is on the road to oblivion.  Yes, I think it is that important.   Are you looking forward to the big reveal as much as I am?

Posted in Computer and Internet, Microsoft, Windows | Tagged , , | 13 Comments

How important is Windows 8 to Microsoft’s future?

Posted on September 10, 2011 by halberenson

After a couple of years of leaks, and a few carefully selected releases of information, we’ll finally see the big reveal of Microsoft’s Windows 8 at the BUILD conference this coming week.  Make no mistake that Windows 8 is the most important release of Windows since 1990’s Windows 3.0, and Microsoft’s future as a platform company is dependent on it being a run-away success.  Let’s do a little trip back in time to explore some eery parallels and then speculate on what we’ll see (or rather, what we have to see) at BUILD.

We spent the 1990s and 2000s living in a world dominated by computers with a Graphical User Interface (GUI) based on WIMP (Windows, Icons, Menus, and a Pointing device).  This style of user interaction was pioneered in the 1960s at SRI and 1970s at Xerox PARC.  Many companies then started working on commercialization though it was Apple that really brought this work to public attention with the Lisa and then to commercial success with the Macintosh computers.  Microsoft entered the market for GUI-based UI around the same time as Apple, however it did so with an add-on shell to MS-DOS rather than with a complete GUI environment.  Throughout the Windows 1/2 era we had a situation much as exists today.  Microsoft had a GUI offering, but it was mostly used as a launcher for MS-DOS apps and was a poor representation of the GUI paradigm.  Apple, with the Macintosh, had an excellent representative of the GUI paradigm and one that excited end users.  As 1990 approached Microsoft was in danger of being relegated to a legacy business around MS-DOS while Apple was poised to become the dominant provider of PCs for both applications (e.g., desktop publishing) that worked best in a GUI paradigm and for the vast majority of people who still didn’t own a PC.  Then came Windows 3.0.

With Windows 3.x (so 3.0/3.1/3.11) Microsoft made the leap to a full and competitive GUI OS and changed the game.  Now it could bring all the benefits of its business model, such as a wealth of OEMs, retail and other distribution channels, and large application portfolio, into a GUI-centric world.  Microsoft Windows soon eclipsed Macintosh (in perhaps every dimension except elegance) and went on to become the dominating operating system of the 1990s and 2000s.

The GUI paradigm served users very well for about 20 years because the computer form factor remained little changed in that time.  Computers consisted of a system unit, a monitor, a keyboard, and a pointing device.  This evolved from separate components into integrated systems, particularly in the form of the Notebook computer.  But the essence didn’t change.  Meanwhile various attempts to introduce new form factors were met with limited success.  Various attempts at Tablet form factors, for example, went nowhere.

Development of Personal Digital Assistants (PDAs), which would evolve into today’s smartphones, began in the late 1980s.  Once again Apple was a leader, but this time their Newton OS failed.  Others succeeded, but in limited form.  Finally Apple re-entered this market in 2007 with the iPhone and its IOS operating system.  IOS itself was derived from the Macintosh OS but introduced a new finger-friendly Natural User Interface paradigm UI.  Naturally Apple wasn’t the only company working on NUI, but once again they were the first to bring it to full fruition in a commercially successful product.  Once again they enjoyed great success, but are in the process of being eclipsed in market share by Google’s Android.  Microsoft is trying to play catchup, but it is unclear how much of a chance they have.  This battle may not follow exactly the path of the earlier battle in PCs, but it is eerily similar so far.  Even take Apple’s use of patents to try to stop Android.  You may recall that Apple used the courts in an, ultimately futile, attempt to stop Microsoft Windows.  But this posting isn’t about mobile phones, it is about the future of Microsoft Windows.  So let’s move on.

With a clear hit in the NUI OS space in IOS, Apple moved on to introduce the iPad in 2010.  At its introduction, and in some cases even a year later, analysts saw the iPad as a niche offering.  What happened instead was the iPad caught on as a primary computing device that has started to encroach on the traditional Notebook computer.  Many people, particularly when not on business trips, leave the Notebook at home and take just their iPad.  This is a somewhat nuanced discussion in that for any given scenario one or the other form factor (Tablet or Notebook PC) one is actually better than the other.  You can read a newspaper or book, create a spreadsheet, watch a movie, make airline reservations, layout a brochure, etc. on either.  But the iPad is a much better experience for consumption-oriented activities like reading or watching while the Notebook is a better experience for creation-oriented activities like spreadsheets, brochures, editing photographs, etc.  Something like making an airline reservation splits the difference, with someone who does lots of reservations finding a Notebook somewhat more productive (e.g., fewer required screen transitions and easier data entry) while someone who infrequently performs this activity may be perfectly happy doing it on an iPad.   Most importantly, the number of people who are heavy Consumers on content far outweigh the number of people who are heavy creators of content.  That gives the long-term edge in computing devices to those that are best at Consumption, placing the dominance of traditional Notebook (and even desktop) PCs in jeopardy.

Just as with the original Macintosh Apple has redefined the tablet category and staked out a strong lead in the NUI-based computing world. While to date this has primarily been based on the iPad’s superiority for content consumption, the truth is that people are working hard to improve its usefulness in content creation.  For example, the addition of a Bluetooth keyboard greatly improves the users ability to create Spreadsheets, documents, etc.  Capacitive Pens allow for higher resolution drawing than you can do with your finger.  And how long until Apple creates a docking station that effectively turns your iPad into a full-blown analogy to a Macintosh PC?  I imagine we’ll see that (and the demise of the traditional Mac line) within this decade.

Microsoft has introduced many NUI elements into Windows over the years, but the basic usage paradigm remains GUI.  So, as in 1990, Microsoft is faced with either pulling off a full transition to the new NUI world or being relegated to a legacy supplier while Apple runs away with the next generation of computing.  Microsoft has lucked out in one respect; unlike in the mobile phone space Android has failed to gain traction in the tablet space.  And Apple’s legal assault on Android (where, for example, they have been able to block sales of some Android tablets in some jurisdictions) promises to keep the opportunity open long enough for Microsoft to step in with the only real IOS alternative.  And so this comes down to a classic repeat of the Windows 3.0/3.1/3.11 vs Macintosh battle of the early 1990s.  If Microsoft succeeds we’ll be looking back a decade from now at a world in which it is still the dominant supplier of end-user computing devices.  If it fails, a decade from now we’ll be lumping Windows in with MVS and VMS as living historical artifacts that matter only to a few people.

Since this blog entry has gotten so long I’m going to split the discussion of what we should expect to see next week into a separate entry.  See you on the other side.

Posted in Computer and Internet, Microsoft, Windows | Tagged , , , | 6 Comments

The Industry loses another Titan

Posted on August 25, 2011 by halberenson

I couldn’t let the day go by without commenting on Steve Jobs’ resignation as Apple CEO.  But rather than write something totally new I’m going to post two entries I made on Facebook that capture my views of the situation:

#1:

While my friends and I were playing around on ASR33 teletypes connected to BOCES LIRICS’ DECsystem-10, Bill Gates and Paul Allen were doing the same (the Lakeside School in Seattle had its own DECsystem-10).  That is what got us all hooked on computers.  Steve Jobs and Steve Wozniak followed a slightly different route but ended up in a similar place.   Many SHS alumni went on to careers in computing, and we’ve made some major contributions (although obviously nothing on the same scale as these other guys).    In particular Jobs and Gates became the two key leaders of the computer industry as we transitioned to “personal computing”, and just as importantly the two most important industrialists of the baby boom generation.  I went to work for Bill, but have no less respect for Steve’s importance to our industry and our generation.  When Bill decided to move his full-time focus from Microsoft  to charity work I was saddened that I wouldn’t be working with him but happy for what it meant for the world overall.  But Steve being forced from his CEO role at Apple over health reasons saddens me tremendously.  It is, as Stephen Gyetko points out, pretty ominous and I am taking it quite personally.  And so in the spirit of this group, you really know you’re from Syosset if you used the ASR33s when there was one each in adjoining closets on the second floor of the E wing (around the corner from Mr. T’s) when the teachers were clueless (or even scared) about what to do with them and everyone else in the school thought you were nuts;  And you can trace that experience to the news of the day.

#2:

The interesting thing is that I don’t consider Jobs that unique in the “visionary” camp.  Everything Apple did came from somewhere else.  Jobs real contribution was in being the perfectionist who turned those concepts into products that people wanted and wanted as passionately as he wanted to make them.  And what he did more brilliantly in his second life at Apple than he did in his first was to have perfect timing of bringing new products to market just as the underlying technologies reached sufficient maturity to allow mass market adoption.  The iPod wasn’t the first music player, the iPhone wasn’t the first smartphone, the iPad wasn’t the first tablet.  Nor was the Mac (or even the Lisa) the first GUI OS.  But in each case the execution (from the end-user standpoint) was superb.  Gates had similar, or even more far reaching, vision but Microsoft’s software-only business model, reliance on OEMs and other partners to complete even the basic product offering, breadth of activities, and even Bill’s management style couldn’t realize those visions in the same polished way that Apple (as a vertically integrated systems vendor) could.  Bill’s huge business innovation was the OEM model for software.  Steve’s was in getting both media companies and telecom carriers to alter their business models to accomodate the experiences he wanted to create.  And overcoming Apple’s inability to get shelf space in retail stores by creating his own (again, not the first computer manufacturer to try it but the first to truly succeed at it) retail stores.  Apple will of course continue on and do well for now.  The real test will be when the next sea-change comes along and there is internal friction over how to respond.  That’s when Jobs will really be missed.
Posted in Computer and Internet | Tagged , , | 1 Comment

Porting Microsoft SQL Server to Linux

Posted on July 27, 2011 by halberenson

I’ve been asked many times over the years about a port of Microsoft SQL Server to *nix (as we used to call it, since Unix was the primary offering in the Enterprise while Linux was just gaining traction).  Most recently someone asked in a reply to one of my posts if Microsoft had ever seriously considered it.  While I can’t speak for any recent thinking, if you go back to over a decade ago it was given some very serious consideration.   There were three reasons for this.  First (and primarily), a number of Microsoft’s key partners (both software and hardware) lived in a multi-platform world and had a strong interest in seeing Microsoft SQL Server on *nix.  Second, this was the period when the highest end Windows hardware platforms were of the 8 processor variety and much of the competition amongst database engines was moving into the 16-32 processor range.  There simply was no Windows-based platform to compete against the Sun E10000 that had become the mainframe of the Internet (bubble) era.  As some may recall, even a couple of Microsoft’s acquired properties (e.g., Hotmail) used Oracle on big Unix boxes long after everything else had moved to Windows because there were no Windows equivalents (until the Unisys ES7000) they could move to.  Third, customers kept telling us they were happy to use SQL Server but didn’t want to use Windows NT 4.  And so, on a couple of occasions serious thought was given to porting SQL Server to *nix.

So why didn’t Microsoft take SQL Server to *nix?  On one occasion a partner commitment that might have made it viable failed to materialize.  On another occasion I initiated the investigation on the basis of a partner request but then decided it was a bad idea.  Here is why:

There are five things you have to consider when evaluating if Microsoft should take SQL Server to *nix:

  1. What exactly is the product offering you intend to bring to *nix, does it have a real market there, and can you position the offering to succeed?
  2. What is the impact of going multi-platform on the product family, engineering methodology, organization, and partner engineering organizations?
  3. What is the business model, including how do you partner, market, and (very importantly) sell into the Enterprise *nix world when you are a company that has no expertise in doing so?
  4. How do you provide Enterprise-class service for SQL Server when it is running on a platform that your services organization has no expertise with?
  5. What is the negative business impact on with entire Windows platform associated with making a key member of the server product family available on *nix?

The product is always what people think of first so let me address it first.  When someone says Microsoft SQL Server you could think of two things.  One is the relational server(sqlservr.exe) that has its origins at Sybase and was re-written by Microsoft to produce Microsoft SQL Server 7.0 and later versions.  The other is that plus all the BI (Analysis Services, Reporting Services) and tools that are also part of the product family.  When someone talks about porting SQL Server to *nix the difference between just porting the former and porting the latter is at least an order of magnitude.  Maybe two.

Fortunately what people were asking for (again, over a decade ago,) was just the relational server.  The first order engineering of making that happen, assuming you disable some Windows-specific functionality, was rather small (on the order of a few manweeks).  But would a reduced functionality relational engine, without some popular features, be accepted as a serious offering by customers?   What of future planned (and now delivered) features like CLR Functions and Stored Procedures?  Would the lack of that functionality bother customers?  Would they insist we support Java Stored Procedures instead?  What about  management infrastructure?  Would SQL Server have to support different management infrastructures on *nix and on Windows?  Would we place new hooks in sqlservr.exe or would WMI/WBEM handle it all?  *nix DBA’s used shell scripts as their primary management tool, but the SQL Server of that day was not scriptable.  Would those DBA’s accept the use of GUI tools?  Would *nix users accept “Windowsisms” that made it quite clear to them that SQL Server was not a native *nix product?  On these last few points I had lots of historical evidence to suggest that *nix customers would not be happy about the situation.  They wanted a product that showed a full commitment to the *nix platform.  Which meant that far more engineering work than simple porting was required.  And then there was performance and scalability.  The effort to tune SQL Server to run well on a 32 processor E10000 running Solaris was going to dwarf the work to port it there in the first place.

The second thing to think about is how this is going to impact everything else around it, including the engineering methodology and organizations.  For example, do you follow a philosophy that says the core team just worries about Windows and throws the Windows product over the wall to a team that adapts it to *nix?  Or do you reorganize everything so you have a core team that builds multi-platform software and then teams that adapt it to the various platforms (which is what true multi-platform companies do)?  Do you stop putting in Windows-centric features such as CLR support to make multi-platform support easier?  Or can you get the CLR team to become multi-platform with you?  What about the Visual Studio and (what became) the Systems Center teams?  SQL Server takes components from many other teams, so what do you do about those?  Do you reverse the original decision to have a single SQL Server product (that included OLAP and the rest) and split out a relational-only product on Windows since that is all you are going to offer on *nix?  While a small contained project was possible, the changes likely required to succeed were earth shattering.

Third, engineering is one thing but everything else involved in bringing a product to market is even bigger.  Would customers really consider buying *nix products from “the Windows company”?  Particularly mission-critical Enterprise products?  How do you sell SQL Server on *nix when in fact you have no sales capability in the *nix world?  Not only that but how do you even get a sales rep to return the phone call when someone wants to buy $100K of SQL Server but no other Microsoft products?  What if it is only a $25K sale?  $5K?  Given how much energy goes into an enterprise-class sale, and particularly a database sale, a sales rep who went after these deals would not only never make their quota but they’d be losing money for Microsoft.  So you have to rely on partners to do the heavy lifting, but does that really help?  I was assured by some contacts that Sun would have welcomed SQL Server onto Solaris.  But could you have imagined a Sun sales rep bringing anyone from Microsoft into their account to help with the sale of SQL Server on a Solaris system?  I couldn’t.  It goes against all the rules of account control.   Perhaps if Microsoft created a dedicated SQL Server *nix sales team, who agreed never to pass information to the Windows Server sales guys, you could overcome this, but that greatly complicates the problem and raises the costs of the undertaking.  At the time Microsoft did not have dedicated sales teams for anything, so you’d be trailblazing yet another trail.  And then there is IBM.  An IBM sales rep is going to lead with DB2 and then bring in someone else if the customer insists on it.  Oracle’s existing market share means they are already in the account and are likely the ones encouraging the customer to tell IBM they want to run Oracle on the IBM Server.  But Microsoft didn’t have the same level of account presence, particularly with the *nix-oriented parts of IT organizations, to insert itself into these sales situations without a lot of incremental effort.  And that puts you back into the problem of the value of the sale being too low to justify that effort.  So this is another questionable partner situation.  While that left lots of other players (HP, Compaq/Digital, Dell, etc.) who could have been great partners, Sun and IBM were the two leading *nix players. Microsoft’s ability to penetrate the *nix database market without them would have been greatly impeded.

Fourth, since the target of my investigation was really mission critical Enterprise systems you have to address how they will be serviced.  How do you go after the most demanding service and support situation with an organization that has no expertise in servicing the environment?  Can you do it mostly with partners?  Again this is just complex and potentially expensive to solve.  It also flew in the face of something else we were experiencing.  Big Enterprise customers want your senior executives to shake their senior executives hand and promise you’ll stand behind them and make them succeed with your product.  How do you do that if you outsource service to a partner?  Would Microsoft have had to acquire a *nix-oriented services company in order to succeed?

Lastly, what is the business impact on the overall Windows Server business (or on Windows client as well) if you port SQL Server to *nix?  One could say this bullet is a duplicate of number three and it all washes out in the business plan.  But I doubt a SQL Server business plan could have fully captured the question or the impact.   I had full executive support in investigating a port, but had I brought forth a proposal to proceed  I would have faced arguments from many that I was undermining Microsoft’s entire business plan.

I started to work through all of the above and realized that the cost of porting SQL Server to *nix, and succeeding with it, was enormous.  And more importantly, it would distract from our ability to move the product forward.  It would also distract from Microsoft’s ability to push Windows Server to support high-end hardware and address other Enterprise requirements.  And when all was said and done that it was going to be a huge net negative for the business.  So I dropped the idea.

Fortunately for Microsoft the collapse of the Internet bubble, and its assumption that businesses would grow faster than Moore’s Law for an indefinite time period, coincided with the release of Windows 2000 Server.  Windows 2000 Server addressed many of the problems (reliability, scalability, manageability) with Windows NT 4 Server in the Enterprise.  The combination caused customers to apply a price for value analysis (that they’d ignored during the bubble) to their server purchase decisions.  And high-end hardware such as the Unisys ES7000, HP Super Dome, and offerings from Fujitsu, NEC, and others essentially wiped out the single system *nix scalability advantage.  Windows Server then continued its Enterprise-oriented improvements in subsequent releases, helping pave the way for SQL Server to grow its success in the Enterprise without a *nix port.

Has Microsoft taken another look at a port since I left the SQL Server team?  I don’t know.  Some of the pressures to port SQL Server to *nix have receded over the years while others (e.g., MySQL) have emerged.  But I think it is an idea whose time has passed.  In a Cloud Services (as opposed to just hosting a standard VM in the cloud)environment no one really knows nor cares what the underlying OS is.  SQL Azure thus becomes Microsoft’s answer for those who don’t want to run an in-house Windows Server just so they can run SQL Server.

There are times I think Microsoft would be better off as a pure software company rather than one oriented primarily around a single platform (i.e., Windows).  On the other hand, when I look at the database industry I see that most of the database companies that became leaders based (to a large extent) on their multi-platform support are gone or are niche players.  Ingres, Sybase, Informix, and Oracle all used multi-platform as their means to displace the systems vendors own offerings (DEC Rdb, IBM DB2, and non-relational offerings from many others).  Of those only Oracle remains a significant supplier of database software.  And while some may consider multi-platform orthogonal to the problems the other database companies faced I think it played a significant role in their inability to keep up.  Doing multi-platform right is a huge and ongoing expense;  A tax on their ability to invest in improving their own database technology and focus their sales and marketing efforts.  By sticking with a single platform Microsoft, SQL Server included, gets to focus its engineering, marketing, sales, and services efforts on adding synergistic value instead of thinly spreading a least common denominator over multiple-platforms.  This has been key both to Microsoft’s overall success, and specifically to SQL Server’s success.

In retrospect I can say I’m very happy that we never went the multi-platform route with SQL Server.   Even if I was the primary advocate in the management team for doing so.

Posted in Computer and Internet, Microsoft, SQL Server | Tagged , , , , | 20 Comments

Why are there so many website security breaches?

Posted on July 26, 2011 by halberenson

Over the weekend my wife and I decided to go pay our last respects to Borders Books.  I could write a blog entry on why they failed (which includes missing the Internet, then missing e-Readers), or why we bought nothing (going-out-of-business discounts didn’t even bring their prices down enough to equal Amazon and the lines were so long there was no reason to wait for a bad deal), but I’d rather write about my aha moment.  I now know a major reason we have so many website breaches.

While browsing through Borders’ selection of computer books I decided I wanted to see what some of them said about security.  I picked up an introductory book on building websites and looked for Security in the index.  This ~750 page “all in one” guide had just  TWO pages on security, and they contained no details just some general things you’d need to worry about if you set up an e-commerce site.  Then I grabbed another website book and discovered it had ZERO pages on security.  And then another with the same result.  It seems that we are training website developers that security is of no importance.

Next I moved on to SQL programming.  For those who don’t know it, something called “SQL Injection” has been amongst the top couple of ways to breach a website for the last several years.  SQL Injection isn’t a bug in database products, it is the result of application programming mistakes.  The first book I picked up on programming SQL (Microsoft SQL Server specifically) didn’t talk about SQL Injection at all.  So I decided to look at books that were specifically aimed at web database programming rather than SQL specifically.  I picked up a book on jquery and found no mention of SQL Injection.  Then a book on ADO.NET and it also had no mention of SQL Injection either.  Wow, this was disturbing.  We aren’t training programmers to take the proper precautions when writing access to databases either.

After returning home I used Amazon to look at the indexes for, and perform searches on, a number of other website and database programming books and the results were little better.  Introductory website books rarely discuss good security practices.  With introductory database programming books the situation is a little bit hit or miss.  Some don’t mention SQL Injection at all, while I did run across a few that gave good guidance on how to avoid it.  But the overall situation is pretty clear:  when someone starts out building websites and web applications (be they doing so for their spouse’s small business or working for a large enterprise) they have no awareness nor training of how to build a secure website or application.  None.

Next I thought, well there are always people who hold a Certification (from Microsoft, Cisco, etc.) and surely they have the appropriate training in security.  So I set about looking at some of the training materials for certification.  My first look was at the Self-Paced training for MCTS Exam 70-516, “Accessing Data with Microsoft .NET Framework 4”.  This is a pretty obvious place to be testing knowledge about SQL Injection, but a search on this book yielded ZERO mentions of it.  The training book for 70-515, “Microsoft .NET Framework 4 – Web Applications Development” also contains no references to SQL Injection.  Almost all its discussions about security are related to authentication and authorization, with none on how to write a secure application.  Other exams, and the training material for them, may indeed cover these topics.  However, these are the two main exams around web application development (including with data access) and they do not.  For example, someone who wanted a SQL Server certification would find some training on SQL Injection in the materials for exam 70-433 (a full ONE page).  However this exam isn’t part of the web application development (technically a Visual Studio) certification and someone using a database other than SQL Server certainly wouldn’t bother taking it.  Once again we see that we aren’t training web developers in how to build a secure website or web application, nor are we expecting them (via certification) to know how to do it.

Once a developer is aware of, and interested in (often because their site has been compromised), creating secure websites and web applications there is plenty of documentation, training, and help to be had.  There are books about specific topics (e.g., there are books on how to protect against SQL Injection attacks going back to 2002) to general ones on building secure web applicationsOWASP (The Open Web Application Security Project) has extensive documentation, training, assessment materials, conferences, and tools for building secure websites.   But all of this assumes that a developer knows he or she needs to learn about these topics, which means that only the most experienced developers tend to have a focus on security.

Now I think we know why there are so many breaches of websites, the people developing them are simply not being trained in how to create secure sites.    The way to address this is to put security front and center during the initial training of web developers.  Basic security practices can’t be an add-on, it has to be part of the fundamental knowledge base that everyone operating in the IT arena has.  From the very first  website or application they create.

Posted in Computer and Internet, Database, Security, SQL Server | Tagged , , , , , , , , , , | 2 Comments

Windows XP support to end soon, and your use should end sooner!

Posted on July 15, 2011 by halberenson

I just wanted to remind everyone about a post I did a few months back on why it is time for Windows XP to die.

Posted in Microsoft, Windows | Tagged , , | 1 Comment

Aren’t classified files encrypted?

Posted on July 15, 2011 by halberenson

Here is a frustrating one for me, a break-in on a defense contractor’s network results in the theft of 24,000 files.  There are Information Rights Management (IRM) products such as Microsoft’s AD-RMS that can be used to essentially encrypt individual files and allow only authorized users to access them.  And while AD-RMS doesn’t directly provide protection for all the file types that appear to have been compromised, there are partners who do.  So what is frustrating is that while using commercially available IRM technology would not have prevented the theft of the 24,000 files it might have rendered them useless to the thief.  I say “might” because assuming a government stole the files they may have the resources to break the encryption.  In any case, the best practice would certainly be to use IRM.

So, is this information being reported as compromised because they weren’t using IRM or because IRM doesn’t work?

Posted in Computer and Internet, Security | Tagged , , , , , | Comments Off on Aren’t classified files encrypted?

Windows Phone Mango to ship in September or December?

Posted on July 15, 2011 by halberenson

The blogosphere seems to be identifying two potential dates for Windows Phone Mango to ship.  Based on a comment SteveB made about Christmas some are trying to say December.  Based on a comment from Microsoft about Imagine Cup participants getting a Windows Phone Mango phone by the end of September others are saying September.  Given fall begins in late September and ends just before Christmas, and Microsoft has said “fall” for GA, the rumors pretty much cover the range!

Windows Phone 7 was targeted for the Holiday 2010 shopping season and was available in October in Europe and November in the U.S.    Indeed in the U.S. the Holiday, or Christmas, shopping season officially begins the day after Thanksgiving (“Black Friday”) but in reality people now start shopping well before Thanksgiving.  I’m 99.9% sure that SteveB was talking about the season and not Christmas Day itself.  And the end of September would be just a few days shy of the anniversary of Windows Phone 7’s own General Availability.  So the bottom line is that I think Microsoft is targeting availability of new phones with Mango for almost exactly a year after Windows Phone 7.

As for Mango updates, as I mentioned earlier those could be delayed for a considerable time new phones with Mango pre-installed become available.  Of course, I hope that isn’t the case.  But to put a fine point on it, I still haven’t gotten the certificate revocation update for my Samsung Focus.  And how many months has it been since Microsoft started the update process for that trivial update?

Posted in Windows Phone | Tagged , , , | Comments Off on Windows Phone Mango to ship in September or December?