All New Code?

Why is it that people believe that every release of Windows is entirely new code? I’ve never seen anyone from Microsoft ever claim any such thing, but every release I see people talking about the claim. Having said that, in every OS release almost every component gets touched if just to fix potential security vulnerabilities found by automated tools. That’s the advantage of a full OS release, you get the most complete testing cycle Microsoft can manage (internally and externally). Let’s see if I can introduce a lexicon for people to talk about OS release changes. Here are some categories to count and measure:

  1. Absolute Development Time – Each release only has so many developer resources for a period of time, so even if it’s just cleaning up almost invisible implementation issues, or major new features there is a an absolute amount of effort put in to each OS release. While people talk about vista in terms of 5 years since XP, the reality is that most of the windows organization for a bunch of that time was focused on the first and especially the second XP service pack.
  2. Subsystem Replacements – Instead of incremental changes to a couple components, this implies major rewrites and replacements. Windows ME to XP involved replacing the the windows 9x OS with the Windows 2000/NT codebase especially at the lower levels of the OS. Much of that code had been shipped and tested as Windows NT and Windows 2000, so for the development team this was incremental work, but for the consumer OS customers is was a new code base with all the pain involved. IIRC a decent amount of Windows ME was getting the driver ecosystem compatible with the Windows 2000 codebase so that Windows XP wouldn’t be as painful of a switchover. (There is a lesson here, you got to ship an OS which will get a negative reputation to move the market whenver making major changes that affect drivers, 64bit Vista is playing that role right now for future 64bit Windows OS versions). In Vista, there were at least three major subsystem replacements, the video, audio and networking stack each got rewrite/replacement level changes. The primary motivation for a subsystem replacement is to provide an better foundation for new features, but often pulls in a couple new features themselves (like IPV6 getting all the features the IPV4 stack had). This type of change is the most exciting and also the most likely to break existing drivers and applications.
  3. Architectural Rewiring – This is where we restructure existing code for modularity and potentially new release possibilities. Server Code and MinWin fall into this category of changes. To the upper layers of the OS (applications) it looks like nothing has changed, but you now have the ability to more easily release a super stripped down version of the OS, or let different parts of the OS evolve independently.One of the sins of Windows was the circular dependencies between some components, and we are in the middle of multi-release work to clean it up. A focus of Vista was to map out the system and put in controls to make sure we never introduce more. As a OS Geek, this is exciting stuff, as a OS user, this is something that is sucking up development dollars without apparent affect.
  4. UI Changes – For a user of the OS this is what they typically use to judge how much an OS has changed. Sometimes this implies a lot of work, sometimes this isn’t so much work. Because of the attention, every product typically has some UI change for the sake of change alone, and that change is usually one of the most protected secrets about the OS. There is a balancing act between holding these changes secret, and testing the OS as a final product. Often a ugly theme that utilities the same features as the final theme/UI is introduced to help mitigate the risk. (Therefore pre-release builds shouldn’t be judged on ascetics).
  5. New Features/Components – These are the functional improvements in the products. I think people have a pretty good grasp of this type of change.
  6. Changing Defaults – Relatively simple code/setting changes might make drastic changes to the user experience. Turning off old protocols, making new users non admin by default, etc.
  7. Bake Time/Cleanup – This is the relatively boring but critical process of fixing bugs, incremental performance tuning and just general "make things better" that takes of the majority of a development cycle and extends post release into service packs and the next release. It’s healthy to occasionally have a release that the majority of it is in this category, specifically targeting the things that were too risky for a service pack, but isn’t really a new feature. Unfortunately this type of changes tends to not sell new copies of the OS. This type of next release time is getting institutionalized at Microsoft in the form a Quality Milestone done during product planning when the development team doesn’t have much to do yet.
  8. Platform development – This is the type of work done that might be in the OS, but doesn’t really have any exposure or use until a corresponding server release, or other product takes advantage of it. For example: Windows XP had a feature for restoring automatic backups of previous file versions that only showed up when attached to a server that supported it. Vista (and XP via a separate download) has an amazing new GUI support for applications called the windows presentation foundation, but nothing in the OS itself takes advantage of it. It usually takes a while before we see application developers get used to the new libraries and choose to develop for it (normally a developer doesn’t want to develop for an OS version that users aren’t using in bulk).

Looking forward, we already know that some Architectural Rewiring is happing in the next Windows release with MinWin and with such major Subsystem Replacements in Vista and the compressed schedule for the next release, I can’t imagine too many Subsystem Replacements happening, but I guess we’ll have to wait and see.

Not understanding the Constraints

Reading the original IE Blog Article and the /. Discussion on the X-UA-Compatible markings, I have reached a couple of conclusions.

  • There is a camp of people who think that standards are an end to themselves free from nitty gritty details like solving real world problems.
  • Some people understand the issues but are happy to give the finger to billions of lines of working HTML pages and HTML generating code because it didn’t have the honor of being standards compliant years ago when it was written. (I think these people are secretly interested in donating their time to a  Y2K style effort of fixing all these old sites)
  • Many commenters don’t understand the constraints of this particular problem

For the sake of the last camp, I will attempt to make the issues clear up the problem constraints (and fail).

  1. It is unacceptable to break existing pages. If a person’s favorite site doesn’t work, they will avoid the upgrade or downgrade back to the old browser.  Assuming that all browser upgrades brings us closer to interoperable web standards, non adoption of the latest browser version is a very bad thing.
  2. Most existing content is immutable. There is too much of it and too much work to fix all the HTML and HTML generators which originally produced it.
  3. Web Standards and Implementations are not instantaneously mature, which means that all implementations will ship with bugs. While this is painfully obvious in IE, it is also demonstrated elsewhere: Firefox 2 doesn’t pass ACID 2, Firefox 3 will. What happens to pages depending on the bugs in Firefox 2 fixed in Firefox 3?
  4. There is an awful mess of pages out there that will forever be in Quirks mode and IE6/7 "standards" mode. Any solution that doesn’t deal this issue is broken.
  5. It can’t be a one time fix (debatable?). Something like a one time doctype change is not sustainable and leads to the same problem over and over again (since there will always be the latest new standard). Any solution should be good to handle this type of problem again and again for every browser vendor.

So now that you understand the constraints and you still have issues, make the world a better place and figure out a better solution then Microsoft did.

Thoughts on Monoculture

I was reading the comments in a post by Schneier today regarding some office in the military thinking about apple servers to avoid the attacks made against windows, and kept seeing the meme of "monoculture == bad". This is not a new debate, but I want to jot some thoughts.

  • Having a diversity of systems with equal access to a resource just means that you’ve extended your attack surface for all of the STRIDE classifications except Denial of Service.
  • Having a diversity of systems each serving a different partition of data/context does result in higher security if you are looking at all the information together. If an attacker only cares about the data of one partition, then diversity doesn’t help.
  • A diversity of systems that need to interoperate often use older and less secure protocols.
  • The primary argument (I’ve seen) against monoculture is that a system in the monoculture is weaker then it otherwise would have been because there are more attackers on that system and these attackers benefit from network effects in data sharing.
  • At a certain threshold, defenders start getting  network effect benefits too.
    • First, security vulns in a monoculture tend to not remain private (disadvantage or the network effects), allowing defenders to deal with not only specific issues, but learn to defend against classes of issues.
    • Security mitigation techniques are easier to deploy against like machines then diverse machines.
  • The monoculture reference to biology is actually harmful to understanding security. Biological systems care the most about survivability (Denial of Service?). Other aspects of security might have some defense as a side effect, but there really isn’t much of a notion of defending against information disclosure.

Slate on the pledge

From the Slate Daily podcast, I learned something (with the risk of  invoking Godwin’s Law) about the origins of the Pledge of Allegiance controversy:

For those who may have skipped that day in your constitutional-law class, it’s worth repeating that the pledge controversy began in Hitler’s Germany when the Nazis sent thousands of Jehovah’s Witnesses to concentration camps to punish them for refusing to make the Hitler salute to the Nazi flag on the grounds that they don’t believe in swearing allegiance to any worldly government and didn’t recognize Adolf as a semi-demi-divinity.

As a result, the American leader of the Witnesses denounced the hand-over-heart flag-salute American Pledge of Allegiance on similar grounds. The flag as false idol. It would seem to me other religions should have joined in.

Just to reminds us what we mean by false idol; Cue Exodus 20:4-5:

4 You shall not make for yourself an idol, whether in the form of anything that is in heaven above, or that is on the earth beneath, or that is in the water under the earth.

5 You shall not bow down to them or worship them; for I the Lord your God am a jealous God, punishing children for the iniquity of parents, to the third and the fourth generation of those who reject me,

Maybe the point of having the “under god” line added, to make sure it’s clear that country is second before religion, although I think there are some wouldn’t like that interpretation. Of course if one believes that the American government is fundamentally supposed to be a religious organization, then that might be a way out  of the contradiction too.

G+E: Breast Milk and IQ

As I learned from the Slate GabFest Cocktail Chatter segment, we have learned a bit more about how breast milk was giving an IQ boost. Turns out that some 10% of babies do not have the genetics to receive the IQ boost. The overall theme, It’s Genetics + Environment, not Nature vrs Nuture.

Just Don't It

I’ve never quite understood how economic conservatives deal with the cognitive dissidence of supporting abstinence-only education. Aside from being a wasteful use of tax money, the position runs counter to what makes free markets work; individual choice and information. Abstinence only education is on the wrong side of the equation; limiting choice and reducing available information. Why should anyone be surprised it is less effective at producing good outcomes?

Modern National Politics

Robert Reich recently passed through Seattle and one of his engagements was recorded on the KUOW Speakers Forum podcast. He had earlier that day been by Microsoft and I unfortunately missed the event, I will have to see if it was internally recorded and skip to the Q/A. He is currently out on a book tour for his new book “Super Capitalism”. The premise of the talk seems to attempt to explain the change in American politics from the 40s and 50s where people were widely involved and optimistic about democratic politics and organizations.He sketches out a model of how he feels the relationship between democracy and capitalism should work. In so many words he describes the idea the prisoner dilemma for consumers. You want to support some random cause such as not supporting companies involved with terrorist states or using child labor, but you rationally believe that your individual choice to not get the bet price/quality mix won’t really matter. Specifically that you can’t trust others to make the same buying choices. The solution is to control to common rules of the game via laws. However this runs into two major problems.

First, corporate lobbyist control a lot of the campaign cash flow and potential get a lot of stopping power against rules they don’t like. Reich shows this by pointing out how common Congressional chastising is without any legislation. The appearance of concern without doing anything about it. A dog and pony show that works for both the companies and the politicians. Reich avoids blaming the companies for being in Washington because the primary reason they are in Washington is that their competitors are. (Proving the point, he mentions Microsoft and Yahoo for why Google has a large presence, when it was companies like IBM, Novell and Sun is why Microsoft has its presence).

Second, The effects of globalization (Reich calls it the technology inheritance of WWII). The transportation improvements meant that more companies could compete and putting a lot ore pressure on prices. The same technology boom enabled a huge growth in investment. These two pressures build up and give companies a lot of incentive to cut cost every way possible, leading to his point that you can’t expect a company to be moral. Shame is a PR problem and it is responded to with more PR, not real change. He takes the PR shame approach to activism as a fundamentally flaw methodology. He doesn’t adequately address the next problem, with laying down laws as the approach to corporate behavior change, globalization and very weak world government means that many such laws only hurt the country passing them. He makes two counter arguments. The extra-territorial affect of the US is really large and second that doing the right thing will cost something.

This last concept that there is a cost and benefit to such actions resonates deeply for me. All to often I’ve seen otherwise smart people rely on a form of wishful thinking to believe that you can’t take actions like lower taxes or build roads and not have to pay for it somehow. Yes, yes, sometimes the system is so off that there is such an effect, but it’s bizarre to me that people believe it is the common case. This brings us to Former President Bill Clinton’s visit to campus. (You can catch roughly the same speech at slate). Clinton made almost the opposite argument from Reich. He basks in the glow of how many new non-governmental organizations now exist and how much money and affect they have. He also sells fixing global warming as something that actually benefits one’s economy instead of hurting it.

Overall I was very happy to start to feel some of architectural underpinnings of our current political system and some views of what it should be like. Reich sounded fundamentally backwards looking in approach, but was able to diagnose some malfunction, Clinton seems to be proud of some of the aspects of where we are today, but I’m not convinced that the new system works better.

Prop 1 – Not the Hospital One

I first learned the name of the big Seattle area roads and transit package at a Microsoft Hosted Forum regarding the package. Microsoft had gathered together a republican King County Council Member, the President of the Cascade Land Conservancy, the Executive Director of Transportation Choices and our Sr VP of LCA, Brad Smith. The made sure to be clear that they were talking about the Roads and Transit prop 1, and not the hospital prop 1 (apparently there are name collisions on the ballet). While this wasn’t an “all sides” group, they represented a wide span of interests who believed in the compromise as exactly that, compromise.

It seems like on the surface that no one likes this package. My more conservative friends who have been arguing for roads for a long time balk at actually have to pay for more roads. Generic liberals (I haven’t talked about prop 1 with my liberal friends) think that any roads are bad for the environment and unnecessary. Plus they will have a chance to try to get the transit package voted in without being tied to roads. The problem I have with the conservative position is that the longer they wait to approve a roads package, the more expensive it will be. They seem stuck in the “I want a pony, but I shouldn’t have to pay for it” mentality. The problem I have with the liberal position is that all they are going to do is devalue the Seattle area, by letting the problems get worse. If they truly cared about the environment, they would understand that growth happens and they are just shifting the problem to somewhere place in the region/country.

I’ve looked at the big projects involved in the package, and I have to say that the priorities seem right. Fix 520 bridge, fix the mess between 169 and 520 along 405. Get 9 better. Get light rail north and get light rail to the east side (and to Microsoft). I also don’t believe that the transit package will pass alone. After giving the finger to eastsiders, a big Seattle focused transit package isn’t going to do well.

We will have to see how this one plays out.