rom the get-go, Microsoft's huge (10,000+ attendees) Tech·Ed conference in Dallas has been primarily about acting defensivelyturf protection rather than turf expansion: protecting networks from intruders, protecting users from spam and viruses, protecting developers from themselves, and protecting businesses from employees.
Microsoft isn't the only vendor that seems plagued by such protective impulses these days, although this is, of course, a Microsoft-centric conference. The entire IT industry is circling its wagons for protection against a malaise that can't be attributed solely to rapid economic implosion after the dot.com excesses.
|The bloom is off the IT rose, Flessner seems to be saying, and we (developers) are responsible for lifting it out of the doldrums.|
In his keynote Monday
, Paul Flessner, Senior Vice President of Microsoft's Server Platform division, spent great energy reacting to an article called "IT Doesn't Matter" (Harvard Business Review, May, 2003) that questioned the ongoing importance of IT to businesses. Flessner stated flatly that innovation in IT is not over, and then laid the burden
of IT innovation directly at the feet of developers.
Flessner feels that the solution to IT's problems lies in increased efficiency: creating more value for more businesses in less time and for less money. But improving efficiency is not generally a bullet point for emerging technologies; it rises in importance as innovation wanes. Which, of course, serves only to prove the point of the HBR article.
The popular view of IT has changed from an investment to an expense. IT jobs are scarce, developer salaries are down. The bloom is off the IT rose, Flessner seems to be saying, and we (developers) are responsible for lifting it out of the doldrums.
On Tuesday, Microsoft Chief Security Strategist Scott Charney, explained how as he has put in place a policy of "SD3+C"secure by Design, secure by Default, and secure in Deployment. Rather unfortunately, Charney also added the "+C", which officially stands for Communication, but really stands for "let's brag to everyone about our security efforts." That's advertising, not a feature. I hope the +C part isn't going to remain policy for long. In any case, making security a keynote topic of a technology conference is prima facie evidence of a defensive mindset.
Most of the announcements this week (with a few notable exceptions) are aimed far more at providing improved usability, scalability, security, and interoperability than toward providing new features or new capabilities.
Smarter Applications, Better Asset Management
Fortunately, there were several welcome announcements. For example, with .NET, Microsoft finally realized that Windows should apply permission policies and settings to applications in a manner similar to the way it applies permissions to users. Now they're extending that idea by making applications "smarter" about telling the operating system what they need. If a program needs a specific DLL or requires specific file access permissions, information about those requirements should travel with the program"baked in" at compile time. That's a good idea, and will lead to huge cost savings by letting the operating system check that the resources (DLLs, support files, and permissions) are available and reachable by the application before it runs, or perhaps even before it's installed.
While this is a future-state goal, it's easy to see the advantages at levels far above individual applications. Management tools would be able to monitor, discover, and fix permission and resource problems at machine, workgroup, or enterprise levels.
Better Patch Management
Charney said that traditionally, patch management at Microsoft was very decentralized, very customer focused, and very Darwinian. Different groups within Microsoft designed different patch applications that installed and applied patches in different ways. Charney said that one group might create patches that replace DLLs, while another group might patch by altering binary files, and a third might patch in yet another way. Patch installation also differs between various Microsoft groups. Some installers create undo files, some don't. Some alter registry entries, some don't. The differences in the patches and installations make the process of determining whether a patch has been applied extremely difficult. In the future, Charney says, every patch will have an installer. Every patch will register with the OS.