rom the get-go, Microsoft’s huge (10,000+ attendees) Tech?Ed conference in Dallas has been primarily about acting defensively?turf protection rather than turf expansion: protecting networks from intruders, protecting users from spam and viruses, protecting developers from themselves, and protecting businesses from employees.

Microsoft isn’t the only vendor that seems plagued by such protective impulses these days, although this is, of course, a Microsoft-centric conference. The entire IT industry is circling its wagons for protection against a malaise that can’t be attributed solely to rapid economic implosion after the dot.com excesses.

The bloom is off the IT rose, Flessner seems to be saying, and we (developers) are responsible for lifting it out of the doldrums.

In his keynote Monday, Paul Flessner, Senior Vice President of Microsoft’s Server Platform division, spent great energy reacting to an article called “IT Doesn’t Matter” (Harvard Business Review, May, 2003) that questioned the ongoing importance of IT to businesses. Flessner stated flatly that innovation in IT is not over, and then laid the burden of IT innovation directly at the feet of developers.

Flessner feels that the solution to IT’s problems lies in increased efficiency: creating more value for more businesses in less time and for less money. But improving efficiency is not generally a bullet point for emerging technologies; it rises in importance as innovation wanes. Which, of course, serves only to prove the point of the HBR article.

The popular view of IT has changed from an investment to an expense. IT jobs are scarce, developer salaries are down. The bloom is off the IT rose, Flessner seems to be saying, and we (developers) are responsible for lifting it out of the doldrums.

On Tuesday, Microsoft Chief Security Strategist Scott Charney, explained how as he has put in place a policy of “SD3+C”?secure by Design, secure by Default, and secure in Deployment. Rather unfortunately, Charney also added the “+C”, which officially stands for Communication, but really stands for “let’s brag to everyone about our security efforts.” That’s advertising, not a feature. I hope the +C part isn’t going to remain policy for long. In any case, making security a keynote topic of a technology conference is prima facie evidence of a defensive mindset.

Most of the announcements this week (with a few notable exceptions) are aimed far more at providing improved usability, scalability, security, and interoperability than toward providing new features or new capabilities.

Smarter Applications, Better Asset Management
Fortunately, there were several welcome announcements. For example, with .NET, Microsoft finally realized that Windows should apply permission policies and settings to applications in a manner similar to the way it applies permissions to users. Now they’re extending that idea by making applications “smarter” about telling the operating system what they need. If a program needs a specific DLL or requires specific file access permissions, information about those requirements should travel with the program?”baked in” at compile time. That’s a good idea, and will lead to huge cost savings by letting the operating system check that the resources (DLLs, support files, and permissions) are available and reachable by the application before it runs, or perhaps even before it’s installed.

While this is a future-state goal, it’s easy to see the advantages at levels far above individual applications. Management tools would be able to monitor, discover, and fix permission and resource problems at machine, workgroup, or enterprise levels.

Better Patch Management
Charney said that traditionally, patch management at Microsoft was very decentralized, very customer focused, and very Darwinian. Different groups within Microsoft designed different patch applications that installed and applied patches in different ways. Charney said that one group might create patches that replace DLLs, while another group might patch by altering binary files, and a third might patch in yet another way. Patch installation also differs between various Microsoft groups. Some installers create undo files, some don’t. Some alter registry entries, some don’t. The differences in the patches and installations make the process of determining whether a patch has been applied extremely difficult. In the future, Charney says, every patch will have an installer. Every patch will register with the OS.

The Two Best Announcements
I met with Mike Fitzmaurice, Technical Product Manager for Microsoft’s Windows SharePoint Services (formerly SharePoint Team Services). SharePoint Services 2003 is one of two show announcements I think are truly exciting?that give developers and users new capabilities rather than simply adding layers of protection (and protectionism) around existing capabilities.

• Improved groupware development capabilities
• A much-needed interface update for Outlook Web Access

The second item is very simple: The newest version of Exchange (currently at RC 1 status) gives you the same mailbox interface features when using Outlook Web Access (OWA) as you get using the standard desktop client. Exchange will now ship in both Standard and Enterprise editions. You can download a version at http://www.microsoft.com/exchange/evaluation/ti/.

As nice as that will be, the news about SharePoint, advertised as a file-sharing and team collaboration product, will have a much bigger impact; SharePoint is the next step up in the evolution of Web application development.

The potential impact that SharePoint will have on Web development (especially intranet development) is similar in scale to the introduction of Active Server Pages (ASP), which gave millions of developers easy access to the Web. SharePoint extends the reach by giving users an easy way to create Web sites and work with shared documents.

The potential impact that SharePoint will have on Web development (especially intranet development) is similar in scale to the introduction of Active Server Pages (ASP), which gave millions of developers easy access to the Web.

SharePoint uses a “Web Parts” metaphor. Web Parts are pre-designed building blocks that users can drag onto a Web page and fill with data at run time. You can think of them as controls for users rather than controls for developers, as templates for various types of information. Technically, Web Parts are ASP.NET Web server controls with some code tacked on to make them run within a specialized SharePoint Web Form, which handles initializing, interacting with, and storing state for the Web Part.

Developers need about the same level of .NET expertise to build Web Parts as to build server controls. After the Web Parts are built, anyone who can drag-and-drop (which is to say anyone) can use the Web Parts to assemble Web pages. You can create both read-only and fully interactive and updateable Web Parts. You can even create Parts that are multi-user aware, giving developers and users the ability to create groupware applications without worrying about concurrency or resource contention.

Fitzmaurice demonstrated how SharePoint Services provides archive, search, check-in/check-out, and authentication capabilities. Building a low-to-mid-range document management solution, for example, is trivial. Newer Microsoft applications such as Office 2003 (currently in beta) and BizTalk integrate with SharePoint Services so that several people can check out and work on a document simultaneously. Users can assemble pages that require multiple logins. For example, you can create pages using Web Parts that access information from PeopleSoft, SAP, SQL Server, and Oracle. Although each provider might require authentication, SharePoint can use the current user’s credentials to access and forward stored credentials for any other secured information source.

The the best part of Tech?Ed was to see the huge number of hands-on labs … these labs were full all day long, every day.

Microsoft provides some general-purpose Web Parts out of the box, but I expect the number of available Web Parts, both free and commercial, to grow rapidly. This product probably spells doom for many Web developer jobs, because it gives users a fair portion of the power that only Web developers had previously. My advice to current Web developers is: learn to write Web Parts as quickly as possible, or at least learn to plan and assemble portals using pre-built parts.

As you might expect, SharePoint provides the capability to expose Web Parts and sites as Web services, so you can easily extend information in a SharePoint site to outside partners or clients, or integrate the information into other applications. Its services work with products such as SharePoint Portal Server to scale all the way from a team/workgroup level through to the enterprise level.

Finally, Office 2003, although not yet released, will go a long way toward eliminating some of the barriers between content and systems. This version adds collaboration, workflow, and (of greatest importance to many developers) greatly improved XML capabilities. It’s not as wonderful as it could be; the XML that the Word beta emits is better described as “Near XML.” It looks and acts like XML, but it’s a far cry from the “human readable” format, which is touted as one of XML’s benefits.

Other notable additions to Office?OneNote, and InfoPath?also rely on XML to give users a single, easy-to-manage place to keep notes (OneNote), and a way to build and deliver complex XML-based forms (InfoPath). I have no doubt that?regardless of its complexity?Office’s XML capabilities will serve to increase its market penetration, if that’s possible.

From a non-product perspective, the best part of Tech?Ed this week for me was to see the huge number of hands-on labs, set up in relatively large breakout rooms around the Dallas convention center. These labs were full all day long, every day. Pundits may decry the state of innovation in the industry, but a quick glance at the length of the lines for the labs, and the intensity and interest on the faces of those attendees taking the labs indicate that developer interest hasn’t waned a bit.