Thursday, September 27, 2007

The Dao of Microsoft

Network World

Security Strategies




Network World's Security Strategies Newsletter, 09/27/07

The Dao of Microsoft

By M. E. Kabay

The day before I began writing this article, I stopped in at the coffee shop across the street from the School of Graduate Studies in bustling downtown Northfield, Vt., (about which one of our vice presidents says warningly, “Well, we have some pretty rough traffic jams during rush minute”).

I looked at a tempting brownie (the small cake kind, not the young girl kind, you evil-minded readers) and asked the youngster behind the counter, “Does that have peanuts?”

She answered promptly, “Yes!” As I was putting the brownie back regretfully, an older clerk spoke up: “Actually, those are almonds and hazelnuts, not peanuts.”

Straight Talk from Security Experts

Leading security experts share their advice, secrets and real-world experiences in Network World's latest Executive Guide, "The Security Treadmill." Learn how to get inside users' heads, fight for a bigger security budget and much more.

Click here to download this Executive Guide.

“Ah,” I said, and promptly bought the brownie. The youngster apologized, saying, “Oh sorry, I assumed you were allergic to peanuts.”

“No,” I replied, “I just detest the taste of peanuts with chocolate.”

This incident came to mind as I was thinking about a problem in Outlook 2007. As Doug VanBenthuysen pointed out in July 2006, older versions of Outlook have long allowed users to store all kinds of text as “signatures,” effectively serving as keyboard macros. For example, I have dozens of text strings including a long signature, a short signature, a letter of thanks to readers, an explanation of how to spell and pronounce my name, and so on.

VanBenthuysen noted, “Unfortunately, it no longer seems possible to insert multiple signatures in an e-mail without adding steps (like copy/paste). As expected, Signatures get their own place on a ribbon (Message | Include | Signature). The problem is, when you choose one signature, the one that was already in the e-mail disappears.” Worse yet, sometimes part or even all of the e-mail message disappears with the old signature.

The Microsoft engineers’ errors, in my opinion, were three: they made unwarranted assumptions, they exercised semantic rigidity, and they deprived the user of reasonable control.

I’ve been programming computers since 1965 and teaching programming since 1977. One of the lessons I teach my systems engineering students is to be careful about limiting the power of users without having a good reason for the limitation. In this case, Microsoft engineers presumably assumed that it was impossible for anyone to want to have two signatures in one document. Even if we limit our discussion to signatures for the moment, that assumption seems silly to me; for example, it might be perfectly reasonable to store a short signature (e.g., “Best wishes,” name, title, phone number) and also store a block of details (additional phone numbers, Web site URL, and so on) to add to that short signature under certain circumstances.

Second, the engineers seem to have been so influenced by the label “signatures” that they discounted any other possible use of the feature. Granted, the Office 2007 suite has other ways of storing keyboard macros. For example, one can store relatively short strings in the AutoCorrect list and use an unusual keystroke sequence (e.g., “=s=”) as a substitute for a particular string. Another way of storing any kind of block of text is the Building Blocks Organizer. I use this feature all the time when I am editing student papers to insert standard suggestions on word usage or grammar. Nonetheless, there is no harm in allowing signatures to be anything the user wants.

Third, there is no option available to override the engineer’s decision to suppress previous signatures when adding a new one to an e-mail message. You would think that the proliferation of checkboxes for all manner of options in Outlook 2007 and other Office 2007 programs establishes the principle that user control is good; why this particular limitation should be forced upon users is a mystery to me.

Before I close, I want to address a recurring problem I face as I write my little homilies. “What,” some readers demand in exasperation, “does this have to do with security?” Well, I take a very broad view of security that includes Donn Parker’s concept of utility or usefulness as an essential attribute of information. The example I have dissected today is an illustration of the damage to utility that unfounded assumptions can wreak on a system. I hope that readers will apply the principles demonstrated in my analysis to their own work as they design software, networks and policies.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. 2007 Salary survey: IT pay falls short
2. A defense against Photoshop fakery
3. Phil the Fish teaches users to spot phish
4. 'Panda virus' victim offers perp plum IT job
5. 7 cool consumer technologies at DEMOfall07
6. AT&T wins $1B Treasury Department deal
7. Cisco broadens Carrier Ethernet line
8. Gartner touts Web 2.0, scoffs at sequel
9. VMware bugs shed light on virtualization security
10. HP's wireless network traffic monitoring

MOST-READ REVIEW:
The best VM management tools to tame the virtual beast


Contact the author:

M. E. Kabay, PhD, CISSP-ISSMP is Program Director of the Master of Science in Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site.



ARCHIVE

Archive of the Security Strategies Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

1 comment:

  1. Anonymous7:20 PM

    I am wondering just what Aron thinks about this!?

    ReplyDelete