Scobleizer Weblog

Daily Permalink Friday, August 15, 2003

Brad Abrams leaks what some of the deliverables will be at the PDC.

Chris Hollander demonstrates how disaster coverage will change now that we all have weblogs and moblogs. (Great blog about his experiences in New York yesterday during blackout).

Marc Canter says he loves pushing my buttons. Heh. I don't +have+ to reply to him. I just enjoy it. It's a Scoble trait, too. You should hear the arguments I get into with my family.

If you can't take on the tough issues, and the smartest people, what fun would weblogging be?

Dave Rogers cracks me up.

He posted, in my comments, "Sympathy can be found in the dictionary between s%$t and syphilis."

Good point.

I should warn you, before you click on Marc Canter's link, that he has naked pictures of Arnold on his weblog. Ahh, California, how I miss thee!

Marc Canter snickers that Microsoft can't write secure code.

Marc don't gloat too much. Other operating systems, even open source ones, have had their own troubles this week with attacks -- read the article, it's not funny on the anti-Microsoft side of the fence either.

Building secure and trustworthy computing systems, is NOT just a Microsoft problem. It's an industry-wide problem. It just looks like it's a Microsoft one, because of our market share and industry dominance (and, let's be honest, because our systems haven't been built in the past with security as a major priority).

Lots of people write me and gloat "heh, I won't get hit with a virus cause I use a Mac" or "open source has fewer viruses." If you look at Cert's critical incidents, you'll see that neither statement is true (although, because those two OS's have far less market share than we do, it makes it look like they are completely secure in comparison -- the article above shows that to be false on its face). Computing systems that have millions of lines of code have vulnerabilities. All of them. Anyone who says they are 100% sure that their system has no security flaws is lying. Flat out lying.

People are laughing at me this week cause I got the worm (people have told that to my face this week). Hey, I know it's funny when employees of the world's largest software company get hit with their own problems.

Fixing security in Windows is an extremely tough problem. Microsoft has, what, 50+ million lines of code? It's a very difficult problem to test every piece of code when it's put together as a system. Security is job #1 here (our stock price goes down everytime there's a security flaw found -- you think we're not motivated to fix these things?).

You think any of our employees enjoy weeks like these when our customers are feeling an immense amount of pain (not to mention that our own families and friends are getting hit as well)? You do realize that our executives are compensated now based on how happy our customers are, right? Believe me, our "happiness score" isn't very high right now.

Ever try to read someone else's source code? It's not easy. Now, imagine that you have millions of lines of code that was written by someone else (who you might not be able to discuss it with), and you need to go through and make sure it all is kosher. Not to mention you have to make sure that when thousands of pieces of code get put together that one of them doesn't expose a weakness in another.

This is not a simple problem.

We are working on it. I've seen huge strides over the last "critical incident." Before I was a Microsoft employee, I took Microsoft to task because they didn't work to get the word out well enough about how to fix these types of issues. This time Microsoft had a patch out before the bad stuff got released. We had a ton of response. A ton of warnings. And a ton of information that continues even today. Many Microsoft webloggers have now been asked to post a pointer to the Blaster web site. Microsoft's security team is holding chat sessions. Posting a ton of info. Working the newsgroups 24 hours a day. And even setting up temporary phone pools over the weekend where tons of employees will be available to help. That's a huge change in response to these issues than even a couple of years ago.

But, like, Scott Charney (our head of security) said, we have more to do.

As for Canter's claim that Bill Gates' problem is his employees. Um, there are 55,000 people working here and trying to do the right thing -- let's say half write code. Let's say they write an average of 100 lines of code a day. Let's say they all write one bug a day too. Now do you understand the scale of the problem? How many of you think you can write completely bug-free code? Hey, we're hiring!

I believe this is the first critical issue found in Windows Server 2003, for instance (we've had, I believe, five security issues over all found in our newest operating system -- which is the first released after we spent a month just fixing security issues). Only one of those is a critical problem. Let's see, thousands of people worked on this software for three or four years, and so far only one critical issue has been found? Out of 50+ million lines of code? That means that one guy made a mistake in his code. Out of 55,000 employees.

I wonder, how many people/companies make only one mistake in 50 million lines?

Software is done by humans. I'm not perfect. Neither are any of my coworkers. Well, maybe Anders is. But, we only have one of him. :-)

So, snicker away Marc. But, does that help us learn? Is that how you manage your own employees? Should I snicker when you make a mistake? Why not?

On Sunday I gave you insider information that mortgage application numbers were plunging. Today an official report came out on the topic on Reuters. Not bad, just a few days from insider information to mainstream news.

I just realized that picture I took of Anders revealed one of the new features in C# that we aren't supposed to talk about until the PDC. It's pretty cool stuff, gotta admit.

I finally met Anders Hejlsberg. He's the guy who came up with Borland's Turbo Pascal, Borland's Delphi, and more recently, Microsoft's C# programming language.

This guy is a God. I was sitting in a room with a bunch of hard-core C++ guys yesterday, who were struggling to understand him. "He makes my brain hurt" said one guy.

Oh, yeah, he's gonna be at the PDC. Get ready for some major brain hurt!

One thing, when you hear someone like that talk. They make the most complicated computer science concepts sound so darn easy. After listening to him, I swear I knew how to use templates and reflection. Not.

When you're around guys like that, I realize just how little I know.

I was talking with the Text America folks this week. What an interesting service they've built. Got a cell phone with one of those new cameras built in? Well, now you can instantly publish to the Web. Check out the "blackout" moblog done by people today in New York and elsewhere

There's a new version of Mono out (.NET on Linux).

Funny "Arnold for Governor" Flash video.

There's a new Tablet PC meetup.

Microsoft releases Project 2003 to manufacturing. Project isn't an app you hear about every day, but when I worked at Winnov, we used it to build all of our project plans. One entire wall was a printout of Project. Now that I'm really becoming a project manager, I gotta pick it back up.

.NET Rocks has Windows Internal guru Brent Rector this week.

By the way, one of the execs (Brian Valentine) just asked for Microsoft employees to come in this weekend and help answer phones about the Blaster Worm (we're expecting very high call volume this weekend because of this issue). I'm gonna go in early Saturday morning and help out. It's "all hands on deck" time.

Today also is the first time anyone at Microsoft asked me to post something on my weblog. I'm happy to do so in this instance.

A personal note to my readers: if you can help get the less technical among you back up and running, it's appreciated.

I'm seeing that the official "Blaster Worm" page isn't reachable. Turns out tons of people are trying to fix machines right now.

Jeff Sandquist wrote this up: "how to fix your mom's machine after she got the Blaster Worm."

OK, OK, he was one of a bunch of geeks who gave me a tough time for not having my machine patched.

Step 1 – Patch the machine and turn on the XP Firewall

http://www.microsoft.com/security/incident/blast.asp

Step 2 – Remove the Virus from your machine

Copy this file to a floppy disk before you go, run this utility on your mother’s machine and it will scan for the Virus and remove it.

If you forgot to copy it, you can download it from here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Step 3 – Turn on Auto update

Your mother got the Virus because her machine was not properly patched. Turn on automatic download and installation of updates by completing the following steps:

1. Open Control Panel, select the System icon

2. Select the Automatic Updates Tab

3. Turn on Keep my computer up to date option by selecting the check box

4. Turn on Automatically download the updates, and install them on the schedule that I specify, by selecting the radio buttons

5. Set the date to every day and a time when you know the machine will be turned on.

Now your mother’s machine will automatically check each night if there are any new patches and install them for you.


August 2003
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
Jul   Sep

Blogroll
Referer Page
Robert Scoble works at Microsoft. Everything here, though, is his personal opinion and is not read or approved before it is posted. No warranties or other guarantees will be offered as to the quality of the opinions or anything else offered here.

Click here to visit the Radio UserLand website.
Subscribe to "The Scobleizer Weblog" in Radio UserLand.
Click to see the XML version of this web page.
Click here to send an email to the editor of this weblog.
© Copyright 2004 Robert Scoble robertscoble@hotmail.com. Last updated: 1/3/2004; 2:54:42 AM.