Feeds

back to article 'Your app will work on Windows 8 - but please rewrite it anyway'

Is Windows so much weighed down by legacy and the need to support existing applications that Microsoft cannot advance its platform? I put this question to Satya Nadella, president of the server and tools business at Microsoft, at the recent Visual Studio 2012 launch in Seattle, Washington. “We’re not afraid to make hard calls,” …

COMMENTS

This topic is closed for new posts.
JDX
Gold badge

Fair comment on not writing tools for non-MS platforms

However you can/used to be able to hook VS up against other compilers and toolchains anyway. I remember using VS 2003 (I think) as our IDE and compiler for Playstation 2 development when I worked in the games industry; presumably you could hook in Android tools and such?

1
0

Re: Fair comment on not writing tools for non-MS platforms

There's nothing to stop you creating a custom extension for msbuild to do whatever you want including cross-compiling. Many times the extension is just an xml definition to call a process to execute a program passing params and grabbing the result. VS uses msbuild (which can also be run independently and is a bit like Ant) to compile C++, C#, VB, etc.

0
0
Bronze badge

Words to sen a chill through your heart:

"Windows-specific HTML 5"

*shudder*

55
0
Silver badge
Facepalm

You got that right mate

There I was all nice and smug thinking we'd finally won the war to get Microsoft in line with the W3C with Internet Explorer, and the stupid bastards take us right back to square fucking one!

15
2
JDX
Gold badge

Re: You got that right mate

It's all very well being all idealistic and saying we should only use standards but any fool can see the HTML5 standard doesn't cover enough of the areas of functionality needed to do all the things HTML5 is promised for. Therefore we HAVE to have non-standard extensions, all we can hope is that different browsers copy each other rather than all making their own.

FireFox and Chrome are massively non-standard with all the extra extensions they support, this is no different.

2
15
Anonymous Coward

Re: You got that right mate

Do w3c have an official html5 standard yet?

1
0

Re: You got that right mate

It's coming in 2016 last I heard. Please don't make any new web sites or services until then.

2
2
Anonymous Coward

Re: Words to sen a chill through your heart:

Well, they've decided to use HTML5 for the tablet mode apps and it's obvious you'll hit a point where you need something and HTML5 doesn't provide it.

This is using HTML5 for local application development which is a lot different to using it for web sites.

0
0
Anonymous Coward

If you try to make an OS strong on all platforms, you will end up with an OS that is diluted to the point where nothing works well.

MS OS'd are like Star Trek movies. Every second release is shyte.

8
8
Anonymous Coward

How about "re-imagining" what an OS should be?

An OS should provide a "virtual machine" for a user application. It would be nice if we had some controls over what software could do. For example, "this application should *never* access the internet" or "this application only needs access to these libraries and this particular data directory," This application's config is stored in $appconf and os configuration requirements are in $appconf/os in text format so you can understand them.

You might even be able to stop some malware because your document rendering software is blocked from accessing the internet by the OS and doesn't have access to your entire disk, making it a useless attack vector. How about a system which says, you can only alter files outside of your temporary data directory if you have been given them by the user via an OS call? Or only an admin can flag/unflag a file as executable and executables are immutable.

Would anyone else find VMS' version controlled files being on by default handy?

Not every app needs or would use all this and these aren't panaceas, but it might help mitigate some of the worst offenders.

That might be a little more interesting than a new gui.

6
2

> . For example, "this application should *never* access the internet" or "this application only needs access to these libraries and this particular data directory,"

You can already using tools like hosts.{allow|deny} and chroot... oh, you mean on Windows...

> Or only an admin can flag/unflag a file as executable and executables are immutable.

Even Windows does this, so I'm not sure what you are on about.

> Would anyone else find VMS' version controlled files being on by default handy

Not really. Windows 7 & OS X does this and I've never found it useful - everything is checked into source control anyway. Similar tools exist for *nix, but I've never felt motivated enough to try them. My solution is put everything important (including /etc) into subversion which has the added advantage of supporting branching, labels and so on.

> That might be a little more interesting than a new gui.

Quite.

0
0
Bronze badge
Mushroom

>>An OS should provide a "virtual machine" for a user application. It would be nice if we had some controls over what software could do. For example, "this application should *never* access the internet"

Thats already been in Windows for years, and can be controlled down to the port / protocol per application level.

>>or "this application only needs access to these libraries and this particular data directory,"

That's been in Windows since Windows NT.....

Plus you get the sort of full enterprise application control solution that simply doesnt exist in Linux for instance: http://technet.microsoft.com/en-us/library/ee449491(v=ws.10).aspx

0
7
Anonymous Coward

"Every second release is shyte."

As infrequent as that !

3
0
Anonymous Coward

"simply doesnt exist in Linux"

AppArmor?

2
0
Silver badge

"Thats already been in Windows for years, and can be controlled down to the port / protocol per application level."

The problem with the fine-grained access permission system of Windows NT is that it's too elaborate for the function it is trying to perform -- and as a consequence, it ends up seeing about as much use in practice as a pay toilet in a forest. The much simpler Unix permissions model (user, group and others; read, write and execute / explore) may not do as much, but at least people use it.

Of course, I might be unfairly blaming Microsoft for the bad decisions of a bunch of self-taught "developers" working out of their bedrooms with pirate copies of Visual Studio and no official documentation.

5
3
Bronze badge
Mushroom

You mean you cant understand the model that most enterprises are actively running on Windows / AD? There are plenty of Windows admins happy to show your employer how it's done....

Yes we know that UNIX is crippled with a realy limited permissions model out of the box, and that to get proper ACLs is a bolt on after thought. And advanced features from Windows like claims based authentication simply dont exist in Linux without third party applications....

5
7
Bronze badge
Mushroom

Re: "simply doesnt exist in Linux"

No, AppArmor is just like NTFS file permissions for file paths. Its basically a less effective version of SEL and can be bypassed simply by creating a hard link. It is also specific to a single box, unless you start copying text files around.

Try reading the link above and you will see that AppLocker is an enterprise distributed system with lots more functionality....

0
4
Anonymous Coward

@AJ Stiles

Ah, the old "it's too complicated" argument, which sort of implies that you're happy with something less configurable. This always strikes me as an odd defence of Linux/UNIX as one of the major selling points is that Linux/UNIX is endlessly configurable to any degree and you can do anything you want with it.

6
0
Bronze badge
Mushroom

Re: "simply doesnt exist in Linux"

(and just to complicate the Linux mess, you have Tomoyo and Smack as well!)

0
4
Anonymous Coward

Re: "simply doesnt exist in Linux"

AppArmor uses application-specific profiles... where did you get that it's "just like NTFS file permissions for file paths"? Also, I did read the link you posted and the impression I got from it was that <drumroll> it's a Redmondian version of AppArmor. I'm not the only one making that comparison.

Given your dismissive tone and apparently unique understanding of the subject, I hope you'll understand that I don't just take your word on it... can you reference some type of source for the assertion that what AppArmor is used for can be accomplished via NTFS file permissions?

2
0

AC, learn a bit more about Windows. You want to stop a program accessing the internet (or any set of specified ports) go right ahead it's been there since Windows 2003. You want to restrict access by process, go right ahead and learn something about the ACL layer. The challenge Microsoft has is that a little bit of knowledge is dangerous and everyone becomes a systems admin bellyaching about what's not there without really understanding what is there.

2
2
Silver badge
WTF?

"Plus you get the sort of full enterprise application control solution that simply doesnt exist in Linux "

Someones been at the MS kool aid. Look up AppArmor - its been around since the late 90s when Windows was still in short trousers. Plus thanks to the Unix/Linux LD_PRELOAD system you can limit an app in any way you like.

3
0
Silver badge
FAIL

"AC, learn a bit more about Windows. You want to stop a program accessing the internet (or any set of specified ports) go right ahead it's been there since Windows 2003"

BFD. You've been able to do that on Unix since the 1980s via LD_PRELOAD.

0
1
Anonymous Coward

@boltar

"BFD. You've been able to do that on Unix since the 1980s via LD_PRELOAD."

Cool. If I fall through a time rift what Linux could to then that Windows couldn't it'd matter. For people making choices *now*, I suspect they're going to be swayed more by relevant stuff than tired old "x did it first" chest beating ...

0
3
Silver badge
Facepalm

Re: @boltar

"Cool. If I fall through a time rift what Linux could to then that Windows couldn't it'd matter."

You're missing the point. The LD_PRELOAD system allows ANY system API calls from a process to be caught and redirected or altered. So its not just limited to files or networks or whatever catch-up-with-the-1980s facilities Windows boasts about right now.

0
0
Anonymous Coward

Re: @boltar

"The LD_PRELOAD system allows ANY system API calls from a process to be caught and redirected or altered."

Really, it doesn't. It lets you load alternative shared libraries which could, say, replace functionality from the shared C runtime. In other words, it lets you alter the behaviour of well-behaved dynamically-linked binaries.

It has no effect on statically linked binaries and is easily bypassed by malicious binaries. It is not a security measure.

2
0
Gold badge

@RICHTO

Too bad about those downvotes, but it does point to a significant failing in *every* OS.

Even if the facilities are there, only techies know they even exist on their own system, hardly anyone knows they exist on the "rival" system as well, and almost no-one understands them well enough to actually use them.

The BIG unsolved problem in computer interfaces is presenting existing capabilities in a language that normal people can understand.

Forget "touch" or "waving body parts at the screen" -- the next leap forward in UI design will be *words*. In particular, words that are sufficiently simple to understand but also sufficiently rich to convey the concepts needed.

1
0
Silver badge
Linux

Re: @boltar

"It has no effect on statically linked binaries "

Not entirely true. All binaries get loaded by a parent process , usually a shell. You can set LD_PRELOAD at that level and trap the exec() functions so you can check the binary type and prevent statics being exec'd based on some criteria you define. I'll admit its hardly intuitive and a lot of fuss plus you need to be a good C coder to do it (which most sys admins probably arn't) but it works.

"easily bypassed by malicious binaries"

If you're thinking they might use dlopen() and load their own .so libs on the fly, you just trap dlopen().

0
0
Anonymous Coward

Re: @boltar

"If you're thinking they might use dlopen() and load their own .so libs on the fly, you just trap dlopen()."

I'm thinking a malicious binary will make syscalls directly without going through a library.

Seriously, you can't do reliable security by tinkering in user mode, whatever platform you're on.

1
0
Anonymous Coward

Re: @AJ Stiles

"one of the major selling points is that Linux/UNIX is endlessly configurable to any degree and you can do anything you want with it."

I'd like to wipe my arse with it. Please provide instructions.

2
3
Anonymous Coward

Re: @AJ Stiles

Yes, but when your X server won't start and you're asking a family member to open up VI to edit a config file it all gets a bit painful.

Complexity isn't always good and having massively configurable software sort of implies that you haven't got a clue on how to create something usable.

Let the user adapt themselves a little bit rather than have huge complexity. It was this sort of philosophy which Palm employed, they saw that handwriting recognition was CPU intensive and so devised a stroke based input (Graffiti).

0
1

need to avoid daft decisions

Windows 7 can no longer be used to find "fred" in "*.sam" from c:\this\strange\directory

Oddly the sort of thing it used to do really well (and much easier than the strange piping of 20 applications required in the average linux setup)

1
3
Silver badge

need to avoid daft statements

find | grep. Works on Windows 7 as well - you just need to install the GNU UnxUtils. This is the sort of thing that all UNIXes have done really well since pretty much forever.

5
1
Silver badge
Stop

@John

No, Windows can do this on its own.

As of Windows Vista PowerShell is now installed by default. All the OP needed to do was to start the right commandline environment for this job.

So:

PS > Select-String -Path c:\this\strange\directory\*.sam -Pattern "fred"

And you're done.

0
0
nk

Re: need to avoid daft statements

Since at least 2000, windows has included findstr.exe. A command-line utility very similar to grep (certainly better than find). I think it even supports regex,

1
0
Thumb Up

Re: need to avoid daft decisions

Umm guys the example was extremely specific and intended to demonstrate functionality that was removed from the Windows search interface i.e. the ability to target searches WITHOUT resorting to the command line or AQS voodoo. It is ridiculous that a query that could easily be done from XP's GUI now requires an incantation more complex than the average shell command.

@Dave 15: It can be done from the search box but requires the use of Advanced Query Syntax, something like this:

fred AND System.ItemFolderNameDisplay:C:"\this\strange\directory" AND type:.sam

Utter insanity...

0
0

Microsoft's Problem with Legacy APIs

Each new API that Microsoft introduces either wraps existing APIs (MFC, WinForms, ...) or is a subset of the APIs it intends to replace (GDI+, .NET, WPF, Silverlight, WinRT, ...), while offering new functionality not available in the other APIs.

Take the .NET runtime APIs for example. They are not a complete replacement of the Win32 APIs, forcing you in cases where you need that functionality (e.g. interacting with existing Win32/64 code) to use P/Invoke. However, Microsoft don't provide a set of P/Invoke wrappers for the Win32 API or include them in the corresponding Win32 documentation on MSDN. This means you end up with duplicated P/Invoke declerations that may contain bugs if incorrectly declared (e.g. unicode support).

For Win32 programs, the underlying Win32 API does not provide UI functionality such as Docking/Floating toolbars; these are written in the wrapper APIs (WTL, MFC, WinForms, ...), so you end up with an inconsistent user experience (accessibility, theming, keyboard shortcuts, ...) and more duplicate code.

The .NET 4 runtime is the first version that WPF/XAML properly supports rendering fonts on the screen, making it acceptable for UIs. However, it still lacks UI available in Win32 (date/time selection), renders keyboard focus for things like radio buttons and check boxes differently to Win32 (focus is on the checkbox, not the text) and keyboard navigation is also inconsistent with Win32.

Now, with WinRT, the XAML available does not support everything that WPF does and still does not have equivalents for all the Win32 native controls. The WinRT subset of Win32 is severely limited and restricted. This means that WinRT applications are going to be simple applications. Companies with their existing Win32/WinForms/WPF applications are not going to port their applications to WinRT overnight, and if they do are more likely to port their mobile versions over, not the desktop versions over. This is because desktop and WinRT are completely different platforms for all intents and purposes (e.g. it is like porting a Win32 desktop application to WinCE or WinPhone).

I don't believe WinRT in its current form is capable of supporting a large scale application (MS Office, LibreOffice, Firefox, Photoshop, etc.). Note that the firefox version targetting Windows 8/WinRT is not a pure WinRT application, it is in the hybrid Desktop/WinRT application category that is reserved for browsers that give it access to capabilities that true WinRT applications do not (e.g. the Virtual* API calls to support JIT compilation of JavaScript).

12
0
Silver badge

Scylla and Carybdis

Microsoft are in trouble whatever they do.

If they continue to support badly-written legacy software (which breaks on more secure systems precisely because it relies on the exact same unfettered system-wide access used by malware to do its stuff), they will also be supporting malware.

If they stop supporting legacy software so customers have to get their important apps rewritten from scratch, then there's less of a reason for said customers to continue buying Microsoft operating systems on which to run the rewritten apps.

About the only thing they can do that will stand any chance of working and being secure is to have each legacy application run in a separate, firewalled and chrooted virtual machine.

4
0
Anonymous Coward

Re: Scylla and Carybdis

Please stop repeating this tired old cack. There may well be a few badly written bits of software that need certain elements of admin access, but these are vanishingly rare these days. I've never come across anything - in 15 years of using Windows professionally - that absolutely had to run as a full administrator, usually it's a single registry key, file, or the like. The things which do need to install as admin, often only need to because of a badly coded installer checking the user is in the administrators group and, really people relying upon this kind of legacy software should totally understand their software by now and know how to install it properly.

3
4
Gold badge

Re: Scylla and Carybdis

"I've never come across anything - in 15 years of using Windows professionally - that absolutely had to run as a full administrator, usually it's a single registry key, file, or the like."

When I was in the market for children's (under-10s) games a few years ago, I found that just about every one insisted on Admin rights either because it needed to tonk all over my display settings or because it needed to hand-grease my CD-ROM's spindle to support some amazingly clever "anti-backup" mechanism.

I dare say that a few weeks spent playing with shims, registry keys, Process Explorer and the like would have yielded solutions in most cases. I'm prepared to bet that most of the general public just granted admin rights to their toddler's account and bought the software again when the disc got scratched beyond recovery.

Designing apps to avoid admin access SHOULD have been part of the Windows landscape for the last 20 years. (The security model dates from about '92.) Microsoft were still shipping violations about 10 years ago. The games market may be OK now (haven't looked) but certainly wasn't 10 years ago. If you've been fine for 15 years, you've been working in a fairly restricted portion of the marketplace.

"and really people relying upon this kind of legacy software should totally understand their software by now and know how to install it properly."

Is this the general public we're talking about? The same people whose existence made Microsoft hesitate for so many years to remove AutoRun?

3
0

Microsoft is right

They have a massive installed base *because* they look after legacy apps. The recent spat between the Gnome team and Torvalds arose exactly because Linux has no backward compatibility by deliberate action. Yesterday's API is always deprecated and developers must change their code to be compliant - and *recompile* from source. This burden maybe OK for an IT department but it's no good for a desktop/end user application. But even for an IT department it becomes a challenge as legacy Linux versions become unsupported.

2
3
Bronze badge

We need need a HTML 5 web site test authority

The Microsoft and Apple plan is no doubt to keep breaking HTML like they always have done.

So simply have one authority that advises people which browser to sue that works with real HTML !

Microsoft have proven untrustworthy here and Apple look headed the same way.

Where is the taming authority?

3
0
Coat

Re: We need need a HTML 5 web site test authority

Love the Freudian slip

2
0

This post has been deleted by a moderator

Anonymous Coward

Re: Anything you write for Microsoft Platforms will be Obsolete in no time.

Some stuff may, but other stuff written for Linux last year doesn't now run.

Pound Proxy, for example, won't (or wouldn't last time I tried) run on CentOS because some critical routines have been deprecated from a library.

Anyway, your comment suggests you know nothing about MS, the really big selling point of Windows is that stuff very rarely stops running from one version of the OS to another.

1
1
Silver badge

@Eadon

Nope.

I can even be more specific than the AC here.. Have you never wondered why a distribution more than often installs several versions of the exact same library?

That's because a lot of the libraries used in Linux aren't backwards compatible. At all... As such; in order to be able and run certain software you sometimes need to have several versions of the same library installed, until the specific software has been updated (= rewritten) to use the new version of the library.

Which sometimes doesn't happen. And quite understandingly; library versions won't remain supported until the end of times. Versions disappear to make place for newer versions.

SO if your software would date back to 1990 without having seen any updates but would be so unfortunate to use one of those libraries then you're completely out of luck. Sometimes its even sheer impossible to get hold of older versions of certain libraries.

0
1
Silver badge

Re: @ShelLuser

> more than often installs several versions of the exact same library?

In most cases these are _not_ 'several versions', but are merely symlinks to the latest version. The latest versions being completely backwards compatible, the symlinks cater for older applications that asks for a specific version.

Of course Linux does actually support running multiple versions of dynamic libraries, so it is not a problem either way. Windows has had 'DLL hell'.

> Sometimes its even sheer impossible to get hold of older versions of certain libraries.

There are one or two exceptions, but symlinking the current library to the specific, older, name will work.

Also in my httpd logs I often see Windows with:

.NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET4.0C; .NET CLR 3.0.30729;

That implies to me that they have several versions of the .NET library installed - because they are not backwards compatible.

1
0
Silver badge

Nobody will do a re-write for Windows

The whole point of Windows is that you can run age old stuff on it. Windows itself is long obsolete by now.

Most software in productive use for Windows is just barely maintained. Such packages started as a project to learn about the development system (e.g. Delphi or VB) with the developer trying out every feature they can. This sometimes leads to new software which needs Win32 to use VBX components because some piece of software needs it, and that piece of software won't compile on the "new" 32-Bit compiler

On those systems you have layer upon layer of cruft, you have ever fashionable technology from the last 20-30 years in there.

And that's not just in applications where it doesn't matter. For example there are SCADA systems controlling power grids running on OPC, that's OLE for Process Control. If you are a long-time Windows user, you might know OLE from Corel Draw 4 crashes, or from errors resulting in opening one document with embedded OLE objects on another computer. Networking works with DCOM, a technology so bad that Microsoft stopped supporting it.

Nobody will rewrite such things, and even when they do, they surely will try to avoid those problems.

0
0
Windows

Uh huh

When someone says they're "not afraid to make the hard calls", you can bet your bananas they're petrified.

0
0
Anonymous Coward

We’re not afraid to make hard calls,”

Windows breaks legacy all the time. Tried to used the jet engine on XP64? It wasn't ported, so forget accessing excel files this way. As pointed out above, file search is broken in W7. Etc. MS can "make the hard calls" (whatever cluelessness hides behind this macho phrase) because it can abuse its market domination. If Ford tried to break car controls' ergonomy (yeah the brakes really are better driven using that slider on the steering wheel, trust us) the way the ribbon broke Office's GUI, or W8 will break OS usage, they'd be out of business in a flash.

0
1
This topic is closed for new posts.