back to article 'Your app will work on Windows 8 - but please rewrite it anyway'

Is Windows so much weighed down by legacy and the need to support existing applications that Microsoft cannot advance its platform? I put this question to Satya Nadella, president of the server and tools business at Microsoft, at the recent Visual Studio 2012 launch in Seattle, Washington. “We’re not afraid to make hard calls …

COMMENTS

This topic is closed for new posts.
  1. JDX Gold badge

    Fair comment on not writing tools for non-MS platforms

    However you can/used to be able to hook VS up against other compilers and toolchains anyway. I remember using VS 2003 (I think) as our IDE and compiler for Playstation 2 development when I worked in the games industry; presumably you could hook in Android tools and such?

    1. Sirius Lee

      Re: Fair comment on not writing tools for non-MS platforms

      There's nothing to stop you creating a custom extension for msbuild to do whatever you want including cross-compiling. Many times the extension is just an xml definition to call a process to execute a program passing params and grabbing the result. VS uses msbuild (which can also be run independently and is a bit like Ant) to compile C++, C#, VB, etc.

  2. Brewster's Angle Grinder Silver badge

    Words to sen a chill through your heart:

    "Windows-specific HTML 5"

    *shudder*

    1. Steven Roper
      Facepalm

      You got that right mate

      There I was all nice and smug thinking we'd finally won the war to get Microsoft in line with the W3C with Internet Explorer, and the stupid bastards take us right back to square fucking one!

      1. JDX Gold badge

        Re: You got that right mate

        It's all very well being all idealistic and saying we should only use standards but any fool can see the HTML5 standard doesn't cover enough of the areas of functionality needed to do all the things HTML5 is promised for. Therefore we HAVE to have non-standard extensions, all we can hope is that different browsers copy each other rather than all making their own.

        FireFox and Chrome are massively non-standard with all the extra extensions they support, this is no different.

      2. Anonymous Coward
        Anonymous Coward

        Re: You got that right mate

        Do w3c have an official html5 standard yet?

        1. Wild Bill

          Re: You got that right mate

          It's coming in 2016 last I heard. Please don't make any new web sites or services until then.

    2. Anonymous Coward
      Anonymous Coward

      Re: Words to sen a chill through your heart:

      Well, they've decided to use HTML5 for the tablet mode apps and it's obvious you'll hit a point where you need something and HTML5 doesn't provide it.

      This is using HTML5 for local application development which is a lot different to using it for web sites.

  3. Anonymous Coward
    Anonymous Coward

    If you try to make an OS strong on all platforms, you will end up with an OS that is diluted to the point where nothing works well.

    MS OS'd are like Star Trek movies. Every second release is shyte.

    1. Anonymous Coward
      Anonymous Coward

      How about "re-imagining" what an OS should be?

      An OS should provide a "virtual machine" for a user application. It would be nice if we had some controls over what software could do. For example, "this application should *never* access the internet" or "this application only needs access to these libraries and this particular data directory," This application's config is stored in $appconf and os configuration requirements are in $appconf/os in text format so you can understand them.

      You might even be able to stop some malware because your document rendering software is blocked from accessing the internet by the OS and doesn't have access to your entire disk, making it a useless attack vector. How about a system which says, you can only alter files outside of your temporary data directory if you have been given them by the user via an OS call? Or only an admin can flag/unflag a file as executable and executables are immutable.

      Would anyone else find VMS' version controlled files being on by default handy?

      Not every app needs or would use all this and these aren't panaceas, but it might help mitigate some of the worst offenders.

      That might be a little more interesting than a new gui.

      1. Ocular Sinister

        > . For example, "this application should *never* access the internet" or "this application only needs access to these libraries and this particular data directory,"

        You can already using tools like hosts.{allow|deny} and chroot... oh, you mean on Windows...

        > Or only an admin can flag/unflag a file as executable and executables are immutable.

        Even Windows does this, so I'm not sure what you are on about.

        > Would anyone else find VMS' version controlled files being on by default handy

        Not really. Windows 7 & OS X does this and I've never found it useful - everything is checked into source control anyway. Similar tools exist for *nix, but I've never felt motivated enough to try them. My solution is put everything important (including /etc) into subversion which has the added advantage of supporting branching, labels and so on.

        > That might be a little more interesting than a new gui.

        Quite.

      2. RICHTO
        Mushroom

        >>An OS should provide a "virtual machine" for a user application. It would be nice if we had some controls over what software could do. For example, "this application should *never* access the internet"

        Thats already been in Windows for years, and can be controlled down to the port / protocol per application level.

        >>or "this application only needs access to these libraries and this particular data directory,"

        That's been in Windows since Windows NT.....

        Plus you get the sort of full enterprise application control solution that simply doesnt exist in Linux for instance: http://technet.microsoft.com/en-us/library/ee449491(v=ws.10).aspx

        1. Anonymous Coward
          Anonymous Coward

          "simply doesnt exist in Linux"

          AppArmor?

          1. RICHTO
            Mushroom

            Re: "simply doesnt exist in Linux"

            No, AppArmor is just like NTFS file permissions for file paths. Its basically a less effective version of SEL and can be bypassed simply by creating a hard link. It is also specific to a single box, unless you start copying text files around.

            Try reading the link above and you will see that AppLocker is an enterprise distributed system with lots more functionality....

            1. RICHTO
              Mushroom

              Re: "simply doesnt exist in Linux"

              (and just to complicate the Linux mess, you have Tomoyo and Smack as well!)

            2. Anonymous Coward
              Anonymous Coward

              Re: "simply doesnt exist in Linux"

              AppArmor uses application-specific profiles... where did you get that it's "just like NTFS file permissions for file paths"? Also, I did read the link you posted and the impression I got from it was that <drumroll> it's a Redmondian version of AppArmor. I'm not the only one making that comparison.

              Given your dismissive tone and apparently unique understanding of the subject, I hope you'll understand that I don't just take your word on it... can you reference some type of source for the assertion that what AppArmor is used for can be accomplished via NTFS file permissions?

        2. A J Stiles

          "Thats already been in Windows for years, and can be controlled down to the port / protocol per application level."

          The problem with the fine-grained access permission system of Windows NT is that it's too elaborate for the function it is trying to perform -- and as a consequence, it ends up seeing about as much use in practice as a pay toilet in a forest. The much simpler Unix permissions model (user, group and others; read, write and execute / explore) may not do as much, but at least people use it.

          Of course, I might be unfairly blaming Microsoft for the bad decisions of a bunch of self-taught "developers" working out of their bedrooms with pirate copies of Visual Studio and no official documentation.

          1. RICHTO
            Mushroom

            You mean you cant understand the model that most enterprises are actively running on Windows / AD? There are plenty of Windows admins happy to show your employer how it's done....

            Yes we know that UNIX is crippled with a realy limited permissions model out of the box, and that to get proper ACLs is a bolt on after thought. And advanced features from Windows like claims based authentication simply dont exist in Linux without third party applications....

          2. Anonymous Coward
            Anonymous Coward

            @AJ Stiles

            Ah, the old "it's too complicated" argument, which sort of implies that you're happy with something less configurable. This always strikes me as an odd defence of Linux/UNIX as one of the major selling points is that Linux/UNIX is endlessly configurable to any degree and you can do anything you want with it.

            1. Anonymous Coward
              Anonymous Coward

              Re: @AJ Stiles

              "one of the major selling points is that Linux/UNIX is endlessly configurable to any degree and you can do anything you want with it."

              I'd like to wipe my arse with it. Please provide instructions.

            2. Anonymous Coward
              Anonymous Coward

              Re: @AJ Stiles

              Yes, but when your X server won't start and you're asking a family member to open up VI to edit a config file it all gets a bit painful.

              Complexity isn't always good and having massively configurable software sort of implies that you haven't got a clue on how to create something usable.

              Let the user adapt themselves a little bit rather than have huge complexity. It was this sort of philosophy which Palm employed, they saw that handwriting recognition was CPU intensive and so devised a stroke based input (Graffiti).

        3. Anonymous Coward
          WTF?

          "Plus you get the sort of full enterprise application control solution that simply doesnt exist in Linux "

          Someones been at the MS kool aid. Look up AppArmor - its been around since the late 90s when Windows was still in short trousers. Plus thanks to the Unix/Linux LD_PRELOAD system you can limit an app in any way you like.

        4. Ken Hagan Gold badge

          @RICHTO

          Too bad about those downvotes, but it does point to a significant failing in *every* OS.

          Even if the facilities are there, only techies know they even exist on their own system, hardly anyone knows they exist on the "rival" system as well, and almost no-one understands them well enough to actually use them.

          The BIG unsolved problem in computer interfaces is presenting existing capabilities in a language that normal people can understand.

          Forget "touch" or "waving body parts at the screen" -- the next leap forward in UI design will be *words*. In particular, words that are sufficiently simple to understand but also sufficiently rich to convey the concepts needed.

      3. Sirius Lee

        AC, learn a bit more about Windows. You want to stop a program accessing the internet (or any set of specified ports) go right ahead it's been there since Windows 2003. You want to restrict access by process, go right ahead and learn something about the ACL layer. The challenge Microsoft has is that a little bit of knowledge is dangerous and everyone becomes a systems admin bellyaching about what's not there without really understanding what is there.

        1. Anonymous Coward
          FAIL

          "AC, learn a bit more about Windows. You want to stop a program accessing the internet (or any set of specified ports) go right ahead it's been there since Windows 2003"

          BFD. You've been able to do that on Unix since the 1980s via LD_PRELOAD.

          1. Anonymous Coward
            Anonymous Coward

            @boltar

            "BFD. You've been able to do that on Unix since the 1980s via LD_PRELOAD."

            Cool. If I fall through a time rift what Linux could to then that Windows couldn't it'd matter. For people making choices *now*, I suspect they're going to be swayed more by relevant stuff than tired old "x did it first" chest beating ...

            1. Anonymous Coward
              Facepalm

              Re: @boltar

              "Cool. If I fall through a time rift what Linux could to then that Windows couldn't it'd matter."

              You're missing the point. The LD_PRELOAD system allows ANY system API calls from a process to be caught and redirected or altered. So its not just limited to files or networks or whatever catch-up-with-the-1980s facilities Windows boasts about right now.

              1. Anonymous Coward
                Anonymous Coward

                Re: @boltar

                "The LD_PRELOAD system allows ANY system API calls from a process to be caught and redirected or altered."

                Really, it doesn't. It lets you load alternative shared libraries which could, say, replace functionality from the shared C runtime. In other words, it lets you alter the behaviour of well-behaved dynamically-linked binaries.

                It has no effect on statically linked binaries and is easily bypassed by malicious binaries. It is not a security measure.

                1. Anonymous Coward
                  Linux

                  Re: @boltar

                  "It has no effect on statically linked binaries "

                  Not entirely true. All binaries get loaded by a parent process , usually a shell. You can set LD_PRELOAD at that level and trap the exec() functions so you can check the binary type and prevent statics being exec'd based on some criteria you define. I'll admit its hardly intuitive and a lot of fuss plus you need to be a good C coder to do it (which most sys admins probably arn't) but it works.

                  "easily bypassed by malicious binaries"

                  If you're thinking they might use dlopen() and load their own .so libs on the fly, you just trap dlopen().

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: @boltar

                    "If you're thinking they might use dlopen() and load their own .so libs on the fly, you just trap dlopen()."

                    I'm thinking a malicious binary will make syscalls directly without going through a library.

                    Seriously, you can't do reliable security by tinkering in user mode, whatever platform you're on.

    2. Anonymous Coward
      Anonymous Coward

      "Every second release is shyte."

      As infrequent as that !

  4. Dave 15

    need to avoid daft decisions

    Windows 7 can no longer be used to find "fred" in "*.sam" from c:\this\strange\directory

    Oddly the sort of thing it used to do really well (and much easier than the strange piping of 20 applications required in the average linux setup)

    1. John H Woods Silver badge

      need to avoid daft statements

      find | grep. Works on Windows 7 as well - you just need to install the GNU UnxUtils. This is the sort of thing that all UNIXes have done really well since pretty much forever.

      1. Anonymous Coward
        Stop

        @John

        No, Windows can do this on its own.

        As of Windows Vista PowerShell is now installed by default. All the OP needed to do was to start the right commandline environment for this job.

        So:

        PS > Select-String -Path c:\this\strange\directory\*.sam -Pattern "fred"

        And you're done.

      2. nk

        Re: need to avoid daft statements

        Since at least 2000, windows has included findstr.exe. A command-line utility very similar to grep (certainly better than find). I think it even supports regex,

    2. Oddb0d
      Thumb Up

      Re: need to avoid daft decisions

      Umm guys the example was extremely specific and intended to demonstrate functionality that was removed from the Windows search interface i.e. the ability to target searches WITHOUT resorting to the command line or AQS voodoo. It is ridiculous that a query that could easily be done from XP's GUI now requires an incantation more complex than the average shell command.

      @Dave 15: It can be done from the search box but requires the use of Advanced Query Syntax, something like this:

      fred AND System.ItemFolderNameDisplay:C:"\this\strange\directory" AND type:.sam

      Utter insanity...

  5. rhdunn

    Microsoft's Problem with Legacy APIs

    Each new API that Microsoft introduces either wraps existing APIs (MFC, WinForms, ...) or is a subset of the APIs it intends to replace (GDI+, .NET, WPF, Silverlight, WinRT, ...), while offering new functionality not available in the other APIs.

    Take the .NET runtime APIs for example. They are not a complete replacement of the Win32 APIs, forcing you in cases where you need that functionality (e.g. interacting with existing Win32/64 code) to use P/Invoke. However, Microsoft don't provide a set of P/Invoke wrappers for the Win32 API or include them in the corresponding Win32 documentation on MSDN. This means you end up with duplicated P/Invoke declerations that may contain bugs if incorrectly declared (e.g. unicode support).

    For Win32 programs, the underlying Win32 API does not provide UI functionality such as Docking/Floating toolbars; these are written in the wrapper APIs (WTL, MFC, WinForms, ...), so you end up with an inconsistent user experience (accessibility, theming, keyboard shortcuts, ...) and more duplicate code.

    The .NET 4 runtime is the first version that WPF/XAML properly supports rendering fonts on the screen, making it acceptable for UIs. However, it still lacks UI available in Win32 (date/time selection), renders keyboard focus for things like radio buttons and check boxes differently to Win32 (focus is on the checkbox, not the text) and keyboard navigation is also inconsistent with Win32.

    Now, with WinRT, the XAML available does not support everything that WPF does and still does not have equivalents for all the Win32 native controls. The WinRT subset of Win32 is severely limited and restricted. This means that WinRT applications are going to be simple applications. Companies with their existing Win32/WinForms/WPF applications are not going to port their applications to WinRT overnight, and if they do are more likely to port their mobile versions over, not the desktop versions over. This is because desktop and WinRT are completely different platforms for all intents and purposes (e.g. it is like porting a Win32 desktop application to WinCE or WinPhone).

    I don't believe WinRT in its current form is capable of supporting a large scale application (MS Office, LibreOffice, Firefox, Photoshop, etc.). Note that the firefox version targetting Windows 8/WinRT is not a pure WinRT application, it is in the hybrid Desktop/WinRT application category that is reserved for browsers that give it access to capabilities that true WinRT applications do not (e.g. the Virtual* API calls to support JIT compilation of JavaScript).

  6. A J Stiles

    Scylla and Carybdis

    Microsoft are in trouble whatever they do.

    If they continue to support badly-written legacy software (which breaks on more secure systems precisely because it relies on the exact same unfettered system-wide access used by malware to do its stuff), they will also be supporting malware.

    If they stop supporting legacy software so customers have to get their important apps rewritten from scratch, then there's less of a reason for said customers to continue buying Microsoft operating systems on which to run the rewritten apps.

    About the only thing they can do that will stand any chance of working and being secure is to have each legacy application run in a separate, firewalled and chrooted virtual machine.

    1. Anonymous Coward
      Anonymous Coward

      Re: Scylla and Carybdis

      Please stop repeating this tired old cack. There may well be a few badly written bits of software that need certain elements of admin access, but these are vanishingly rare these days. I've never come across anything - in 15 years of using Windows professionally - that absolutely had to run as a full administrator, usually it's a single registry key, file, or the like. The things which do need to install as admin, often only need to because of a badly coded installer checking the user is in the administrators group and, really people relying upon this kind of legacy software should totally understand their software by now and know how to install it properly.

      1. Ken Hagan Gold badge

        Re: Scylla and Carybdis

        "I've never come across anything - in 15 years of using Windows professionally - that absolutely had to run as a full administrator, usually it's a single registry key, file, or the like."

        When I was in the market for children's (under-10s) games a few years ago, I found that just about every one insisted on Admin rights either because it needed to tonk all over my display settings or because it needed to hand-grease my CD-ROM's spindle to support some amazingly clever "anti-backup" mechanism.

        I dare say that a few weeks spent playing with shims, registry keys, Process Explorer and the like would have yielded solutions in most cases. I'm prepared to bet that most of the general public just granted admin rights to their toddler's account and bought the software again when the disc got scratched beyond recovery.

        Designing apps to avoid admin access SHOULD have been part of the Windows landscape for the last 20 years. (The security model dates from about '92.) Microsoft were still shipping violations about 10 years ago. The games market may be OK now (haven't looked) but certainly wasn't 10 years ago. If you've been fine for 15 years, you've been working in a fairly restricted portion of the marketplace.

        "and really people relying upon this kind of legacy software should totally understand their software by now and know how to install it properly."

        Is this the general public we're talking about? The same people whose existence made Microsoft hesitate for so many years to remove AutoRun?

  7. Sirius Lee

    Microsoft is right

    They have a massive installed base *because* they look after legacy apps. The recent spat between the Gnome team and Torvalds arose exactly because Linux has no backward compatibility by deliberate action. Yesterday's API is always deprecated and developers must change their code to be compliant - and *recompile* from source. This burden maybe OK for an IT department but it's no good for a desktop/end user application. But even for an IT department it becomes a challenge as legacy Linux versions become unsupported.

  8. Alan Denman

    We need need a HTML 5 web site test authority

    The Microsoft and Apple plan is no doubt to keep breaking HTML like they always have done.

    So simply have one authority that advises people which browser to sue that works with real HTML !

    Microsoft have proven untrustworthy here and Apple look headed the same way.

    Where is the taming authority?

    1. Madeye
      Coat

      Re: We need need a HTML 5 web site test authority

      Love the Freudian slip

  9. Christian Berger

    Nobody will do a re-write for Windows

    The whole point of Windows is that you can run age old stuff on it. Windows itself is long obsolete by now.

    Most software in productive use for Windows is just barely maintained. Such packages started as a project to learn about the development system (e.g. Delphi or VB) with the developer trying out every feature they can. This sometimes leads to new software which needs Win32 to use VBX components because some piece of software needs it, and that piece of software won't compile on the "new" 32-Bit compiler

    On those systems you have layer upon layer of cruft, you have ever fashionable technology from the last 20-30 years in there.

    And that's not just in applications where it doesn't matter. For example there are SCADA systems controlling power grids running on OPC, that's OLE for Process Control. If you are a long-time Windows user, you might know OLE from Corel Draw 4 crashes, or from errors resulting in opening one document with embedded OLE objects on another computer. Networking works with DCOM, a technology so bad that Microsoft stopped supporting it.

    Nobody will rewrite such things, and even when they do, they surely will try to avoid those problems.

  10. BuddyBrunson
    Windows

    Uh huh

    When someone says they're "not afraid to make the hard calls", you can bet your bananas they're petrified.

  11. Anonymous Coward
    Anonymous Coward

    We’re not afraid to make hard calls,”

    Windows breaks legacy all the time. Tried to used the jet engine on XP64? It wasn't ported, so forget accessing excel files this way. As pointed out above, file search is broken in W7. Etc. MS can "make the hard calls" (whatever cluelessness hides behind this macho phrase) because it can abuse its market domination. If Ford tried to break car controls' ergonomy (yeah the brakes really are better driven using that slider on the steering wheel, trust us) the way the ribbon broke Office's GUI, or W8 will break OS usage, they'd be out of business in a flash.

This topic is closed for new posts.

Other stories you might like