A bug was opened against the pricing model for Visual Studio 2005 on the Product Feedback Center.  Here's the link if you'd like to vote on its merits.

I'm less than pleased with the announced pricing plans for MSDN subscriptions that Microsoft announced this week.  For about five years, I've been an MSDN Universal Subscriber.  I used to describe it as "everything that Microsoft does that could benefit a developer...basically everything but Money and the games."  Now, things have become different.

The Universal subscription level goes away (as does Enterprise).  In their place is MSDN Premium.  However, Premium itself does not include a Visual Studio license.  (Well, it kind of does...)  You must select Team Edition for Architects with MSDN Premium, Team Edition for Developers with MSDN Premium, Team Edition for Testers with MSDN Premium, or Team Suite (includes the three previously named editions) for MSDN Premium.  Visual Studio Team Foundation Server is not included with any of those packages.

Why am I not pleased with this?

First, it caught me off guard.  All the hoopla about Team System the last two months wooed me to believe that I'd have all that VSTS goodness in the same subscription I've known and loved for years.  Little did I know that the subscription price was doubling (for the first year) and that it would provide less value (percentage-wise) than it did before.

Second, I don't like Microsoft's snow job.  They claim it simplifies licensing and lowers pricing.  So, two levels go away (Universal and Enterprise) and four new ones appear.  On the surface there is one price level (MSDN Premium) but in reality there are four different Visual Studio editions offered with Premium.  The old top tier price?  About 2700 MSRP.  The new top tier price?  About 11000 or 5500.  Where is that cost savings again?  Where is the simpler licensing?

Third,  I wear three hats - architect, developer, and tester.  Not only do I not want to pay 11,000 with my hats, but I also don't want three different versions of Visual Studio installed.  Presumably Team Suite will allow you to install the enhancements for the three roles on one VS installation, but I'm not too sure about that (and the product info pages aren't clear on that either).

Fourth, I want Microsoft to show its developers the respect they deserve.  Development tools should be a loss leader...which MSDN Universal has been for years, I'm sure.  We use the tools, which we get for a low cost, so that we can drive the need for Windows, Office System, and Windows Server System.  Why has .NET been adopted so quickly?  Because developers sold it to the masses.  Microsoft surely didn't do it.

Don't kill the goose that's laying your golden eggs, Mr. Microsoft.

My information comes from the following pages:

http://msdn.microsoft.com/howtobuy/vs2005/compare/

http://msdn.microsoft.com/howtobuy/vs2005/chart/

http://msdn.microsoft.com/howtobuy/vs2005/transition/

http://www.microsoft.com/presspass/features/2005/mar05/03-21DevToolsPricing.asp

http://www.microsoft.com/presspass/press/2005/mar05/03-21vs2005pr.asp

http://www.theserverside.net/cartoons/Top10_NET_Thankful/Top10_NET_Thankful.swf

[from David Hill]

Thought I'd take a peak at the site of those who claim the moral high ground on web standards compliancy.  Yep, I'm talking about the Mozilla group.  Kudos to them for validating on HTML 4.01 Strict.  For shame for invalid CSS.  I trust this was just a typo of sorts, for I'm sure they'd never condone bucking a standard. 

It's also interesting to note that spreadfirefox.com's home page has problems.  It is invalid XHTML 1.0 Strict.  The XML document is invalid, so I'll have to wait to validate the CSS.

On a more positive note, these validations were performed via a few mouse clicks on a Firefox toolbar.  Visit here for more info.

http://ars.userfriendly.org/cartoons/?id=20040905

Seems that Carl struck a deal with Microsoft a few months back to get .NET Rocks archives hosted on MSDN (http://msdn.microsoft.com/dotnetrocks/).  I wonder why episode 75 didn't make it.  Is Microsoft that afraid of Mono that it couldn't host an interview with Miguel?

Should a competent C# programmer know what boxing is?  or is it just some arcane academic tidbit that only IL reading dorks know?

Any C#ers (or any .NETers for that matter) out there have an opinion on this?

At work yesterday, we discussed adopting a new (to our team) development practice.  Rather than focus on the issue itself, I want to focus on one argument.  The argument is this - we must all do it to get any benefit from it.

I disagreed with that in the meeting, and I think that upon re-evaluation I still disagree.  I think that there are many developer gimmicks (that's probably the wrong word) that benefit from a whole hog approach.  TDD, defense in depth, principle of least privilege, documentation, etc. are all better if they are consistently applied throughout a product.  Does this imply that such practices are of no value unless universally applied?  I argue no.

Let's look at defense in depth.  Defense in depth is a term that has gained popularity since Bill Gates' Trustworthy Computing initiative was announced back in 2002.  In brief, it is the idea that you should have many lines of defense.  If someone gets through your firewall, they still face your anti-virus software.  If they pass by the AV software, they still can't do too much damage if you aren't running as an administrator.  Etc.

Does defense in depth work better if each layer is doing its best to prevent malicious code from penetrating?  Yes.  Does DID fail if the programmers on one layer were slackers?  No.  Even if the application author (let's say of a web site), didn't validate inputs that doesn't mean all is lost.  There is still the input validation of the ASP.NET v1.1 runtime.  There is still IIS running in an underprivileged account.  There are still parameterized queries / stored procedures to guard against SQL injection.  There is still the stored procs (or anyone else in the data access layer or business logic layer) doing their own parameter validation.  In short, the whole does not fall apart even if one part does.

I just realized that DID is too easy an example, because it fits perfectly with my argument.  That is, its argument and mine are the same.  Still, if we just looked at input validation (and not as part of a DID strategy), we'd see that if the presentation layer slacks off in validating, then the other layers can still pick up the slack doing their own validation.  If we looked at testing procedures, we could say that just because one part is tested more than some other part doesn't mean that we should not test at all.  As my mission president used to say, “A little something is better than a big nothing.”

Yep, I'm still alive.  The FlyingJ experience has gone well.  Last week they invited me to upgrade from contract to employee status.  I'm in the processing stage now, so soon I'll be a normal employee again.  Wow, it's been a while.

I've got some unrelated items to post about, so here they are in no particular order -

If you are doing WinForms development and need borders on your custom controls, you might consider inheriting from System.Windows.Forms.Form rather than from UserControl.  You'll have to remember to set TopLevelControl to false and to set ControlBox to false, but otherwise, things will be very similar to deriving from UserControl (with the exception of a much richer set of properties and events).  Oh, one other thing, remember to explicitly set Visible to true, when you add your new control to the Controls collection of a form or control.

Two weeks ago, I dreamed that Robert Scoble stopped blogging.  He declared that he just didn't see the point of it any more and had better things to do with his time.  I guess my mind didn't see that as too strange considering some of the other things that have happened lately - Microsoft and AOL settled and stopped throwing mud, Microsoft and Sun settled and stopped throwing mud, W3C and many others came to Microsoft's aide in their fight against Eolas.  I don't know what in the tech world would surprise me at this point.  Perhaps Ellison could publicly call Bill a nice guy?  Hmm, some things are just too far fetched.

I picked up two new (but old) CDs - 10,000 Maniacs Unplugged and The Cranberries Unplugged (a compilation of several live/unplugged events).  With the 10,000 Maniacs purchase, my music collection is now fully legal.  I've had one dubbed tape, which I received about 10 years ago, that was holding me back.  Horrah!

I finally watched, for the first time, the movie AI.  Not sure what I think of it.  It was interesting and certainly far better than Anti-Trust, another movie from a similar time frame.

Last but not least, after fighting with the beta team on a previous Microsoft beta that same team invited me back...oddly enough, it seems the structure of the beta has changed somewhat and is now in line with what I suggested.  I doubt it was me that made the difference, but I'm glad to know that Microsoft learns even from folks who fight with them.

I've been thinking for the past few weeks about blogging, using the open source model of writing.  I'm throwing my thoughts, imagination, and ability to manipulate English onto my blog free of charge.  This sounds suspiciously like programmers pouring their talents into Mozilla, Linux, or other open source projects free of charge.  I suppose the one exception is that if anyone cites my blog, I don't claim any copyright control over their remaining blog content.

Those that know me, know that I'm an enemy of open source software in general and specifically of the GPL.  I think they are an economic abomination on the software industry.  My reasoning is simple - for every line of code that a programmer gives away, that is one line of code that another programmer wasn't paid to write.  Thus, GPL'ed software reduces the value of my skill set and the skill sets of all other programmers.  I don't consider this a good thing.

So, what am I doing with my blog?  Oh yeah, exactly that which I detest but in a different industry.  I think there is some distinction, however, between the two.  In no particular order - I don't use a viral (thanks for that term, Mr. Stallman) license like GPL for those who quote me; There is no company that can leach off of my efforts (a la IBM, HP, and Intel from the open source community) to increase its bottom line; This blog, in a few ways, can increase my bottom line (ads, notoriety, written communication skills, etc.)

I must admit this isn't an entirely thought out idea.  Then again, I'm under no obligation to write quality content unlike those writers who write for hire.  Maybe I have more in common with many open source folks than I had previously thought.

I just installed the Macromedia Shockwave Player and was asked to register it.  Though registration is optional, it certainly isn't obvious that it is optional.  After installing, a dialog pops up and asks whether your age category (13 or older, younger than 13), followed by a dialog asking for your name, email, etc.  You can simply hit the close button to close the dialog, but there should be an explanation that registration is optional and a “skip registration” button.  Shame on you again, Macromedia.

To clarify - I'm annoyed at this for a few reasons.  Macromedia makes their client software (Flash Player, Shockwave Player, etc.) freely available.  The money is made by selling the authoring software.  What Macromedia is doing is getting free marketing.  Macromedia customers sell applications (typically web sites), and any users of those apps then have to go to Macromedia to get the player software.  I'm annoyed at Macromedia taking advantage of this relationship.  I'm also annoyed that they don't let the user know that registration is optional.  (If someone wants to chime in with “they need your email, so they can notify you of updates”, I'll respond with “if any content requires a higher version of the player than the one I have, I'll be directed to upgrade my player, so there's no need for Macromedia to ever have my email address”)

Yesterday, I opened the box with my new laptop, plugged it in, turned it on, and was greeted by AOL Buddy.  Earthlink and Real also tried help me feel welcome.  I was also surprised to find .NET Framework 1.1 anxiously waiting to execute some managed code for me.

Real has filed a 1 billion dollar law suit against Microsoft, in part, due to the inclusion of Windows Media Player in Windows.  Real says this hurts their business.  Curiously, Real Player and Windows Media Player were preinstalled on my new laptop.  It seems to me that Real needs to sell its player a bit better and form deals with OEMs to have it preinstalled, just like Microsoft has with Windows and Office to have them preinstalled.  You can say that Microsoft gets a free ride now, but in the beginning, Microsoft had to fight just like everyone else.

Sun also has a suit against Microsoft, in part, due to the inclusion of a Microsoft Virtual Machine for Java in Windows and the lack of a Sun JVM.  What I find interesting is that the .NET Framework 1.1, which is not part of Windows XP Professional or part of Service Pack 1 for Windows XP Professional (both of which were preinstalled on my new laptop), was preinstalled.  That tells me that Microsoft talked nicely to Dell, hooked them up with an easy to use setup program for 1.1, and the rest is history.  If Sun is so adamant about consumer Java development, why doesn't Sun (or why hasn't Sun for the last several years) talk nicely to Dell and other OEMs, hook them up with a nice J2SE setup program, and let the rest be history.

Why can't Real or Sun do exactly what Microsoft had to do to get its software preinstalled on PCs?  Why should they get a free ride?

Seems the new tentative release data for Visual Studio “Whidbey” (or Whidby if you are spell check challenged as I was a few weeks back) and SQL Server “Yukon” is now first half of 2005.  The tentative names of the products are Visual Studio 2005 and SQL Server 2005.

I've read several complaints about the slip (did Microsoft ever promise they'd be here in 2004?), and I think only a few are valid.  The only valid concerns, in my opinion, are the Software Assurance agreements some companies signed in 2001 in hopes that the new SQL Server would be out by 2004.  However, you do take a gamble at that if they company doesn't have set in stone release dates.  The other concerns I've heard are just foolish.

It's much better to have a solid product a few months later than expected than it is to release on time but be buggy.  I think Microsoft is living up to part of the promise of its Trustworthy Computing initiative by delaying the release dates of .NET Framework 2.0, Visual Studio 2005, and SQL Server 2005 until they are of release quality.  Microsoft is often criticized for its software quality.  Since they are doing something about it now, let's give let them do it and stop moaning about getting more reliable software a few months later than expected.

Thanks to Dare, I read some interesting things about Real.

For my part, I've avoided RealPlayer when at all possible since it was called G2 (or similar...circa 1999).

From the good folks at the AP: http://www.msnbc.msn.com/id/4400653/

I'd like to see more written on RSS, so the general surfer will be as comfortable with it as they are with email or site URLs (please nobody say that an RSS feed lives at a URL too, I know that ).  Perhaps, though, we should solve the RSS vs. ATOM debate first.

From a typical February month perspective (28 days), my blog has been up and running for a month.  Here are a few tidbits I've learned during that time.

Almost nobody has heard of RSS, or ATOM, or news aggregators in general.  There are bloggers, who don't even know what these things are.  One of the many things that we as an industry need to work on is simplifying the adoption path of new technologies.  I'm not sure I have great ideas on how to do that, but I'm convinced of the need.  One helpful item, I think, would be to reduce the ridiculous format competition (for most people, is there really a need for whatever goodness ATOM supposedly offers?).  We take something already complex for non tech people and make it more complex.  Bad move, I think.

The Internet is as unreliable as ever.  Referral hits don't always mean someone is linking to you.  Email notifications don't always arrive.  Stats tracking software falls asleep sometimes.  Google's ranking algorithm is more fickle than a 2 year old deciding what to eat (or not eat, or throw on the floor, etc.) for dinner.

Most importantly, blogs allow me to communicate with many people.  According to my logs, I'm regularly read by folks from at least 10 different countries and at least two major software companies.  It is interesting to think that my voice is heard by so many (though very few compared to many other bloggers).

Korby points to an article by Steve Gillmor, which makes an unsupported, in my opinion, attack on the use of comments on blogs.  Gillmor says:

Take blog comments—please. The CTOs of the various campaigns defend their use as a simple user interface for casual involvement by newbies. But converting the undecided into active offline participation involves more than just the harvesting of good ideas. Comments destroy the signal to noise ratio of blog brands, trading the appearance of democratic participation for muddied messaging and vulnerability to comment spamming. (emphasis mine)

He has a point regarding comment spam, however, I think the good outweighs the bad.  If blogs are to be an interactive communications medium, then blogs for everyone (which is possible, of course, but doesn't occur in practice) or comments are required.  If I have knowledge that can expand upon what the author of a post has said but can't do so because comments are disabled, then part of the usefulness of that blog is now gone.  Not only can I not add to the author's content myself, but I can't learn from others who can add to the author's content (and neither can the author).

Some will say, and I understand that Dave Winer is one who says this, that everyone should just get their own blog and spout if they so desire.  That's a nice idea, but very impractical.  First, many who read blogs, don't want to write them (I fell into this category until just a few weeks ago).  Second, that's like trying to have a conversation with several people via email, where every email sent only goes to a portion of the recipients.  Each person in the group has a different idea of what is being said, which speaks volumes about the quality of this conversation.  To have a real conversation, you need to reduce, as much as possible, the obstacles.  Personally, I think that comments are a bit too removed.  Eliminating them altogether is a huge step backward from what blogs offer.

My problem with comments is this - if I am the author of the blog, the blog engine likely notifies me when comments are posted.  However, it won't notify those who left comments.  This makes ongoing conversation difficult.  It's not like a newsgroup, where many can post and every time you login, you see the new posts.  It's like (exactly like) non-RSS enabled websites.  The only way I know if there is new content is if I go back to the site (or if my aggregator supports commentRSS if I refresh the feed and return to the post to check for new comments).

In brief:

• Comments enable communication with the blog author.
• Comments enable fostering of a community of readers.
• Comments enable readers and the author to interact.
• The quality of this interaction is bounded by the lack of notification for non-author comments.

Joshua Allen and Dare Obasanjo are discussing metacrap.  I think the scenarios Joshua mentioned are, at present, very unlikely, and I don't see much reason (he surely has not given any) to expect things will be much different in the future.

First - people need to have information capturing devices / applications.  Second, those devices / applications have to capture good metadata (time, date, position, etc.).  Third, that information needs to be related to the other data of the user.  Fourth that data needs to be associated with the data of other users.

I think it is a huge leap to even say that a large number of people will get to the first step.  I'm a relatively gadget getting geek, but I don't have a digicam yet.  I use Outlook, my cell, and my PDA like nobody's business, but those don't share data too well.  Yes, there are models that reasonably well, but mine are dumber models.  So, the first step is a huge leap...people need to have smart devices and applications.

The second is also a huge leap.  Many people have cell phones, but how many have smart phones?  How many cell phones will willingly share useage data, address books, call timers, etc. with others .  Even smart phones, so far as I'm aware, will only do address book syncing.

Presupposing that the first and second steps are met, we can depend on the holy grail of Longhorn's WinFS to automatically create relationships between the data (and metadata?) points.  Step four, well, I don't know of plans regarding this.  I suppose p2p networks are a good foundation...so, we'd have secure (?) personal data sharing via p2p networks?

I'm not sure that I buy any of this as close to feasible or conceivable in the next few years.

I just did a full system virus scan (102, 222 files).  Not surprisingly, none were infected.  I live behind a hardware firewall in my router and a software firewall on my laptop.  I use Automatic Update for Windows XP to keep me patched.  My anti-virus software auto updates itself as well.  So, I have to do almost nothing to stay pretty well patched and secured.

Additionally, though, I don't open things that look odd.  If I get an email that (especially with attachments that get through my Outlook security) that I'm not expecting, I hope over to Symantec's web site to see if the subject line or filename matches a new worm.  So far, I've never been infected.  I've also never fallen prey to a hoax (delete the Java debugger, because it's some evil spyware/malware app!).

I suppose I'm more tech savvy that many, so this isn't too surprising.  Not to be too arrogant, let me say that most people I know in the tech industry are far more tech savvy than I.  Still, even on the low end of tech savvyness (I wonder if I can use “savvy” a few more times in this post), there are a good number of people who just don't have a clue.

CNet asks what more can be done about it.  Here's an idea...remove the problem from those who don't have a clue to those who do have a clue.  Is it easier for a few hundred million users to update their AV software or for ten million trained admins to update the AV software on their public servers?  If every public SMTP node on the Internet had current AV software, how would an email borne worm like MyDoom spread?  That's right, it couldn't.

This wouldn't address the issues with Slammer or Blaster, but it would have prevented Melissa, ILOVEYOU, SoBig, MyDoom, and many others from spreading.  I'm appalled that so much focus is on educating the non tech masses and so little is on educating the “educated” admins.  To make it a little easier on the admins, Exchange, SameTime, sendmail, and any other widely used mail server should bundle in self-updating AV software.  It's the least you can do for your customers.  It's the least you can do for yourself.

I have a few thoughts on port worms like Slammer and Blaster, but I'll save them for another day.

What I'm wondering is this - am I off base here or are a good number of admins really as lazy (or cash strapped to buy/install/update AV software) as I think they are?

Robert Scoble doesn't see that Microsoft is over hyping tomorrow's technology.

I understand that it takes a fair amount of time to develop software.  I know.  I'm a programmer.  I understand that even when writing this version, you are thinking about the next one, and probably the one after that as well.  This is the mark of good design and architecture.  I don't think anybody has a problem with that.

The issue is this: What can we do with the stuff we have now or that we will have pretty soon?  What happens 2 years from now isn't as important to many of us.  The technical details aren't too important to most of us.

We need to know what to do with that we have now, so we can write great code that can ship now.  We need to know what's coming up in the near future, so we'll know if it's better to use the current version or wait for the next one.

For instance, if we understand Whidby really well and know when it's coming, we can decide, based on our project time constraints, whether to use Whidby as our platform or to stick with Framework 1.1.  Information about Orcas and WinFX just cloud the picture for a lot of us.

Here's another thought:  Why has Microsoft released so much information on Longhorn, but next to nothing on the next versions of Exchange, BizTalk, SQL Server (the one after Yukon), Office 12, etc.?  Surely these will also see upgrades in or around the Longhorn time frame.  Surely they are just as important to us as Longhorn is.  Surely we can't develop the best Longhorn applications possible unless we know what the rest of the Office System and Server System are going to offer us.  So much focus on Longhorn ignores our present and near future needs and inaccurately paints the future.

Longhorn, longhorn, longhorn!  I'm very excited about the next version of Windows.  I've seen many of sessions from the latest PDC.  I've played with the 4051 bits.  However, I think I'll add my voice to a few others I've heard lately.  Why don't we spend a little more time looking at what we can do now (or 12 months from now) rather than on what we can't do for at least 24 months?

When .NET was announced at PDC 2000, I was ecstatic.  The beta 1 bits were released that fall.  By February 2001, I was writing my first professional application using them.  All was abuzz in the land of Microsoft about .NET.  I didn't consider this a bad thing, because, even at beta 1, the platform was widely available and stable enough to code against.  You could write your projects on it, and upgrade the code to b2, RC, or RTM without too much effort.

Longhorn, though, is a whole different story.  Microsoft won't even give a firm release date for it.  Many think it won't be ready until late '05 / early '06.  What good is it for the developer community at large to focus on Longhorn, WinFX, Orcas (.NET Framework 3.0) now?  I think it isn't too useful.

Whidby (.NET Framework 2.0) will be released, it seems, within the next 12 months.  SQL Server Yukon (SQL Server v.Next), will be released in the same time frame.  Why don't they get the attention the deserve?  Why don't we focus on what will be in Whidby in 2004, and focus on Longhorn, Office 12, and Orcas in 2005?  Doesn't this make a bit more sense?

I happen to have the PDC bits for Longhorn and Whidby, but many developers don't have them.  How annoying do you (Mr. Microsoft) think it is to have Longhorn dangling in front of your nose all the time, when you can't even play with it?

In the latest .NET Show, Robert Hess said:

With this episode, we're gonna take and start embarking on a fully new direction and that is focusing on a new operating system that inherently involves .NET under the covers. That's the new operating system coming out of Microsoft called Longhorn. We released it first at the PDC a couple months ago. In the last episode we talked briefly about it; in this episode we're gonna focus on an overview of what Longhorn is. Talk about individual pillars, WinFS, Avalon, Indigo, fundamentals, showing you some application code of what it looks like to write a Longhorn application. Then in the follow up episodes following this one in the next several months, we're gonna focus on the individual technologies of Longhorn, whether that's the Windows Identity System, security, Click Once, writing code in XAML, and other further technologies like that. But in this episode, it's gonna be a primer to allow you to understand what Longhorn is so you can understand it from the ground up and seeing how it might take and affect your applications that you are gonna need to be developing when Longhorn comes out.

I find it very interesting that the .NET show, for the most part, ignores .NET Framework 2.0 and skips right on to 3.0 and WinFX.  Maybe Microsoft simply forgot to reveal the details of Whidby and Yukon in 2002.  Perhaps they were supposed to be the focus of 2003, but someone forgot to talk about them all last year.