In Miguel de Icaza’s latest blog entry the Mono project leader discusses the threat Longhorn’s new technologies and frameworks pose to Linux and open source. He also directs uses to this recent USENET post about the goals of Mozilla, which is a very interesting read.
Miguel de Icaza on Longhorn
About The Author
Adam Scheinberg
Technology Executive • Web Developer • Father • Foodie • Music Snob • OS enthusiast
Follow me on Mastodon @[email protected]
But, along comes some kind of rich web application – it acts just like a native application, you know, it is a native application, for all intents and purposes; she can click and drag her messages to seperate folders, she can attach files from her My Documents directory by a simple DnD, the page isn’t constantly flickering everytime she deletes or moves a message, the “write message” spawns a new window, you know, all the conviences of a modern application right at her fingertips – and all she has to do is click ‘Log in’ that first time and wait half a minute (DSL, baby!) and, you know, its like magick, to her; go to hotmail.com, get the beautiful interface, have fun with it, then go close the application, go somewhere else. A web application closes the bridge, you know, some of us really can’t trust our technology ignorant friends to: find, download, install, and setup an application like that. Web deployment, one click and its like magick, its gonna be everything in the future.
Sounds like a recipe for more worms/viruses. If hotmail on longhorn is going to be a sandboxed app, DnD of files from My Documents won’t work seemlessly. A popup will appear, “Allow application X acces to disk yes/no”, below it will be a check box “don’t ask me this again” with default to yes (for seemless integration). Now that the sandboxing has been circumvented for disk access another will pop up for executable content and so on. Then a whole crop of worms/viruses/trojans will emerge with embedded XAML code that that executes on your desktop, may be collect information from unsuscpecting users becuase the popup just inherited all the look and feel of “cool rich web app”.
Bottomline seemless integration and sandboxing don’t mix well. To allow seemless access you have to circumvent sandboxing. When you circumvent the sandboxing you will get into trouble, keep the sandboxing and you loose seemlessness, dig? Your description is nice theortically, but with microsoft’s trackrecord for seemless integration, I doubt reality will be as beautiful as your image of it. Pardon me, I am a cynic.
Second, this whole discussion is based on the desktop being the computing centerpoint of the “computing experience”. With wifi and cellpohone becoming more and more advanced, I find it hard to believe that the content delivery platforms for the next couple of years will be more consumer electronic devices like smartphones. My phone already gets rich content over the data service, I can watch realmedia streams on the phone, Sprint demonstrated live TV on thier wcdma data service. A lot changes in the technology sector in 2-3 years all the assumptions made here might as well be moot.
Ack can’t type.
Second, this whole discussion is based on the desktop being the centerpoint of the “computing experience”. With wifi and cellphones becoming more and more advanced, I find it hard to believe that the content delivery platforms for the next couple of years won’t be more consumer electronic devices oriented like smartphones. My phone already gets rich content over the data service, I can watch realmedia streams on the phone, Sprint demonstrated live TV on thier wcdma data service. A lot changes in the technology sector in 2-3 years all the assumptions made here might as well be moot.
“Sounds like a recipe for more worms/viruses. If hotmail on longhorn is going to be a sandboxed app, DnD of files from My Documents won’t work seemlessly. A popup will appear, “Allow application X acces to disk yes/no”, below it will be a check box “don’t ask me this again” with default to yes (for seemless integration). Now that the sandboxing has been circumvented for disk access another will pop up for executable content and so on. Then a whole crop of worms/viruses/trojans will emerge with embedded XAML code that that executes on your desktop, may be collect information from unsuscpecting users becuase the popup just inherited all the look and feel of “cool rich web app”.”
The problem with your argument is this CAS-thing Microsoft has; they call it, Code Access Security, or Code Application Security, something like that – it sandboxes applications pretty tight. I mean, a worm won’t work – if the application you’re running isn’t the application you launched, then, you know, its privilegies are gonna be revoked by CAS, because its not an application you’ve given clearance to. I read this on MSDN somewhere, the Longhorn section where they pimp the sandboxing stuff and the VM in general, probably crammed there between the angels that herald the coming of Longhorn and “new, improved security we should’ve had in the first place!!!”
So, you know, if you download and execute Worm.exe, worm.net, worm.whatever, its not Hotmail Interface 2.0.exe, you know, and its going to need to request its own privilegies from the CAS-thing in order to get up, off the ground, and moving. AFAIK, you can’t spoof CAS-access; I think .NET itself says something to the amount of, “So and So wants some sweet executable loving, grant?” so, you know, I am a virus.exe isn’t going to get very far.
I mean, of course, you can’t do everything – some boneheads will just blindly click ‘OK!’ to every dialog they see, but this way they have a little better odds of survival, you know, ‘hey, wtf, I didn’t launch this, what is this thing trying to do?!’
I mean, of course, you can’t do everything – some boneheads will just blindly click ‘OK!’ to every dialog they see, but this way they have a little better odds of survival, you know, ‘hey, wtf, I didn’t launch this, what is this thing trying to do?!’
There in lies the fundamental problem. Like I explained sandboxing only works till you circumvent it. Your talk of seemless integration of dragging a file from My Documents to the hotmail interface won’t work seemlessly becuase of CAS/ whatever acronym it is. The user will circumvent it for seemlessness sake.
If people today don’t know enough to regularly update thier OS patches, what garauntee do you have that the same users in 200X will have learned to understand “I didn’t launch this so I shouldn’t grant execute privileges.”
You can either have seemless integration of rich web apps or strict sandoxing. If you do the sandboxing there is no difference betten what you have today and what longhorn will provide useability wise. You might have prettier graphics but I am not sire about the security aspect of it in the context of novice users.
Sandbox security? Active X can be signed and authenticated. Similar sort of model to .NET. Similar issues with interaction with the rest of your desktop. Gives you “rich applications” and downloads over the net. Uses Microsoft widgets. What’s new? Runs in on a VM? Wow.
Don’t give me Mono will make it work on Linux. Nonsense. What *works* is the specific functionality of the widgets in question. Microsoft own those.
A Word document is not less proprietary just becuase it is serialized into XML instead of some binary COM thing. The proprietaryness comes from what the tokens *mean*.
.NET has a very high level security system. Far more advanced then java sandbox. And at this moment there are many web pages use java applets.
The mono .NET compatiblity on linux is a really big question. But IMHO the 99% of web developers are doesn’t care with a few linux desktop user. Let see the ‘IE only’ web pages. Most of this pages are works fine with mozilla and/or konqueror, but web developers aren’t test it. 1-2% of users are not too important.
And how will use the XAML/Avalon based web apps with your great java ?
And the other side, java is far from fine now. On the desktop side very slow, ugly and cumbersome. The most of desktop applications are written in C++, Object Pascal, Visual Basic and only few are written in Java.
Microsoft has tried to do the same thing with IE since 1997. They’ve failed.
Failed ? Who won the browser war ? The Mozilla ? The Konqueror ? Or the Internet Explorer ?
How many sites really use ActiveX controls?
Too many. Let see the CrossOver plugin from CodeWavers. If it is unneccassary who buy this product ?
Amazon use a heck of a lot of non-Microsoft technology – their business runs on it. They aren’t suddenly going to replace everything with Microsoft servers.
It is only a business decision. If the advantages of .NET are bigger then the cost of W$ servers they (and lots of similar big company) will change.
Failed ? Who won the browser war ? The Mozilla ? The Konqueror ? Or the Internet Explorer ?
They’ve failed to replace HTML, which is what they wanted. In that sense they haven’t won the browser war. Even with over 90% share for IE – I wonder why that is…
Too many. Let see the CrossOver plugin from CodeWavers. If it is unneccassary who buy this product ?
The main plugin needed is for Shockwave/Director. Outside of Intranets no one uses Microsoft ActiveX controls and tools. Other than that you can get native Flash and Java no problem.
It is only a business decision. If the advantages of .NET are bigger then the cost of W$ servers they (and lots of similar big company) will change.
Yer, I can see that happening – not
. The business upheaval is too huge. Many companies talk big and new, but when it comes to the reality of doing it they just can’t be bothered. That’s the reality of business decisions I’m afraid.
Anything to do with Microdoft is bad news. Longhorn is being designed to hold the helpless gamers and others that cannot see the problem. Microsoft is not going “open”, Longhorn will bite anyone that opens its cage. Control, dictate, monopoly are the three key words of Microsoft’s “open’ness”…
Until SUN makes better of its Java as an “open” standard or opensource, the infection of Java, mono and all other “Alt” to MS tools for linux development, will continue to build the new problems for the future. NOTE: Microsoft has today about 20-to-25% of it’s 90% of the desktop market, is using Win 98SE. Not Win-ME, Win-2000, not XP,…Yes… Win 98SE !. Microsoft counts every box it ships, not that every box is sold and installed. So how much of that 90% is real ?. OEMs are only new equipment sales that are slow and have been for some time.
If Chrome/XUL is projected as a competitor to XAML, XUL can’t be pushed far. XUL will not be supported on client side where windows will dominate. And pushing XUL will be like SUN pushing java on windows. M$ would also come up the favorite TCO question… and added to that lack of integration, IDE, blah, blah, blah…
If XAML, Avalon bindings is re-implemented in mono, It would be like playing the game on MS’s turf. (read rough, murky turf). As, many ppl here point out. Therefore, either way its a losing side, unless Linux on the desktop is pushed more aggressively.
Looks to me like a vicious circle…