ReadWriteHack

As Windows 8 approaches, Mozilla developers have been working hard on a Metro version. If you're using Windows 8 on the desktop, no problem. Tablet users, however, are going to be denied a fully functional Firefox - and will face restrictions on many other third-party applications. In the name of security, Microsoft is forcing them into a "sandbox" on ARM devices. The lockdown renegs on the company's prior promises, and it's going to have some far-reaching effects on many applications.

Microsoft is spinning off its open source unit into Microsoft Open Technologies, Inc., and promoting open source veteran Jean Paoli to the role of president of the wholly owned subsidiary. The move gives the new company a measure of open source credibility and is likely to give Paoli more latitude in determining Microsoft's open source policy.

Paoli helped create XML, cementing his reputation among developers, and in 2007, he pledged his company's support for multiple document formats so long as the other format did not restrict customers' free choice. The masterstroke of diplomacy calmed a brewing rebellion among champions of the existing ISO standards format, OpenDocument, who claimed competing standards (specifically, Microsoft's Open Office XML) would sow confusion.

The freedom of data from the constraints of single volumes and its expansion to Web-wide scale is no longer a trend. It is an event which, for many companies, has already happened. The result is a completely new landscape, which appears to have taken Microsoft by surprise.

This week at the RSA Conference in San Francisco, the company whose Trustworthy Computing initiative in 2002 was seen as euphemistic for "Big Brother," is now fighting to keep its seat at the discussion table. In a world where big data rules the discussion, and open source technologies rule big data, is Microsoft even relevant?

We last wrote about the Random Hacks of Kindness operation a year ago. Twice a year, a group of programmers gather together for an intense weekend in 28 different cities around the world to benefit some good causes and write some code. Last weekend was the fifth such occurrence, with about a thousand different participants and with more than 90 projects being worked on. That is a lot of hacking going on, almost too much to review in a single article.

In a Best Practices online advisory to browser-based Web site developers published last week, Microsoft paints a compelling picture for favoring JavaScript libraries - especially jQuery - for rendering client-side UI, over the use of plug-ins. If Microsoft is to score a blow against Adobe Flash, it has to strike at plug-ins' very reason for existence, arguing that jQuery is faster, easier, cheaper, and prettier.

Microsoft's patterns and practices team had been advocating the use of its Silverlight plug-in for composite applications since 2008, with a project it calls Prism. That project remains ongoing, though the emphasis in recent months has shifted to Project Silk, which focuses on what the company describes as "building cross-browser Web applications with a focus on client-side interactivity. These applications take advantage of the latest Web standards, including HTML5, CSS3 and ECMAScript 5, along with modern Web technologies such as jQuery, Windows Internet Explorer 9, and ASP.NET MVC3."

Microsoft has put up a post about secure boot in response to concerns about its effects on Linux and other operating systems. Microsoft has provided a very detailed explanation of what UEFI secure boot is, and what its benefits are. What Microsoft hasn't done is to actually respond to concerns raised by Matthew Garrett about its secure boot policies. In short, while Microsoft is requiring secure boot to be enabled, its policies do not require that users be able to turn the feature off. As Garrett says, "end user is no longer in control of their PC."

The accelerated Firefox release cycle may be great for many users, but enterprise IT folks were not thrilled. To their credit, the folks at Mozilla eventually took the complaints seriously and founded a working group to address enterprise desktop needs. However, it seems clear that the Extended Support Releases (ESRs) will be second-class citizens.

The working group has made progress and come up with a proposal that would provide an ESR for Firefox. If it's accepted, ESR's will have life cycle of nearly one year, and a 12 week overlap between the ESR releases.

We've probably all worked in organizations where we've been put in charge of projects we believed in with all our hearts and half our salaries, only to see them superseded long before their time was up. We've been in Scott Guthrie's place. Until just last April the champion of Silverlight as a Web app development platform, Guthrie now finds himself in charge of Windows Azure, the company's cloud platform.

Corporate conferences each have their own heroes, and Guthrie is one of Microsoft's most-liked, including at Build 2011 in Anaheim. Not long ago when these conferences' principal products were metaphors, attendees cheered and some even begged for folks like Guthrie, Steven Sinofsky, and a while back, Bob Muglia to take the stage. (Muglia is now Juniper Networks' Executive VP for Software.) Today, it's the soft-spoken, sensible types who lead the show, at a time when the operating system itself is looking more and more like one of Ray Ozzie's "service disruptions:" bold, scalable, and metaphorical.

For large software development teams, Microsoft Visual Studio has one feature whose functionality actually resembles that of Outlook in one regard: The addition of workflow templates gives team members manageable lists of tasks to be done. The Security Development Lifecycle (SDL) is a set of best practices originally developed by Microsoft for Microsoft, to compel its own engineers to start incorporating better security practices as far back as the architecture stage.

On Wednesday, the company initiated public support of its SDL template in the tool that most Windows developers use today (at least, those who aren't using the VS2012 beta): Visual Studio 2010. Along with that support comes the latest revision to the company's threat modeling tool, and some new "things to do" for the list: two fuzzing tools designed to take down insecure apps. These tools help developers spot potential vulnerabilities in their code.

A few weeks in advance of Microsoft's first technical revelations about the structure of Windows 8, the company's Windows group president Steven Sinofsky yesterday revealed the names of the new operating system's various design committees in a post inaugurating the new "Building Windows 8" blog.

But given the opportunity today, the company declined all comment for ReadWriteWeb on what many of the committees' names actually mean, or why certain groups appear to have been given autonomous assignments. It's more than just a nomenclatural issue: With Windows 7, the group called "Color" ended up being the fundamental design group that helped redesign the Taskbar and introduce the jump list, two of Win7's most appreciated features.