Sunday, June 03, 2007

Developer to Microsoft: WTF?

Profanity inbound: be careful.
(information gleaned from various blog posts -- hell, it might just be plain old _wrong_)

So, the saga of Jamie Cansdale's TestDriven.NET vs Microsoft pretty much hit its zenith with this post:
The license attached to their first letter was the one for "Visual Studio 2005 Standard and Academic Editions". It didn't matter that the license wasn't the Express SKU license because the wording is the same. What if it turns out that the reason I can't add buttons to Express SKU also applies to Visual Studio 2005? I would then be forced to take down TestDriven.NET entirely. What if it also means I can't use PopFly Explorer for Visual Studio Express? :-(

Typical check-mate move. I've actually followed the entire saga, even though I've been using VS2005 Standard; I knew that whoever at Microsoft running the operation against Jamie was having difficulty when they refused to name the clause that he was breaking; it was almost inconclusive when the argument suddenly shifted from "you're breaking the eula" to "you're destroying your business model" in a desperate attempt to create a rapport with him. That is not an avenue you explore when you've got the ability to move every Zig on your enemy -- talk about shifting goal posts!

Anyway, Microsoft's behavior up to this point had just been a gimmie: a clever coder had found something in the Visual Studio 2005 API that hadn't been removed from the Visual Studio Express editions and had used it to slip through the crack team of ninjas guarding the front gate, enabling a few very basic features on the way in... right?

Oh, wrong.

Oh, how GOD AWFUL WRONG I was.

Dan Fernandez wrote in a post made this post on Friday:
Some examples of these technical limitations are that there is no Macros IDE, there is no Add-In manager, and registered Add-In’s and Packages are not loaded at startup.
Let me normalize that for those in the audience whose bullshit detectors are broken:

"We removed the user interface for addins."

This is when I've realized that everything I've read about this situation was horribly, horribly wrong.

In a product distributed to MILLIONS OF PROGRAMMERS, they LEFT IN, excuse me, let me say that a little bit louder, they LEFT IN THE EXTENSIBILITY API.

This wasn't just a case of a clever hack that enabled some sparse functionality in the Express Edition products, this was a case of gross incompetence at Microsoft: they genuinely, sincerely thought that by removing the user interface they disabled access to Visual Studio's extensibility features. Somebody LOOKED AT IT, they EXAMINED IT, and then they gave it The Big Thumbs Up; a goddamn SEAL OF APPROVAL for a job well done. Right now, even as we speak, there's a "task issue" somewhere for the Express Edition products with a big green checkmark next to "Disable Visual Studio Extensibility API"

To be honest, when I read that part of his blog post my nuts almost fell off.

You know what that is?

You're developing the World's Greatest WebApp. It's a fucking, uh, I don't know, it brings the dead back to life. Now, somewhere during the development cycle, you add a link to the page that takes you to the Life or Death administrative page. I mean, you don't want anyone resurrecting Hitler or any of those douche-bags, right?

A few weeks later you're told to remove the functionality; you're going to host the administrative functions off-site so you can control who has access to it. Maybe you want to make the administrative panel a "for-pay" kind of deal. That's cool, right?

Now, if you're Microsoft, and you see "Disable admin interface" on your task list, what are you going to do?

Easy: you're going to go into a *.css file and set the link's style to display: none, and presto, problem solved.

Except the functionality still exists. People can find it browsing the HTML source, they can find it by guessing randomly; whatever the case, they can cut-and-paste the url into their browser and hit the administrative module without a damn thing to stop them.

Now, the worst part of this is, they (whoever is command and conquering the Visual Studio team) are saying that Jamie Cansdale is breaking a "technical limitation" of the Express products.

What the fuck? They left the functionality in the product. Their only technical limitations were:

  • Not allowing the user to the addin manager.
  • Not allowing addins to start-up using the addin registration "do-hicky" cuz it ain't there.
That's IT, that's the whole kit-fucking-kaboodle. The hell? They LEFT HIM a PUBLIC API. A PUBLIC, DOCUMENTED, UNRESTRICTED API.

It's a goddamn TREASURE, a hill of gold doubloons and jewel-encrusted chests strewn in the middle of a wasteland with a door -- just a door -- guarded by Steve Balmer and his bag of never-ending office chairs.

Sure, Steve will ward you off with some hard plastic to the face if you get too close to the door, but since Microsoft forgot to build a wall around its treasure, nothing stops you from avoiding Steve and his Door of Mystical Wonders entirely and just approaching from another angle.

The worst part? Nothing stopped Microsoft from just gutting the API or adding one single, simple line to the EULA that says, "You are not allowed to use the Extensibility API under any circumstances."

That's it. That's all it takes. Doing some goddamn work or paying your lawyers to do it for you.

"Oh shit, let's try and use this clause of the EULA that doesn't really apply because we were too fucking lazy to actually lock-down the extensibility API" is the worst, the absolute worst, you could ever do, because this is the Internet, it's 2007 and WE ARE WATCHING YOU IN REAL TIME.

And yet, because they are Microsoft, there is a very, very good chance that the next generation of Express Edition products will still have the API in place, the EULA won't have changed one word, and two years from now we'll be seeing this issue again because nothing will have changed.

1 comment:

dave.dolan said...

Man, I think you're right, but I'm no lawyer either. There might be some precendent that 'all rights not explicitly granted are withheld.' I don't know that to be the case. Also, if they can show that microsoft made a good faith effort to block that sucker out, however feeble their attempt, it may be legally construable as a breach of legal terms. I still think it's bullshit though, I mean they're supposed to be setting the examples for the universe on coding practices according to their own ivory tower criers. But, alas, maybe even MSDN is, like windows, turning into an evolutionary dead end when you start seeing crap like this surface in their own code. They are the idiots that put the stuff out there, they just took the public for bigger fools than it really is.