- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
The day before I began writing this article, I stopped in at the coffee shop across the street from the School of Graduate Studies in bustling downtown Northfield, Vt., (about which one of our vice presidents says warningly, “Well, we have some pretty rough traffic jams during rush minute”).
I looked at a tempting brownie (the small cake kind, not the young girl kind, you evil-minded readers) and asked the youngster behind the counter, “Does that have peanuts?”
She answered promptly, “Yes!” As I was putting the brownie back regretfully, an older clerk spoke up: “Actually, those are almonds and hazelnuts, not peanuts.”
“Ah,” I said, and promptly bought the brownie. The youngster apologized, saying, “Oh sorry, I assumed you were allergic to peanuts.”
“No,” I replied, “I just detest the taste of peanuts with chocolate.”
This incident came to mind as I was thinking about a problem in Outlook 2007. As Doug VanBenthuysen pointed out in July 2006, older versions of Outlook have long allowed users to store all kinds of text as “signatures,” effectively serving as keyboard macros. For example, I have dozens of text strings including a long signature, a short signature, a letter of thanks to readers, an explanation of how to spell and pronounce my name, and so on.
VanBenthuysen noted, “Unfortunately, it no longer seems possible to insert multiple signatures in an e-mail without adding steps (like copy/paste). As expected, Signatures get their own place on a ribbon (Message | Include | Signature). The problem is, when you choose one signature, the one that was already in the e-mail disappears.” Worse yet, sometimes part or even all of the e-mail message disappears with the old signature.
The Microsoft engineers’ errors, in my opinion, were three: they made unwarranted assumptions, they exercised semantic rigidity, and they deprived the user of reasonable control.
I’ve been programming computers since 1965 and teaching programming since 1977. One of the lessons I teach my systems engineering students is to be careful about limiting the power of users without having a good reason for the limitation. In this case, Microsoft engineers presumably assumed that it was impossible for anyone to want to have two signatures in one document. Even if we limit our discussion to signatures for the moment, that assumption seems silly to me; for example, it might be perfectly reasonable to store a short signature (e.g., “Best wishes,” name, title, phone number) and also store a block of details (additional phone numbers, Web site URL, and so on) to add to that short signature under certain circumstances.
M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.
Comments (4)
RE: The Dao of MicrosoftBy Al Rowley on September 27, 2007, 10:20 amIt is so true. The MS programmers actually make you default to innocuous, incomplete, mono-signatures when you should or could be adding two or three informational...
Reply | Read entire comment
I can certainly see why/how this has to do with security.By KGIII on September 27, 2007, 1:20 pmFor starters it is my experience that people will not accept changes that they don't like if they can avoid it. Altering the functionality of an application pretty...
Reply | Read entire comment
Example of e-mail containing two signaturesBy Larry Kenah on September 27, 2007, 1:28 pmQuestion: When would you ever put two signatures into an e-mail message (when using signatures as signatures, not as shortcut macros)? Answer: Consider the...
Reply | Read entire comment
Semantic constraintsBy Anonymous on September 28, 2007, 7:16 amIt seems to me that the problem here was not that the engineers removed functionality, but that they allowed a function in the original application to be overloaded....
Reply | Read entire comment
View all comments