The Dao of Microsoft

The long view of security strategies for your network.

The day before I began writing this article, I stopped in at the coffee shop across the street from the School of Graduate Studies in bustling downtown Northfield, Vt., (about which one of our vice presidents says warningly, “Well, we have some pretty rough traffic jams during rush minute”).

I looked at a tempting brownie (the small cake kind, not the young girl kind, you evil-minded readers) and asked the youngster behind the counter, “Does that have peanuts?”

She answered promptly, “Yes!” As I was putting the brownie back regretfully, an older clerk spoke up: “Actually, those are almonds and hazelnuts, not peanuts.”

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The day before I began writing this article, I stopped in at the coffee shop across the street from the School of Graduate Studies in bustling downtown Northfield, Vt., (about which one of our vice presidents says warningly, “Well, we have some pretty rough traffic jams during rush minute”).

I looked at a tempting brownie (the small cake kind, not the young girl kind, you evil-minded readers) and asked the youngster behind the counter, “Does that have peanuts?”

She answered promptly, “Yes!” As I was putting the brownie back regretfully, an older clerk spoke up: “Actually, those are almonds and hazelnuts, not peanuts.”

“Ah,” I said, and promptly bought the brownie. The youngster apologized, saying, “Oh sorry, I assumed you were allergic to peanuts.”

“No,” I replied, “I just detest the taste of peanuts with chocolate.”

This incident came to mind as I was thinking about a problem in Outlook 2007. As Doug VanBenthuysen pointed out in July 2006, older versions of Outlook have long allowed users to store all kinds of text as “signatures,” effectively serving as keyboard macros. For example, I have dozens of text strings including a long signature, a short signature, a letter of thanks to readers, an explanation of how to spell and pronounce my name, and so on.

VanBenthuysen noted, “Unfortunately, it no longer seems possible to insert multiple signatures in an e-mail without adding steps (like copy/paste). As expected, Signatures get their own place on a ribbon (Message | Include | Signature). The problem is, when you choose one signature, the one that was already in the e-mail disappears.” Worse yet, sometimes part or even all of the e-mail message disappears with the old signature.

The Microsoft engineers’ errors, in my opinion, were three: they made unwarranted assumptions, they exercised semantic rigidity, and they deprived the user of reasonable control.

I’ve been programming computers since 1965 and teaching programming since 1977. One of the lessons I teach my systems engineering students is to be careful about limiting the power of users without having a good reason for the limitation. In this case, Microsoft engineers presumably assumed that it was impossible for anyone to want to have two signatures in one document. Even if we limit our discussion to signatures for the moment, that assumption seems silly to me; for example, it might be perfectly reasonable to store a short signature (e.g., “Best wishes,” name, title, phone number) and also store a block of details (additional phone numbers, Web site URL, and so on) to add to that short signature under certain circumstances.

Second, the engineers seem to have been so influenced by the label “signatures” that they discounted any other possible use of the feature. Granted, the Office 2007 suite has other ways of storing keyboard macros. For example, one can store relatively short strings in the AutoCorrect list and use an unusual keystroke sequence (e.g., “=s=”) as a substitute for a particular string. Another way of storing any kind of block of text is the Building Blocks Organizer. I use this feature all the time when I am editing student papers to insert standard suggestions on word usage or grammar. Nonetheless, there is no harm in allowing signatures to be anything the user wants.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.