Microsoft's Site Builder Conference

Overview

Pre-conference activities began Sunday, October 27, with the actual conference starting on Monday and running through Wednesday of that week.

General Impressions - First Day

Content GOOD; Logistics POOR.

The following is this reporter's experience of logistics at the conference:

Microsoft's Site Builder's web page failed to post a location map, address or conference phone number -- a number of attendees ended up at San Jose's Civic Center, at the opposite end of town, instead of the Civic Auditorium.

Upon arrival at the Civic Auditorium, all parking structures within a 3 block radius were marked as full -- this reporter was forced to pay $10/day to park at a hotel several blocks away.

Having arrived late, and having to correct several registration snafus, I attempted to determine where the main presentations were being held. None of the people in the information booths could direct me to where Bill Gates was giving his presentation, nor did the provided schedules indicate where it was being held. After flagging down another attendee, I was informed that the main auditorium was across the street.

While crowded, with standing-room only, the presentations were well-delivered and informative.

Lunch was a complete disaster, with no recognizable queue -- people were forced to just pile up against each other as they entered the Exhibit Area.

Dramatic Changes

Two years ago, Microsoft seemed oblivious to the Internet. After Netscape's IPO, this dramatically changed, and Microsoft rapidly released a large number of Internet clients and servers.

However, most of these initial releases exposed a failure to understand, appreciate or care about the existing culture or standards process of the Internet community. Their apps used home-grown standards, and Microsoft began publishing specs for a number of protocols that competed against ongoing Internet draft proposals.

Over the past 6 months, this attitude appears to have dramatically changed.

Microsoft's Internet Approach is now Standards-based

Microsoft has dropped its Active Worlds development, and has now adopted the VRML 2.0 standard for 3D Internet modeling and navigation.

Microsoft has also dropped it's PCT Private Communications Technology (PCT) in favor of the standard Secure Sockets Layer (SSL) secure session protocol. Their digital envelopes are based on industry standard X509 certificates.

Microsoft's "moniker" mechanism for object naming is now URL-based, and their name server is LDAP / X500 based.

Microsoft has adopted HTML as its standard documentation and help format.

Microsoft embraces Java

Microsoft has made Active X, and through it Win95 and NT, language-neutral. You can build Active X plugin modules from VB, VC/C++ or J++ -- and Internet Explorer supports both VBScript and JScript interchangeably.

Microsoft now endorces Java as a language for creating portable applets, and has provided the tools to simplify Java development and debugging, as well as digitally signing and publishing Java applets.

Microsoft supports Portability

Monday, Microsoft demonstrated Internet Explorer running on MacOS and Unix -- both running Active X plugins. The mac version of IE will available in another week or two; the unix version by the end of the year.

Considering the fact that Active X and J++ development is far simpler than Netscape plugin development, and the fact that IE is bundled with Win95 and NT, this should insure Microsoft's future dominance in the web browser wars. Similar advantages on the server side are likely to give Microsoft the lead in web servers, as well.

Microsoft becomes an Internet Leader

Microsoft is bundling all it's Internet technology into the operating system infrastructure and exposing it to developers, making Win95/NT a rich development environment -- freeing the developer from concerns such as transport/delivery, presentation, registration/authenticity, security, portability, and support for new technologies and hardware.

With the huge market share of Windows end users, the vast number of experienced Windows developers, and the ease of application development, it's easy to see why Windows has become the primary development environment for many new Internet technologies.

Second Day

Content OK; Logistics POOR.

The logistics of the day were pretty much like the first -- driving 20 minutes to look for parking, and finally parking 3 blocks away in the pouring rain was not a great experience.

The content of the first day, was generally good -- new announcements, detailed information, stepping through real code.

The second day was quite a contrast. Entry-level talks about nudging pixels on images to avoid dithering, discussions about what IIS, NNTP, SMTP/POP, etc is, plenty of discussions about CHAT/IRC (no mention of MUDs), occassional references to VRML, but no discussion or presentation of it -- in general, not much interesting for web-heads.

The "Advanced" Java session was a complete joke. While the speaker was entertaining, very little was covered that would be of interest to an advanced java programmer -- for example: descriptions of what init(), start(), stop() and destroy() do. There was a minor discussion of COM interaction, reference counting of Java/COM objects, digital signing of cabinets, and how the Java VM compiles Java bytecode to native objects prior to execution (and the revelation that these compiled objects are not cached) -- but otherwise, not much useful content.

A Few Exceptions

VIPER is a new object manager that will play a critical role in DCOM (Distributable COM). It's a request broker that serves up Active X controls, deals with user/process access, security, thread/memory/resource management, data retrieval, and yes, transaction management.

The key here is that as a developer, you can write Active X Controls that ignore issues such as security, threading, resource locking -- VIPER does it all for you.

Here's one senario:

• A requests comes in to your HTTP (web) server.
• The request is for an Active Server Page (ASP) that contains J-Script, which is parsed by the Active Scripts engine, and various Active X (COM) events/requests are sent to VIPER.
• VIPER finds the Active X objects, validates access, starts transaction management, allocates required memory/thread/resources.
• The Active X controls might be running locally, or eventually distributed on the net. They can be accessing data via a SQL server or creating data/responses on the fly.
• VIPER manages the transactions as they complete, and returns the appropriate data.
• The HTTP server assembles the responses into a HTML page, and sends it back to the requestor.

Such infrastructure is critical for a scalable environment and particularly for mission-critical systems development.

The Party

The Disco/Oldies section had great music and a dance floor, yet it seemed that the guys were unable to draw any gals into the arena. Despite feminine apathy to the music, a half dozen brazen guys kept the dance floor boppin'.

The Cajun food and live swing band upstairs was great. A pair of piano players entertained in a downstairs room as visitors munched on Mexican-American food.

Hot dogs, hamburgers, plenty of beer and top 40 music in the main area. And no surprize, the upstairs arcade games area was jammed with participants. The billiards area and hoop cage stayed busy.

Overall, it seemed people enjoyed the party.

Third Day

Content Good; Logistics POOR.

Again, the logistics were pretty bad, but the content of this day's breakouts seemed to contain more content.

The in-depth discussions of dynamic HTML were excellent.

Security

First, all email and newsgroup conversations (and until recently all web forms) are sent in plain-text over the internet -- anyone with a packet-sniffer in the route of your messages can read your messages. Not only are your "private" messages not private, but charge card numbers and other personal information can be easily acquired on the Net.

While the technology for correcting this problem has been available for some time, two things have kept it from being applied to the internet:

The first was simply a lack of demand -- the Internet was understood to be an open community; people new better than to send private data in clear-text -- so few proposals were adopted to correct this hole in the Internet.

The second was US government restrictions that prevented encryption technology from being distributed publically, or the use of digital keys that were too long for the government to easily break.

With the explosion of the Web and all the desire to do commerce on the Internet, there was suddenly a massive need to provide security on the Internet. To Netscape's credit, they proposed and implemented the Secure Sockets Layer (SSL) in their Navigator browser, and have since added it to their news server. SSL can be used for most of the Internet's major protocols.

Having accomplished that, there was still the governement's restriction of export, which made international use of secure web sites a problem. This is where Microsoft stepped in and introduced the Crypto API (CAPI) DLL that provides cryptographic support for standards such as SSL. Using their clout, Microsoft managed to get the US government to allow them to export CAPI in domestic and international versions of Windows95 and NT.

This allows US application programmers to create secure, exportable software that does not require special dispensation by their government to distribute their products.

Micrsoft presented CAPI, their support for SSL (the dropped PCT, their competing protocol), and added a low level authentication standard called SSPI.

They have also created a object encapsulation scheme that allows programmers and content creators to digitally sign their products so that users and distributors can validate the owner/creator of the object and check if has been altered in any way.

Working with VeriSign and other certificate vendors, Microsoft is adding certificate support in their web servers and clients to validate users, hosts, content and distributed objects.

Leveraging off of their object encapsulation and digital signing technology, Microsoft has also established the PICS rating system, which allows rating agencies to rate web content similar to the way movies are rated, allowing ISPs and parents to filter out unwanted content.

Dynamic HTML

The W3C committee has been working on the concept of HTML style sheets for a while; the original intent was to provide a way to make HTML a presentation description language.

Remember, HTML was originally intended to be presentation-neutral -- it was up to the platform/viewer/user to decide how the information should be presented. There was no guarantee that words would wrap at a particular place or even that HTML tags would be rendered the same way on different workstations.

Style sheets provide a way for a content creator to define how tags and content is handled and rendered, allowing them to control presentation.

Another part of this puzzle is the use of an obscure <DIV> tag that has been floated since the early HTML 3.0 drafts. The <DIV> tag defines an object container with an associated ID that is unique to that page. This can be used to embed other HTML pages, or to nest and reuse HTML objects. The ID can be used by scripts to target content to DIVided areas.

Microsoft has used the <DIV> tag to create an object-oriented HTML. In IE 4.0, all HTML components are stored within <DIV> objects, which can be referenced by ID.

Using JavaScript (or VBScript), you can modify the content of these HTML objects, or change the attributes of these objects - such as font color/size, on the fly. Scripts can also dynamically insert/remove HTML objects within a page.

Microsoft is working with the W3C committee to add attributes to the <DIV> tag, such as X/Y positioning and visibility, to allow scripts to move HTML objects about the page, or turn them on/off.

IE 4.0 even allows users to dynamically move HTML objects on a page, useful for game/instuction applications, as well as in-place HTML editing.

Microsoft demonstrated one useful application... for certain types of compact data, it makes a lot more sense to send the entire database to the user, and then let the client sort, filter and present the data. The user can click buttons or fill out a form, and the page can be sorted and updated locally, with no additional wire-transfer.

Summary

The key news that came out of the conference were:

• Microsoft is creating a total multi-user and name-space solution
• Microsoft supports client-side portability via IE 4.0
• Use Java and JavaScript
• Use the ActiveX distributable COM architecture
• Viper Object brokering
• Dynamic HTML and client-side forms

Another area that was missing was a plugin architecture for their communication servers, so that email, news, etc can be filtered via scriptable robots.

And finally, Microsoft is still missing a solution to digital certificate acquisition and management.

Otherwise, Microsoft seemed to have a pretty complete and sensible response to the needs of ISPs, site-masters and end users.