After the recent MSN debacle, how can .NET be entrusted with our personal data?

[Mike Mitchell]

I am reading about the ongoing problems with MSN (see
http://www.zdnet.com/zdnn/stories/ne...kpt=zdhpnews01)
and wonder how corporates and individuals will want to put their trust
(and their credit card numbers) into a Microsoft-organised system.
According to MSN vice president Richard Bray "an extremely rare set of
circumstances occurred when one of our database servers had a disk
controller fail. The backup for this controller also had an error
occur which resulted in a more lengthy path to full service recovery."

Lengthy path? The system's been playing up since Tuesday, apparently.
It might have been better public relations had Microsoft not been
keeping so stumm about the matter. Why so tight lipped, boys and
girls?

I see the .NET initiative threatening to turn into a fiasco, unless
Microsoft's own "distributed web services" can be seen to be 100%
reliable. Reliability is something not even the marketing people and
spin doctors cannot influence. Reliability just is.

MM

[Karl E. Peterson]

Can anyone else (running Win2000) get to windowsupdate.microsoft.com today? I can't.
Seems to redirect, probably based on what OS you're running.
--
http://www.mvps.org/vb



"Mike Mitchell" <kylix_is@hotmail.com> wrote in message
news:3b4612d2.474644@news.devx.com...
> I am reading about the ongoing problems with MSN (see
> http://www.zdnet.com/zdnn/stories/ne...kpt=zdhpnews01)
> and wonder how corporates and individuals will want to put their trust
> (and their credit card numbers) into a Microsoft-organised system.
> According to MSN vice president Richard Bray "an extremely rare set of
> circumstances occurred when one of our database servers had a disk
> controller fail. The backup for this controller also had an error
> occur which resulted in a more lengthy path to full service recovery."
>
> Lengthy path? The system's been playing up since Tuesday, apparently.
> It might have been better public relations had Microsoft not been
> keeping so stumm about the matter. Why so tight lipped, boys and
> girls?
>
> I see the .NET initiative threatening to turn into a fiasco, unless
> Microsoft's own "distributed web services" can be seen to be 100%
> reliable. Reliability is something not even the marketing people and
> spin doctors cannot influence. Reliability just is.
>
> MM

[John Butler]

Mike

The First Church of Microsoft's zealots will probably rip you apart for
posting this (but then, you knew that, right?)...

I have to say though that you're lumping the whole DotNet concept together
with Hailstorm/Passport/MSN..which isn't entirely fair. I personally don't
have any faith in Passport etc (since, as I posted elsewhere, I can login to
my Passport account, but they can't tell me what my name is???) but calling
the entire DotNet platform's technical merits into question, because MS's
Hailstorm initiative is at best shaky, at worst scary...is a long/cheap
shot...

I have a lot of issues with Microsoft at the moment, but looking seriously
into DotNet, the technical architecture is definitely well thought
out....please don't drag me into language issues etc. A lot of thought, by a
lot of seriously clever people, has obviously gone into the concept....and
if the execution is lacking...well its probably more likely the marketing
morons and possibly bean counters who have forced the Hailstorm/Passport
concept into the DotNet platform.

So what am I saying? Well, I guess part of me is deriding you for trying to
score a cheap shot....part of me is happy that problems like this are
happening...in the hope that Microsoft's IMHO relatively new, blatant
arrogance might be tempered a little by reality smacking them hard across
the gums.

rgds
John Butler

[John Butler]

I'm on Win2K and just got there without problems....they probably rebooted
the server(s)...that ALWAYS works <grin>

rgds
John Butler

"Karl E. Peterson" <karl@mvps.org> wrote in message
news:3b461d36$1@news.devx.com...
> Can anyone else (running Win2000) get to windowsupdate.microsoft.com
today? I can't.
> Seems to redirect, probably based on what OS you're running.

[Karl E. Peterson]

Hi John --

> > Can anyone else (running Win2000) get to http://windowsupdate.microsoft.com
> > today? I can't.
> > Seems to redirect, probably based on what OS you're running.
>
> I'm on Win2K and just got there without problems....they probably rebooted
> the server(s)...that ALWAYS works <grin>

Huh. Still can't here. Just talked to someone else (another newsgroup) who couldn't
get through with either WinME or XP. Something's up, as that confirmed it wasn't a
local DNS issue. Could be that one of their (multiple) DNS servers up there is
hosed, and it's luck of the draw which one hands out requests?

I was able to get the source for this page (below), which provides hints as to where
it's trying to redirect to, by handing the IP address [207.68.131.28] to SamSpade.

Just think, if this were pay-per-use, I'd be toast right now simply because they
don't know how to run redundant nameservers!

Thanks... Karl
--
http://www.mvps.org/vb


HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Connection: close
Content-Location: http://207.68.131.28/Default.htm
Date: Fri, 06 Jul 2001 20:21:09 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 13 Jun 2001 06:52:09 GMT
ETag: "ca71ea5dd5f3c01:7e7"
Content-Length: 4586

<HTML>
<HEAD>
<META HTTP-EQUIV="PICS-Label" CONTENT='(PICS-1.1
"http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by
"inet@microsoft.com" r (n 0 s 0 v 0 l 0))'>
<META name="description" content="The Microsoft Windows Update Consumer site provides
critical updates, security fixes, software downloads, and Microsoft Windows Hardware
Quality Lab (WHQL) device drivers for your Windows operating system and Internet
Explorer browser.">
<META name="keywords" content="windows update consumer site, update, updates, hotfix,
QFE, patch, patches, fix, fixes, features, Microsoft, TechNet, download, downloads,
service, services, software, service pack, service packs, windows 2000, win2k,
windows 98, 95, ME, Millennium, Internet, Internet Explorer, support, network,
administrator, technology, tech, Security, Security Bulletin, security vulnerability,
critical, critical updates, security update, outlook, Outlook Express, Windows NT
4.0, windowsnt, windows nt , interoperability, vulnerability, technical, y2k,
year2000, year 2000, resource guide, maintenance, planning, exchange, maintain,
networking, migration, resource kit, support, help, dialup, migration, windows media
player">
<TITLE>Microsoft Windows Update</TITLE>
<Script Language="JavaScript">
/* <!-- */
var szLang = "";
var strPage = "";
var VarUsrAgt = navigator.userAgent.toLowerCase();
var sQuery = location.search;
if( VarUsrAgt.indexOf("windows nt 5.1") != -1 )
{
location.replace( "http://v4.windowsupdate.microsoft.com/default.asp" + sQuery );
}
if ( ( (VarUsrAgt.indexOf("windows ce") != -1) || (VarUsrAgt.indexOf("msie 4.0")
== -1)) && (VarUsrAgt.indexOf("msie 5.") == -1) && (VarUsrAgt.indexOf("msie 6.")
== -1) )
{
szLang = "en";
if (VarUsrAgt.indexOf("windows ce") == -1)
{
if ( ( (VarUsrAgt.indexOf("compatible") != -1) || ((VarUsrAgt.indexOf("mozilla/3")
== -1)) && (VarUsrAgt.indexOf("msie 3") == -1)) || (VarUsrAgt.indexOf("netscape")
!= -1) )
{
szLang = navigator.language.toLowerCase();
if (szLang.indexOf("-") != -1)
{
if (szLang.indexOf("cn") != -1)
{
szLang = "zhcn"
}
else if (szLang.indexOf("tw") != -1)
{
szLang = "zhtw"
}
else
{
szLang = szLang.substring(0, szLang.indexOf("-"));
}
}
}
}
location.href = "R742/v31site/x86/w98/" + szLang + "/thanksstart.htm";
if (VarUsrAgt.indexOf("netscape") != -1)
{
window.navigate ();
}
}
var g_bIsWinUpdate = true;
document.open();
document.write("<FRAMESET ROWS=100%>");
if(location.search == "" || location.search == null)
{
document.write("<FRAME SRC=\"scripts/redir.dll?\">");
}
else
{
document.write("<FRAME SRC=\"R742/V31site/default.htm" + location.search + "\">");
}
document.write("</FRAMESET>");
document.close();
/* --> */
</Script>
</HEAD>
<NOFRAMES>You have tried to visit Windows Update with a browser that does not support
Frames or ActiveX&#174; technology. To learn more about browsers that do support
these technologies, please visit the <A
HREF="http://microsoft.com/windows/ie"><B>Microsoft</b></a> Web site.</NOFRAMES>
<NOSCRIPT>
<FONT FACE="Verdana, Arial, Helvetica" SIZE="3">
<p>
<FONT color=#000080 face="" size=5>Windows Update</FONT> is the online extension of
Windows that helps you get the most out of your computer.
</p>
<p>
Windows Update uses ActiveX Controls and active scripting to display content
correctly and to determine which updates apply to your computer.
</p>
<p>
<b>To view and download updates for your computer, your Internet Explorer security
settings must meet the following requirements:</b>
<ul>
<li>Security must be set to medium or lower
<li>Active scripting must be set to enabled
<li>The download and initialization of ActiveX Controls must be set to enabled
</ul>
<b>Note<b> These are default settings for Internet Explorer.
</p>
<p>
<b>To check your Internet Explorer security settings</b>
<ol>
<li>On the Tools menu in Internet Explorer, click <b>Internet Options</b>.
<li>Click the <b>Security</b> tab.
<li>Click the Internet icon, and then click <b>Custom Level</b>.
<li>Make sure the following settings are set to Enable or Prompt:
<ul>
<li>Download signed ActiveX Controls
<li>Run ActiveX Controls and plug-ins
<li>Script ActiveX Controls marked safe for scripting
<li>Active scripting
</ul>
</li>
</ol>
</p>
<CENTER>
<A HREF="http://www.microsoft.com/misc/cpyright.htm" target=_top><FONT color=
#00319C>(c) 2001 Microsoft Corporation. All rights reserved. Terms of
Use</FONT></A>.<BR>
</CENTER>
</FONT>
</NOSCRIPT>
</HTML>

[Daniel Pratt]

Hi John,

"John Butler" <nospamjrbutler@btclick.com> wrote in message
news:3b461fe8$3@news.devx.com...
> Mike
<...>
> So what am I saying? Well, I guess part of me is deriding you for trying
to
> score a cheap shot....part of me is happy that problems like this are
> happening...in the hope that Microsoft's IMHO relatively new, blatant
> arrogance might be tempered a little by reality smacking them hard across
> the gums.

I'll have to agree that HailStorm, et al are concerning developments at
MS. Quite frankly, I hope they don't succeed, at least in their present
form. I have to wonder, though, if the driving force is a sense of
self-preservation, rather than arrogance. Microsoft had to work really hard
to play catch-up after they ignored the internet for way to long. Now they
seem to be all-over anything that shows the slightest hint of being the
wave-of-the-future.
These issues do little to temper my appreciation of .NET*, however :-)

Regards,
Dan

*that is, .NET minus the marketing applications

[Karl E. Peterson]

Hi John --

> > Could be that one of their (multiple) DNS servers up there is
> > hosed, and it's luck of the draw which one hands out requests?
>
> Straight after I read your post, I tried it...and it worked. Now, reading
> your reply, I tried it again and it's broken like you said. They must be
> rebooting all their servers, and I got lucky the first time.

My bet's that thier nameservers are out-of-sync. Again. (This happened a couple
months ago too, and was initiated by a DOS, but then just cascaded into a Keystone
Kops charade as they tried to fix things. <g>)

> > Just think, if this were pay-per-use, I'd be toast right now simply because they
> > don't know how to run redundant nameservers!
>
> Head right on over and enter your credit card details...if you can find the
> server <grin>

I have seen the future, and it's not pleasant:

http://j-walk.com/ss/jokes/xl2004.gif

> PS...maybe another DOS attack? They never could withstand those...

CouldBe.

Thanks... Karl
--
http://www.mvps.org/vb

[John Butler]

"Karl E. Peterson" <karl@mvps.org> wrote in message
news:3b4623d5$1@news.devx.com...
> Huh. Still can't here. Just talked to someone else (another newsgroup)
who couldn't
> get through with either WinME or XP. Something's up, as that confirmed it
wasn't a
> local DNS issue. Could be that one of their (multiple) DNS servers up
there is
> hosed, and it's luck of the draw which one hands out requests?

Straight after I read your post, I tried it...and it worked. Now, reading
your reply, I tried it again and it's broken like you said. They must be
rebooting all their servers, and I got lucky the first time.

> Just think, if this were pay-per-use, I'd be toast right now simply
because they
> don't know how to run redundant nameservers!

Head right on over and enter your credit card details...if you can find the
server <grin>

rgds
John Butler

PS...maybe another DOS attack? They never could withstand those...

[Mike Mitchell]

On Fri, 6 Jul 2001 21:48:04 +0100, "John Butler"
<nospamjrbutler@btclick.com> wrote:

>So what am I saying? Well, I guess part of me is deriding you for trying to
>score a cheap shot..

I am just the Messenger. So shoot me!

>..part of me is happy that problems like this are
>happening...in the hope that Microsoft's IMHO relatively new, blatant
>arrogance might be tempered a little by reality smacking them hard across
>the gums.

Now, now! I didn't advocate violence. Pretty cheap shot, if you ask
me!

MM

[Bob O`Bob]

Mike Mitchell wrote:
>
> I am just the Messenger. So shoot me!
>

and

>
> Now, now! I didn't advocate violence. Pretty cheap shot, if you ask
> me!


Huh?



Bob
--
"you inadvertantly left the third-party opt-in box checked"
<news://news.devx.com/3b425fb7%241@news.devx.com>

[VBWyrde]

"John Butler" <nospamjrbutler@btclick.com> wrote:
>Mike
>
>I have to say though that you're lumping the whole DotNet concept together
>with Hailstorm/Passport/MSN..which isn't entirely fair. I personally don't
>have any faith in Passport etc (since, as I posted elsewhere, I can login
to
>my Passport account, but they can't tell me what my name is???) but calling
>the entire DotNet platform's technical merits into question, because MS's
>Hailstorm initiative is at best shaky, at worst scary...is a long/cheap
>shot...
>

I agree. Hailstorm seems to me to be a shot at gaining control of the centralized
data store of all personal data world wide. This is an objective that would
put The Vendor in a dominant position for world wide financial transactions,
and thus in the roll of middle-man - a necessarily lucrative place to be.
There is also the inevitability of them using Hailstorm for massive customer
tracking which can also be used for marketing purposes, and provide an additional
revenue stream in sales of the data itself.

The goal of centralized user data may be ineherently flawed, however. I
would think that people would prefer to store that sensitive data locally,
not centrally. If the Hailstorm project simply referred to a local database
on the client instead of a central database on a server and then transmitted
the relevant data to the requestor (provided the user had enabled them to
read their private data) then the system would have inherent trust mechanisms.
This would work. It would however deprive The Vendor of marketing oportunities.
However, The Vendor should be aware that a short term monetary gain could
poison the well and destroy trust in Internet Transactions if their model
(Hailstorm) is abused, or suffered from security breaches. Localized personal
data would stand a much better chance of being protected by if nothing else
(like PC Firewall) obscurity. On the other hand, centralized data has other
advantages to the user community, such as the ability to schedule with others
if calendars are on line. There could easily be devised a division of Personal
from Private data (credit cards would be private, for instance, but when
you're on vacation could be public, if you wanted).

As usual you can not lose money betting on the stupidity of the public.
Therefore, marketing personal seem to win every battle in the boardroom.
I would think, however, that this process would suffer a reversal after
the .Com meltdown, which at least to my mind proved (once again) that marketing
people need to be put in chains and kept on extremely short leashes least
they hurt something (like the economy, stupid).

Hailstorm is risk inherent for the user. The internet itself is risk inherent
for the user. But the question will be, Does the convenience it offers
out weigh the risk? Microsoft is betting the answer is yes. The only
problem is that on the day the answer becomes NO, the well will have already
been poisoned for other more rational attempts at the same idea.

Perhaps a central, non profit institution should be set up to provide server
services for a Hailstorm type initiative. Rules against allowing the data
to EVER be used in undisclosed ways, and a focus on security would give the
public a point of trust to hook on to. In this way the Hailstorm concept
might live, but without the liabilities that Microsoft would inevitably introduce
doing it themselves.

>I have a lot of issues with Microsoft at the moment, but looking seriously
>into DotNet, the technical architecture is definitely well thought
>out....please don't drag me into language issues etc. A lot of thought,
by a
>lot of seriously clever people, has obviously gone into the concept....and
>if the execution is lacking...well its probably more likely the marketing
>morons and possibly bean counters who have forced the Hailstorm/Passport
>concept into the DotNet platform.
>

Total agreement. .Net is an architecture. Hailstorm is an implementation.
These are two separate things. Haistorm can suck, while .Net can be fantastic.

>So what am I saying? Well, I guess part of me is deriding you for trying
to
>score a cheap shot....part of me is happy that problems like this are
>happening...in the hope that Microsoft's IMHO relatively new, blatant
>arrogance might be tempered a little by reality smacking them hard across
>the gums.
>

Not likely, but ok.

>rgds
>John Butler
>
>
>

VBWyrde

[Richard Curzon]

I liked it better a few years back when Sun was claiming MS didn't get it
about Java. You went to the MS website and saw MANY TIMES more Java applets
than on Sun's site.

As far as MS websites today, my own impression is they have about the best
balance of "uptime/features/current useful info" of it's competitors today,
say Oracle/IBM/Sun/MS. Put this another way, the MS sites suck less <g>.
(the old win95 team motto, remember? a worthy goal for any development
team...)

The weakest part is their own indexing. Still today if you want to find an
MS Q article, your best bet is to search on Google or Dogpile and come up
with their links into the MS pages <g>.

regards
Richard

--
-----
Live without dead time - Raoul Vaneigem
May I borrow your towel, my car just hit a water buffalo - Chevy Chase