Project Watch: Microsoft 2008 OK, so choosing and installing the hardware - that was easy. I wish I could say the same for the software.

On the face of it all I had to do was install the beta version of Windows Server 2008, the production version of Visual Studio 2008 and the beta SQL Server 2008. Sorry, by beta of course I mean community technology preview. It appears that Microsoft has learned that renaming can be used to shed bad associations.

This bloke once walked into a meeting I was attending and introduced a new word to my vocabulary: "Hafta", as in: "We hafta do it this way because..."

I've been trying to shake it off ever since.

If, as reported, entertainment giant Paramount throws its weight behind the Blu-ray high-definition DVD format it would seem like a vote in favor of using Java (Sun PDF here) in digital TV entertainment.

Think you've protected your web applications from cross-site scripting (XSS) vulnerabilities? The odds are against you. Roughly 90 per cent of web applications have this problem, and it's getting worse as web applications and web services share more and more data.

Many frameworks and libraries are encoding, decoding, and re-encoding with all kinds of schemes and sending data through new protocols. Ajax and other "rich" applications are complicating this situation.

What made 2007 so quintessentially... 2007? Reg Dev wants to hear from you about the news, events and software that defined the year. Also, we'd like to know what you'd like to see happen during the coming year, and - this being the IT industry - what you think will really happen.

I enjoy the SmoothSpan blog but I’m not convinced by this article on Microsoft’s rift with the web.

I’m sitting in a session at Adobe Max Europe listening to Senior Product Manager Laurel Reitman talking about what a great open platform Adobe is creating.

The project's been wobbling along for 18 months. A bottle of champagne just went to the tester who logged the one millionth bug in TestDirector (and everybody cheered), the lead programmer looks like a raccoon that's discovered a departed junkie's heroin stash buried beneath a tree, half the programmers have quit, and the customer believes everything's fine... Although it does strike him as odd that all he's seen so far are static screenshots and Gantt charts with every single task stuck at "90 per cent". The project's in trouble.

Register Developer is changing.

We've moved our base of operations from the UK to Silicon Valley, where under a new editor - the Register's former software editor, Gavin Clarke - we will build on the work of Martin and David, who successfully established Register Developer.

Well, from the start of October, we hand over Reg Developer to Gavin Clarke, who's a Register employee (we were freelance) and works from California, where he sits at the development tools coalface and gets first crack at the news. Be kind to him.

Editors' Blog If computer game development is your thing, save your pennies and get yourself over to the Los Angeles Convention Centre.

From 18-21 October, the Game Developers Conference is being held in association with the Entertainment for All (E for All) exhibition.

Billed as a game career seminar, the conference will give attendees the chance to learn about the developer tools available, as well as what is involved in working in the industry.

The E for All event will also provide the necessary inspiration by giving developers a chance to play the games. It could, of course, also prove totally deflating by demonstrating that your "stupendously unique idea" has already been done by half a dozen other vendors.

Previous conferences have attracted some 16,000 delegates, so it will at least be a good place for wannabe developers to network. ®

I feel strangely sorry for Unisys, even though it has just won a race that is, arguably, well worth crowing about. But you see, it is the first company to run the new TPC-E benchmark that replaces the aged and venerable – and to be honest somewhat discredited – TPC-C benchmark.

It is, together with its partner in the process, Microsoft, the first to have generated any real numbers for the benchmark – and that is the problem. It is a bit like me running (running? Oh that is a bad-taste joke. Crawling or staggering would be far more appropriate words) the 125 metre `dash’ in 2 minutes 45.72 seconds. If I am the only one in this competition then maybe I did really well – who can tell?

Editor's blog Here are some thoughts on user-interface design and the simple psychology of rooking the user. Try this for an example: I have been staying at a hotel where there is Wi-Fi available in the form of a T-Mobile hotspot. Let’s not go to the length of criticising the hotel for not fronting this service itself, putting the cost on the bill, etc – or indeed, just burying the cost in the hotel charges so it appears free. What it does mean, however, is that one has to go through T-Mobile’s SignUpWithYourCreditCard process... tedious but survivable.

Who would have thought that some 50 people, from CIOs to developers, would feel strongly enough about anything to do with business to turn up at 7.30am in a London hotel, just to suffer a seminar. But that is what they did to witness a presentation by Luke Barrett, a senior analyst at Thoughtworks.

After three years gestation, the UK's Office of Government Commerce (OGC) yesterday gave birth to ITIL version 3. ITIL's friends promptly held a launch party in London to celebrate.

Editor's blog The British Computer Society Configuration Management special interest group (the BCS CMSG) has rather an oxymoronic name perhaps - who's interested in CM? Well, I am. I was interested enough to go to its bi-annual conference last week, and so, probably, is anyone actually involved in doing CM.

Every so often one is privileged to bump into an IT application which prompts the response: "yes, that is damned good". One such, in my opinion, is the Mediatheque inside the British Film Institute (BFI) building in London's South Bank complex.

What is a "Mediatheque"? For anyone who is a straight forward film buff or fan of old cinema, a cinematic historian or, like me, simply old enough to have memories of times worth being nostalgic about, it really is the place to go see.

Editor's blog We all know about the risk of identity theft in the real world, or we should know about it. But what about the virtual world?

Holger Wandt of Human Inference, a specialist in natural language processing to remove errors and duplicates from real world datasets, recently raised an interesting question concerning personal information in the virtual world.

Editors' Blog Almost 30 years ago when I first did my IT training, part of it was spent in ops, mounting tapes and trying to keep important systems operating efficiently.

At the same time, I met a programmer who took pleasure in "keeping the operators awake" by making them mount tapes pointlessly. Then I went into DBA, which (in those days) was a sort of "halfway house" between ops, development and good practice training.

Ever since then, I've been convinced that application design should include operational design. Any good application will be used for a lot longer than it took to develop, and throughout that time it will need performance tuning, recovery, upgrading, and so on – all of which represent special "user requirements".

Editors' Blog I recently had a chance to talk to a couple of execs from Antenna Software - Gregg Plekan, SVP Product Development and Jim Somers, VP of Marketing – about its Antenna Mobility Platform (AMP), announced at San Francisco Gartner Symposium/ITxpo on April 23, 2007.

I've just had an anonymous comment added to an irrelevent topic with the excuse: "The Drink or die thread seems to be closed so let's continue this here."

Well, I can't find this "Drink or die" thread anyway - it's this one, perhaps. However, I'm posting the orphan comment as a blog entry so you can all comment.

It's all about what you actually buy when you buy software:

[comment starts here]

"Nope. [I, the software vendor] didn't sell you any goods. You have bought a license to use Windows."

What license is that? [our correspondent, Mr Alfred Nonymous asks] The end user license agreement [that] shows *after* the sale?

I refer you to the Unfair Terms in Consumer Contracts Regulations 1999. Terms not individually negotiated in a consumer contract are unfair and hence non-binding. You [the software vendor] did not at the purchase negotiate any such agreement with me.

A recent survey from market researcher Evans Data Corp shows some interesting, if slightly contradictory, trends in the acceptance of mashing up as a future business tool.

This is the capability of pushing together functionality from different applications to create new, additional services for users: the classic current implementation being putting Google or Microsoft mapping services into other applications such as van delivery management services where finding locations quickly and easily is a genuine business benefit.

After a couple of days with the Teradata people at its Universe Conference 2007 (22-25 April), I'm seriously impressed.

I like Teradata's "one data warehouse" concept, with all the disaggregated data in a normalised store. I like the way it separates the logical views of the data (including the semantic view) from underlying physical database.

Intel has to find something to do with all that processing power it supplies and perhaps rendering yer actual Avatar is it. Well, whatever the driver, at the Think Parallel Intel EMEA Software Conference 2.0 in Lisbon, Jonathan Erickson (Editor-in-Chief, Dr Dobb’s Journal) gave a convincing presentation of Second Life as the new developer community. It’s just like an extension of Dungeons and Dragons really - not that I was ever a Dwarf in a distant castle dreaming of being a nerd programming banking systems, oh no, that wasn’t me at all, that was some other Dwarven manifestation….

Analysis The usual trouble with politics is that the people the process is supposed to defend are usually the ones to suffer most at the hands of those manipulating the political process. It looks as though this is the case in the arm-wrestling that is still going on between Microsoft and IBM and the standardization of OpenMXL and Open Document Format (ODF).

While the two main protagonists push and shove in their attempts to gain dominance (oops, probably a legally untenable word in this particular context) of the desktop office productivity tools market through gaining international standardisation ratification, the users are the ones who are likely to suffer.

So you thought Intel was a hardware company? In fact, it's also a major supplier of software – compilers and developer tools.

This was what the Think Parallel Intel EMEA Software Conference 2.0 in Lisbon was all about. I've only space to cover the main theme here (there was an interesting session I must return to, on Second Life, which Intel presumably hopes will soak up the multicore processing power it's going to be providing) and the tone was set by Herb Sutter (Microsoft software architect and chair of the C++ Standards Committee), who revisited his "the free lunch is over" warning (originally given here).

Apple will bring out an iPod with Wi-Fi wireless connectivity on board during the latter half of the year - if the latest whispers coming from Taiwan's electronics manufacturer community are to be believed, that is.

One of our readers, Bill Nicholls, has just written in with a comment on my "Housebuilding as a metaphor for software development" blog.

He says: "Deadline, quality, functions - pick any two." In short, every project is a tradeoff. The above assumes that cost is fixed, but if that is a variable, the above line becomes: "Cost, deadline, quality, functions - pick any three."

I commented favourably on Managed Object's "software guarantee" here - but also commented that such a "guarantee" has to be worded carefully if it isn't to have unintended consequences.

Well, Managed Objects has sent me a sample contract which it would use as a basis for "milestone payments" from its customers. Milestone payments are what implement its idea of a "software guarantee". See what you think.

I've had an email comment on my JavaScript Hijacking piece to the effect that everyone knows that you do your input validation on the server and that data you send down in JavaScript or in HTML is unsafe - so this really isn't a new exploit.

Well, that first part is true enough, but I disagree with the second. However, Brian Chess is about to put up a JavaScript Hijacking FAQ in the Fortify Software site, so I thought (in the best journalistic tradition) I'd nick his comment on this point.