Sleepless in Seattle

From Google to Microsoft, and from Microsoft to Google

Google的第三季度财报发布了，每股盈利$2.62超过预期的$2.42，总收入$18.7亿超过预期的$18.1亿。周五开盘，Google的股票飚涨至$450美元以上。

What a good day for Googlers. 我相信今天政道和佩堇（我的两位Stanford同窗，在Google工作）一定很开心，: )

我们3个人的career path很有意思，都和现在业界里最大的两家公司牵扯在一起了。

政道05年暑假的时候申请了Microsoft的internship，可能是面试的时候有点失误吧，结果没成功。然后他又申请了Google，Google给了offer。我一直认为这是MS recruiting犯下的一个大错误，不但让我没有机会和好朋友在Seattle相聚，更是失去了一个极为聪明的人才，我一直对这位开着BenZ上课但又极为聪明勤奋的台湾帅哥（well,其实政道是Stanford台湾学生会会长）充满敬意。政道结束intern后就直接进入Google了，希望将来还能有机会和他共事。

佩堇05夏天的时候和我一起在微软intern。大概很难想象这位上课经常睡着的时髦女孩居然是台大毕业Stanford硕士的技术高手吧。intern结束后，佩堇应聘了MSN Search（现在是Live Search了），也拿到了offer。可惜，她从一开始就是向往着Google的。也是啊，加州阳光明媚四季如春，正适合佩堇。Seattle经常阴雨连绵，未免太伤时尚女孩的心了。经过艰苦卓绝的斗争，佩堇终于也如愿进入了Google。

05夏天已经是我在微软第二年的intern了，夏天过去后，我发现自己不是特别想在Windows kernel部门供职。那时Web的第二次复兴狂潮在Google的推波助澜下已经山雨欲来了，我打定了主意要去那时的MSN部门（当然，半年后，Live就诞生了），最终，我落户在MSN Mobile。但一个Stanford的学生是很难拒绝和你一墙之隔的Google的诱惑的（well, actually Google Headquarter is about 5 miles away from Stanford），更有趣的是我在Stanford供职的research group: Stanford InfoLab的前身，就是Google的两位创始人Larry和Sergey起步的地方：Stanford Database Group。所以不去试一试Google实在说不过去。最后，我也拿到了Google的offer。

但最终，我还是决定去微软。有很多综合因素的考虑，和一个很特别的原因：那时的我，拼命地想逃离旧金山甚至加州以及回忆中梦魇般的一段故事。当半年以后我的生活有了很大改变并能心平气和地来回头看看的时候，我还是。

很想说的一句话是：和大家想象中的MSer hates Goolgler或者Googler hates MSer的不同，其实在美国很多IT公司的员工都和对手公司有着千丝万缕的联系。竞争归竞争，但那不是恶意地互相攻击或诋毁（那时公司法律部门和宣传部门的事，呵呵），我们也都秉持着职业操守不会去做违反道德或法律的事情。私下里，作为一个纯粹的技术人员，我们会冷静地分析双方的优势和劣势，会刻薄地批评我们看来不合格的产品（不管他们是属于哪一方的），会诚挚地赞叹令我们心服口服的技术（同样不管他们是属于哪一方的）。

In some sense，我很高兴自己最终被调动到了Live Platform组。在这个领域，Google是毫无疑问的领先者，而我就是喜欢play catchup game。我当然希望我们的产品最终能打败Google的，but in my personal life, 我还是很喜欢Google，我也认为有Google在，对技术发展而言是一件好事。垄断，是创新的毒药。

In fact, this is how my license plate looks like:

Let's get ready to rumble~~

=====================================================

I actually found another proof of my point:

http://fredericiana.com/2006/10/24/from-redmond-with-love

The Microsoft Internet Explorer Team sent us a cake for the  release of Firefox 2!

A big thanks to Redmond, Washington!

P.S.: No, it was not poisoned

posted on 2006-10-21 02:49:00 by demonfox  评论(10) 阅读(5364)

Apple blames Microsoft for a virus shipped with iPod

[Original Post: Yahoo -?Microsoft: Excuses on iPod virus not credible]

San Francisco (InfoWorld) - Security and quality assurance experts reacted negatively to Apple Computer's efforts Tuesday to blame manufacturing problems that resulted in iPod MP3 players shipping with a virus that affects Microsoft's Windows operating system.

That statement drew criticism from security experts, including Jonathan Poon, the man in charge of scanning Microsoft products for viruses before they ship.

"It's not a matter of which platform the virus originated [on]. The fact that it's found on the portable player means that there's an issue with how the quality checks, specifically the content check, was done," Poon wrote in a blog entry.

James "Randy" Abrams, who held Poon's job for more than a decade at Microsoft and is now director of technical education at ESET, agreed.

"The Apple iPod incident was not about Microsoft having a hardy operating system, it was all about security and process," Abrams told InfoWorld in an e-mail message.

Viruses on Microsoft's network weren't unusual when Abrams was testing that company's products before shipping them, he said.

"I released software in an environment surrounded by Windows machines. Many machines on the corporate network were infected. We never introduced a virus into the software in the release or manufacturing processes because we had a professional understanding of what it took to release what we were supposed to," he said.

"That Apple would blame Microsoft demonstrates a lack of understanding of remedial security and manufacturing processes. Virus was only a symptom of the problem. Apple didn't know what they were shipping," Abrams said.

Apple did not respond to phone and e-mail requests for comment before this story filed.

The news about the infected iPods was the second such story in recent days. On Monday, McDonald's admitted that 10,000 MP3 players that were given away in a promotion in Japan also contained a worm, identified as WORM-QQPASS.ADH.

Both Poon and Abrams said that Apple's response to the infected iPods fell short of McDonald's, even though the burger giant has precious little experience in the consumer electronics space.

"The difference in how McDonald's and Apple handled similar incidents paints a stark difference between management integrity and customer service focus," Abrams wrote.

"Both cases were flawed manufacturing processes. Mistakes can happen and smart companies accept responsibility, make things right with the customer, and fix the problems. Lesser companies play the blame game," he wrote.

McDonald's fix: a single link to Trend Micro's "Housecall" online virus scanning service and an open offer to replace infected players for free also won praise over Apple's response: a bunch of links to free antivirus software trials, including Microsoft's OneCare program, Poon wrote.

"Steve, if you need someone to advise on how to improve your quality checks, feel free to contact me," Poon said, referring to Apple CEO Steve Jobs.

Software companies have long known about the potential to introduce viruses and other malicious code during the manufacturing process, and have developed procedures to catch such infections.

Two such episodes in a week might indicate that malicious hackers have figured out that consumer device makers are less vigilant in their oversight, said Dennis Szerszen, vice president of marketing and corporate strategy at SecureWave, an end point security software vendor.

Apple may have had more lax oversight around the iPod because it wasn't software and wasn't, in itself, targeted by malicious code, he said.

"There may have been less rigor because they weren't cutting and shipping an OS," he said.

Given that, Apple is lucky that it was a virus that shipped on the iPods rather than pornography, pirated software, or some kind of religious or political propaganda that would have been even more damaging to Apple's name, Abrams said.

iPods and other consumer devices are increasingly finding their way onto enterprise networks, and are an increasingly common vector for attacks, he said.

""The end point is the final frontier in enterprise security, because it's where you and I bring our recreational attitudes and personal choices for how to work to bear," he said.

Companies should set up stringent policies about whether and how to use consumer electronics devices at work, but also set up systems to monitor their use and prevent malicious attacks or infections that might be carried by iPods, PDAs, and other consumer devices, Szerszen said.

posted on 2006-10-20 07:45:00 by demonfox  评论(5) 阅读(4761)

Http.sys

[Main Reference: Shawn Cicoria, Http.sys in WinXP SP2: What It Means with Windows Communication Foundation]

微软在Windows 2003 Server里引进了新的HTTP API和kernel mode driver Http.sys，目的是使基于Http服务的程序更有效率。这个改变的直接收益者就是IIS 6.0和ASP.NET。

其实在Windows XP安装SP2后，Http.sys已经出现在系统里了，但事实上，操作系统并没有真的使用这个内核级驱动，而XP上自带的IIS 5.1也没有使用HTTP API。

新的HTTP API里最核心的变化都封装在Http.sys这个kernel mode driver里了。在此之前，基于HTTP协议的程序都是在User mode下运行的，而且必须自己处理诸如软件中断、context switch、线程调度等等问题，并且往往无法自由接触系统资源。过去，HTTP服务器，如IIS, Apache等都是利用Winsock API来创建一个User mode下的network listener。Network listener通常独自（i.e.: per application or per thread basis）占用一个IP端口。通俗点说，就是在同一时间只有一个应用程序可以监听一个端口，这在有些时候是一个不太令人舒服的限制。你可以参看一下这个文件: %windir%\system32\drivers\etc\services，看看哪些程序需要占用哪些端口。

下面两张图展示了新的程序架构:

IIS 5 Process Model

IIS 6 Process Model

在IIS6中，我们可以看到使用了独立工作线程模式，并且直接调用了HTTP API和Http.sys，这使得诸如HTTP handshake和request management等工作可以直接在内核模式下进行处理，这样做效率更高，限制更少。并且，现在用户模式下运行的Application可以把注意力集中处理高层的程序逻辑上，而将底层的诸如请求调度、资源分配、socket管理等工作交给Http.sys来处理。在Windows 2003上，ASP.NET 1.1和2.0都使用了独立工作线程的模式，并且利用了新的HTTP API。在将来的IIS 7里，微软会引进新的Windows Activation Services (WAS)技术。

新的Http.sys带来的好处大致有如下一些:

1. 缓存 － 静态的内容现在被缓存于内核模式下，这使服务响应速度更快

2. 记录 （Log）－IIS的log功能更快且标准化了

3. 带宽控制 － greater scalability control and throttling (man, I hate these buzz words...)

4. 可靠性 － 所有的服务请求会在Http.sys里暂存入队列，而不是由服务程序本身来处理，这样，即使服务程序重启，尚未被处理的请求也不会丢失了

5. IP端口重用 － 现在，只要是通过Http.sys管理的端口（基本包括了那些著名的端口，比如80），都可以同时允许多个程序同时监听了，当然，在编程的时候，还有些命名规则需要注意，请查阅相关资料。

要利用新的HTTP API必须使用Windows 2003平台。在.NET 1.1中，你必须自己写wrapper class利用PInvoke来调用native的HTTP API (doc: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/http/http/http_api_start_page.asp)。在2.0中，.NET加入了新的HttpListener类，从而使调用HTTP API变得很简单。

而当在更新的Windows Communication Foundation (aka, Indigo)里，这一切就更简化了，WCF不但直接使用了HttpListener，而且提供了对很多典型的网络通讯模式的支持，比如Duplex Message Exchange Pattern等。并且，如果想让多个程序监听一个共同的端口，你现在需要做的只是在WCF里注册一下不同服务的URI就行了(notice, there are more details you need to know here to actually get it to work)。

Duplex over Http Message Exchange

更多关于如何编程的信息请Google (oops, Live search) 文中的各个关键字，本文只是做一个初步的介绍。

More reading: IIS 6 performance: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/iis6perf.mspx

=========================================================================================

关于IIS 6和Http.sys，我前两天的时候碰到一个奇怪的情况。我利用HttpModule写了一个Http服务，但我的测试程序发出一个url超长的请求时 ( > 260 chars)，IIS立刻返回400 bad request。

我查阅了很多资料，发现Http.sys有对Url Segment length有限制（max: 260 chars），通过修改注册表，我们可以改变这个limit: http://support.microsoft.com/kb/820129。

但更奇怪的问题是，我该了UrlSegmentMaxLength键值后，IIS仍然返回400 bad request。又经过多方询问，有人竟告诉我这个不是IIS的问题（确实不是IIS的问题，因为我查到有其他例子在修改UrlSegmentMaxLength后顺利运行的），而是CLR/ASP.NET对max path length有限制。

我真是吓到了。CLR? Max path length = 260??!! Are we back to the dark ages?? I simply cannot believe it....

如果有哪位知道确实的情况，请不吝赐教。

P.S.: IE 7 does not cooperate with the online editing control of .TEXT.  I have to reformat the whole article in IE 6.  Probably have to use Windows Live Writer for a while now until we upgrade the system.

posted on 2006-10-19 18:34:00 by demonfox  评论(5) 阅读(6669)

Lyric syncing in Windows Media Player

CSDN上有人问：“百度的歌词同步显示怎么做”：Sample
 

我不知道百度到底是怎么做的，不过如果要我猜，估计就是用微软的SAMI (Synchronized Accessible Media Interchange)标准（注：Apple的Quicktime用的是SMIL标准：Synchronized Multimedia Integration Language）。这里有一个完整的tutorial，关于SAMI格式，以及如何在网页里使用与embedded Windows Media Player同步的SAMI subtitle：

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmpsdk11/mmp_sdk/addingclosedcaptionstodigitalmedia.asp

这可以读读这个：

http://www.webaim.org/techniques/captions/windows/

更有兴趣的朋友可以看看Windows Media Player SDK，我曾经做过一个mini Demo Project，用C++写的，利用WMP SDK和一些Windows Locale API来根据不同的用户语言设置来为当前播放的媒体文件调用不同的字幕文件。

posted on 2006-10-11 17:00:00 by demonfox  评论(1) 阅读(5357)

君再来

信箱里来了一个书讯：

CLR via C++/CLI
Jeffrey Richter

Release Date: November 29, 2006

Jeffrey Richter，我最喜欢的作者之一。CLR，我最想深入了解的framework。而C++呢？犹如那在深山中学艺时伴随自己春去秋来的宝剑，似乎仍依稀记得那几招几式，但真的已经很久不用了，很久不用了。

在Stanford的时候做了很多.NET Compact Framework的内容。工作了，重心又换到Javascript和AJAX上。上一次写大型的C++程序是什么时候？也许还是一年前在Windows MUI intern的时候吧？或者是在写Multi-core MapReduce Framework的时候？

可那些曾经很痴迷的Effective C++的条款、Generic Programming的奥秘、STL的源码，都已经让自己无法再那么激动。在CSDN上仍会看到无数的小孩执著地追寻那一个个关于继承关于泛型关于各种各样C++规则的奇怪问题，而我只是默默地翻过那一页。

直到看到Jeffrey新书的书讯，才惊诧地意识到，C++仍是我内心深处的01世界的中流砥柱。它从没有离开，就像那一柄尘封有年的宝剑，当它再次出鞘的时候，那刻苦修炼的日日夜夜又再次回到你的记忆中。又或许它已经不再那么锋利，它只是变得更古朴而不起眼，默默地化作那一棵支撑的石柱。

11月29日，在这之前，我应该已读完了Ajax系列的几本书了吧。

posted on 2006-10-06 03:57:00 by demonfox  评论(2) 阅读(5424)

Modify GUI from the worker thread (C#)

我在这里看到的：http://devdistrict.com/CodeDetails.aspx?A=366，不知道为什么是9/15/2006才提交的文章，应该是很平常的东西了呀。

Anyway，文章很短，我简单地意译了一下：

多线程程序应该避免在一个worker thread里直接改动GUI的内容和对象（注：I believe .NET runtime will now throw an exception if you actually do that.）

Worker thread应该通过以下方式来更新GUI:

public partial class Form1 : Form
...{
    private delegate void PrintMessageDelegate(string msg);

    public Form1()
    ...{
        InitializeComponent();
    }

    private void button1_Click(object sender, EventArgs e)
    ...{
        //Start new thread
        Thread t = new Thread(new ThreadStart(DoWork));
        t.Start();
    }

    private void DoWork()
    ...{
        //Marshal request to the GUI thread
        textBox1.Invoke(new PrintMessageDelegate(PrintMessage), new string[] ...{"Print this!"});    
    }

    private void PrintMessage(string msg)
    ...{
        lock (this)
        ...{
            textBox1.Text = msg;
        }
    }         
}

在上面的程序中，当你点击按钮时，程序生成了一个新的线程。在这个新的worker线程里，我们想修改TextBox的内容。Worker线程marshals a call to the GUI thread。但GUI进入CPU运行的时候，它就会调用marshal过来的PrintMessage函数了。

posted on 2006-10-05 08:25:00 by demonfox  评论(4) 阅读(6015)

Google Gadgets

今天的路透社报道：http://www.eweek.com/article2/0%2c1895%2c2024149%2c00.asp

Google Universal Gadget Gallery: http://www.google.com/ig/directory?synd=open

Any gadget on any random site??!!  That rocks.

从Konfabulator (now Yahoo! Widget)、Apple、Google Desktop Bar和Windows Vista Sidebar里的Desktop Gadget，到Google和Live.com (http://gallery.live.com)的Web Gadget on a specific hosting site，再到Google's Universal Gadget，Google看来又领先了一步。

需要说明的是：微软并不是没有"Anywhere" gadget，就我所知，我们有一个：the Contact Gadget (http://dev.live.com/blogs/devlive/archive/2006/08/18/46.aspx)。但是Contact Gadget最主要的目的不是"anywhere"，而是其中的cross-domain scripting, controlled script loading, 以及Live ID login mechanism。

可惜这些不是评论家们和普通用户会关注的功能，"Anywhere"的功能显然更容易得到眼球和掌声。

No, no, don't get me wrong.  I said, "that rocks".  I'm just wondering when we will do something like that.

P.S. 1: Contact Gadget的Oct Release就在明天(well, we will call it "Contact Control" just to differentiate ourselves from the rest of the gadget world due to the special functionalities this Contact Control has)，有兴趣的朋友可以关注一下: http://dev.live.com

P.S. 2: Donavon West (Microsoft MVP for Windows Live Development)在liveside.net有遗篇不错的新文章：http://liveside.net/blogs/developer/archive/2006/10/03/Live-Spaces_3A00_-The-challenges-facing-gadget-developers.aspx

P.S. 3: 对Windows Live Gadget或者http://dev.live.com上任何技术有兴趣的朋友如果有问题可以联络我：yuanyu AT-NO-SPAM microsoft.com 即使我不能解答，我也可以forward你的问题到相关的组。Just one thing: I will recommend writing the email in English,  Sorry for the inconvenience, but we just try to speed things up a bit,

===============================================================

因为工作上的原因，暂停了blog约2个星期。不过我想以后即使不写heavily tech-oriented的东西，写点新闻信息评论也是可以的。

posted on 2006-10-05 01:53:00 by demonfox  评论(4) 阅读(4727)