Matt Mullenweg has a blog post entitled MSN Spaces Numbers where he writes

Scoble has been questioning the claimed numbers of MSN Spaces and somehow the conversation got sidetracked in the technicalities of “what’s a blog?” I’m not sure what Microsoft hopes to gain by inflating their numbers so much, now claiming 70 million “blogs”, but it’s interesting to note back in March they were claiming 123 million blogs at SxSW (Flickr photo of their booth). Of course that was like 2 name changes and reorgs ago. Maybe 50 million people left the service?

I wasn't planning to blog about the recent round of player hating on Windows Live spaces certain bloggers but the above claim by Matt Mullenweg that we are 'inflating' our numbers really got my goat.

First of all, the two numbers quoted above by Matt are unrelated metrics. The count of 123 million users is explained in the press release MSN Spaces Now Largest Blogging Service Worldwide which states that comScore Media Metrix has measured the service's reach as being 100 million unique vistors a month and this number is in addition to 20 million unique visitors from using the chinese version of MSN Spaces. The 70 million number is the number of blogs spaces that have been created since inception. This number isn't particularly interesting since it doesn't correlate to how many people are actually getting value out of the service.

For example, according to the LiveJournal statistics page their current statistics are

How many users, and how many of those are active?

• Total accounts: 10945719
• ... active in some way: 1870731
• ... that have ever updated: 7278240
• ... updating in last 30 days: 1164416
• ... updating in last 7 days: 679693
• ... updating in past 24 hours: 204465

According to those statistics only 1 out of 5 LiveJournal accounts is actually active. Of course, it would sound impressive to tout 11 million LiveJournal accounts even though the number of active accounts is much less. For that reason, the number of spaces on Windows Live Spaces isn't a particularly interesting metric to me nor is it to anyone I know who works on the product. We are more interested in the number of people who actually use our service and get value added to their lives by being able to share, discuss and communicate with their friends, families and total strangers. 

It's hard for me to believe that it's been five years since I was an intern at Microsoft. It's still fun to go back to read my blog posts about my Microsoft interview, my impressions halfway through the experience and my parting thoughts at the end if the experience. I've started thinking about my internship again because I'm going to be the mentor/manager of an intern in a couple of weeks and I've been taking strolls down memory lane trying to remember the experiences that made my internship worthwhile. 

My favorite experience is the story behind how I got the article Using the ECMA Standards: An Interview with Miguel de Icaza published on MSDN while I was still college and Microsoft had only said negative things about Miguel's Mono project up until that article was published.

It all started with an article on C|Net entitled Open source steps in to duplicate .Net which implied that Microsoft's licensing terms may not be favorable for Open Source implementations of the .NET Framework such as Mono and DotGNU. At the time, I thought it was rather two-faced of Microsoft to claim that the CLI and C# were going to be open ECMA standards but then threaten to prohibit Open Source implementations. So I fired of an ranting mail to the internal discussion list focused on the .NET Framework pointing out this inconsistency in Microsoft's position. At first, I got a bunch of replies smacking me down for daring to question Microsoft's strategy but after a couple of supportive mails from coworkers like Fadi Fakhouri, Omri Gazitt and a couple of others I eventually got routed to the right person. I met with Tony Goodhew who was quoted in the C|Net article and he set me straight. When I found out that this wasn't the case, I mentioned that it would be a great sign of goodwill to the Open Source community if Microsoft showed just how much they were supportive of such projects. Since I'd also gotten to know the author of the Dr. GUI columns on MSDN via another flame war email discussion, I had connections at MSDN and mentioned the idea to them as well. The MSDN folks liked the idea and when I pitched the idea to Miguel De Icaza he did as well. Although it only took a few email exchanges between Miguel and I to get the meat of the interview done, I didn't get the article completely edited and approved by MSDN until after my internship was done.

It was a pretty big deal for me when the article was published especially since Slashdot ran the story multiple times. The fact that I was just some punk intern and I got Microsoft to officially endorse Mono on MSDN was a big deal to me. The entire event made me appreciate Microsoft as a company and was a key factor in my decision to come to work for Microsoft full-time.

Now I'm trying to make sure I create an environment where the intern I'll be mentoring over the next few months can have similar experiences. If you are or have been an intern at Microsoft and don't mind sharing what rocked or sucked about your internship, I'd appreciate your comments.

The Windows Live Dev website has a new entry entitled New! Windows Live Contacts Gadget (beta) which states

Learn how, with nothing more than a little JavaScript, you can allow customers to use their Windows Live Contacts (Hotmail/Windows Live Mail and Messenger contacts) directly from your Web site.

To get started check out all of our developer info, the two working samples we’ve posted, and read the blog posts by one of the guys who developed it: Danny Thorpe.

What the gadget does is pretty simple yet powerful. It allows you to add a gadget to your page which logged-in Windows Live users can use to retrieve information about their Windows Live Messenger or Hotmail contacts and then input that data into your service. Think of it as adding a form fill or address auto-complete functionality to your site which uses that person's address book from Windows Live services to power it.

UPDATE: On inspecting the code it seems that my assertions in this post are incorrect. The change we made in the last release was not to enable Javascript by default. Instead it was to always ignore the Javascript setting chosen by the user for the newspaper view. This means that the current release of RSS Bandit is vulnerable to the majority of the flaws outlined in article linked below. I'll work on getting a release out that addresses this issue as soon as I can although this is complicated by the fact that we may not have a snapshot for the last release AND the first half of this week is very busy for me at work. If this security issue is a serious concern to you, my advice is to not use RSS Bandit until a release that addresses this issues is released or to switch to v1.3.0.29 of RSS Bandit which does honor the specified Security restrictions for the newspaper view.

A number of people have either sent me email or posted on the RSS Bandit forums asking whether RSS Bandit is vulnerable to the various issues raised in the article Blog feeds may carry security risk which states

LAS VEGAS--Reading blogs via popular RSS or Atom feeds may expose computer users to hacker attacks, a security expert warns.

Attackers could insert malicious JavaScript in content that is transferred to subscribers of data feeds that use the popular RSS (Really Simple Syndication) or Atom formats, Bob Auger, a security engineer with Web security company SPI Dynamics, said Thursday in a presentation at the Black Hat security event here.
...
"A large percentage of the readers I tested had some kind of an issue," he said. In his presentation, Auger listed Bloglines, RSS Reader, RSS Owl, Feed Demon, and Sharp Reader as vulnerable.

As protection, people could switch to a nonvulnerable reader. Also, feed publishers could ensure that their feeds don't include malicious JavaScript or any script at all, Auger said. Some services, however, rely on JavaScript to deliver ads in feeds, he noted.

To prevent this sorts of issues RSS Bandit allows users to optionally disable the running of Javascript, ActiveX or Java code in its Options dialog. Up until the last release we disabled Javascript, ActiveX and Java by default. However in the last release, we switched on Javascript by default to enable a particular features (i.e. specifically when you click on the envelope or flag on an item in the newspaper view to change the read or flagged state of an item). This means that by default RSS Bandit is vulnerable to the Javascript related issues mentioned in this article.

How to change this state of affairs is mentioned in the section of our user documentation entitled Changing the web browser security settings which has a screenshot of the Web Browser tab of the Options dialog where browser security restrictions can be set. 

Our users should configure the options to what best eases their security concerns. I'm still debating on what we need to do here in the long term but one thing I doubt we'll do is striping potentially malicious HTML tags since this seems to be a sledgehammer-like approach which may strip valid markup (e.g. <style> tags) from content. It's more likely that I'll remove our features that require enabling Javascript by default than go that route. I'd appreciate thoughts from our users on this.

Update: I was one of the developers contacted by James Snell and have failed to get back to him since I haven't gone through all of the tests he sent me yet.

Jon Udell proves again why he's my favorite technology journalist with his piece Why Microsoft should open XAML where he writes

The WPF/E runtime won’t implement all of XAML (XML Application Markup Language), a .Net language tuned for declarative application layout. But “the portion of XAML we’ve picked,” Gates told me, “will be everywhere, absolutely everywhere, and it has to be.”

“Everywhere” means the kind of ubiquity that the Flash player enjoys on Windows and Mac desktops, and to a lesser extent on Unix and handheld devices. And it sets up an arms race between Adobe and Microsoft, each giving away razors (that is, players) in order to sell blades (development tools).

Here’s a crazy idea: Open-source the WPF/E, endorse a Mono-based version, and make XAML an open standard. Why? Because an Adobe/Microsoft arms race ignores the real competition: Web 2.0, and the service infrastructure that supports it.

The HTML/JavaScript browser has been shown to be capable of tricks once thought impossible. Meanwhile, though, we’re moving inexorably toward so-called RIAs (rich Internet applications) that are defined, at least in part, by such declarative XML languages as Adobe’s MXML, Microsoft’s XAML, Mozilla’s XUL (XML User Interface Language), and a flock of other variations on the theme.

Imagine a world in which browsers are ubiquitous, yet balkanized by incompatible versions of HTML. That’s just where RIA players and their XML languages are taking us. Is there an alternative? Sure. Open XAML. There’s a stake in the ground that future historians could not forget.

When building rich internet applications today, the primary choices are AJAX and Flash. The reason that these are the two primary choices versus other options like Java, ActiveX, XUL, etc is their ubiquity. And AJAX is typically preferred over Flash because it doesn't require expensive development tools and there is the perception that AJAX is less proprietary than Flash.

Any technology that aims to compete with Flash and AJAX, has to be cross platform (i.e. works in Firefox and Internet Explorer at the minimum) and ubiquitous. Ubiquity can be gained either by taking advantage of the existing technologies within the browsers or by ensuring that the process for getting the runtimes on user's machines is seamless for end users. I have no doubt that Microsoft can eventually get development platforms ubiquitous on Windows. Earlier this week, I was reading a number of blog posts from people who tried out Windows Live Writer and don't remember anyone complaining about needing to have the .NET Framework installed to run it. It took a few years but it seems the .NET Framework is now on a majority of PCs running Windows if those blog posts is any indication. However it's taken a couple of years for that to happen.

If WPF/E is meant to be used in the same situations that AJAX and Flash are used today then it needs to give developers better advantages than the incumbents. If it was ubiquitous and cross platform, that would still just get it in the door. Jon Udell's idea to make it an Open platform on the other hand may take it to the tipping point. At the end of the day, Microsoft should favor building the ecosystem of rich internet applications that are accessible from Windows PCs than competing with Adobe for dollars from selling development tools for rich internet applications. This seems to be a better strategy to me. 

Disclaimer: The above post contains my own opinions and does not reflect the intentions, strategies, plans or thoughts of my employer

I was just reading Paul Graham's post entitled The Kiko Affair which talks about the recent failure of Kiko, an AJAX web-calendaring application. I was quite surprised to see the following sentence in Paul Graham's post

The killer, unforseen by the Kikos and by us, was Google Calendar's integration with Gmail. The Kikos can't very well write their own Gmail to compete.

Integrating a calendaring application with an email application seems pretty obvious to me especially since the most popular usage of calendaring applications is using Outlook/Exchange to schedule meetings in corporate environments. What's surprising to me is how surprised people are that an idea that failed in 1990s will turn out any differently now because you sprinkle the AJAX magic pixie dust on it.

Kiko was a feature, not a full-fledged online destination let alone a viable business. There'll be a lot more entrants into the TechCrunch deadpool that are features masquerading as companies before the "Web 2.0" hype cycle runs its course. 

I just uploaded a few gadgets to Windows Live Gallery and thought I should share something cool I learned from Jay Fluegel, the PM for gadgets in Windows Live Spaces. If you see a cool gadget on someone's space that you'd like to add to your space or portal page, all you need to do is click the '+' in the top-right corner of the gadget as shown in the screenshot below and viola

That's pretty hot and brain-dead simple too. Definitely beats having to trawl Windows Live Gallery everytime you see a cool gadget that you'd like to add to your space or personalized home page.

Caterina Fake of Flickr has a blog post entitled BizDev 2.0 where she writes

Several companies -- probably more than a dozen -- have approached us to provide printing services for Flickr users, and while we were unable to respond to most of them, given the number of similar requests and other things eating up our time, one company, QOOP, just went ahead and applied for a Commercial API key, which was approved almost immediately, and built a fully-fleshed out service. Then after the fact, business development on our side got in touch, worked out a deal -- and the site was built and taking orders while their competitors were still waiting for us to return their emails. QOOP even patrols the discussions on the Flickr boards about their product, and responds and makes adjustments based on what they read there. Now that's customer service, and BizDev 2.0.

Traditional business development meant spending a lot of money on dry cleaning, animating your powerpoint, drinking stale coffee in windowless conference rooms and scouring the thesaurus looking for synonyms for "synergy". Not to mention trying to get hopelessly overbooked people to return your email. And then after the deal was done, squabbling over who dealt with the customer service. Much, much better this way!

I know exactly where Catrina is coming from. Given that I work on the platform that powers Windows Live Spaces which has over 100 million users and 5.2 billion photos with over 6 million being uploaded daily, I've been on the receiving end of similar conversations about business partnerships revolving around integrating with the blogs, photo albums, lists and user profiles in our service. All of these partnerships have sounded obsolete to me in the age of open APIs. It seems to me to be much better to support de-facto industry standards like the MetaWeblog API that enables any tool or website to integrate with our service than have proprietary APIs that can only be accessed by people who we've made exclusive business deals with us. That seems better for our service and better for our users to me.

This definitely changes the game with regards to how our business development folks approach certain types of business partnerships. I probably wouldn't have called it BizDev 2.0 though. ;) 

In the post entitled Something went wrong at the W3C? Anne van Kesteren has a collection of links to rants about the W3C from Web-standards geeks that is sober reading. The post is excerpted below

Something went wrong at the W3C? Lets see:

1. To Hell with WCAG 2
2. Leaving W3C QA Dev.
3. An angry fix
4. SVG12: brief clarification on formal objections
5. SVG Tiny 1.2 in Candidate Wreckommendation stage
6. What's Wrong With The SVG Working Group
7. Angry Indeed

Reading some of these rants takes me back to days I used to work on the XML team at Microsoft and how I grew to loathe the W3C and standards bodies in general. All of the above links are recommended reading for anyone who is interested in Web standards. An observation that stood out for me was taken from Joe Clark's rant, To Hell with WCAG 2 where he wrote

And now a word about process, which you have have to appreciate in order to understand the result. The Web Content Accessibility Guidelines Working Group is the worst committee, group, company, or organization I’ve ever worked with. Several of my friends and I were variously ignored; threatened with ejection from the group or actually ejected; and actively harassed. The process is stacked in favour of multinationals with expense accounts who can afford to talk on the phone for two hours a week and jet to world capitals for meetings.

The WCAG development process is inaccessible to anyone who doesn’t speak English. More importantly, it’s inaccessible to some people with disabilities, notably anyone with a reading disability (who must wade through ill-written standards documents and e-mails—there’s already been a complaint) and anyone who’s deaf (who must listen to conference calls). Almost nobody with a learning disability or hearing impairment contributes to the process—because, in practical terms, they can’t.

This sounds like an apt description of the W3C working groups I used to track, namely the XML Schema working group and the XML Query working group. Both of which [in my opinion] have done more harm than good for the Web and XML by simply existing and retarding progress with the technologies they have failed to produced.

The question I sometimes ponder is what's the alternative? De-facto standards based on proprietary technologies seem to be one option as evidenced by the success of RSS and IXMLHttpRequest. There is also something to be said about the approach taken by Microformats community. Either approach seems preferable to the current mess we have with the W3C's approach to standards development. 

Robert Scoble has a blog post entitled Blogs and Digg, not geeky enough? where he writes

I notice a general trend looking through blogs, TechMeme, and Digg. There aren’t many coders anymore.

Five years ago the discussions were far more technical and geeky. Even insiderish. When compared to the hype and news of today.

It makes me pine for ye old RSS vs. Atom geek flamefests.

Anyone else notice this trend?

Sites like TechMeme and Digg hone in on what is popular to the general audience even if it is the general audience interested in software. There are more people interested in the impact of software-powered companies like Google, Yahoo!, Microsoft, MySpace, Youtube, and so on than there are people interested in the technology that powers these companies. There are going to be more people speculating about Google's next new service than those interested in a dissection of how the AJAX on one of Google's sites works. There are more people talking about Google Maps mashups than there are people talking about how to build them. There are more people interested in the next "Web 2.0" startup that Yahoo! is going to buy than are interested in technical language wars about whether Flash or AJAX is the way to go in building such sites. That's why you won't see Raymond Chen, Simon Willison or Jon Udell on TechMeme and Digg as often as you'll see the Michael Arringtons, Robert Scobles and  Om Maliks of the world.

This doesn't mean "there aren't many coders anymore" as Robert Scoble suggests. It just means that there are more people interested in the 'industry' part of the "software industry" than in the 'software' part. What else is new?