Microsoft PDC/Longhorn
[Scott Hanselman](http://www.hanselman.com/blog/) has been blogging about the Microsoft PDC and all of the upcoming stuff in Longhorn. Some items: the [first look at XAML](http://www.hanselman.com/blog/PermaLink.aspx?guid=b1853566-1d7f-429f-b926-5af79111f721) makes it sound a bit like a Glade XML UI description in GNOME. A [code example](http://www.hanselman.com/blog/PermaLink.aspx?guid=a3e34445-1a08-4a4b-a199-5f4da8fcd43e) makes it sound more like XUL from the Mozilla project. [Eric Meyer](http://www.meyerweb.com/eric/thoughts/200310.html#t200310024) thinks so too…
*First concern:* I hope that trust issues are considered if people can inject this kind of code into “HTML mail”. Otherwise we could have another security mess on our hands. This is the same kind of XSS issue that we routinely have to deal with because of active scripting being allowed at any point in a HTML document.
*Second concern:* I also hope that this does not kill off all competition in development platforms. It can’t, can it? We heard the signs of death approaching when *.NET* was the hype of the day. Diversity can also survive this. What Microsoft is doing sounds like good stuff, but nothing completely original as far as I have heard so far. I expect to see better-than-average implementations and excellent wizards though 
What else? Avalon… a vector-based API for rendering. Again, not “new” as an idea (Nautilus has vector-based views), the difference is in the promotion of this as a “top-level API”, which is not really done with the SVG libraries in GNOME. I think. And the description of the creation of XAML code directly from _Adobe After Effects_ was interesting. I wish we could do that to create XUL code…
A “non-execute” flag for pages in memory. Isn’t this already a possibility on some architectures, just not on x86? Did I hear it was on the new AMD stuff (too tired to look that up)? This won’t stop all buffer overflows from being exploitable—there will still be a lot of writable executable pages—and if there aren’t, there could be code in memory which will do what you want, so just jump to there. But it’s nice to see this in there as a spur to get non-exec added to the Intel architecture. This isn’t a Microsoft thing really though, so come on Intel!
System.MessageBus—hmm there are aspects of this which sound a bit like D-Bus. But a lot more fully-fledged an idea I think. Sounds like Microsoft have a useful messaging architecture worked out in this.
Okay, I admit it. I’m impressed 
October 29th, 2003 at 2:47 am
XAML sounds just like GNOME XML UI descriptions. I wonder if they plan to *interpret* that at runtime (which would be cool, and is what libglade in GNOME does) or generate code based on it (which would be stupid).
Isn’t there an SVG canvas widget in GNOME? That’s pretty much a “top-level API” GNOME-wise, if there is…
non-exec page flags; I think x86 supports this already, http://www.usenix.org/events/sec01/full_papers/frantzen/frantzen_html/node32.html
seems to suggest it does.
PS: that Hanselman guy really drank the kool-aid
October 29th, 2003 at 10:28 am
“Seems like”:http://weblog.infoworld.com/udell/2003/10/28.html#a834 Avalon may be the whole API, including XAML and the other bits which go into describing a UI on Longhorn.
And my worries about XSS on the web may be unfounded, as there is a complete disconnect between XAML/Avalon and the web. Web services is the way Microsoft obviously want to take people… Do you want to go there today?
October 29th, 2003 at 10:32 am
“librsvg”:http://librsvg.sourceforge.net/
bq. The leading free SVG renderer for Unix
A question from the “xsvg mailing list”:http://www.xsvg.org/pipermail/xsvg/2003-April/000138.html in April of this year, which suggests that _gnome-canvas_ cannot do any SVG yet. But that was half a year ago, I haven’t been keeping up…
bq. What is the best suited for my purpose? Using librsvg which is greatly integrated with GNOME or using libsvg with hooks on gnome-canvas but is not actually distributed with gnome and will force my future users
October 29th, 2003 at 10:52 am
This is how PaX does the “non-exec pages”:http://pageexec.virtualave.net/docs/pageexec.txt
Sounds a bit hackish, and a bit slower at code execution, it’s *such* a hack. It’d be nice if we had real support for non-executable pages, but maybe this is what Microsoft means.