Shocked by Word 2007
It was shocking to see a dialog box pop up in Word 2007 warning me that my user name and password were going to be sent in clear text over the Internet to post to my Blog engine via XML-RPC.
Microsoft, a company who was (and is) seriously threatened by serious security issues, would actually ship this feature? Yes! It is not sufficient to argue “tough-love” style about how users should be “happy” that any Blog-related feature is in Microsoft Word. Such passion is sound and fury signifying nothing.
Another approach that kisses much Microsoft ass would be to blame the Blog APIs for not being secure. Everyone on Earth who has a Blog should also have an SSL certificate? How about this one: Microsoft can implement their own secure, cross-platform Blog publishing service that plugs into Microsoft Office—in fact, it should be a product that is a part of their Office Live line of products. It is also an opportunity to demonstrate the superiority of WSE Security—or whatever they are calling this now.
Is Microsoft going to say that it is not technically possible to build, say, a WordPress plugin that calls Office Live? My ignorant guess is that lawyers and other political appointees would define such limitations and impossibilities. Hold it! Let me guess again… Windows Live Spaces publishing is secure from Word 2007, right? Did I just hear Dare Obasanjo smirk?
Another argument that Brian Jones would probably indulge in is the damned-do-damned-don’t argument. Had Microsoft excluded the insecure Blog APIs and only included the secure ones they would be accused of favoritism. My move would have been to exclude them for security reasons—that’s rea**lly being tough for real honest reasons. Brian Jones had a “guest writer” on his Blog, the developer of the Blog-publishing feature in Word 2007. See what this guy was thinking about back in May 2006 in “XHTML in Word 2007’s blogging tool.”
Remember Microsoft, these rude words come from a Microsoft shareholder.