Geekularity

Microsoft disclosed today that most active versions of Windows (2000 through Vista) have a serious security flaw in how they handle animated mouse cursors. In this security advisory, Microsoft describes that, clicking on a link in an email message, stumbling across a malicious website, or even a legitimate website that’s been compromised can lead to unintended code execution. Just about the only safe environment is Windows Vista with IE7 in full lock down mode. This security threat is considered a zero-day exploit, meaning that examples of exploitation have already been observed in the wild, and currently there is no fix from Microsoft. So, keep running your windows update over the next few days or check back here for links to helpful resources. In the meantime, don’t open emails from people you don’t know, and stick to surfing the websites that you do know… you know… normal, safe Internet practices.

[UPDATE 2007-04-02 1:00 PM PST ]

Security Firm eEye Research has released an unofficial security patch in response to the animated cursor vulnerability. Please see their press release for details. However, Microsoft is expected to release their official hotfix or patch tomorrow.

[UPDATE 2007-04-03 3:00 PM PST]

Indeed, Microsoft has released a security patch out of cycle in order to guard against known, real-worl threats from the Animated Cursor flaw. If you have not done so already, please run Windows Update to grab the most recent patches.

Thanks to Robert Scoble for pointing this out in his blog. Microsoft has taken the street level image database developed by Amazon’s A9 engine and is taking it up a notch. Nice interface! I was able to drive what looks like a Lotus Elise the wrong way down The Embarcadero in San Francisco! It’s kind of fun actually.

Here’s a classic Win-Win solution! And there’s no need for AOL and Yahoo to extort money from email senders in the name of stopping SPAM. In fact, let the SPAM keep coming! Using a Dance Dance Revolution mat and Microsoft’s experimental StepUI, the fat-ass computer user (as you can see, mine is only a medium-sized-ass, but I need to work on it!) can burn the calories moving their spam into the trash! I love it! Here’s the article by Mary Jo Foley of Microsoft Watch where I first read about StepUI. ¡Viva la DD Revolución!

A Microsoft GUI designer discussing the latest version of their navigation system in the auditorium of the company from which the original version was essentially stolen 25 years ago.

I’m not trying to stir up the Xerox/Apple/Microsoft UI controversy. In computer time, 25 years is archaeological history! But I did chuckle to myself as I sat in BayCHI’s monthly lecture, held at Xerox PARC where Jensen Harris, project lead for Microsoft’s User Experience Team outlined the new “Ribbon” interface that will debut in the next version of the MS Office. To Jensen’s credit, he too saw the irony and made mention of it towards the end of his presentation.

What is the Ribbon?

First get rid of the menus and toolbars as you know them today. Also, do away with the right-click option dialog boxes that we’ve all become used to. Now create a region at the top of the window that contains context-aware tabs that present visual queues of the result should you click on one of its elements. These visual representations are very rarely an icon as we know them today. They’re more like in abstract view of what your document will look like if you click on it.

If the little abstraction isn’t enough to explain what the result will be, then just pause the mouse over the element, and your document will change to a live preview of what it will look like if you use that feature. It lets you see the results before you click, saving you the hassle of trying each feature and then click on the undo button. Jensen called it feature browsing and it’s Microsoft’s interpretation of Jakob Nielson’s “Result’s Oriented Design” philosophy.

Excel 2003

Excel v12

The screen shot of the ribbon above doesn’t do justice to this new UI. You really have to see it in action, or better yet use it yourself because it’s a big departure from the menus and toolbars we have used since the early days of graphical UIs. It will impose a steep learning curve for most users since, to date, Microsoft does not plan to offer a legacy mode to fall back to. The chasm between the two methods is just too vast. So the next version of MicrosoftOffice will involve a leap of faith that I believe is worth it.