Skip to main content

[Source Distributed Extensibility Submission from Microsoft - 30 September 2009]

It is a common practice for authors, tool vendors, and library authors to want to extend languages to represent additional information that can't be adequately described by the standard grammar. ... Here are a few examples that apply to HTML:

  • A JavaScript library processes custom tags in a browser and turns them into custom controls dynamically on the page.

We would very much like our proprietary Custom Tags to validate.

  • A browser wants to allow custom behaviors to be defined in one module and attached automatically to custom elements.

We would very much like our proprietary HTML Components to validate.

  • An author includes processing instructions in the document that will be processed by a server before delivering the document to a user agent.

We would very much like SharePoint's proprietary InfoPath processing instructions to validate.

  • A HTML document editor adds information about tool settings so that a subsequent editing session can continue with the same settings.

We would very much like Word's "export as HTML" output -- which is so proprietary that it has spawned an entire cottage industry dedicated to "cleaning" it -- to validate.

In many cases, the language customizations are used for small niche applications and don't require the burden of centralized standardization. Instead these extensions are defined in a distributed fashion among groups of interested developers or authors.

We like making up our own shit.

A Distributed Extensibility model for standard HTML is desirable because it means that user agents from different vendors that adhere to the standard can be assured of correctly processing mark-up that contains extensions without destroying the integrity of the document.

Other people keep fucking up our shit.

The proposal as stated closely matches behavior that Internet Explorer has had for a number of releases, reducing compatibility concerns.

I am high as a kite.

Supporting distributed extensibility means providing a standard repeatable mechanism for creating these extensions without the need for centralized agreement.

We're going to keep making up our own shit, whether it validates or not.

(with apologies to John Gruber,
who did it first and did it best)

Postscript: I am not "against" extensibility, or distributed extensibility, or decentralized extensibility, or whatever we're calling namespaces this week. I just think it's funny that some people read this proposal and immediately jumped to The Glorious And Infinitely Extensible Semantic Web With Unicorns And Ponies, when it's really just an attempt to get the HTML Working Group to bless a collection of Microsoft-proprietary technologies that they've jammed into Internet Explorer over the years.


This is a letter I sent to my father to explain what it means that Microsoft is pulling support for MSN Music. Tech issues like this often bubble up into the media that he reads, but they are rarely explained well. My father assumes I have an opinion on such stories, and he is rarely wrong.

Actually, it is still technically in the future tense. The day the music dies will be August 31, 2008.

But first, some backstory.

It was the Dark Ages, around 2004 or so. The iTunes Store was new and booming. Microsoft, in its bid to be the center of everything without having to deal with pesky "end users", decided that the way to fight Apple was to create a developer platform. This developer platform would handle all the technical details of ensuring that people could "purchase" music files from a variety of online vendors, and play these music files on their (Windows) PC or on a variety of handheld music players. This developer platform would also ensure that such "purchased" music files could not be copied. This involves a lot of fancy math (encryption) which Microsoft was happy to license to companies running online music stores and companies making handheld music players, as well as including by default in all modern versions of Windows.

Bruce Schneier, a famous cryptologist -- or at least as famous a cryptologist as cryptologists are likely to get in this century -- once described attempts to make digital bits uncopyable as "trying to make water not wet."

Microsoft named this developer platform "PlaysForSure", and they (and their partners) ran many, many ads decrying the fact that music purchased from Apple's iTunes Music Store would "only" play in iTunes and on iPods. This was, technically speaking, true -- and indeed it is still true, and it is why I have cautioned Dora and you and anyone else who would listen that you should never "purchase" anything from the iTunes Music Store that you might want to "own" longer than Apple was willing to allow. Nor should you "purchase" anything from a "PlaysForSure"-compatible music store, and for the same reasons, only with the word "Apple" crossed out and "Microsoft" written in in crayon.

To their credit, if that's the right word, you can now purchase some music from the iTunes store that is unencrypted and plays anywhere. Apple calls these songs "iTunes Plus", because it sounds so much better than calling everything else "iTunes Minus." Apple has also promoted podcasts and other non-traditional sources of "things you might want to download onto our handheld devices where we make all of our money." Steve is many things, but he is not an idiot.

To demonstrate the awesomeness of their developer platform, Microsoft opened their own online store, MSN Music, so they could compete directly with their business partners who also offered "PlaysForSure"-compatible music downloads. Because there's nothing end users love more than fake choices.

The Electronic Frontier Foundation (EFF) -- to whom I donate money every year because they are the digital embodiment of Tom Lehrer's description of folk singers as "the people who get up on stage and come out in favor of all the things that everyone else in the audience is against, like peace and justice and brotherhood and so on" -- has also been warning anyone who would listen that they should not "purchase" encrypted music from these services, since if these services go under then all that "purchased" music will no longer... what's the word... "play". But mostly people ignored them (and me), because, you know, Microsoft was at the center of it all, and nobody ever got fired for "buying" from Microsoft. Or something.

So what happens on August 31, 2008? On that day, Microsoft will turn off the servers that they maintain for the sole purpose of validating that the songs that people have already "purchased" through MSN Music are still theirs to play. Those people (hereafter "the victims") will not notice the change right away. The victims will only notice it when they purchase a new computer, or when they upgrade the operating system on their current computer, or when the hard drive in their computer dies and needs to be rebuilt/reinstalled. At that point -- transferring the music files they have "purchased" to another drive or a new computer -- the Microsoft music player running on the victim's PC (like iTunes, but all Microsoft-y instead of Apple-y) will make a call to Microsoft's validation servers to verify that the music files were legitimately purchased. This call will fail, since the servers are not responding, since Microsoft has intentionally turned them off. The Microsoft music player will then conclude, incorrectly but steadfastly, that the music files were downloaded illegally and that the victim is a filthy pirate, and it will refuse to play them. In this case, the left hand knows exactly what the right hand is doing: they're both giving you the finger.

It is at this point that I am reminded of one classic call that I fielded when I worked at the AT+T Relay Service. One Friday night, a deaf person called Pizza Hut to, well, I don't know, but probably to order a pizza of some kind, and the guy answered the phone with "Pizza Hut, we're out of dough... can I help you?" Can you make me a pizza? No, we're out of dough. Do you make anything else? No. Then you can't help me! Does your music player play this music I "purchased"? No. Does your music player do anything other than play music? No. Then you can't help me either.

Outside the EFF, a few of the smarter industry analysts (not this guy) have been predicting this doomsday scenario for a while. In 2006, Microsoft tacitly admitted that its PlaysForSure strategy wasn't working when they announced that they were going to sell their own handheld music player (the "Zune", which competes with the iPod... and with all the other handheld music players from Microsoft's "PlaysForSure" business partners) and start a second music service (which would directly compete with the iTunes Store... and Microsoft's "PlaysForSure" business partners... and Microsoft's own MSN Music store). End users, it turns out, aren't so bad after all; they just can't be trusted to make the right choices.

Also, to ensure that no one could screw this one up except Microsoft, this new music service and new handheld music player would use an entirely new encryption system that was incompatible with "PlaysForSure", and the encryption system would not be available for licensing. Any victim who had "purchased" music through Microsoft's old MSN Music store had no upgrade/migration path to transfer those music files to their new Microsoft Zune; the victim would have to re-purchase the same music all over again. But the victims were assured that their existing MSN Music "purchases" would continue to work as long as they owned "PlaysForSure"-compatible devices. Except now they won't, because Microsoft is turning off the servers that verify that the music they "purchased" a long time ago is still theirs to play.

As you might expect, the EFF is just bursting with joy at the prospect of rubbing salt in the wound and saying "I told you so." This is their "I told you so" letter. I would join in their jubilation, but frankly I'm tired of being right all the time. It was fun for a while, but now it's just depressing.


Springtime means conference time, which means it's silly season on the web again. Adobe introduced Apollo, their latest attempt to recreate the web in their own image. Apollo is based on Adobe's own markup language, Adobe's own runtime, Adobe's own graphics and animation framework, Adobe's own video and audio codecs, and Adobe's own developer tools. You can do many things with it, but "you may not sublicense or distribute the Software. ... You may not modify, adapt, translate or create derivative works based upon the Software. You may not reverse engineer, decompile, disassemble or otherwise attempt to discover the source code of the Software. ... You may not install or use the Software on any non-PC device or with any embedded or device version of any operating system." It requires at least Windows XP SP 2 or Mac OS X 10.4.

Meanwhile, Microsoft announced Silverlight, their latest attempt to recreate the web in their own image. Silverlight is based on Microsoft's own markup language, Microsoft's own runtime, Microsoft's own graphics and animation framework, Microsoft's own video and audio codecs, and Microsoft's own developer tools. You can do many things with it, but "you may not disclose the results of any benchmark tests of the pre-release version of software to any third party without Microsoft's prior written approval; work around any technical limitations in the software; reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation; publish the software for others to copy; rent, lease or lend the software; or transfer the software or this agreement to any third party." It requires at least Windows XP SP 2 or Mac OS X 10.4.8.

(Not to be outdone, Sun is working on an "alternative" to AJAX, because "AJAX sort of deals with all of the old way of doing things. It makes it simpler, which is great, but underneath it’s still all this junky HTML, Document Object Model, CSS, all that stuff." (discussion) To their credit, they claim they will release it as open source, and I'd bet it'll work on Linux, but that's easy to say because it doesn't exist yet. Let's be polite and forget I mentioned it.)

Reactions? "The web just got richer." Well, somebody's getting richer, but I doubt it's gonna be the web. And did you hear the news? You'll write it one time, and test it one time (for real this time, we promise). And Microsoft "rebooted the web." I guess that's all you can do after freezing up for five years. Hey, look over there, shiny objects! That poster may as well be titled "Fucked 6 Ways From Sunday," because that's what you'll be if you buy into any of this.

Sigh. I used to have the strength to argue against such foolishness. Nowadays I'm reduced to nothing more than Grey's-Anatomy-esque catchphrases. Seriously? Seriously? Do I really have to explain why this is a bad idea? Again? To a bunch of technological virgins who haven't been fucked yet? Seriously?

No. Not this time. At some point, you just have to give up on virgins. Y'all have fun. Play with your vendor-specific runtimes. Don't call me when you wake up one morning with a pink line in the round window and your BFF vendor won't return your calls. If you need me (but of course you won't), I'll be holed up in my drab unpainted toolshed around the corner, quietly building applications on the web that works.


So there I was, minding my own business, casually browsing MSDN for no reason, when I came across the UNSELECTABLE attribute. This attribute, as MSDN cheerfully points out, "specifies that an element cannot be selected." As in, text selection. With the mouse. Or, presumably, with the keyboard. Or, in case the author decides for you, not at all.

I will note in passing that you turn text selection off by setting the unselectable attribute to on. But that's not the interesting part. This sentence caught my eye:

The UNSELECTABLE attribute is implemented as an expando. Setting the expando property of the document object to false precludes the functionality of all expandos.

"Precludes the functionality." Awesome.

Which led me to this wonderful example of using the expando property:

The following example demonstrates that, by setting the expando property of the document object to false, the document ignores the UNSELECTABLE expando on the span and allows you to select the text.

Breathtakingly awesome.

But wait! What was that implementation note about the unselectable attribute? "The UNSELECTABLE attribute is implemented as an expando." Hmm. "Is implemented as an expando" sounds like one of those boilerplate phrases, like "There is no public standard that applies to this..." Are there other wacky "expando" properties that can be neutralized by setting document.expando? As it turns out, no. The UNSELECTABLE attribute is the only expando property that Internet Explorer recognizes, and therefore the only feature that can be disabled (or, depending how you look at it, re-enabled) by setting document.expando.

To sum up, you can turn text selection off by setting the unselectable attribute to on, and then you can turn text selection back on by setting the document.expando property to false. No other functionality is affected, and it only works in Internet Explorer.

Here's an idea for an April Fool's joke: Microsoft apologizes for treating the web as their own private playground for 12 years, and offers all web developers a token refund and a free t-shirt. Feel free to post ideas for the t-shirt.