.Net Insecurity Day

Some guys have all the luck. And then there's Bill Gates. With all of the money in the world, he can't buy a break.

By all rights, he should be telling this gathering of press and analysts about the progress of .Net. After all, it was more than two years ago that Gates took this same stage to announce the broad initiative, and more than a year since he followed up with the first .Net implementation, HailStorm.

You know the sad story: HailStorm was shot down for its dependence on the proprietary Passport identity scheme. A coalition of banks, Silicon Valley vendors, and state attorneys general forced Microsoft Corp. to abandon its consumer vision of a Microsoft-owned Internet cloud. The company talked instead of a federated model administered directly by enterprise customers.

Doesn't seem fair, does it? HailStorm was touted as an open XML architecture that would transform the dreary proprietary world of OLE, MAPI (Messaging API), and DCOM (Distributed Component Object Model) into a new generation of .Net servers and services. Never mind that the real enemy is within: crown-jewels holder, Jim Allchin. So I'm surprised to see Allchin out front on the stage today; behind the scenes he is Bill's consigliere.

What a price Bill pays for giving Allchin his head. Bill says, "Trust us -- we're going to change the world. Trust us -- we're laser-focused on preserving your privacy. Trust us -- we're making it easier to write .Net-aware apps."

But backstage it's a different message: Microsoft .NotYet. Trust us -- we're patenting the HailStorm schemas. Trust us -- but we're not rewriting our apps in .Net. Trust us -- we're locking you in with licenses for upgrades that will never happen because -- trust us -- we're going to change our minds.

.Net Insecurity Day begins with a series of quasi-mea culpas from the chief software architect. First, Gates starts off with some .Net downsizing. "To be clear, this is 100 percent a software challenge," he notes, a job "greater than getting to the moon." He reminds us that this .NowWave, as he almost calls it, will take five years or six years.

Next comes a report card. Bill gives himself two As (tools and XML evangelism), two Cs (software as a service and HailStorm), and two Incompletes (federation and transformative user interfaces). Tools are clearly a win, with Visual Studio .Net way out ahead both in beta and release forms.

But an A for spreading the adoption of XML Web services works only when you forget about Microsoft's support for the bogus WS-Interoperability (WS-I) standards body. Bill's blind spot prevents him from understanding how destabilizing Java continues to destabilize his credibility with developers.

A C for software as a service is about right, although Web services are clearly gaining traction inside the firewall. But Gates' C for HailStorm (or MyServices as it was called until it disappeared down the Allchin mine shaft) is charitable at best. "Elements of this were premature," Gates quietly acknowledges, suggesting problems with "the way we did the data model."

"So we did a bit of a reset," Gates winds up his mea culpa. Then, incredibly, he introduces Jim Allchin to talk about TrustWorthy Computing. Jim's slides look promising: "Customers won't adopt technologies, companies, or services they don't trust," says one.

Jim tells the story of the buffer overflow discovered in Windows XP around Christmas. "It made me very, very angry," Jim recalls, doing his classic Scrooge imitation. "This is the last straw," he tells lieutenant Brian Valentine, aka Tiny Tim.

And so the directive went forth: Retrain everyone, stop all development work, create threat models, and intriguingly, create new tools "already under development." One such tool is Palladium, a hardware/software initiative designed to protect software from software. To hear Allchin tell it, this was the opposite of Passport, putting the user in control of how the outside world can access local data.

But there on the PowerPoint was a decidedly untrustworthy attribute: "Enhance DRM." Digital Rights Management is the elephant in the room. How can we trust Microsoft with Palladium -- no matter how transparent or "open" the security model is -- when it enhances the ability of Jack Valenti to strip us of our right not to rebuy "Stairway to Heaven" for the 50th time this month?

As .Net Insecurity Day wears on, the flashes of dEj vu overwhelm. The language is right: "Give users control of their data ... Customers told us ... We love the PC being open ... ." But no matter how you slice and dice it, Bill's got a tough nut to crack. How can he earn our trust?

Well, he can't. To borrow a phrase from the '60s, we'll never trust anybody over 30 ... $30 billion, that is. But that doesn't mean Bill should stop trying. For starters, stop underestimating the audience.

Stop explaining shifts in strategy by hiding behind customers' skirts. We're big boys and girls; tell us the truth: "We couldn't figure out how to monetize this, so we're going another way."

Or "DRM is how we get the hardware guys to play ball, and there's no free lunch." And drop the "We're competing on implementation." You got 99 percent market share with Office by competing on implementation and price. What parts of .Net are you going to give away? Let us know up front.

Meanwhile, the Microsoft execs are gathering for an interactive Q and A to wind up .Net Insecurity Day. Up on the stage, I could swear I hear Bill Gates humming a familiar song. Wait, that's it ... "Money can't buy me love." Trust me.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Microsoft

Show Comments