Originally posted by: kylef
No doubt that was a bit of a marketing PR gaffe for the MS corporation.
Hardly. It's like any other out-of-context item. I have a machine at work running Firefox, and another running Opera, and another running Avant Browser. So what? Is it a huge PR gaffe if a Ford VP is spotted driving a Corvette? You might be surprised with the variety of things we run and test internally.
Actually, that's a good analog, and it very much would be, especially for a VP. There's a reason why they give those officers of the company, "company cars", and why they expect to see the ones parked in the parking lot, to be cars from "their" company. They may make exceptions for high-priced European import sportscars, I don't know, but surely they do have an internal rule about cars of their direct competitors. (I assume that the VP could own and drive a Chevy Corvette on his own time, but I highly doubt that they would allow him to park it in the parking lot every day.)
And use for the purposes of competitive analysis is different than personal preference and one's day-to-day usage.
Originally posted by: kylef
For example, the creation of ActiveX, enabling running remotely-downloaded native code, unsandboxed, by adapting existing native-code COM technology, rather than developing their own "safe" sandbox technology.
Hmm... Well, ActiveX is 10-year-old technology now. It was created at a magical time when security was just not a primary concern.
"Not a primary concern to MS", you mean. The rest of the industry was already security-concious, and knowledgable about what kind of can of worms that the creative of ActiveX would open up. Why do you think Java was sandboxed and had an intrinsic "security verifier" built-in as part of the design? Why do you think HTML and javascript were script-based rather than native code?
Originally posted by: kylef
The set of technologies that morphed from OLE2 to COM to DCOM to ActiveX and back to COM really started maturing circa 1994 and 1995. ActiveX was officially released in mid-1996, but it was essentially a re-hasing of the DCOM and OLE2 ideas under a new marketing badge.
Yes, MS hacked together some existing technologies that they had, under a new marketing banner, without changing much in the way of their design. (When have we seen this before?) What they should have done was engineered a solution from the ground up, but they were trying to beat an earlier, superior-designed (from the POV of security, at least) system - Java.
Why build a new "sports car" model, when you have the majority market-share, and can just slap a "Sports Edition" model sticker on the back of the "Model T's" coming off of the assembly line?
Originally posted by: kylef
Clearly this is a security problem waiting to happen, many of the online security pundits expressed that fact at the time
No, they didn't start expressing this until several months after ActiveX started appearing. And they didn't really have much to say other than, "Sandboxes are more secure than unrestricted code." Ooh, wow... insight at its best.
It was more insight than Microsoft had, at the time, at least.
MS was all, "Oh, look,
signed-code,
signed-code!" as far as a "security sandbox" (and I use that term very loosely in this context), when they neglected to consider that even malware authors would sign their codebases. IE's auto-download and auto-install model (original default settings), made things all the worse. If MS couldn't see the potential problems that might stem from that, then they really,
really need better System Designers, ones with more "vision". Because you can't design a proper system armed only with an army of Maintenance Programmers.
Originally posted by: kylef
2) whip up some sort of competitor to Java, in short order, so that MS could claim to offer active content/remote code support.
For some reason you are really intent on trying to depict Microsoft as a reactionary competitor, no matter what the circumstances.
Uhm, because in 99% of the cases,
they are.. ? See, this is the exact sort of "MS employees believe the FUD" that I was talking about, that others can see, but you apparently cannot. Very little coming out of MS has been truely innovative, they are well-known as the "king of Embrace and Extend". They let the pioneers take the arrows in the back, and then they move in, clone, copy, compete. This is
very well-known in the industry. (Is ClearType really "innovative", anyone?)
Originally posted by: kylef
In so doing, you are dramatically over-simplifying the object landscape in the mid-90's. NO ONE had decent support: everyone was racing to get a browser together that could seamlessly execute remote code as an application platform.
It was called Java. IBM probably would have had a decent one too, had MS not killed OS/2, since OS/2's native local desktop object-model was so far superior to MS's as well. (MS's desktop shell environment only had the
appearance of being O-O, but things like links to programs, shell scraps, were all just superficial UI emulations.)
Originally posted by: kylef
The underpinnings for ActiveX (COM objects) had existed since 1993 and were under nearly constant revision until early 1996. (MS was simultaneously designing DCOM, an interrelated set of technologies requiring OS-level support which first showed up with NT 4.0 beta.) Sun publicly announced Java to the world in 1995. NEITHER technology was ready to be integrated into a mainstream browser until 1996 (Sun's HotJava browser was a joke).
HotJava actually worked pretty decently, for a brand-new browser built entirely on top of Java as a sort of proof-of-concept vehicle. I'm well aware that ActiveX stemmed from COM, that's exactly the problem - MS took a technology that was designed with inherently different security constraints, and then repurposed it due to competition in a new market-space. MS was more interested in getting the job done quickly, than getting it done right, and rushing features to market to gain market-share ahead of their competitors. You can't say that they don't do that, often, can you?
Originally posted by: kylef
Saying that one came before the other and implying that there is a clear "You're copying me" relationship is really naive. Both Java and ActiveX trailed Netscape plug-ins. So by the "whoever came first is the champion" logic, then hand the crown to Netscape. But Netscape plugins did not have sandboxes either!
But they did have a limited set of APIs that they could call, and they couldn't auto-download and auto-install themselves from any random webpage that the user would visit. You are being naive if you don't think that those auto-download/install features were largely part of the problem with MS's ActiveX implementation in the browser. The fact that they needed to be "signed" was really a trivial exercise in security-policy futility. End-users didn't know nor care. I would have to research, to find out the first version of Netscape that supported Java, vs. the first version of IE that supported ActiveX. I have a vague feeling that the Java-supporting Netscapes, may have come before the ActiveX-supporting IEs. (Which version of IE supported ActiveX again? Was it 3.x?)
Originally posted by: kylef
MS is ruthless, with nearly no limits. If they mfg'ed hardware, instead of software, then they would have been slapped with fines and injunctions for "dumping" a long time ago.
This is a really dumb statement that could apply equally well to any software vendor. Software and hardware are fundamentally different in this regard, because manufacturing costs for software are practically nil, rendering the concept of "dumping" meaningless.
It still has R&D costs, and the implications and intended results of those sorts of actions are the same. Intent is often taken into account under the law.
Originally posted by: kylef
If they were held to the same standards, any software vendor that offered a free upgrade, or extra free features to gain more customers, would be guilty of "dumping." That's about 95% of the industry.
No, because (I'm assuming that it is implied in your statement) that the customer has already paid for the software in question originally.
Originally posted by: kylef
If you fall into the "Microsoft should be forced to freeze Windows" camp, then I think we're beyond the ability to reconcile our differences. Even if you restrict this freeze to things that NO ONE ELSE competes with, I completely disagree (of all the features Microsoft would like to include in Windows, a LAREGE % of them already exist in one form or another as a 3rd party add-on because they're clear holes in functionality waiting to be plugged).
A great example right now is security software. Microsoft would like to include a virus scanner with Windows. But doing that would immediately trigger a bunch of "No fair! You're going to compete against my bread and butter business!" lawsuits from the likes of Norton and McAfee. They'd probably start lobbying the DOJ and other federal lawmakers (like Netscape and Sun did) to try to get Microsoft either regulated or injoined from proceeding. After all, they fear any change to the industry landscape that might mean their profits are at risk.
I'm not saying that, please don't paint me with a Slashdot-esque MS-complainer brush.
The security thing - MS already included a virus-scanner in the base distribution of some of their prior OSes. Saying that they would get sued by it, is a total red-herring. If anything, in order to prevent instability, they
should have at least a set of special "A/V security API" hooks, that allow those 3rd-party AVs to plug in to. Just like the defragmenting APIs that MS added in (I think) NT4, and have been subsequently enhanced in W2K and XP. Before then, the defrag software vendors, actually had to license the Windows' source-code to be able to create a compatible working version. (And Lord help the user, should they have installed a Service Pack in those days, before consulting with their 3rd-party defrag software vendor - they might well end up with a scrambled disk, after MS changes something subtle in their filesystem driver code - mostly speaking of NTFS here.)
Whatever happened to the "WOSA" (Windows Open Services APIs) initiative too, back in the days of Win 3.1? The idea was that MS would specify the interfaces, but not necessarily provide the implementation of those services, that would then be implemented by any number of 3rd-party "services" API providers. Well, MS canned that program quick, and then subsequently kicked-out all third-party TCP/IP stacks too, originally created and distributed under the banner of that initiative. MS wants control, plain and simple.
Originally posted by: kylef
So who loses? The consumer. You can't buy a copy of Windows with the features Microsoft wants to include because of the threatened government intervention. How is that progress?
Only in a REALLY, REALLY screwed up legal system can you tell a car manufacturer that it isn't permitted to include seatbelts in its car because doing so would interrupt the profit margins of the aftermarket seatbelt installers.
No, but by the same token, 3rd-parties should be allowed to mfg replacement seatbelts that the end-user can install, in place of the factory seatbelts (or radio, or tires, etc.) A car is a fairly modular system, with well-defined, largely-standardized interfaces (bolt sizes, connectors, etc.)
I think that's all that both consumers, and competitors, really want. The ability to have control over their *own* vehicles, and be allowed to sell products to a fair competitive market. If Ford/Chevy/etc. sold vehicles, in which every component in that car was totally
welded shut or
epoxied together, for the
sole purpose of preventing competing after-market parts vendors from being able to sell their wares, don't you think that the gov't would be investigating the major auto makers for anti-trust as well? I think so.
The problem is that anyone that dares tread upon the "sacred API space", will get sued all to hell and back, if they dare try to compete with MS. It happened with stacker, they produced a (superior) runtime disk-compression filesystem add-on package, and then MS introduced their own, along with modifying the bootcode of the OS itself, to allow its own implementation of that feature to have an advantage over the third-party one. Stacker reverse-engineered that undocumented API, to have that same feature and compete on a level playing field with MS, and then MS sued the crap out of them for trade-secret violations.
That is the key "weapon" that MS has used against their would-be competitors - secret/undocumented APIs, that MS adds to benefit MS, and only MS. Since they make the OS, how can any other app/utility ISVs hope to compete at all? MS has a de-facto unfair advantage in that regard. Then again, as part of one of the "consent decrees" or another, MS was supposed to have a "chinese wall" between their app development teams and the OS development teams, in an effort to ensure that the APIs produced by the OS development team, would be available to all competitors, including MS's own app development team.
That is what the potential break-up of MS as a remedy for their monopolistic anti-trust behavior was about,
that is why the state's tried to force MS into a legal requirement to document
all of their APIs.
That is what this is all about - that MS simply refuses to compete "fairly", and refuses to stop abusing their monopoly power in the marketplace.
Facebook
Twitter