a jaundiced eye: Responsibility

a jaundiced eye: saner heads
for monday, may 8, 2000.

Responsibility

Those of you who have been following the progress of Microsoft's war with the US government for the past few years are familiar with the idea of a "Chinese Wall" between the applications and OS divisions at Microsoft, which Ballmer apparently described in an interview with Business Week magazine in 1983 (though their online archives only go back to 1991, so I can't confirm this). Gates and Maples and other MS staff have long denied the existence of such a barrier, but it still survives in the minds of those who try to understand the dynamics of development collaboration at MS. At any rate, myth or no, it's clear that Gates is trying very hard to dispel the myth - on the contrary; he is now claiming that there is no way any successful software can be written today with such a division in place.

http://www.time.com/time/magazine/articles/0,3266,44557,00.html

It's interesting to me, and may be to all Web developers, because the current lack of full standards support in IE5.5/Windows seems to be a direct result of the previous years' efforts to integrate HTML/CSS/XML functionality into the OS and - by association - into most of MS' desktop products. Because there are many applications other than IE using these libraries, the argument seems to be that MS can't provide full standards support without endangering compatibility with these other apps. Regardless of whether this is true on its face (from a technical standpoint, there's no reason why a new IE couldn't use a newer, more fully featured, set of Web functionality simply by using a different set of DLLs, or by using the features of its much-touted ActiveX to provide backwards compatibility) it is certainly a financial barrier to progress WRT standards compliance.

In other words, because of MS' decision to integrate IE's base functionality into the rest of the OS, and then from there into Office 2000 and other apps, we may not see full W3C standards compliance - and will therefore continue to rack up tremendous costs in cross-browser development and testing - for a long time to come. I have a hard time seeing how this helps the consumer in the long, or short, run.

The article is interesting as an example of FUD tactics at any rate, as MS uses their upcoming "tablet PC" as an example of innovation, despite their role in running Go Corporation, the original developers of the tablet PC, out of business back in the early nineties. In addition, the article refers to the practical impossibility of publishing technical information for the entire community, presumably ignoring their existing MSDN site and others, where such publication of technical information presently occurs. Other points of confusion: Microsoft apparently invented the "toolbar" in 1991, which must come as a surprise to Mac users who have had the applications menu for the past sixteen years.

But most galling, in my mind, as someone who spent a few frantic hours last week configuring my mail server to prevent relaying of the recent "Love Bug" virus to our users, something which could have been prevented if Microsoft hadn't chosen to release a fundamentally insecure mail client to the world, is Gates' claim that if the DoJ proposal were implemented,

"Updates to Windows and Office technologies that could, for example, protect against attacks such as the Love Bug virus would also be much harder for computer users to obtain."

This is indefensible lunacy. If Microsoft had acted responsibly in the first place, and built security into their mail client - which, at present, will execute /any script attachment or embedded HTML script/ sent to anyone using Outlook with the preview pane enabled - the Love Bug virus would have been avoided entirely.

I feel strongly enough about this sort of attempt to lie to the public that I had to speak my piece. I'm sorry if anyone sees this as only peripherally related to Web design and development. To me, the issues are very relevant, and the outcome will help determine our future as an industry. As someone else mentioned, Microsoft's irreponsibility WRT security jeapordizes our ability to use some of the very features of Web design and development that Microsoft wants to be able to continue to provide, as consumer trust is eroded due to a broken mail client and a virus writing miscreant.

The only way to fight such a powerful PR machine is to point out the lies and misstatements, and hope that the public can be led to learn the difference between reality as we see it, and reality as Microsoft would like us to see.

Phil Agre does a wonderful job in Red Rock Eater, pointing out the lies and press bias surrounding the recent virus mess; worth reading in any case, regardless of your feelings on the MS case. He ends by coming out in favor of shutting Microsoft down, rather than breaking he company up.

"Reading the press reports, Microsoft's stance toward this situation has been disgraceful. Most of their sound bites have been sophistry designed to disassociate the company from any responsibility for the problem. One version goes like this quote from Scott Culp of Microsoft Public Relations, excuse me, I mean Microsoft Security Response Center:

This is a general issue, not a Microsoft issue. You can write a virus for any platform. (New York Times 5/5/00)

Notice the public relations technology at work here: defocusing the issue so as to move attention away from the specific vulnerabilities of Microsoft's applications architecture and toward the fuzzy concept of "a virus". Technologists will understand the problem here, but most normal people will not. Mr. Culp also says this (CNET 5/5/00):

This is by-design behavior, not a security vulnerability.

More odd language. It's like saying, "This is a rock, not something that can fall to the ground". It's confusing to even think about it. Even though Microsoft had been specifically informed of the security vulnerability in its software, it had refused to fix it."

I've been hesitant to come out in favor of a government-led breakup of Microsoft, because of my own feelings on the role of government in IT, but with every passing day I become more and more convinced - by Microsoft itself - that MS ought to be held accountable for the damage its lack of responsibility causes us every day. Fine the bastards into Chapter 11, I say. Let the war chest pay me for the afternoon I spent protecting myself against their security policies; let the war chest pay our clients for the continued waste of resources trying to keep the Web open, despite the harm caused by MS' policies.

Steven Champeon

r e c i p r o c a t e

Permanently archived at: http://a.jaundicedeye.com/browse/saner_heads/050800/