Re: [DotGNU]Bending the twig of .NET (large -- sorry)

[Matthew Copeland]

You know, I pretty much agree with a lot of this.  The big thing that
people would be better off doing though is to not use an apache module.
Instead, since you are already using web browser module, just create a
standard set of markups in HTML that would allow you to fill in these
values.

Example:
<INPUT TYPE="TEXT" NAME="first name">
<INPUT TYPE="TEXT" NAME="last name">
<INPUT TYPE="TEXT" NAME="billing address">
<INPUT TYPE="TEXT" NAME="mailing address">


There is another problem though.  One thing that you have to realize about
passport and .NET is that it doesn't always use a web browser.  You could
write application X, that makes use of passport.  This is where the
problem with either the Apache module, or the above instance comes in, and
this is why we are trying to develop a better alternative.

Matthew M. Copeland

On Tue, 10 Jul 2001, Ron Burk wrote:

> Hi,
> 
> I apologize in advance for the length of this and the
> probable irrelevance (the discussion isn't really at
> the high-level strategy stage any more, so I'm late).
> 
> I develop on multiple operating systems (most often Linux,
> during the last several years) and was the editor of
> Windows Developer's Journal for about a decade,
> presumably giving me some exposure to Microsoft software
> strategies (I'm even in the no-longer-exclusive club of people
> who've testified against Microsoft in court :-).
> 
> I've been browsing the publicly available postings
> on efforts to counter Microsoft's .NET initiative. I wanted to
> post my two bits here. Though likely of marginal use
> to most members of the group, it will at least be a different
> perspective, and posting my thoughts in public always makes
> it easier for me to see what's wrong with them :-).
> 
> Common Language Runtime
> ------------------------------------
> 
> I was surprised to see that this is considered something
> worthy of duplication, especially if the goal is to counter
> Microsoft (as opposed to just have fun, which is often
> my goal in creating software). It made perfect sense to
> me that Microsoft would create a CLR: a) they were
> quite anxious to counter Java, and VJ++ had been
> effectively neutralized by the courts and b) they have
> always wanted the tools developers use to be controlled
> by them; introducing a new ReallyNotJava language and
> a layer that effectively made them the gatekeeper for all
> other languages running on Windows would greatly
> increase their control (and keep developers so busy
> trying to keep up, that they never have time to figure out
> exactly what business problem all this new crud is the
> solution to -- a classic Microsoft strategy with developers).
> 
> However, this did not seem to me to be any response
> to actual Microsoft customer needs. Languages have been co-existing
> on Windows for a very long time. Mixing VB and C/C++ is
> particularly common. The whole CLR framework solves a
> strategic problem for Microsoft, not customers. It also plays to the
> recurring Microsoft need to offer huge and complex frameworks that
> will allegedly finally solve the problems that last year's huge
> and complex framework failed to solve
> (http://www.lohnet.org/~hornlo/mutterings/wdjef/). It's not at all
> clear to me that Microsoft will be able to convince a high
> percentage of Windows developers to use the CLR -- apart
> from VB programmers, who will be moved into it by fiat, I expect.
> 
> I'm sure there's some very good reason why it's important
> to mimic this Microsoft strategy to counter .Net -- but I just
> couldn't figure out what it was. Creating an independent clone
> of a language that Microsoft released solely because they
> could no longer co-opt Java? I can see how that helps
> Microsoft and gives them credibility, but can't see how it
> helps any anti-Microsoft forces at all.
> Seems like a lot of work, and significant additional
> complexification for developers, so hopefully the payback
> is worth it. I personally have no interest in developing on
> Microsoft's CLR, or any competing equivalent. There's
> already a popular and feature-rich byte-code platform
> around, when I really want one.
> 
> Passport
> ------------
> 
> This part, at least, I understood. As the Microsoft's revenue
> from taxing PC sales faces a decline, implementing a tax
> on Internet usage becomes increasingly critical. They
> attack this from a number of fronts. Being an ISP (MSN)
> is nice, but AOL has proven difficult to crush, and Microsoft
> generally prefers to find markets where it can eventually have
> no competition. Taxing vendors for access to customers via
> various XP software deals is great, but somewhat limited. Imposing
> a tax via the browser looks extremely promising (pay
> Microsoft $1,000,000, and they'll make every occurrence of
> "sports car" in IE turn into a hot link to www.porsche.com),
> but they had to temporarily back off of their Smart Tags
> (pronounced "smart tax") technique due to an outpouring
> of protest (I expect they will revisit it next year -- the money
> is just too attractive to pass up).
> 
> That leaves Passport. Centralized login control is a lever that
> could give Microsoft a degree of leverage over the Internet that
> at least approach their control of Windows. So, the desire of
> the "let's counter .Net" groups to offer an alternative to Passport
> made a lot of sense.
> 
> Will the .NET Responses Succeed
> -------------------------------------------
> 
> The efforts to counter .NET appear ambitious. However,
> it's hard to say exactly what .NET will turn out to be in detail,
> so it's likewise difficult to criticize nascent responses. Factors
> I believe likely to limit the success of these responses to
> .NET are a) too ambitious (slow), b) responding to Microsoft's
> initiative, rather than forcing them to respond to yours (often
> a losing strategy in the past for anti-Microsoft groups) and
> c) focusing on the technology rather than on what people
> actually need and want.
> 
> A Dumb Idea
> ----------------
> 
> I sat down with a piece of paper and wrote four things at the top:
> "80/20 Rule" and ".NET" and "Real Users" and "SOON".
> My goal was to think about the 20% of .NET that actually
> matters to 80% of real users today, and what might be the simplest
> method of throwing a monkeywrench into that 20% of
> Microsoft's plan -- and soon.
> 
> I filled the paper with different ideas, but only one seemed like something
> that could actually be working within a matter of weeks, and having
> an impact on Microsoft's plans within months. That idea was: a
> very simple, standards-based, single logon system that requires
> no authentication servers at all (in concrete terms: a browser
> plug-in, an Apache module, and a proposed standard that describes
> how they interact).
> 
> Passport is key for Microsoft's goal of taxing the Internet. As
> pointed out elsewhere on this mailing list, Microsoft has the
> huge advantage of being able to force Passport to ship with
> every new PC that runs Windows (not to mention the various
> other screws they've begin to turn with increasing vigor to force
> existing Windows users to acquire and use Passport).
> Therefore, key to any response to .NET must be an effort
> to begin displacing Passport ASAP. That means displacing
> Passport on web servers.
> 
> Passport offers a staggering number of promises
> to users. You'll be able to use a web browser at the
> airport to tell your toaster at home to remind the maid to
> put out extra food for your cat (IP addresses having not yet been
> proposed for cats). Or something like that. But I like to apply the
> "what can you actually do today?" filter to the Microsoft PR firehose,
> mainly because that leaves a much more manageable amount of
> information to inspect.
> 
> What matters right now, today, for real users, is not having to type
> in passwords, names, addresses, and credit card information all
> over again for each and every web site they go to. That's it. And
> that's not only a fairly simple problem, it's a problem area where
> Passport is still quite vulnerable today.
> 
> If you try only to solve that exact problem, then you do not need
> centralized servers -- you don't need any servers at all.
> Yes, it's a nifty feature if I can get to my authentication information
> from any computer in the world, but most real users use exactly
> one or two computers over and over again every day. For them,
> it would be entirely sufficient to store their encrypted information
> on the local hard disk, and be able to copy it to a floppy disk to
> take with them.
> 
> I don't want to talk about features or implementation in detail,
> but about strategy and end-user perspective. The simple system
> I'm talking about has simple features: the user gets to create their
> own database of personal information on their own hard disk,
> it's portable to floppy, it works with their favorite web browser
> (e.g., via a plug-in) and participating web sites to eliminate the
> need to re-type identical personal information.
> 
> Here's why I think this can be an effective wedge against
> Passport:
> 
> * It does about everything useful that Passport does as of today.
> * Even end-users can understand the strategic advantages it has
>     over giving their data to a centralized server controlled by Microsoft
>     (something that will become especially clear the first time some
>      teenager launches a DDoS attack against the Passport servers).
> * It's simple and useful enough that web site managers will be willing to 
> use it.
> 
> The last point is key. Any effort to counter Passport is useless if it's
> technically beautiful, but fails to penetrate the market. The one
> strength the open market has to counter Microsoft's Windows
> monopoly advantage is Apache. If a Passport alternative were
> to get installed on a majority of Apache sites by the end of this
> year, that would be a credible threat to the important parts of
> .NET (I don't think it's terribly important to threaten the CLR).
> If you can get to a position where Microsoft is responding to you,
> rather than vice versa, the war is half won.
> 
> I'll restate this in marketing terms for anyone who understands
> positioning. Passport simply does not yet have a well-defined
> position in most consumer's minds yet -- but Microsoft is working hard
> to make that happen during the next 12 months. If you look very
> closely at the Passport PR, you can see that Microsoft is quite
> brassily claiming that with Passport, the customer owns their own
> data. They can only hold that position while there is no credible
> competitor. The most obvious position (and easiest to take!) for
> any competing product is: "your data is secure because it's not
> stored on a server at Microsoft with everybody else's data". Given
> the relatively high degree of consumer anxiety about privacy,
> this is a great position to hold vis a vis Passport. I like the following
> tag line as well: "Passport: putting your personal information at
> Microsoft's fingertips!"
> 
> There are a number of social techniques one could use to
> encourage the spread of the necessary client software. The
> obvious one to me is to get web site owners to display a logo
> saying they support this single logon system, and clicking on
> the logo takes you to a place you can download the (hopefully
> quite small) plug-in for your browser. Again, getting as many
> Apache sites on board as soon as possible is the main point
> of leverage -- and I think that requires a simple solution that
> makes their lives easier in the short term.
> 
> My guess is that a year is too long for any successful alternative
> to Passport to emerge. I have no doubt that this group can
> evolve a competing solution that is every bit as complex
> and feature-rich as Microsoft's. I fear it won't be effective
> in the marketplace. I find the idea of being "compatible" with
> Microsoft especially depressing -- at that point, you are
> playing their game (avoiding that game is one of the reasons
> I started using Linux). I think it's much more effective (and more fun)
> if you can force Microsoft to be compatible with you. Make
> a simple standard protocol for single login that is supported
> by most Apache sites, and they would have to do just that.
> That standard could, of course, be a starting point from which
> more complex offerings evolve. But you gotta get to something
> useful *fast* if you want to counter Microsoft. Otherwise, you've
> just got another Mozilla story.
> 
> FWIW.
> 
> Ron Burk
> Windows Developer's Journal, www.wdj.com
> 
> _______________________________________________
> Developers mailing list
> address@hidden
> http://dotgnu.org/mailman/listinfo/developers
>