Visit Your Local PBS Station PBS Home PBS Home Programs A-Z TV Schedules Watch Video Donate Shop PBS Search PBS
I, Cringely - The Survival of the Nerdiest with Robert X. Cringely
Search I,Cringely:

The Pulpit
The Pulpit

<< [ Betting a Billion ]   |  Help Me Help You  |   [ Mini Me ] >>

Weekly Column

Help Me Help You: Open Source Development as a Substitute for Political Will

Status: [CLOSED]
By Robert X. Cringely

As promised, it is time to return to the prospects for Microsoft's entry into the anti-virus and anti-spyware businesses. While the move, which was announced a week ago, makes good business sense for Redmond, it makes little or no sense of any sort for customers because Microsoft simply isn't very good at this type of business.

The reasons why Microsoft might want to get into these new businesses are obvious and real. Viruses and spyware are not only endemic problems, but protecting us from them has become big business for any number of smaller companies. Microsoft has always hated firms that sell products that enhance their operating systems. They hate sharing revenue with others. Microsoft has to be envious and annoyed by the fact Symantec and others get more recurring revenue from Windows than Microsoft does. Every dollar that goes to Symantec or Network Solutions ought really to be going to Microsoft -- that's the way Bill Gates probably thinks about this. Certainly ,allowing smaller companies to establish and define a market, THEN moving in to take over, is a classic Microsoft tactic -- one that sometimes results in happy customers, and sometimes doesn't. But in this case there is the added issue that the very ills these other companies (and now Microsoft) are trying to cure can be easily seen as a result of Microsoft's own lack of rigor. They allowed viruses and spyware to get as bad as they are, and now they want us to pay them to make things better.

Shouldn't they be paying US? Not according to the Microsoft End User License Agreement, since it indemnifies the company against virtually anything whether or not it is their fault.

Like every Microsoft initiative, this anti-virus/spyware is intended to serve multiple purposes. The new plan is based around extending to new customers Microsoft's Systems Management Server (SMS). The penetration of SMS hasn't been fast or far enough for Gates and Ballmer, but targeting viruses and spyware might change that situation dramatically. It has been Microsoft's dream since the early 1990s to move their software licensing to a subscription or usage based model. The original design of SMS was to put in place the infrastructure needed for this -- unbeknownst to customers. Just not enough of us bought into the concept for the transition to fully take place. Until now.

I am sure that A1, as it is called, has more revenue and business goals than security goals. And if Microsoft chooses to let it support their older operating systems, they could gain a huge control over Windows licenses worldwide.


But they probably won't.

Here is the problem. To sell an anti-virus (and/or anti-spyware) product, those pesky customers will probably have some expectation the products will work, will continue to work, and will be supported. When something bad happens, the customers will expect a quick and decisive response. Culturally, none of this is something Microsoft has done well. Historically, Microsoft has followed a "what you see is what you get" model, which in the world of data security, with 24/7 command centers and wall-sized video screens, won't fly.

Certainly, Microsoft's history and culture will be working against them. At the heart of this anti-ware initiative, Microsoft has acquired a couple small companies and will be relying on those people, but Microsoft also tends to beat into submission new acquisitions, and typically ignores their input until it has been vetted by sophomoric Redmond hazing. "We'll buy your company, we'll tell the world it is the best technology, we'll make users dependent on it, but of course, we won't listen to you because you haven't watched Bill G rock back and forth one million times like we have. Until then, you are scum."

This is not a joke.

Up until now Microsoft has avoided this stuff like the plague. But now something has changed. It might be the pressure to make SMS a success. It might be the new revenue potential. It might even be pressure from Homeland Security. Whatever the reason, I strongly suggest we all sit this one out for a year or until Bill rocks another million times, whichever comes first.

Now let's get back to the much more interesting tsunami warning system story. Charlie Martin and his co-workers have been hard at it for another week and are making great progress. By this, I am not saying they have a system up and running, but then it has only been two weeks, not the month that I suggested. There WAS a tsunami widget introduced a few days ago from two students in Australia, but that one was the product of an all-nighter and a case of beer (their own words in an e-mail to me) and doesn't include any of the predictive components required for the system I described. Those guys are now in communication with Charlie et al and contributing to what has become a global effort.

The Open Tsunami Alert System has a blog and a Wiki (they are in this week's links) and is gaining some real momentum, not just because it is a good idea but also because it fills a crucial vacuum. You see, it isn't that nobody knew there was a tsunami as that wave was rushing across the Indian Ocean on December 26th, but those who knew generally didn't have an efficient or reliable means of communicating that warning to the people in danger. And some of the people who knew the tsunami was on its way may not have even been allowed to warn anyone -- a condition that must be fixed.

My original idea for the system was that the prediction itself would be done locally by polling available real time seismic data. Though sea level data is also useful, that signal travels only as fast as the wave, itself, so waiting for it may fine-tune the warning, but it also reduces evacuation time by 95 percent.

I still think local calculation is the way to go, but it turns out there may well be existing systems that are already doing those calculations, so I say do both. Like a fly-by-wire airplane that has three computers running in parallel and believes what any two or more of them say, having centralized and decentralized computation would make the system more reliable and no slower.

Here is word from a reader in the UK: "The infrastructure for a global tsunami warning system already exists. The system set up to monitor nuclear testing is capable of, detected, and pinpointed the South Asian tsunami as it happened. The monitoring headquarters is in Berkshire, England, and the head of the station had made suggestions in the past that its role be expanded to include earthquake and tsunami monitoring. Better still, the necessary treaties are in place to allow immediate two-way communication between the centre and affected countries. Indeed, they carry an up to date list of contact numbers for key people. What's missing is political will. With that in place organisations, public information, and training can be put in place to make sure any warning is responded to on the ground´┐Ż. I think, it's quite sad that so many problems go unsolved through lack of will rather than any lack of knowledge, especially as we're swimming in knowledge. I won't single out the politicians. We're all in this together. And, maybe, that's the thing. If we give someone the chance and the right encouragement, who knows what they might accomplish."

And that's why OTAS is so important. Its existence will embarrass the powers that be into improving their systems. Bureaucrats are loathe to actually communicate with real people who ought to be running for their lives and instead communicate (if at all) with yet more bureaucrats who -- as in the case of Thailand -- hesitated to give a warning because it might have hurt tourism. Well, OTAS will take over that local warning function, doing an end-run around any lack of political will.

But there is good news, too, about existing warning systems, according to Arjen de Landgraaf, of Co-Logic Security Ltd. In New Zealand: "To build the bare bones of a warning system does not require a month, it can be built in a day, as we did, based on our commercial IT Security Alerting Service E-Secure-IT. We already globally alert on any IT Security issues (like) surface weather threats and space weather -- increased solar activity, and its associated effect on copper (or) satellite links. Information is readily available and monitored by our 24 x 7 teams. We (can) receive alerts from the seismic stations and immediately relay them through our ESIT servers via email and SMS to interested parties. Currently we are testing this on our (paying) IT Security subscribers, but we can easily extend this to non-paying interested parties."

That's just one such service. There are probably others.

Since the data is already being gathered and analyzed and since a viable warning system already exists (though not presently used for tsunamis), it might be easy to argue that there is no need for OTAS at all, but that's not true. The very existence of OTAS is helping to bring these other resources to light. And our willingness as technical professionals to step up to the job will ensure that for tsunamis and other types of disasters that loss of life is minimized.

For the kind of people who make projects like OTAS a success, there is also a lot of benefit that can come from doing good. Charlie Martin was two weeks ago an unemployed developer looking for work. Today he is an unemployed developer looking for work who is also the lead OTAS architect. Though I've never even met the guy, by the time this is over and OTAS is up and running, I'll bet Charlie has a job.

Comments from the Tribe

Status: [CLOSED] read all comments (0)