Microsoft back in the FUD game

Just when you though Microsoft were out of the FUD business, they’re back.

I’m going to mostly ignore the waffle about TCO – it’s far too complex an issue to go into here. I will say that something MS like to overlook is that things such as the skills that your existing team have can heavily influence the TCO – if you already have a fantastic team of linux admins, and developers used to working on linux, that’s going to create a huge cost if you switch to a Windows platform – and the reverse is true as well.

Near the bottom of the first page we get some classic FUD – much handwaving about how hard everything is on a linux platform.

You can build it, design it, and it will work great. The trouble begins when you want to add things to it, add some services and things like that. Because of the brittle nature of the platform, when you do that, other things break. We see that in the labs all the time, and our customers see that as well. So that has a (total) cost of ownership impact on it.

Well, yes, that’s true. There are plenty of situations where wanting to upgrade A means that code for B has to be modified – but this is true of all platforms.

Completely unmentioned are little things like XPSP2, which broke a whole lot of things.

This isn’t just a Linux/OSS problem; it affects all complex systems. This isn’t something you can address simply by switching to a Windows platform – problems like these can only be dealt with by planning for growth, testing solutions before they go live.

Immediately following this comes something I regard as a professional insult:

Well, first you have to define “people” because I can tell you that most IT professionals don’t want to be in the business of maintaining system-level software

That’s quite true, most IT professionals don’t want to be in that business. Most IT professionals aren’t in that business. However, some of us do want to be in that business, and some of us are.

I’m not quite sure what he’s trying to imply here – that if you switch to Windows, no-one has to maintain your servers? Clearly that’s not the case. Is he trying to imply that the opions of server admins aren’t important? I don’t know.. I’m very offended though.

Now we move on to poor logic:

And what is open source? It is interesting in how you define it. Is it in terms of source visibility? Then, OK, in Microsoft’s Shared Source program, people can access up to 65 percent of source codes for our core products. And through the government security program around the world, governments can access even more of our source codes, if they choose to. So we’re not an open-source company, and yet people can do that.

There are two main reasons why people care about source visibility: people want to know what a program is doing to their data; and people want confidence that they’ll be able to continue using a solution for as long as it continues to work for them. Here, Taylor is addressing the first point, but falling short.

In particular, he’s talking about concerns that governments and large corporations have about the security of their data: How do I know that Outlook isn’t secretely sending copies of my email back to Microsoft/my competitors/the FBI? How do I know that Word isn’t secretely leaking my confidential memos to the press/a hostile government/Microsoft/the FBI?

One way to be sure about this is to read the souce code; this lets you see exactly what the program is doing. Microsoft are saying that “We’ll show you 65% of the source”, as if that will allow you to be sure that their program isn’t doing anything malicious. However, this logic is clearly flawed – if MS truly were intending to do anything malicious, where do you think the malicious code would be – in the 65% they show you, or the 35% they don’t? Anything short of 100% disclosure is pointless.

Near the bottom of this second page, and overflowing onto the third, comes this classic MSism…

One area is just some fit-and-finish, and taking basic simple processes and doing it better. We have a feature called Configure Your Server Wizard, which allows you to go in and choose a server role so you can take a file server and (rebuild it as a) media server. That takes four to five clicks of a GUI (graphic user interface) screen to do that, and it takes maybe 15 to 20 minutes (to complete) based on size of server. In comparison, some guys I hired who’ve only coded on Unix and Linux all their lives showed me how long and the amount of effort it took to do that on Linux.

This is typical Microsoftism; they’ll create a tool that makes things “simple” – but the downside of “simple” is that it’s limited and inflexible. It might do the one thing that it’s designed for very very well – but even minor deviations from this are impossible. Many of Microsofts tools do one thing very well, and if that one thing just happens to precisely fit your need, you’re fine. If you need anything at all changed though, you’re look at a lot of fiddling with convoluted GUI interfaces – ignore that wooshing noise, it’s just the TCO inflating again.

Lastly comes the real jawdropper:

We’re always looking for new things that can allow you to do things uniquely different today. For example, this new feature tool we have would allow me to tunnel directly using HTTP into my corporate Exchange server without having to go through the whole VPN (virtual private network) process, bypassing the need to use a smart card. It’s such a huge time-saver, for me at least, compared to how long it takes me now. We will be extending that functionality to the next version of Windows.

That’s right. That whole smartcard thing – that was just there to annoy you. We designed it specially to cause you maximum frustration and stress, it doesn’t actually serve any useful purpose. That whole spiel we’ve been feeding you about how these access control measures prevent other people from reading your email – we’re just trying to make you scared so that we can control you.

Tell you what – now that you’ve seen through our fraud, we may as well get rid of all of it in one go. In future, just go to and all your mail will be there – no need for any of that annoying login business at all. We’re sure none of your competitors, superiors, underlings, spouses, mistresses, friends etc won’t want to read any of it, no need to worry about that..

Seriously though, this disturbs me. Yes, security is an inconvenience. Yes, lowering security restrictions makes for a more pleasant user experience. Yes, a balance needs to be found between an appropriate level of security and a tolerable level of inconvenience.

To suggest that security constraints are merely an annoyance and that bypassing them is a good thing is totally irresponsible.

Leave a Reply