InformationWeek > authentication, access control > eBay Dumps Passport, Microsoft Calls It Quits > December 30, 2004 — This may become my first 2005 online column for PC Magazine next Monday. While all the fuss is about Passport — a good idea that was poorly executed — it may also be the beginning of the end for .NET too. The .NET initiative has never jelled properly and I see no new momentum to change that.
Another Online auction site eBay announced Wednesday that it will soon drop support for Microsoft’s Passport for log-in to the site and discontinuing alerts sent via Microsoft’s .Net alerts. Microsoft responded by saying that it will stop marketing Passport to sites outside its own stable.
related link:
Passport could have cost company millions in fines
What exactly do you mean by the “.NET Initiative?” Do you mean the .NET common runtime and all of the development tools that go with it? From that aspect, you are dead wrong. As a developer, .NET is a hands-down winner and is not going anywhere. The .NET tools (ASP.NET, the languages etc) are vastly superior to their predecessors. If by “.NET Initiative” you mean the marketing campaign, then you might have something there.
Passport is/was a great idea that was doomed by Microsoft’s bad PR. Centralizing security into a company with a poor reputation (deserved or not) on security was a market positioning mistake. A better idea would have been to start a separate company to handle it. I think this will also be the death nail for the Liberty Alliance as none of the companies were really behind the idea. They just wanted something that wasn’t controlled Microsoft.
The MSN service, the MSN.com site, the Hotmail.com site and MSN Messenger service go down quite frequently. By my count, 15 days in the last year. I don’t know if Passport was down during these outages, I bet it was.
[I don’t know why the Microsoft sites and services go down so frequently. It could be that MS is a favorite target of DOS attacks, but I have difficulty believing that would be the reason since those sites handle so much traffic it would have to be a huge DOS attack to have an effect.]
I remain boggled that for years, the US Gov. has not slamed M$FT with serious fines. I would love to see the NY Atty. General (Spitzer) bring a class action lawsuit against M%SFT. Consumers have spent trillions of dollars over the last 15 years buying MSFT products and the reality is they remain to this day, broken from a security fashion. I had high hopes a year ago on XP SP2 thinking FINALLY they are taking security seriously – and look what a joke SP2 is when it finally arrived. Can you think of any other trillion dollar product/co that wouldn’t have its assed sued in court over a serious liability issue. Such as the mess Merck MRK is in from its Vioxx drug problem and the billions in lawsuits we shall start to see. My solution to the security nightmare: “Ok, MSFT, we have bought your broken OS and Office aps for 15 years – you took our money and gave us vast holes and you cannot seem to fix them – you shall be fined $20million a day until you give everyone who bought you product in the last 3 years a FIXED product which is secure and security-hole free. You have thousands of coders in-house, put them to work”
Good news. Looks like users are just saying no to the M$ koolaid and realizing that not everthing M$ creates is the best thing since sliced bread.
And we wonder how we became a sue-happy society. So now, we should be able to sue a company that makes a product that has “security holes”. That would conveniently put the entire software industry out of business.
People with this line of thinking somehow believe that they do not have a choice. If you believe that XP is such a terrible security risk, choose a different OS. If the program you want does not exist on the OS of your choice, pay to have it developed or develop it yourself. The most powerful message you can send to Microsoft is with your wallet.
Here’s an excellent resource on .Net vs. J2EE. Very detailed!
http://www.javaworld.com/javaworld/jw-03-2002/jw-0308-j2eenet.html
eBay ditched Passport because it wasn’t needed. Maybe it was a security issue. Who knows? Maybe they just thought, this sucks.
Regarding Thomas ‘ comment: “So now, we should be able to sue a company that makes a product that has “security holes”. That would conveniently put the entire software industry out of business.”
Why should software be any different from any other product? With any product other than software, if there is a foreseeable flaw, which causes you damages (monetary or otherwise), and it was caused by the manufacturer, that company has to pay your damages.
And your argument that it will put the entire software industry out of business is complete nonsense. That is the exact same argument used by ALL businesses against lawsuits. Automakers get sued constantly, but they’re still in business. And the reason the big three US automakers are having hard times has NOTHING to do with lawsuits. Honda is just as easy to sue as GM.
And while you didn’t make it, there is also the argument that software is inherently imperfect, i.e., it’s impossible to create bug-free code. But once again that’s true of ALL products. Show me any flawless product.
Every year automobiles get safer and safer. Maybe if software developers were on the same hook, they have an incentive to make their code safer too.
And one last thing, don’ t make the argument that no one dies from poorly written code. That’s not the point. Damages do not have to be physical injuries. ANY loss constitutes damages.
Imafish,
That’s an interesting opinion. It makes me wonder if I could return Windows to the shop claiming that it does not work as promised. Then I’d demand a refund…
Because to err is human, refunds due to bugs are unprecedented.
Firstly, allowing people to sue for security breeches would eliminate casual developers as no developer would want to put up with a potential law suit. Secondly, you seem to be ignoring supply and demand. If you allowed for lawsuits on security breeches, the price of software will sky rocket as software manufacturers will increase the price of their product to compensate for potential damages due to lawsuits. Furthermore, it will move software development overseas (even more so that it is now). All your software will be purchased overseas where they won’t have said restrictions.
Using the automobile industry as an example is ridiculously simplistic. The software industry is not like the automobile industry. It is quite obvious how to secure an automobile. It is far from obvious how to secure software. Unlike the automobile industry where they can take basic precautions, according to your suggestion, any security breech not accounted for would be grounds for a lawsuit. In addition, it is far easier to put restrictions on foreign made automobiles, but almost impossible to do so for software. Thus, any restriction you place of software made here will simply be moved (or the distribution moved) overseas.
Furthermore, Mr. Sue Happy, what do you do about Linux? Suppose you discover there is a gapping security hole in your Linux distribution that allowed a cracker to penetrate your system? Whom do you sue? Do you track down all the contributors and sue them together?
Automobiles have gotten safer in large part because of guidelines that the government setup for safety. However, it is not possible for the government to devise security guidelines for software because there is so much variety in the purpose and way that software is assembled. Even the definitions for describing certain pieces of software (e.g. “operating system”) are fairly grey. Automobiles all have to do basic things: move down the road, be controllable by the driver, provide crash avoidance capabilities (windows, mirrors etc), and withstand certain types of crashes at specified speeds. But all software does not have the same primary purpose (drive down the road) nor a common environment in which it works (e.g. the roads).
So, you are correct it would not put the software industry out of business. It would just put it out of business in the United States. It is simply not possible to predict every conceivable way that someone will crack your program. You can take precautions, which all of the manufacturers have done, but you cannot make it perfect.
Thomas, auto got safer due to Ralph Nader and people suing the auto industry for gas tank explosions and for faulty tires.
Learn some history, tardflakes!
The automobile industry is not like the software industry. You can’t sue the automobile manufacturers because someone slim-jim’ed your door and stole your car. You can’t sue the window manufacturers because someone smashed your window and stole your car. You can’t sue the auto parts manufacturers because someone used the parts to build a car that smashed into people.
Suing software manufacturers, which includes thousands of independent developers, will not encourage better code. It will encourage people to make software in places that don’t have inane laws about suing developers.
Mr. Anonymous, perhaps instead of expanding your extensive knowledge of witty retorts, you might learn a little something about microeconomics and the concept of opportunity costs.
You say: “Suing software manufacturers, which includes thousands of independent developers, will not encourage better code. ”
I say: Microsoft allowed private information to be revealed on the internet. They need to be responsible. They weren’t. There should be consequences.
In the auto industry they have six sigma (a quality control philosophy with checkpoints, audits and procedures to ensure manufacturing quality [but not design]).
It’s time for MS to stop f**king around and be responsible. They are supposed to know things about computers and the internet.
And, no, I don’t think developers should be sued; MS isn’t a developer in this scenario, they are a service provider.
Are you familiar with E-Trust? E-Trust — which is mega-expensive and has rigorous standards — requires protection of confidental information and has rigid compliance procedures dictating several things that must be done.
Other companies offer services and protect your data, why can’t Microsoft?
The only thing that will get Microsoft’s attention is consequences.
In your original rant, you did not specify the type of security breech that should be grounds for a lawsuit and thus it was presumed you meant all types of security breeches. However, now you are suggesting that only breeches where your personal information is released would be grounds for a lawsuit. That is an entirely different situation.
Consequences, as you mentioned, are a funny thing. They happen on all sides of the equation. So let’s think about the consequences of a law that allowed consumers to sue companies over security breeches.
IMO, it would be extraordinarily difficult to write such a law in a way that achieves your goal without providing a huge loophole for frivolous lawsuits yet still provides the ability to convict the bigger players. For example, suppose Microsoft’s Hotmail system is hacked and your address and credit card are stolen. It will be difficult to prove that Microsoft and Microsoft alone is the cause of that information being released. Any other online store where you made a purchase will have that same information. Would a Microsoft discovered breech that could “potentially” release your information into the wild count? In the automobile industry (your favorite analogy even though the two industries are very different), you generally cannot sue a manufacturer over a defect that they catch first in a recall.
It should be clear that any such law apply to all companies otherwise you would be giving an unfair advantage to brick-and-mortar establishments that could just as easily release your personal information. The effect would be to significantly raise prices on a products and services due to significantly higher legal insurance premiums. Small businesses of course would be hit the hardest (except for law firms of course) as their margins are generally smaller.
Thus, your suggestion about lawsuits for personal data breeches is a prime example of what happens when people do not consider the unintended consequences of their actions.
It is already the case that “verifiers” like E-Trust have certified various sites on the web. The free market economy provides you the choice to only patron sites with this sort of certification. You are not required to choose Hotmail and thus Passport. You are not required to use any of Microsoft’s services.