Hailstorm: Open Web Services Controlled by Microsoft

richard writes: "Clay Shirky has an interesting article on Hailstorm on OpenP2P.com. He looks especially at how MS mixes decentralization with strong control of third party development and user data. Think of it as an authentication-centric, rather than hardware-centric system." A very nice analysis, neatly mapping out Microsoft's plans and how they intend to control the system. Well worth the read.

Competition was forced for DNS, should be for .NET

I think of this as directly analagous to the DNS system. Once upon a time, NSI owned the identity information for all top-level domains under .com, .net, .org, .edu, etc. They were forced to share the registration privileges over these domains with other registrars in a competitive framework. Hailstorm type services need EXACTLY the same approach, where a user's identity could be a token like <xpp:id ref="jonabbey@burrow.org" reg="soap://microsoft.com/user/registry"> to indicate a user registered at microsoft, where another, equally valid identity token could be <xpp:id ref="jonabbey@burrow.org" reg="soap://aol.com/registry">.

The question is, who is going to bell the cat, and create the sort of ambitious web services that Microsoft is proposing, except without the Microsoft lock-in? Where is AOL and Sun and IBM on this?

- jon

A Revelation.

Compare and contrast:

"an Internet user without a Passport will not exist within the system, and will not be able to access or use Passport services. Because users pay to participate in the HailStorm system, in practice this means that Microsoft will control a user's identity, leasing it to them for use within HailStorm for a recurring fee."

with

"And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name."

Hmmmmmm. I think the Gates-as-Borg icon needs replacing with Gates-with-666-tattoo icon. Reckon John meant 'the IP number of his name'?

Baz

value, vulnerabilities of overarching plans

I don't know if Hailstorm will work. It seems like a longshot to me, but I'm a pauper and Bill Gates has an impressive track record with world domination.

But this does illustrate one of the big differneces between Linux and MS. MS has a master plan. They're building server software, server farms, development tools, business alliances and strategic partnerships. They have a business plan and a technological plan, and they both seem to fit together. Even though the word is going to come off as a joke after all that's happened, this stuff is innovative, in kind of an Orwellian sense. Especially as a business plan.

They looked at the future and decided it was going to be objects running out in the cloud, talking to each other in complicated ways, and they tried to figure out the best places to build the toll booths.

We don't have a plan. We've yet to come up with a really good business model. We've been making incremental improvements to a 70's operating system. Individuals or small groups have ideas and they make it better in a small way. The result is a lot better than anything they had in the 70's. But it's a gradual process of accumulation. No one comes down from the mountain with the new direction.

The first time I realized that Linux had super powers was when SLS dropped the ball. They were an old distribution. For whatever reason they just stopped doing it. And Slackware stepped up to the plate and took over. If Linux had been commercial, SLS would have killed it in its cradle. But you can't kill Linux. Debian will be moving along long after VA Linux and Red Hat have succomed to financial reality.

MS has a plan. Gates says he's "betting the company" on it. I don't think he's kidding, or that he's wrong. If .NET and Hailstorm don't fly, they're screwed. Of course they're so big it would take them decades to waste away. The plan offers vast rewards, potentially, but it has enormous risks, as well.

This is not a clash between rival technical systems. It's about world views.

I've got to be honest, I love the megalomaniacal scope of MS's plan. They're thinking the way the the guys who built the pyramids thought. Part of me wants to email Bill and say, "God speed, you magnificent bastard!"

But ultimately, I think he's going to fall on his ass.

Why?

The OS monopoly was achieved in an environment when no one understood the dynamics of the business. There's the famous story about Bill trying to sell out to IBM for a relative song, and IBM turning him down. That suggests that neither side knew what MS had.

Translation: the lucky SOB *stumbled* into it. And he was helped along by the fact that no one else understood how big the prize was either, or even that it existed at all.

There's another famous story about Lotus dissing Bill, rudely pointing up the difference in the bottom lines. People didn't understand the dynamics of lock in back then, that the person who controlled the OS had leverage over the application market. These were smart guys, the best and the brightest in the industry.

The article at the top of this thread is first class. People are thinking like chess players when they look at the business now. Which squares on the board do you need to control if you want to win? The word is out, the guard towers are fully manned, and no one is going to be stumbling into anything this time around.

No one is going to create a strategic dependence on MS if they can help it. Especially now, when the XP license server shock waves are about to hit. These guys are lining up their ducks to do the same to thing to their customers that OPEC did to the West in the 70's.

It's going to be an intersting thing to watch, though.

Re:Doesn't this just really open the door?

The Microsoft developers might be silly enough to hard code the links to their own private UDDI server, but that would be a relatively easy crack to redirect to an open UDDI server.

Um. Wasn't that the whole point of things like the UCITA and DMCA? They'll put "no redirection" in their EULA. Done. Now, of course, that won't stop me from doing it at home, but it will sure as hell stop my company from doing it. Right? I mean, correct me if I'm wrong.


--

Re:Technophobes? no, legalphobes

... and start saying "What Microsoft is trying to do is cool, but what we can do is *better*."

You are missing the point. micro~1.oft has realised they can't compete with OSS on a technical playing field, because the OSS community will eventually win. So M$ is changing the playing field while they still have a monopoly.

The new playing field is using the law (copyrights and patents) to give them exclusive control over who gets to play with their authentication schema. The open source community can come up with a working alternative, but in doing so will become a criminal group, breaking copyright laws and violating patents. M$, and many of the leading IT/computer/software/networking/services companies have realised that playing in a free and open commodity market spreads the profits too thin. So there has been a major push for the last 5-8 years to craft laws to support the new playing field, where free and open competitors are outlawed.

You've no doubt heard of the american UCITA laws, passed in some states, proposed in all the rest. There are initiatives here in Europe to provide the same protections to large companies, but the progress is slower due to socialist leaning countries. Years ago companies who saw the service model and copyright as a potential new area to limit free and open competition created the WIPO, and neatly folded it under the protection of the UN. /. readers regularly complain about these restrictive laws, but are mostly powerless to do anything about them. Money buys votes, so most western democracies are for sale, which is why large crowds protest in Davos and Seattle and any place else. The protests are getting so costly, the world banque is meeting in cyberspace [ncl.ac.uk] to avoid physical risks.

a protocol (http) which was just plain better ... the OSS community was already there.

For the next 5 to 10 years, M$ and a handful of other companies are going to completely dominate all the greatness the OSS community created. The GPL isn't going to stop them, free and open isn't going to stop them either. Many smart people getting paid large salaries have looked at many ways to continue to earn money when there is a free product running your industry. They know, now, how to defeat the advantages of OSS and free and open. That is what the article is about. The best hope for the Next Great Thing lies where it has always lain, in academia and government assisted research. That is why M$ bought MIT [slashdot.org] and dozens of other universities in the US and Europe, and why they just bought [theregister.co.uk] the UK government [theregister.co.uk].

The OSS community creates free software. I agree with RMS, software should be free. But the big and steady money is in services, always has been, always will be(until the trek universe occurs) There are no free alternatives to services. Maybe there should be an Open Services Alliance :-) I'd love to get 24/7/365 support services for free, but then I'd be out of a job. :-(

the AC

Doesn't this just really open the door?

So Microsoft wants to use open standards like XML, UDDI and WSDL. Presumably, Microsoft will have to open the public interface to calling their services. If they don't open the interface, Palm, Mac, and Linux couldn't invoke these services.

So with an open interface to the service, what is to stop me from creating my own gnuPassport service with the exact same well defined interface? I could then openly authenticate users just as Microsoft authenticates users in their closed service.

Every time Microsoft creates a new service, that they will presumably charge money for, we would create an open interface that is freely available.

The Microsoft developers might be silly enough to hard code the links to their own private UDDI server, but that would be a relatively easy crack to redirect to an open UDDI server.

The article states that the Kerberos authentication might be required to use Microsoft's proprietary extensions, but a simple Samba server would fix this.

So when I read this article, I don't see it as Microsoft moving to dominate the Internet. I see this as Microsoft relinquishing full control of the Windows desktop to services on the Internet. There doesn't seem to me to be any way for Microsoft to stop an open implementation of all of their services.

O'ReillyStorm

Did anyone else see the irony in this, at the bottom of the article?

How will Hailstorm and Passport change the face of P2P, web services, and the Net itself?
(* You must be a member of the O'Reilly Network to use this feature)

History repeated

When I was in college, I worked in the data processing department part-time to offset my tuition costs. This was back around the time of the beginning of the PC revolution, and I got to watch department after department secede from the university mainframe empire.

When we asked them why they wanted to do this, there were some common answers that we kept hearing. "Your priorities are not our priorities", "you don't understand our requirements", "it takes you guys too long to implement changes", "your chargebacks are inconsistent and make it difficult to budget", "your support staff doesn't work on the same schedule we do", and my all time favorite... "we just want local control over our data".

When I read about .NET and Hailstorm, all I see is the central data processing center of the 1970s carried to its illogical extreme. Except now there will only be one "glass house" to serve millions, and it will be in Redmond.

I expect we'll have to repeat history once again, 'cause it looks like nobody learned anything from the last time.

Technophobes?

It's amazing how the overwhelming impression someone would get from all these slashot discussions is that your typical /.er is a technophobe.

This kind of thing is *cool*.

Should Microsoft control it? Of course not. But there should be a lot more enthusiasm on these boards for the capabilities these things represent; it's this sort of universal capability which is the future.

Is there a security risk? Of course... but you could say the same thing about the postal service, the telephone, credit cards, etc etc. It's *going* to happen.

But the OSS has to stop saying "Boo. Stop Microsoft. They're evil." and start saying "What Microsoft is trying to do is cool, but what we can do is *better*."

That's (partly, anyway) why *nix dominates the web... Apache (and its predecessors) used a protocol (http) which was just plain better than all the commercial alternatives for information dissemmination, and when the commercial companies turned around and came to see how great the whole web concept was, the OSS community was already there.

--
Convictions are more dangerous enemies of truth than lies.

Re:Doesn't this just really open the door?

You could emulate the interface, but you wouldn't have the keys to validate your authentication.

So your gnuPassport couldn't be used on sites which only recognize Microsoft's Passport.

And if you can't link up with other sites, you lose a lot of the functionality of Hailstorm and are just left with the .NET XML Web Service spec, which is fine, I suppose, unless you like IBM's or Sun's Web Service ideas better. Without the common Passport authentication, Hailstorm is no longer Hailstorm.

((And if you did get your hands on the keys, it would mean the collapse of the entire Passport security scheme.)
--
Convictions are more dangerous enemies of truth than lies.

Let me get this straight...

Microsoft... is trying to make a central repository of personal information... stored in redundant Microsoft controlled datacenters... including credit card numbers...

So all I need to do is SE a domain admin password from *one* microsoft employee, with a *crapload* of them to choose from, and I get *millions and millions* of credit card numbers, addresses, perhaps even bank accounts?

OK. I'm up for that.

-Jade E.

Centralization dillema

Well, we have to admit that software as service revolution is inevitable. This change will really revolutionize our world. The work *has* already begun since P2P "discovery" by Napster and such. It was then intensified by the invention of Java as "universal" programming language and XML as the "universal" data format. Naturally, if we have world-wide connections, universal programming language and universal data, we'd like to unify the framework, right?

Recall in the OSI network layer we have "presentation layer" [cs.tcd.ie]. You can see that this layer has never emerge as a solid standard eventhough there were some attempts. Thus, this becomes the biggest stumbling block in the unification. However, after *the* invention, this should not be problem any longer.

But, there is another problem: Control. With software as service, the service-provider company will exercise control over your data. Basically, your data is belong to us. Eventhough the provider does respect privacy, it won't let you get away without signing ToS which is basically make you agree to for a "responsible disclosure" from it. Even worse, the company seems to take the privacy pretty lightly [nwsource.com]

Now, this has a serious implication: Government agents can pin down those service providers and possibly giving them monopoly access to ease them "keeping track of malicious citizens". Is this an indication? [slashdot.org] If so, then your privacy agreement is "useless" basically. Unless...

If we agree on universal programming language, data, and protocols and decentralized P2P connection like Freenet [sourceforge.net] does. This case, our privacy will remain and we can defend it to our best. Just my 2 cents, though.

Copyrighting a data schema

This is particularly alarming / revolting / pathetic / disgusting / enraging.

They actually want to copyright a DATA STRUCTURE so that no one else can use it. That's just insane.

I'm going to copyright the following data structure immediately:

• EmpID
• LastName
• FirstName
• SSN

If I come across ANYONE using ANYTHING even REMOTELY like this, I'm gonna sue you and you will be owned.