Gates/Ozzie challenge Microsoft to “alter its business”

Well, the Ray Ozzie and Bill Gates series of memos that were sent around here are now breaking in the news (Dave Winer is linking to the important ones and has a picture of Bill Gates up on his blog to boot). Around here we call the Gates one “the birthday memo.” In honor of BillG’s 50th birthday.

They are important memos. I’m still reeling from their significance. I don’t want to be the first one to break wind in public about them, but they are long memos. The longest I’ve received since becoming a Microsoft employee. They show clear understanding of how the world has changed. They answer a lot of the points I’ve been talking about here on my blog (and, in fact, have been influencing my thinking a lot).

Yes, the guys at top are now yelling “turn, turn, turn.”

Like I said: this disruption game is fun!

Update: Dave Winer just posted the memos.

78 thoughts on “Gates/Ozzie challenge Microsoft to “alter its business”

  1. Welch needs to grow up, nobody want’s to hear his crap about his macintosh.

    Hey Welch, that Sony rootkit is also causing problems on macintosh computers.

    Instead of putting your life in the mac, how about you get outside and help other people and do something with your sad existance of a life.

    What is the macintosh going to do when some people are dying in the gulf coast. Get a clue!

    Some people shouldn’t have computers let alone have a mac. I mean why bother when you are so useless for anything in real life that really affects real people with real lives.

    For godsake, get off the computer and do something that will help somebody. Arguing about what is superior is just redneck stupid and nobody wins.

  2. Welch needs to grow up, nobody want’s to hear his crap about his macintosh.

    Hey Welch, that Sony rootkit is also causing problems on macintosh computers.

    Instead of putting your life in the mac, how about you get outside and help other people and do something with your sad existance of a life.

    What is the macintosh going to do when some people are dying in the gulf coast. Get a clue!

    Some people shouldn’t have computers let alone have a mac. I mean why bother when you are so useless for anything in real life that really affects real people with real lives.

    For godsake, get off the computer and do something that will help somebody. Arguing about what is superior is just redneck stupid and nobody wins.

  3. John, I don’t understand your point. Everyone agrees that MS made stupid security decisions in the past. Then Bill Gates’ famous security memo came. Then we got SP2

    Dude, SP2 came what a year or so after that? Even after Gates’ memo, XP still, BY DEFAULT didn’t even ask for a password on the default account. What, you thought Memo==magic spell?

    and Vista because the entire company shifted to concentrate on security.

    Bullshit, we don’t have Vista at all. It doesn’t exist outside of a beta program. Doesn’t count.

    The fact is, Microsoft does care about security NOW. It is built into the fabric of every decision making process NOW. SP2, even though a radical change in the OS, was made available to all users for FREE.

    Oh good, so now that XP SP2 is out, we just magically forget that without massive complaints, they had built security holes into the OS, and wouldn’t have changed squat if it hadn’t started messing with their bottom line.

    What do you suggest, Micrsoft magically roll back time to 1999 and retroactively give everyone SP2? Sure, you can try to insinuate the microsoft ‘deliberately’ made bad security decisions. Really? Do you really think they really enjoy the fact that most users are getting infected with viruses and malware? What makes you think that their early security mistakes were deliberate. Seems illogical to me.

    Um…you’re very young, or very ignorant. MS deliberately ignored proven concepts of privilege separation in making administrator accounts the default AND the equivalent of Unix ‘root’. Even OS X’s administrator accounts are NOT ‘root’ level accounts. Even WITH SP2, that hasn’t changed.

    Even worse, versions of windows that you can ACTUALLY BUY today are pretty much unusable without administrator level access. Want to add a printer? Not an administrator? you have to give that user the ability to add device drivers to the system. Of course, once you do that, it happens silently FOREVER. This includes cases where the driver is already in the OS. You enable that add device driver priv in local security policies, you’ve just given away the keys to the kingdom.

    That still exists in SP2 by the way.

    IE’s popup blocker, (and firefox’s is not much better) is so braindead that it cannot, by default, differentiate between popups enabled by humans and every other popup. If *I* manually click on the link, DON’T BLOCK THE POPUP. Safari gets this perfect. I had to punch holes in IE’s popup blocker to use friggin’ OWA. it’s such a pain in the ass to use that you end up punching domain-sized holes in it.

    Thanks to the administrator – level access equaling root, registry perversions are child’s play on XP, and thanks to the registry being so craptacular to work with, once something gets in your registry, you may as well reformat. The registry is still a raging shitpile of bad idea and worse implementation. The Sony rootkit shows just how incredibly awful this is.

    If you think SP2 makes windows secure, and overcomes the massive issues, you’re fooling yourself.

    John – btw, I’m curious where you got 18 months from. From everything I’ve heard, Vista will be released by holdiay 2006. Do you know something everyone else doesn’t know or are you purposely spreading incorrect information?

    Actually Maneesh, i said “almost”. Since there’s no date, “holiday” puts Vista at anything from 13 to 14 months out. Okay, so it’s a stretch for even almost 18 months. it’s still over a year before it’s not a future product. Like I said, until its in code and out of beta, I believe nothing from the MS windows side of the house. Actually, if it’s not coming from the Mac BU, and it’s not in code and out of beta and available, everything from MS is bullshit. The Mac BU has done the work to earn my trust. The rest of the company has not.

    When the rest of MS can show me the kind of relationship I get from the Mac BU, i’ll change my opinion. Not until. Note that it took the Mac BU *years* to get that way.

  4. John, I don’t understand your point. Everyone agrees that MS made stupid security decisions in the past. Then Bill Gates’ famous security memo came. Then we got SP2

    Dude, SP2 came what a year or so after that? Even after Gates’ memo, XP still, BY DEFAULT didn’t even ask for a password on the default account. What, you thought Memo==magic spell?

    and Vista because the entire company shifted to concentrate on security.

    Bullshit, we don’t have Vista at all. It doesn’t exist outside of a beta program. Doesn’t count.

    The fact is, Microsoft does care about security NOW. It is built into the fabric of every decision making process NOW. SP2, even though a radical change in the OS, was made available to all users for FREE.

    Oh good, so now that XP SP2 is out, we just magically forget that without massive complaints, they had built security holes into the OS, and wouldn’t have changed squat if it hadn’t started messing with their bottom line.

    What do you suggest, Micrsoft magically roll back time to 1999 and retroactively give everyone SP2? Sure, you can try to insinuate the microsoft ‘deliberately’ made bad security decisions. Really? Do you really think they really enjoy the fact that most users are getting infected with viruses and malware? What makes you think that their early security mistakes were deliberate. Seems illogical to me.

    Um…you’re very young, or very ignorant. MS deliberately ignored proven concepts of privilege separation in making administrator accounts the default AND the equivalent of Unix ‘root’. Even OS X’s administrator accounts are NOT ‘root’ level accounts. Even WITH SP2, that hasn’t changed.

    Even worse, versions of windows that you can ACTUALLY BUY today are pretty much unusable without administrator level access. Want to add a printer? Not an administrator? you have to give that user the ability to add device drivers to the system. Of course, once you do that, it happens silently FOREVER. This includes cases where the driver is already in the OS. You enable that add device driver priv in local security policies, you’ve just given away the keys to the kingdom.

    That still exists in SP2 by the way.

    IE’s popup blocker, (and firefox’s is not much better) is so braindead that it cannot, by default, differentiate between popups enabled by humans and every other popup. If *I* manually click on the link, DON’T BLOCK THE POPUP. Safari gets this perfect. I had to punch holes in IE’s popup blocker to use friggin’ OWA. it’s such a pain in the ass to use that you end up punching domain-sized holes in it.

    Thanks to the administrator – level access equaling root, registry perversions are child’s play on XP, and thanks to the registry being so craptacular to work with, once something gets in your registry, you may as well reformat. The registry is still a raging shitpile of bad idea and worse implementation. The Sony rootkit shows just how incredibly awful this is.

    If you think SP2 makes windows secure, and overcomes the massive issues, you’re fooling yourself.

    John – btw, I’m curious where you got 18 months from. From everything I’ve heard, Vista will be released by holdiay 2006. Do you know something everyone else doesn’t know or are you purposely spreading incorrect information?

    Actually Maneesh, i said “almost”. Since there’s no date, “holiday” puts Vista at anything from 13 to 14 months out. Okay, so it’s a stretch for even almost 18 months. it’s still over a year before it’s not a future product. Like I said, until its in code and out of beta, I believe nothing from the MS windows side of the house. Actually, if it’s not coming from the Mac BU, and it’s not in code and out of beta and available, everything from MS is bullshit. The Mac BU has done the work to earn my trust. The rest of the company has not.

    When the rest of MS can show me the kind of relationship I get from the Mac BU, i’ll change my opinion. Not until. Note that it took the Mac BU *years* to get that way.

  5. #26, as a developer you completely read my post wrong. The point is not .Net’s current success, I’m sure it’s doing better than Java did in it’s own timeframe, and I don’t care that it’s a proprietary copy. Let the market decide if it’s better. I wasn’t writing about programming languages.

    My point is that if Microsoft wants to get into the Google business, they are going to start competing with companies purchasing their software. That’s trouble. They’ve never done well with online businesses, so they need a more persuasive argument than BG makes here.

    Let me try to make this clearer, Microsoft should deliver the backend programming tools or deliver the media. Once they compete with Yahoo, Google, AOL – which they already do, I know – they lose some power in selling their other tools. This is partly why they have little traction online. Their plan to be an advertising source like Google fundamentally changes their business. The existence of the Xbox fundamentally changes their business.

    How many customers can you compete with until it hurts your bottomline? With a huge cash hoard and virtually limitless ambition, I think Microsoft is going to find out. Bringing .Net up as a success in the way Gates did demonstrates that he doesn’t get it. .Net is a hindrance to the new strategy, not an indicator of success. Microsoft will have to lose advertising business defending Windows, Office and .Net. How many customers/developers will they lose as they insist on proprietary technology? How many idiotic bundling decisions and hamstrung implementations like MSN search? This is an economics argument, not some moralistic jihad, as if I like Apple or Linux. I use Windows XP.

  6. #26, as a developer you completely read my post wrong. The point is not .Net’s current success, I’m sure it’s doing better than Java did in it’s own timeframe, and I don’t care that it’s a proprietary copy. Let the market decide if it’s better. I wasn’t writing about programming languages.

    My point is that if Microsoft wants to get into the Google business, they are going to start competing with companies purchasing their software. That’s trouble. They’ve never done well with online businesses, so they need a more persuasive argument than BG makes here.

    Let me try to make this clearer, Microsoft should deliver the backend programming tools or deliver the media. Once they compete with Yahoo, Google, AOL – which they already do, I know – they lose some power in selling their other tools. This is partly why they have little traction online. Their plan to be an advertising source like Google fundamentally changes their business. The existence of the Xbox fundamentally changes their business.

    How many customers can you compete with until it hurts your bottomline? With a huge cash hoard and virtually limitless ambition, I think Microsoft is going to find out. Bringing .Net up as a success in the way Gates did demonstrates that he doesn’t get it. .Net is a hindrance to the new strategy, not an indicator of success. Microsoft will have to lose advertising business defending Windows, Office and .Net. How many customers/developers will they lose as they insist on proprietary technology? How many idiotic bundling decisions and hamstrung implementations like MSN search? This is an economics argument, not some moralistic jihad, as if I like Apple or Linux. I use Windows XP.

  7. Well, Microsoft’s security failing before SP2 were pretty sad, and completely unnecessary–every CS major with half a brain knew what needed to be done back in the mid 90s.

    But Microsoft has since done decent work on this issue. Forcing firewalls, virus protection and automatic updates were all good moves.

    The biggest remaining problem is spyware, which leaves many end-user machines completely compromised and badly broken. Until this is addressed, Microsoft still hasn’t taken the necessary steps for real-world security.

  8. Well, Microsoft’s security failing before SP2 were pretty sad, and completely unnecessary–every CS major with half a brain knew what needed to be done back in the mid 90s.

    But Microsoft has since done decent work on this issue. Forcing firewalls, virus protection and automatic updates were all good moves.

    The biggest remaining problem is spyware, which leaves many end-user machines completely compromised and badly broken. Until this is addressed, Microsoft still hasn’t taken the necessary steps for real-world security.

  9. Maneesh: “Do you really think they really enjoy the fact that most users are getting infected with viruses and malware?”

    Wouldn’t you if you were in the security software business like MSFT?

    “What makes you think that their early security mistakes were deliberate.”

    A mistake by definition is not deliberate. Who says those architectural decisions to favor features and sales over security were not deliberate? Those who think that MSFT has long harbored a desire to lock-down its OS and apps at a low-level do. One way to sell that notion is to not fix the problem so the selling the new “trusted” platform becomes easier.

  10. Maneesh: “Do you really think they really enjoy the fact that most users are getting infected with viruses and malware?”

    Wouldn’t you if you were in the security software business like MSFT?

    “What makes you think that their early security mistakes were deliberate.”

    A mistake by definition is not deliberate. Who says those architectural decisions to favor features and sales over security were not deliberate? Those who think that MSFT has long harbored a desire to lock-down its OS and apps at a low-level do. One way to sell that notion is to not fix the problem so the selling the new “trusted” platform becomes easier.

  11. Brandon: “That’s how Microsoft got where it is today… by adapting to meet the needs of its customers.”

    You mean customers repeatedly asked MSFT to abuse its monopoly and lock them in? Imagine that.

  12. Brandon: “That’s how Microsoft got where it is today… by adapting to meet the needs of its customers.”

    You mean customers repeatedly asked MSFT to abuse its monopoly and lock them in? Imagine that.

  13. John – btw, I’m curious where you got 18 months from. From everything I’ve heard, Vista will be released by holdiay 2006. Do you know something everyone else doesn’t know or are you purposely spreading incorrect information?

  14. John – btw, I’m curious where you got 18 months from. From everything I’ve heard, Vista will be released by holdiay 2006. Do you know something everyone else doesn’t know or are you purposely spreading incorrect information?

  15. “For ten years MS made deliberately stupid decisions, and now you want some kind of bye on that.”

    John, I don’t understand your point. Everyone agrees that MS made stupid security decisions in the past. Then Bill Gates’ famous security memo came. Then we got SP2 and Vista because the entire company shifted to concentrate on security. The fact is, Microsoft does care about security NOW. It is built into the fabric of every decision making process NOW. SP2, even though a radical change in the OS, was made available to all users for FREE. What do you suggest, Micrsoft magically roll back time to 1999 and retroactively give everyone SP2? Sure, you can try to insinuate the microsoft ‘deliberately’ made bad security decisions. Really? Do you really think they really enjoy the fact that most users are getting infected with viruses and malware? What makes you think that their early security mistakes were deliberate. Seems illogical to me.

  16. “For ten years MS made deliberately stupid decisions, and now you want some kind of bye on that.”

    John, I don’t understand your point. Everyone agrees that MS made stupid security decisions in the past. Then Bill Gates’ famous security memo came. Then we got SP2 and Vista because the entire company shifted to concentrate on security. The fact is, Microsoft does care about security NOW. It is built into the fabric of every decision making process NOW. SP2, even though a radical change in the OS, was made available to all users for FREE. What do you suggest, Micrsoft magically roll back time to 1999 and retroactively give everyone SP2? Sure, you can try to insinuate the microsoft ‘deliberately’ made bad security decisions. Really? Do you really think they really enjoy the fact that most users are getting infected with viruses and malware? What makes you think that their early security mistakes were deliberate. Seems illogical to me.

  17. Brandon, you didn’t listen. I’m talking about people who bought a computer pre-SP2, turned it on and tried to work on the intarweb. you know how they deal with problems? They burn data to a CD or even a floppy, nuke and pave. You need to get out in the non-tech world a little more. Unless the stuff they get has the firewall turned on by default, most folks will never do it.

    Had MS not *crippled* interprocess security in Windows and shipped XP to NOT EVEN ASK FOR A PASSWORD by default initially, then a lot of this would have not been a problem. For ten years MS made deliberately stupid decisions, and now you want some kind of bye on that.

    As well, don’t whine to me about the consent decree. It was *MICROSOFT’S* behavior that *got* them that decree…”Oh it’s the consent decree’s fault we couldn’t build security into our OS”. Are you SERIOUS? Get lucid man, that’s a lame justification, even for a Microsoftie. Here’s one…DON’T BREAK THE DAMNED LAW AND YOU DON’T GET IN TROUBLE.

    Windows has a ton of security design issues that may or may not be fixed in a product that is only in beta and still almost 18 months from release. If you are under some silly impression that anyone other than home users buying new machines will immediately upgrade, let me tell you, that’s a fantasy. The User Privilege model is only one of the stupider ones. The Registry is by far the best thing that ever happened to malware. Lame and lamer. All the services it turns on by default. Hmm…OS X doesn’t have its firewall turned on by default, and it doesn’t seem to have anything close to the problems XP had prior to SP 2 and the what, 20? additional patches it’s had since?

    But here’s a test. You take a stock system with an original load of XP as it shipped on day one, and I’ll take whatever version of OS X was shipping that day. We’ll load the OS, take all defaults, set up the first user, and see whose machine gets pwn3d first. No firewall. Nothing.

  18. Brandon, you didn’t listen. I’m talking about people who bought a computer pre-SP2, turned it on and tried to work on the intarweb. you know how they deal with problems? They burn data to a CD or even a floppy, nuke and pave. You need to get out in the non-tech world a little more. Unless the stuff they get has the firewall turned on by default, most folks will never do it.

    Had MS not *crippled* interprocess security in Windows and shipped XP to NOT EVEN ASK FOR A PASSWORD by default initially, then a lot of this would have not been a problem. For ten years MS made deliberately stupid decisions, and now you want some kind of bye on that.

    As well, don’t whine to me about the consent decree. It was *MICROSOFT’S* behavior that *got* them that decree…”Oh it’s the consent decree’s fault we couldn’t build security into our OS”. Are you SERIOUS? Get lucid man, that’s a lame justification, even for a Microsoftie. Here’s one…DON’T BREAK THE DAMNED LAW AND YOU DON’T GET IN TROUBLE.

    Windows has a ton of security design issues that may or may not be fixed in a product that is only in beta and still almost 18 months from release. If you are under some silly impression that anyone other than home users buying new machines will immediately upgrade, let me tell you, that’s a fantasy. The User Privilege model is only one of the stupider ones. The Registry is by far the best thing that ever happened to malware. Lame and lamer. All the services it turns on by default. Hmm…OS X doesn’t have its firewall turned on by default, and it doesn’t seem to have anything close to the problems XP had prior to SP 2 and the what, 20? additional patches it’s had since?

    But here’s a test. You take a stock system with an original load of XP as it shipped on day one, and I’ll take whatever version of OS X was shipping that day. We’ll load the OS, take all defaults, set up the first user, and see whose machine gets pwn3d first. No firewall. Nothing.

  19. John -

    How many people plug machines into an internet connection without a router/firewall and with no software firewall turned on?

    Actually, I don’t know the answer to that question. I would like to think it’s very small (especially since most Cable/DSL providers are integrating NAT firewalls into their modems these days).

    But the truth is that no matter what OS you’re running, connecting to the internet without a firewall is a BAD idea. SP2 enables a very solid software firewall by default, and that’s the number 1 reason it’s more secure (number 2 is that it really pushes you into Automatic Updates).

    Should the firewall have been turned on by default in SP1? Probably. In the RTM version back in 2001? Maybe, but that’s a harder argument to make. The world has changed a lot since then. Also, you have to remember that Microsoft has to live with the realities of a consent decree. Does protecting customers by including an on-by-default Firewall service mean that Microsoft will get sued by Firewall companies or the DOJ? What about anti-virus? Anti-spyware? Things aren’t as simple as they may seem.

    From my perspective, Windows has one remaining security-related design flaw. And that’s the user privilege model, which is a complicated issue in of itself. But it’s being fixed in Vista, so there’s not really much more I can ask.

  20. John -

    How many people plug machines into an internet connection without a router/firewall and with no software firewall turned on?

    Actually, I don’t know the answer to that question. I would like to think it’s very small (especially since most Cable/DSL providers are integrating NAT firewalls into their modems these days).

    But the truth is that no matter what OS you’re running, connecting to the internet without a firewall is a BAD idea. SP2 enables a very solid software firewall by default, and that’s the number 1 reason it’s more secure (number 2 is that it really pushes you into Automatic Updates).

    Should the firewall have been turned on by default in SP1? Probably. In the RTM version back in 2001? Maybe, but that’s a harder argument to make. The world has changed a lot since then. Also, you have to remember that Microsoft has to live with the realities of a consent decree. Does protecting customers by including an on-by-default Firewall service mean that Microsoft will get sued by Firewall companies or the DOJ? What about anti-virus? Anti-spyware? Things aren’t as simple as they may seem.

    From my perspective, Windows has one remaining security-related design flaw. And that’s the user privilege model, which is a complicated issue in of itself. But it’s being fixed in Vista, so there’s not really much more I can ask.

  21. I was especially interested in the Responsible Competition paragraph in Ozzie’s e-mail. He says they are going to have documented interfaces, open licenses, and so on. In other words, he is saying that Microsoft is going to give up its traditional proprietary monopoly lock-in tactics, and instead play fair.

    Cringely, on the other hand, says that Microsoft is going to use its unethcal tactics. “Microsoft WILL claim to open its APIs to promote competition and play nicer with the world. But they WON’T actually do it. They will claim to have an open standard, but there will be proprietary extensions.” and “The big question for Microsoft is whether they can compete in this new market without having to cheat? I don’t think they can. Putting it simpler, since all cheating isn’t illegal, can Microsoft really implement Windows Live and Office Live without breaking the law? I think they CAN, but I doubt if they WILL. I think that in Redmond the stakes will ultimately be perceived as too high not to cheat. Or maybe they simply don’t know how to pay fair. Either way, expect trouble.”

    http://www.pbs.org/cringely/pulpit/pulpit20051103.html

    My guess is that Cringely is right, but I’m not really sure.

  22. I was especially interested in the Responsible Competition paragraph in Ozzie’s e-mail. He says they are going to have documented interfaces, open licenses, and so on. In other words, he is saying that Microsoft is going to give up its traditional proprietary monopoly lock-in tactics, and instead play fair.

    Cringely, on the other hand, says that Microsoft is going to use its unethcal tactics. “Microsoft WILL claim to open its APIs to promote competition and play nicer with the world. But they WON’T actually do it. They will claim to have an open standard, but there will be proprietary extensions.” and “The big question for Microsoft is whether they can compete in this new market without having to cheat? I don’t think they can. Putting it simpler, since all cheating isn’t illegal, can Microsoft really implement Windows Live and Office Live without breaking the law? I think they CAN, but I doubt if they WILL. I think that in Redmond the stakes will ultimately be perceived as too high not to cheat. Or maybe they simply don’t know how to pay fair. Either way, expect trouble.”

    http://www.pbs.org/cringely/pulpit/pulpit20051103.html

    My guess is that Cringely is right, but I’m not really sure.

  23. Robert, if you bought a computer prior to SP2, and you got one from a company that isn’t ALLOWED to give you the real OS CDs, and you have to reformat the drive, how do you get SP2?

    On the internet.

    Where you’re getting owned.

    There are millions upon millions of people getting hosed by this, and it’s all MS’s fault.

  24. Robert, if you bought a computer prior to SP2, and you got one from a company that isn’t ALLOWED to give you the real OS CDs, and you have to reformat the drive, how do you get SP2?

    On the internet.

    Where you’re getting owned.

    There are millions upon millions of people getting hosed by this, and it’s all MS’s fault.

  25. >It now takes 12 minutes for a windows computer to become infected

    That’s bull. Plug Windows Server 2003 or Windows XP SP2 (which comes on all new computers I’ve used recently) in and it doesn’t get owned. But, why let facts get in the way of a good argument?

  26. >It now takes 12 minutes for a windows computer to become infected

    That’s bull. Plug Windows Server 2003 or Windows XP SP2 (which comes on all new computers I’ve used recently) in and it doesn’t get owned. But, why let facts get in the way of a good argument?

Comments are closed.