Month: February 2008

Security, excuses and hidden agendas

Bruce Schneier has often commented on the tendency for hidden agendas to masquarade behind excuses for security. “For security reasons, we must do …” or “due to security concerns, we do not alow…” The classic example in Beyond Fear was the prohibition against bringing beverages into a baseball park: is it really about safety inside the park in the heightened awareness of 9/11 or a boost to the soft-drinks sales inside which goes to lining the club’s pocket at the end of the day?

The latest MSFT one-eighty around virtualization is starting to look like another one. To recap, in June last year MSFT announced that it was expanding virtualization options for Vista to allow Home Basic and Home Premium skews to run in a VM. This was shortly reversed by a change of course, now requiring users to fork for the more expensive business editions due to unstated security reasons.  More recently MSFT announced that it is again allowing  virtualization of the less expensive varieties. What to make of this? If this was a politician running for a coveted nomination on super primary Tuesday this type of change in policy would be understandable. Ruling that out, two other options remain:

  1. It was decided that customers can live with lower security assurances for the scenario. That is to say, after spending 5 years to ship the most secure version of Windows to date in Vista, break backwards compatibility and even sink untold amounts of R&D into inane, useless features such as UAC to prove this commitment, Microsoft is now letting go of a strategic advantage by allowing the operating system to be run in a vulnerable configuration.
  2. Security excuse was a ruse all along, intended to push customers towards more expensive Vista skews until the company itself could develop a proper response to the disruptive nature of virtualization.

#2 is looking like the smarter bet at the moment. It is not clear that virtualization is necessarily a short term revenue threat. Virtualized or not those copies of Windows must still be licensed. In other words the Mac user running Vista under Parallels of VMware Fusion is still paying for a full-license as if they had installed it natively. (Granted there might be a small uptick in piracy since pre-activated/genuine-advantage-validated VM images make for a convenient way to distribute pirated copies.) This scenario might be of greater concern to Dell or HP since it means that consumers have the option to purchase a Mac instead of a PC. Meanwhile server consolidation, the other major business case for virtualization is not affected by the Vista licensing arrangements because Vista is a client OS. Windows Server 2003 and 2008 are the relevant products for virtualized data-center environments, and it’s primarily the virtualization policies around these products that have to be carefully crafted to protect server business revenue.

Long term however there is a strategic threat. Parallels and VMware might be great for getting the best of both worlds from Linux/Mac + Windows but if Vista is increasingly seen as a “secondary” OS to run alongside a primary, purely for compatibility with applications written for the venerable Win32/64 API, it raises the question of how long before those applications can be finally ported to the other platforms so they do not need virtualization as a crutch. More than any short term risks around piracy or missed revenue from consumers opting for the inexpensive Vista skews, this is the great danger of undercutting the platform that MSFT has to contend with.

cemp

Blogging from an XO

The machine had arrived unceremoniously after New Year’s– it was sitting there in a box when we came back from vacation. Intended as a gift for my better half that arrived just a few days too late for the holidays, it was in time for all the controversy surrounding Intel parting ways with the OLPC group.

After installing the battery and charging for the first time, we had a chance to experiment briefly. Her initial impressions were that it was surprisingly unintuitive as far as user interface goes. This blogger agrees: after being used to a standard Windows/OS-X/Ubuntu system, the XO involves a steep learning curve. And that may be perfectly reasonable beause the true target audience for this laptop will be coming to the table with no pre-conceived notions of what a personal computer ought to look like. In that sense the XO is that rare opportunity for system designers: a chance to start with a clean slate, no backwards compatibility, not even the faintest worry about “sideways compatibility” to interop with the applications rest of the world is using, except for the ubiquitious web itself. Perhaps the only familiar moment aside from a stripped down web-browser was launching a command line shell to see which standard utilities were available. Python, ssh, grep: check. ifconfig, emacs, gcc: no dice.

One big problem initially was getting wireless networking. The graphical “neighborhood view” is a great way to visualize other peers and infrastructure access points but the XO could not associate with our DLink draft-N router. A quick Google search revealed that the particular build that ships with this version does not support WPA out of the box. Luckily a work-around was available in the form of a shell script that manually adds the information to config files.

After getting net access and trying out the other included applications, the XO sat on the shelf for a while until the blogger decided to borrow it for a test-drive today. Writing this post can be described in one word as frustrating. The keyboard is dimunitive, which is understandable considering it is designed for children. But it also lacks feedback because of the water-proofing  covering the entire layout in an uninterrupted sheet of plastic.  Biggest challenge to text-editing is that the system is awfully slow: it makes Vista feel like a streamlined catamaran by comparion. Of all things simple UI tasks such as typing and clicking should be the times when CPU speed does not matter. After all a user can’t “outclick” or “outtype” a modern CPU running at hundreds of megahertz. Apparently on the XO they can: there is noticeable delay between typing and having the words  appear in the WordPress edit box. (A problem aggravated by the fact that on an unfamiliar keyboard  half the time the first attempt at typing contains a typo.)

There is a lot more to write about the XO but it is clear that these future posts are best not authored on the XO itself.

cemp