Bill Gates flew to San Francisco to launch the latest component of
his Web services initiative earlier this month. Danny Bradbury met
him there.
Have you heard the joke about a man in a bar having a quiet drink,
when a nerdy looking fellow sits down next to him, sipping a
Martini? "You're Bill Gates!" says the astonished man. Gates nods
and smiles. "Would you mind doing me a favour?" asks the man. "I'm
meeting a date in the restaurant here this evening. Would you mind
coming up to my table and greeting me like we're old friends? It
would really give me some kudos with my lady friend." "Sure," says
Gates.
Later while the guy is sitting with his date at dinner, Gates
appears. "Hi," he says. "How are you?"
"Jeez, stop bugging me Bill," says the guy. "Can't you see I'm
busy?"
It is no surprise that jokes like this are doing the rounds. Gates'
reputation for greatness is almost more important than he is, now
that Steve Ballmer is running Microsoft on a day-to-day basis as
chief executive. It's getting to the point where Gates is almost
famous just for being famous. He even did a guest appearance on the
US TV sit-com Frazier recently in a story line in which Gates
upstaged the balding radio psychiatrist.
Gates is certainly a more impressive figurehead than Ballmer, which
is probably why he made the keynote speech for the launch of Visual
Studio earlier this month. The product, which is Microsoft's
long-awaited software development tool for Web services, has been
in beta test for more than a year and, while waiting for it to ship
Gates has been busy talking up the initiative.
Web services are essentially software components wrapped in an XML
language called the Simple Object Access Protocol. The idea is that
they will be more business-oriented and be accessible over the
Internet by other software applications. Thus, for example, your
accounting system could access an exchange rate calculation
facility online linked to the stock exchange, as a means of keeping
your currency calculations up to date.
"With Visual Studio you'll see a ton of things go online that have
been done through paper or phone calls or through very inefficient
processes without much visibility to date," Gates says. "It's a
change for how business is done, and makes all business models more
efficient."
This idea of making software more efficient and easily accessible
is great on the surface, but one of Microsoft's problems is that
its software has been all-too accessible of late. A series of
embarrassing security flaws has caused the industry to recoil from
the company's "software as a service" business model, worried about
having insecure software constantly connected to the Net.
In November 2001, for example, the software giant found a bug in
Internet Explorer 5.5 and 6.0 that exposed personal information in
cookies, potentially rendering bank account details, credit card
numbers and passwords open to hackers. It also found loopholes in
the Passport security service that potentially exposed private
information to online snoopers.
Microsoft had possibly its biggest embarrassment of the past year,
when it admitted to a security hole in Windows XP that could allow
hackers to take control of a machine by using the universal
plug-and-play facility in the operating system. A panicked
Microsoft urged all users of the system to install a patch to fix
the problem. And then there was the revelation, last week, that
Visual Studio.net is vulnerable to buffer overflow attacks.
"A lot of the vulnerabilities come at the application layer," Gates
says, "and so helping developers understand these issues as they
write their applications is important, particularly as you get into
privacy. That's not so much a platform thing as a question of
administering things - who has what rights to information and so
on."
But he has dodged the question. Following the discovery of the
security flaws in the operating system and in the back-end Passport
service that supports it, Gates declared open season on security
bugs, issuing a memo in January demanding a new era of trustworthy
computing in Microsoft. "If we don't do this, people simply won't
be willing - or able - to take advantage of all the other great
work we do," the memo said.
So, how is Gates going to alter his software development processes
to make that happen? "When there have been viruses, the fixes for
those things were done months before there was a problem," he
protests. "The problem isn't that the fixes haven't been done, it's
that people weren't installing them."
But if this is the case, then why is Microsoft so against full
disclosure? Back in October, Microsoft's security response centre
manager Scott Culp issued an open letter to the hacker community
imploring it not to publish any details of security holes that they
discovered in its products. Such holes should be brought to the
company's attention first, says Gates. "It's more constructive for
someone to report [privately to the software supplier] and allow 24
hours for the fix to be there than it is to report a problem
publicly without a fix," he says.
Speaking to Gates about security, it is hard to avoid the feeling
that you are talking to a rabbit which is staring directly at some
fast-approaching headlights. While calm on the surface, he never
directly tackles the security question and it seems pretty clear
that he's keeping tight-lipped until Microsoft has completed its
internal security programme. According to other senior Microsoft
executives, the initiative has seen the company's developers
crammed into security training classrooms. Perhaps this will help
them to eradicate such embarrassing problems as the buffer overflow
error that caused the plug-and-play flaw which is (or should be)
basic, textbook stuff for developers.
Still, Gates is looking to the future and trying to push forward
while fighting off competition from other software giants, such as
Sun Microsystems, which built its own Web services strategy called
Sun One.
Who does Gates see as his enemies as Microsoft gears up to peddle
Web services, and how will he overcome them? "We don't have
enemies, we have competitors. These are companies coming in with
the same dreams that we have," he says, in a tone that seems
markedly different from the language used in Microsoft's legal
filings against AOL in early May. "A key competitor and partner in
Web services is IBM. It's a broad company that has a depth of
hardware and other technologies. It's a big partner of ours in
terms of putting windows on our system and promoting Web services,
and it's a big competitor in terms of a lot of the software pieces
that it sells."
Perhaps one of the reasons that he focuses so heavily on IBM is
that its relationship with Sun has visibly soured over the past
couple of years, following a licence wrangle over the Java 2
Enterprise Edition brand name. Although IBM remains committed to
Java, it isn't as "in-bed" with Sun as it used to be.
And what about Linux, which Gates identified as a key threat in a
memo a year or two ago? "Linux is a kernel operating system and the
kernel is such a small piece of what you get in a platform right
now that you wouldn't say that Linux is a competitor," Gates says.
"There are people who build things on top of Linux that compete
with us but Linux is a small enough part of the platform you could
say that it's a commoditised piece."
It is the people building things on top of Linux that Gates should
be worried about. Ximian, for example, is building an open source
version of the .net framework that will run on Linux. This
represents serious competition to Microsoft, which undoubtedly
hopes that most people will run their implementations on the
Windows platform. Microsoft has built a FreeBSD version of Linux,
but this is more of a publicity gig than a serious endeavour.
When Gates sweeps out of the room, the sense of urgency with which
he entered it leaves with him. But what stays is a sense of the
challenge that he faces as he tries to bet Microsoft's reputation
on a new framework which has already aroused suspicions among
users.
Hopefully, he will be able to overcome the security challenges
before he officially makes available the developer-oriented,
Passport-supported MyServices component later in the year. This
service will see Microsoft hosting not only third-party Web
services, but also customer data, in something clearly approaching
a world domination strategy. Until then, we'll keep installing the
software patches as they become available.