Subject: authentication systems (.NET, .GNU): Its the desktop, dummy.
From: Tom Lord <lord@regexps.com>
Date: Wed, 12 Sep 2001 18:55:07 -0700 (PDT)


When I read about .NET, I see a strategic play aimed at obtaining
greater developer lock-in in the "Internet software" space and
consumer lock-in via a software delivery mechanism.

User authentication services, whether centralized or distributed, seem
like (mostly) a red herring to me.  They seem like a red herring
because they don't solve any serious problem -- is there something
wrong with the kinds of authentication we currently use?  Is there a
substantial spontaneous demand for simpler interfaces to managing
on-line identity?  I don't believe so.

I don't doubt that the success of .NET could help bring about a shift
in authentication practices with negative social consequences.  I do
doubt that the right strategic reply is to make a distributed
authentication service, or any kind of copy-cat implementation of
proposed .NET standards.

A better reply is to wrestle the current desktop monopoly away from
Microsoft while continuing to improve unix-based network
infrastructure products and services.  The desktop monopoly is the
leverage point which MS can use to impose whatever architecture it
pleases on a large number of users, regardless of those users'
spontaneous demand.  People and offices will buy .NET software because
they think they want to keep up with the latest PDA, browser,
spreadsheet, or word processor -- not because they don't like the way
Internet commerce currently works.  Internet-based services will buy
.NET software if they believe nearly all of their target market will
be running .NET-based desktops -- .NET will lower their costs
developing for those customers; .NET may succeed at setting some kinds
of expectations-of-interoperability among their users.

With .NET, MS has baited open source and free software developers with
a technical agenda.  By accepting that competition over that agenda is
the true battlefield, our developers reinforce MS' marketing while
simultaneously diverting FS/open source development dollars away from
areas that make more sense.  I sometimes think that some of the
loudest voices in Open Source behave as if they were on MS' payroll.
In a few cases, they are.

This bait-and-lead strategy is something MS appears to have discovered
accidently in the desktop/device-interface space.  MS' desktop
software architecture is optimized for being developed in top-down
fashion, using an army of developers to heap detail upon detail in what
is, in essence, a huge object oriented monolith.  Small open source
companies and loosely coordinated collections of open source
volunteers can't operate that way.  A predictable outcome of an effort
to port MS' desktop architectures to open source environments is the
creation of systems that look similar to MS', but that lack polish,
comparative reliability, and each user-groups favorite obscure
feature.

It hasn't helped when FSB's undertake to compete with one another on
software products -- a tactic that makes much sense for proprietary
software, but little sense for open source software.  For example:
competing desktop toolkits, where the goal of the primary competitors
is to be the one company that "controls" the winning technology;
competing (and incompatible) linux distributions.  Yes, competing
technologies make sense in the open source world -- but a one-to-one
binding of technologies to companies creates weaker companies, and
weaker technology.

There are tried-and-true architectural approaches to
desktop/productivity/device-interface software that make better sense
in a world of small development teams, operating independently.  Where
are the FSBs with the intestinal fortitude to invest in them?

-t