Philip Brittan's Blog

December 2003 Archives

Security Strategies

The IT security outlook just seems to be getting worse. Maybe it's time to change the rules.

We are being bombarded these days about the increasing threat of security. Microsoft has long been a target in this area, as have Java, and Flash, but now Linux is also coming under attack. The attacks are coming with greater frequency and with greater destructive power, and they are coming in the form of malicious code, or "malware".

In order to make significant headway in the struggle against malware, we need to fundamentally change the rules of the game. In a recent article for CNET News.com, "Inherent Insecurity", I argue that fat-client architectures are inherently vulnerable to attack, and that by switching to a thin-client model we can cut down on the amount of raw material that malware has to attack. In another article, "Fencing In" for ZDNet, I argue that we need to change our basic security posture and actively contain threats rather than huddle in our bunkers. I cite early examples of fence in strategies being used against viruses, hackers, and spam. Interestingly, I just came across another application of the fence in approach being suggested for flu vaccinations.

Fighting With Everyone

Microsoft's campaign to take over the world is bringing it into conflict with a few people.

I have already amply talked about Microsoft's battles with the Java camp (which are still just in the warm-up stages). That battle brings the software titan into conflict with IBM, Sun, BEA, Oracle, and host of others. Battles in the database arena redouble that conflict with IBM, Oracle,and others. But although the conflicts between these vendors are taking on new shape, they have certainly been raging for some time

Now, I just noticed a couple of articles that outline Microsoft's emerging conflict with new types of competitors, namely its tussle with SAP in the business applications space and its rivalry with Sony in the game console arena.

I watched an interview with Steve Ballmer, maybe a year or so ago, in which he announced that Microsoft was fighting a 7 front war. It does make sense. Microsoft needs to find new markets in order to maintain its phenomenal growth. It is also betting on the value of synergy between its products in different markets: if people's lives are made better by Microsoft technology being truly ubiquitous, then Microsoft locks in further advantage.

But then 7 fronts is a lot of fronts. Microsoft is very powerful, and undoubtedly feeling very powerful, these days. But even a superpower that seems to have the strength to take on all other contenders at once can run into difficulty in unexpected places. The payoff side of Microsoft's game is clear. The risk side is that by spreading itself too thin, or by turning against key allies, it becomes vulnerable in a core market.

The Battle Over Java

Is the cold war between Sun and IBM over Java heating up?

I often rant about the epic battle that is brewing between Java and .NET. But there is another battle, not necessarily less significant, that has long been brewing within the Java camp. It is a battle between Sun and IBM over the control of Java. Although the two have long been fierce competitors in the area of systems, the struggle over Java has so far been largely a cold war, veiled under a veneer of cooperation.

But recent moves have brought the battle more into the open. Since Sun decided to make Java an “open standard” and turn its stewardship over to the JCP, Sun gave up a certain level of control over Java. But it still retains sole rights to the name and gets to decide what is called Java and what is not (this is the same leverage that Linus Torvalds holds over Linux). Earlier this year, Sun made the decision to become more aggressive about exerting that right by renaming its core product stacks the "Java Enterprise System" and the "Java Desktop System", even for components that have little or nothing to do with Java. This move angered a number of Java partners, but Sun undoubtedly hopes that it will more strongly tie the identity of Java to Sun.

The other open battle is in the area of Java tools. IBM and Sun each push toolsets that are built on open source foundations -- Eclipse for IBM and NetBeans for Sun. There was talk about Sun joining the Eclipse consortium, but now Sun has made it clear that it will rather support NetBeans to the bitter end, and is instead arguing for a standard to improve interoperability between tools from different vendors, a proposal that IBM has rebuffed. Aligned with each of these tools is a separate GUI toolkit -- Swing for Sun/NetBeans, SWT for IBM/Eclipse. The passions surrounding this schism run deep. At a recent conference, I witnessed Swing developers vociferously laying into IBM execs about IBM's insistence on building Eclipse with SWT, even though Eclipse can build Swing applications.

The battle between Sun and IBM certainly predates Java, and even today it ranges beyond Java. Web services and support for Linux are two other areas in which the two systems companies have been engaged in open and behind-the-scenes tussling.

For us who develop in Java, the critical issue is what bearing this battle will have on the future of Java and whether it will weaken Java in the face of an onslaught from Microsoft .NET. Java is a grand experiment. Is it possible that many independent vendors, who normally compete with one another, can come together and work for the betterment of something as complex and with as many facets as Java? The answer to that may be key to whether the larger grand experiment of open standards for software will prevail.

This work is licensed under a Creative Commons License.