ActiveX in Disguise?

I have suggested that Microsoft's promotion of XML and its attempt to hand the C# language to a standards group are decoys to distract you from the long-term consequences of adopting .Net. It's been a fairly easy task for Microsoft to muddy these issues. The .Net plan encompasses so many services and technologies, it's difficult to grasp what it means to adopt any subset of them.

Now along comes Ximian, a company dedicated to free software projects like GNOME. Ximian recently announced its intention to reproduce much of the Microsoft .Net development environment as a Linux-based project called Mono. Ximian's goal is to deliver an open-source implementation of the C# language along with a set of open-source class libraries that are compatible with the Microsoft Common Language Infrastructure (CLI).

What a deal: A standards group controls the C# language, Microsoft promotes XML and now someone is even going to create an open-source implementation of the .Net development platform!

Sounds like open-source nirvana, but for two teensy problems. First, as I pointed out last week, the CLI is the engine that runs C#. It has built-in hooks for the Microsoft Web services HailStorm and Passport. Microsoft is structuring the CLI this way because it's staking its future revenue on the success of HailStorm and Passport. People aren't upgrading Windows and Microsoft Office like they used to.

Right now, Microsoft is compensating for the decline by offering long-term enterprise agreements to companies and government agencies as an alternative to "voluntary audits" of existing software licenses. But it's betting the future on monthly payments, and that means HailStorm and Passport. And if Passport becomes the de facto standard for single sign-on for Web services, then Microsoft will surely wield its dominance over authentication services to control the competition the same way it leveraged its Windows monopoly on the desktop.

Can Ximian prevent this by making .Net open source? Unlikely. On the one hand, Ximian claims that Mono has nothing whatsoever to do with Passport. On the other, Ximian admits that Mono must provide developers with interfaces to Microsoft's HailStorm and Passport Web services in order to be fully compatible with .Net. Ximian therefore plans to provide the functions programmers need to build applications that use Passport. Unfortunately, Ximian has no idea yet whether it will be possible or even legal to actually build Mono to connect to Passport.

Fortunately, there are others in the open-source community who are thinking more clearly. Alan Cox, the most prominent programmer and maintainer of the Linux kernel other than Linus Torvalds, identified a number of crucial issues in a recent e-mail conversation we had.

Alan pointed out that Microsoft will make .Net development tools that will produce applications that create an unpleasant experience for users who don't subscribe to Passport, the same way its applications produce HTML that's annoying to view in Netscape. Alan also said that Microsoft has already floated a software license that makes it illegal to mix Microsoft tools and libraries with software licensed under the GNU General Public License.

That means you can only combine open-source software with Microsoft libraries if you give Microsoft the right to take what you've contributed for free, make it proprietary and then sell it back to you.

Alan nailed .Net for what it really is. You can call it .Net, HailStorm, Passport or CLI, but all .Net amounts to is warmed-over ActiveX. ActiveX failed to catch on and lock Internet users into Windows, in part because someone was clever enough to demonstrate how easy it was to create an ActiveX-enabled Web page that steals information from your Quicken database if you visit that site.

It's relatively easy to protect your company from e-mail Trojan horses like Melissa and SirCam after others have been victimized and programmers of virus scanners know what they're looking for. It's quite another thing to filter potentially dangerous active content through a firewall. And that's not a problem you can solve by making the warmed-over ActiveX components open source.

Given that .Net in any incarnation is just ActiveX revisited, CTOs should be more concerned about how difficult it will be to protect their companies from .Net than how to deploy it.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about MicrosoftQuickenXimian

Show Comments