chrome os Archives - Stay N Alive

Google Axing Windows Makes Total Sense (and It’s Not For Security)

microsoft-axe-3719101Several articles have come out recently criticizing Google for their recent policy, removing the Windows Operating System from their currently approved list of OSes that employees can use.  One might expect that I would be against this move, considering the recent criticism I’ve given of Google employees deleting their Facebook accounts.  I think this situation is different though, and I actually support it.  Of all companies, I think Google is most prepared to make such a move and I think we’ll see a lot of innovation come as a result.

Companies Have Tried This Before

Several years ago I worked for BackCountry.com as an engineer.  While there, our engineering department had a policy, making Linux and open source tools the default, while only allowing other operating systems (including Mac OS X) on an as-needed basis.  We found this saved us a ton of money, and, as engineers it made sense because we were able to completely alter the systems we were writing on as we needed.  It also made it so we could completely duplicate the server environments we were developing for on our local machines if we needed to.

We decided while there to take this to another level, and while I was there we started to push this policy throughout the company.  We got a lot of push back, and it took us, as engineers and developers, to help out the rest of the company as they adapted.  We started using Zimbra for e-mail, Bugzilla for bug tracking, and everything we could do we tried to do with open source tools.  We saved a ton of money.

There was one fatal flaw to this, though.  Where we were not an engineering-specific company (our bottom line was probably our buyers, who secured really good deals on outdoor gear, or even our customer support team, where we preached “We use the gear we sell”), we simply did not have enough resources to keep this going and be able to support it all whenever the company had a need that open source software could not solve.  The main benefit to open source software (which security is only a minor benefit) is that, as developers, you can get in and alter the software if it doesn’t meet your needs.  Then the code you altered could be shared with the rest of the world and others that also might have that need.  That’s a great benefit.

However, not having resources to constantly do that whenever there is a need means you’re always going to have weaknesses in your systems, and those systems are likely to fail.  I think that became a problem for BackCountry.com, because I heard that shortly after I left they were forced back into a closed-source, Microsoft-backed Exchange system, which probably means back to Windows for most employees.  The simple fact is Microsoft, when it comes to Enterprise systems, can’t be beat.  Exchange is by far the best e-mail system there is out there.  Linux pales in comparison, and has always had problems competing against Exchange and the desktop.  Not to mention general user experience and understanding of the OS by a mass audience.  Most companies don’t have the time or money to devote resources towards replacing these COTS systems.

Why Google is Axing Windows

So one would think that making a similar move by Google may be prone to similar risks.  Google’s hacker culture I’m sure has developers begging to be on Linux or Mac OS X, and higher executives wondering how they’re going to get along without Windows.  There’s one thing different about Google though that completely sets them apart from any other company out there that might try such a thing: Google’s base is developers.  Not only that, but Google has a vested interest in creating an operating system that works.

My guess is that Google is using “security” as a front to put a jab up against Microsoft, hoping others might try to make the same decision.  Google is hoping that the bad stigma Microsoft has had in the past regarding security (Windows 7 is actually pretty secure) might dwell in the minds of others considering similar decisions.  However, I bet the real reason is that this will force all employees, in this hacker culture, to truly understand what they’re missing when there are no Exchange servers, when there are no Active Directory databases, and when Executives can’t use the operating system or tools all their colleagues at other companies are using.

Google wants their employees to hurt from this.  When you make a hacker culture that actually has a monetary benefit (Chrome OS) to fix problems that arise as a result, problems get solved, and people stop being lazy.  I expect that as Google makes this move we’re going to see a much higher rate of bug fixes and User Experience enhancements on Chrome OS and Linux, and possibly even Android.  I expect better user experiences on the server.  I expect finally an e-mail solution that works up to par with Microsoft Exchange, and a directory services solution that works up to par with Active Directory.

I argue Google Axing Windows as a company is a good thing!  I hope it’s only temporary, or on an “as needed” basis so employees that need to create Windows clients that interact and drivers that work together with Google devices, that the company can still understand and work with such devices.  Yet at the same time I think doing everything they can to challenge employees to truly understand the weaknesses their new operating systems and web services provide will challenge the thousands of developers working them to produce solutions.  While I think security is a lame excuse and PR ploy for Google to remove Windows from their network architecture, I still think this is one of the best things the company has done in a long time.

Google’s move here could be the best thing to happen to Linux, and the open source enterprise world, in a long, long time.

All Your OS Are Belong to Google – Why Aren’t We Worried?

kool-aidman-6542138I’m following the stories of the Google Chrome OS release today and am a bit concerned about some of the claims that are being made.  Mashable even goes to the extent of predicting Google is going to “destroy the desktop” with it.  Google is banking on the fact that many users use their computers solely for accessing Twitter, Facebook, and E-mail through a browser.  They’re right – we’re becoming more and more of a web-reliant society, and the cloud is rendering much of the fluff that happens on the traditional operating system unnecessary.  However it concerns me when a company so known for wanting to run that operating system fully from the cloud is the one pushing this model.  Let’s not kid ourselves here – Google wants you to run as many of their services as possible (since they’re a web company) so they can own more information about you.  That’s not always a bad thing – the more they know about you, the better an experience they can provide for you with as little effort on your part as possible.  I argue it’s the wrong approach though, and it’s harmful to user-controlled and open identity approaches on the web. My hope is that Google has a plan for this.

A Client-based OS vs. a Web-based OS

Let’s look at the old (well, I guess it’s not old yet) approach to operating systems.  They were all about the user.  A user booted up a computer they could very well have even built themselves.  The user logged in to that computer.  On Windows machines they have a Control Panel where they can adjusted their system settings.  On Macs they have System Preferences.  On *nix they have command-line (okay, I’m joking there, mostly).  They can install the programs they like.  They can adjust who can and can’t log in through the computer.

The problem with putting the user in control is that they have to be responsible for their data.  They have to be responsible for their Hard Drive not dying and losing an entire life history because of that lack of attention.  Most users don’t know how to do that.  Not only that but allowing user control includes additional overhead on the operating system, slowing boot times down, adding complexity, and increasing the learning curve for most users that just want to access their e-mail or visit Facebook, etc.

This is why a web-based OS could make sense.  The web OS focuses on one thing and one thing only – moving the user experience wholly to the cloud.  The cloud becomes the new OS, and services can be provided from there to shift the burden from the user to the cloud in storing their data.  Great!  Where do I sign up?

The Problem With a 100% Cloud Solution

There’s still a problem with this model though – with a 100% cloud-based solution the user loses all control over the experience and puts it into the hands of one or two very large entities.  The only approach to ubiquity for users is for those entities to have their hands across every website those users visit and every web app those users run.  That’s a little scary to tell you the truth.  With a 100% web-based approach the user loses control of their identity and puts it in the hands of the BigCo.  As Phil Windley puts it, this puts the focus back on Location, which is business focused, rather than Purpose, which is consumer focused.

Let’s try to look at this from another angle.  What if we were all on 100% Web-based Operating Systems and Facebook were to successfully get Facebook Connect into the hands of every single website and every single company on the web in some sort of open manner?  You’d be able to visit any website, bring your contacts from Facebook and other data from Facebook to those sites and they’d be able to customize the experience to you and provide context, right?  That’s partially true.  A server-based approach can provide some context.

However, let’s say I’m a huge Ford fan and I want to see what types of Ford cars compare with the cars I’m viewing on Chevy’s website.  Sure, Ford could provide an API to enable other websites to integrate their own context into other websites, but do you think Chevy is ever going to integrate this?

Heck, if we go back to the standpoint of Facebook, even Google and Facebook are having issues working together on that front (look at Google Friend Connect – see Facebook in any of their providers?).  The fundamental flaw of a server-based approach is there is absolutely no way organizations are going to cooperate enough to be able to provide context across 100% of the web.  No matter how many foundations are formed there will always be some disconnect that hurts the user.  The only way that’s going to happen is via the client.

Enter Information Cards and the Selector

openidselector-2132468As I mentioned earlier I’ve been attending the Kynetx Impact conference here in Utah hosted by Phil Windley , author of Digital Identity published by O’Reilly, also attended by such Identity superstars as Kim Cameron (who probably made Microsoft more open than it ever has been with his pioneering of the Information Card concept), Doc Searls (author of The Cluetrain Manifesto), Drummond Reed, and Craig Burton.  My eyes have truly been opened – before anything Social can truly perfect itself we have to get identity right, and a 100% web-based approach just isn’t going to do that.  I’ll be talking about that much more on this blog over the next bit – this is the future of the web.

Kim Cameron pioneered a concept called Information Cards, in which you, as a user, can store different profiles and privacy data about yourself for each website you visit.  When you visit the websites you frequent around the web, you can be presented by your client or browser with previously used Information cards that you can choose to identify yourself with. This can be a very useful and secure approach to combatting phishing (when users become reliant on information cards the authenticating site can’t obtain their log in credentials), for instance.  Check out the “Good Tweets” section of his blog post here for context.

Another great use of Information Cards, a client-based approach, is the ability to provide browser or OS-based context for each user.  This is something Kynetx is working to pioneer.  Craig Burton has talked about the concept of the “Selector”, and how the next evolution of identity from the cookie has now moved to user-controlled context as their accessing the web.  The idea is, as you select an information card, a service such as Kynetx can run on the browser (right now via extension, but future browsers will most likely have this built in) and provide a contextual experience for the user based on the “Selector” for each website that user visits.  The user sets the privacy they want to maintain for those sites, and they are given a contextual experience based on the selectors they have enabled, regardless of where they are visiting on the web.

One example of this, as I mentioned earlier, was at the Kynetx Impact conference when I visited Facebook.com I was presented with HTML in the upper-right corner of Facebook asking me to become a fan of Kynetx and providing me with the latest Tweets talking about the conference.  Among other examples shown, for AAA Auto service, members could provide a selector so that when they’re searching for hotels AAA can customize the experience on Google.com or Hotels.com or anywhere they want to let the user know which hotels provide a AAA discount and what the discount is.  AAA doesn’t need to provide an API to these sites.  They don’t need to negotiate deals.  They can just do it, and enable the users to turn it on at their full discretion.  The consumer is in full control with these technologies and they’re available to any brand right now.  Kynetx has an open API for this that they just launched yesterday.

This form of ubiquitous context for the user can’t happen in a full web-based model.  Users will always lose some sort of context if the entire experience is controlled by the web.  There has to be some involvement by the client to allow the user to truly own their identity and control the experience they have on the web.

Google Has a Responsibility to Do This Right

Google hasn’t revealed their end game in this yet, but my hope is that they continue their “Do No Evil” approach and take this as an opportunity to give the user some more control in the Web OS experience.  There is a huge opportunity for Google to be leaders in this space, and that goes beyond just Open ID.  Google could integrate Information Cards and selectors right into the Chrome browser, for instance, forcing an open, user-controlled approach to identity and introducing a new approach to marketing on the web that is controlled by the consumer.

I hope that the leaders in open standards take note and continue to push Google in this process.  The user deserves this control.  I still think the Web OS has a huge place in our future, but my hope is that we do it right from the start and keep the user in control of this process.  The way it stands it’s looking a little too Google controlled.

Be sure to check out my Twitter stream from tonight for a few more links and thoughts on this subject.

Information Card Image Courtesy Kim Cameron