All Things Digital

Microsoft’s chief software architect Ray Ozzie has finally published the sequel to “The Internet Services Disruption,” the 2005 potboiler of a memo that charted Microsoft’s (MSFT) better-late-than-never software-as-a-service strategy. It’s called, intriguingly, “Services Strategy Update April 2008” and it describes in numbing detail Live Mesh, Microsoft’s ambitiously late entry into a rapidly growing cloud-computing market.

Live Mesh, though it takes Ozzie five pages to describe it, is essentially a “software-plus-services” platform that uses the Web to synchronize and share data among devices, applications and people (you’ll find a walk-through here and a good overview here).

“Over the past ten years, the PC era has given way to an era in which the Web is at the center of our experiences–experiences delivered not just through the browser but also through many different devices including PCs, phones, media players, game consoles, set-top boxes and televisions, cars, and more,” Ozzie writes. “It is our mission in this new era to create compelling, seamless experiences that combine the power of the Internet, with the magic of software, across a world of devices. … the Web is the hub of our social mesh and our device mesh.”

“The Web is the hub of our social mesh and our device mesh.”

Wait.

Does Bill Gates know that? Because last year he told CNN’s “American Morning,” “We’re making the PC the place where it all comes together.” Clearly, in the ensuing year, Gates and Microsoft noticed that Google (GOOG) et al. are fast shifting computational relevancy to the Web, away from the desktop and, more importantly, away from Microsoft.

Live Mesh, if it’s successful, will change that. Because, as Joe Wilcox notes over at Microsoft Watch, “Live Mesh is Microsoft’s attempt to turn operating system and proprietary services platforms into hubs that replace the Web. Microsoft is building a services-based operating system that transcends and extends Windows and also the function of Web browsers.” Adds Wilcox, “It’s bold, brilliant and downright scary.”

“There is of course, a corollary to safer browsers–what might be called ‘unsafe browsers.’ … Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts.” This according to PayPal (EBAY) Chief Information Security Officer Michael Barrett, who says the company plans to block browsers that lack anti-phishing features and support for EV (extended validation) certificates.

In the interest of public safety, of course. Among those browsers, older versions of Microsoft’s (MSFT) Internet Explorer and Firefox and, presumably, all versions of Apple’s (AAPL) Safari browser that PayPal recently cautioned users against. “Apple, unfortunately, is lagging behind what they need to do to protect their customers,” Barrett said this past February. “Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out or Firefox 2 or Firefox 3, or indeed Opera.”

UPDATE: PayPal now says it never planned to block Safari.

PayPal is developing features to block customers from logging in to PayPal when using obsolete browsers on outdated or unsupported operating systems. An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98. In doing so, we better protect our customers from viewing a phishing site through their browser. We have absolutely no intention of blocking current versions of any browsers, including Apple’s Safari, from our Web site.”

So to recap:

• PayPal Chief Information Security Officer Michael Barrett warns against using Safari.

• PayPal publishes a paper, authored by Barrett, saying the company will soon protect users against unsafe browsers that lack phishing protections like blacklists, anti-fraud warning pages and Extended Validation SSL Certificates.
• Safari lacks these protections.
• PayPal says: Go ahead and use Safari. We have absolutely no intention of blocking it. But God forbid, don’t use IE4 on Windows 98.

Know what IE4’s share of the browser market was in 2007?

0.01%.

I’d imagine its share of the market on Windows 98 machines in 2008 is quite a bit less than that. You might as well warn against using IE4 on MS-DOS.

Back in 2005, word on the street had it that the Mozilla Foundation was making as much as $30 million annually from the Google search box in its open-source Firefox Web browser.

Turns out, that number probably wasn’t too far off. According to an independent auditor’s report, Mozilla made $66.8 million in revenue in 2006, quite a bit of it from Google (GOOG). As former Mozilla Corp. CEO Mitchell Baker explained in a post to MozillaZine:

As in 2005 the vast majority of this revenue is associated with the search functionality in Mozilla Firefox, and the majority of that is from Google. The Firefox user base and search revenue have both increased from 2005. Search revenue increased at a lesser rate than Firefox usage growth as the rate of payment declines with volume. Other revenue sources were the Mozilla Store, public support and interest and other income on our assets.”

But those “other revenue sources” are piddling in comparison to Google’s contribution, which apparently accounts for a full 85% ($56 million or so) of Mozilla’s revenues.

So it’s supremely ironic then to hear Mozilla CEO John Lilly criticize Apple (AAPL) for distributing its Safari browser for Windows and OS X through its Software Update utility. “What Apple is doing now with their Apple Software Update on Windows is wrong,” Lilly said in a blog post on Friday. “It undermines the trust relationship great companies have with their customers, and that’s bad–not just for Apple, but for the security of the whole Web. … Apple has made it incredibly easy– he default, even–for users to install ride-along software that they didn’t ask for, and maybe didn’t want. This is wrong, and borders on malware distribution practices. It’s wrong because it undermines the trust that we’re all trying to build with users. Because it means that an update isn’t just an update, but is maybe something more. Because it ultimately undermines the safety of users on the Web by eroding that relationship. It’s a bad practice and should stop.”

Now, Lilly may have a point. But he’s hardly the best guy to be making it. As ZDnet’s Larry Dignan notes, Safari–like Firefox–features a Google search box, for which the search giant also presumably pays a placement fee. A sudden gain in market share for Safari at Firefox’s expense could have financial implications for Mozilla. “Let’s say Safari grabs 10% market share and Firefox falls to about 25%,” Dignan writes. “That’s fewer searches and less revenue for Mozilla. Sure, you can argue about whether Apple’s Safari move is above the board. You can also question the security implications and a bevy of other issues. But in the end, Apple’s Safari update and Mozilla’s reaction is like any other story. To truly understand it you have to follow the money.”

UPDATE: John Lilly wrote to me earlier today with a few comments about this post. Here’s what he had to say:

Hi John –

Wanted to follow up on your post just now about us and Apple and Google.

Take this for whatever it’s worth, but revenue and market share didn’t enter my mind when I posted. At Mozilla we obviously care about having enough resources to keep the lights on and pay people, and we care about having enough market share–because it means that we’ve built products that people really care about.

But competition is good and healthy, and essential. Without competition we’d all be in a pretty bad world–sort of like AT&T in the bad old days.

I’ve got zero issues with Apple using their channel to distribute other products–I think that’s a perfectly fine thing for them to do. What I worry about is that users need to trust the security updates they get from their vendors–because if they don’t–if they think there’s an ulterior motive other than keeping software up-to-date–that’s a problem for everyone.

Anyway, I respect your right to write what you think and to be skeptical of the motives of folks like me, but I do say sincerely that in this case, revenue has nothing to do with it.”

What we saw today was the spark. The explosion will continue for 20 years. We will all feel the warmth. What we saw today was the beginning of two decades of mobile domination by Apple. What Microsoft and Windows was to the desktop, Apple and Touch will be to mobile.”

–Jason Fried, 37 Signals

Apple’s iPhone hasn’t supplanted RIM’s BlackBerry as the gold standard of mobile business tools, but give it another year or so and it just might.

At Apple’s town hall event this morning, CEO Steve Jobs revealed that the iPhone had claimed 28% market share by the 4th quarter of 2007. That’s still less than the BlackBerry, which holds 41% market share, but the iPhone hasn’t even been on the market a year. What’s more, the iPhone accounted for 71% of U.S. mobile browser usage.

Should RIM be worried? A reporter put that question to Apple CEO Steve Jobs this morning and here’s the answer he was given:

You should ask them … we’re not sending them a message, we’re sending customers and developers a message that we’re trying to serve their needs. Remember, the iPhone’s been out less than a year, this stuff will be shipping right around the one-year anniversary to every iPhone customer.”

Translation: Yes. Because without a push email advantage, what’s special about the BlackBerry? NOTHING.

Turns out the highlight of today’s MIX08 event wasn’t Silverlight and Microsoft Expression Studio, but IE8 (Internet Explorer 8). Speaking at the Microsoft Web development conference, Dean Hachamovitch, the IE group’s general manager, announced IE8 Beta 1. In addition to Web standards compliance, the new browser showcases some new features and improvements, among them
Activities–”contextual services to quickly access a service from any Web page”–and Web Slices, “a new feature for Web sites to connect to their users by subscribing to content directly within a Web page.”

These sound pretty slick. Still, as Joe Wilcox notes over at Microsoft Watch, it’s a little odd that Microsoft would introduce proprietary browser specifications like these after its recent commitments to interoperability.

Microsoft is serious about its newfound commitment to interoperability–serious enough to make Internet Explorer 8 Web standards-compliant out of the box.

In a complete reversal of earlier policy, the software giant has decided to make IE8 default to a standards-compliant mode of rendering Web pages that favors interoperability, rather than an IE7 rendering mode that favors Microsoft (MSFT). “Microsoft recently published a set of Interoperability Principles,” Internet Explorer General Manager Dean Hachamovitch wrote in a post to the IEBlog. “Thinking about IE8’s behavior with these principles in mind, interpreting Web content in the most standards-compliant way possible is a better thing to do. We think that acting in accordance with principles is important, and IE8’s default is a demonstration of the interoperability principles in action.”

Quite the change of heart. Guess a record $1.35 billion in antitrust fines changes your perspective on these things. Certainly, Hachamovitch implies as much in his post. Writes Hachamovitch, “While we do not believe any current legal requirements would dictate which rendering mode a browser must use, this step clearly removes this question as a potential legal and regulatory issue.”

It certainly does. And if you don’t believe Hachamovitch, just ask Brad Smith, Microsoft senior vice president and general counsel. He said exactly the same thing, using exactly the same words in a company press release announcing IE8’s Web standards compliance.

The Internet has evolved from open standards, having a diversity of companies. And when you start to have companies that control the operating system, control the browsers, they really tie up the top Web sites, and can be used to manipulate stuff in various ways. I think that’s unnerving.”

That’s what Google co-founder Sergey Brin had to say about Microsoft’s hostile bid for Yahoo. Apparently he doesn’t see the Web as an operating system. Or the irony of leveling such accusations at Microsoft when the Web today is driven in large part by “made-for-Google-AdSense” online ad-supported business models and Google is the search market’s undisputed master.

(Googlebot illustration by Tyler Jordan, eVisibility Insider)

Netscape’s long day’s journey into irrelevance is nearly over. Come March, the storied browser–born in 1994 out of the National Center for Supercomputing Applications’ groundbreaking Mosaic–will be officially pensioned off, a paltry 0.61% share the only testament to its long-faded market dominance.

After extending support for Netscape for an additional month after first declaring it EOL last December, AOL is finally pulling the plug and recommending that users migrate to Firefox or Flock. “AOL’s focus on transitioning to an ad-supported Web business leaves little room for the size of investment needed to get the Netscape browser to a point many of its fans expect it to be,” the Netscape team explained. “Given AOL’s current business focus and the success the Mozilla Foundation has had in developing critically acclaimed products, we feel it’s the right time to end development of Netscape-branded browsers, hand the reins fully to Mozilla and encourage Netscape users to adopt Firefox.”

Netscape users who can’t bear the thought of surfing the Web without that inconic “N” in the upper right hand corner of their browser window can reskin Firefox with a retro Netscape look if they’re of a mind to.

Well, Opera must be a little red in the face right about now. A week after it complained to the European Commission about Microsoft’s failure to support Web standards, the company said that a preliminary version of its Internet Explorer 8 browser passed Acid2, a test developed by the Web Standards Project to help browser vendors ensure proper support for Web standards.

Passed it the day before Opera filed its complaint, too.

“With respect to standards and interoperability, our goal in developing Internet Explorer 8 is to support the right set of standards with excellent implementations and do so without breaking the existing Web,” Internet Explorer GM Dean Hachamovitch wrote in a post to IEBlog. “… We have a responsibility to respect the work that sites have already done to work with IE. We must deliver improved standards support and backwards compatibility so that IE8 (1) continues to work with the billions of pages on the web today that already work in IE6 and IE7 and (2) makes the development of the next billion pages, in an interoperable way, much easier. … Now, with all that context, I’m delighted to tell you that on Wednesday, Dec. 12, Internet Explorer correctly rendered the Acid2 page in IE8 standards mode.”

So much for Opera’s saber rattling …

Looks like Microsoft CEO Steve Ballmer may have a shot at a second dinner date with EU Competition Commissioner Neelie Kroes.

Less than three months after agreeing to comply with key elements of the European Commission’s 2004 antitrust order against it, the company is facing new accusations of monopoly abuse. Norway’s Opera Software ASA said today it has filed an antitrust suit against Microsoft in the European Union, accusing it of stifling competition by tying its Internet Explorer Web browser to Windows and hindering interoperability by not implementing widely accepted Web standards.

“We are filing this complaint on behalf of all consumers who are tired of having a monopolist make choices for them,” Opera CEO Jon von Tetzchner said in a rather here-I-come-to-save-the-day statement. “In addition to promoting the free choice of individual consumers, we are a champion of open Web standards and cross-platform innovation. We cannot rest until we’ve brought fair and equitable options to consumers worldwide.”

And reminded the world that Opera is not just a drama set to music, but an unpopular Web browser, as well.

Opera asks that the EC’s competition division force Microsoft to unbundle IE from Windows and require the company to follow fundamental and open Web standards, which is an interesting twist on the old antitrust classic. And one that may have some legs, given IE’s inability to pass the Web Standards Project Acid2 test. “Microsoft often participates and even promises to support these standards, but we find it often isn’t the case,” Opera CTO Håkon Wium Lie told ZDNet. “We find bugs and programmers have to code around (Microsoft).”

Facebook may be worth $15 billion after all–not in future advertising revenues (which are apparently suffering at the moment), but in future legal fees.

A CA security researcher reports that the
site’s controversial Beacon online ad system, which transforms member transactions on affiliate sites into product/service endorsements, collects information about member actions on affiliate sites even if they’ve opted out of Beacon and logged off from Facebook. Stefan Berteau, senior research engineer at CA’s Threat Research Group, explained how in a post to the CA Security Advisor Research Blog:

I created an account on epicurious.com and tried saving three recipes as favorites. The first recipe was saved while logged in to Facebook in the same browser session. An alert appeared allowing me to opt out of Facebook’s publishing this as a story on my feed, which I did. The second one was saved after I had closed the Facebook window but had not logged out or ended the browser session. The same alert appeared, and I opted out again, selecting ‘No thanks.’ I then closed the browser entirely and launched a new session. After confirming that I was not logged in to Facebook, I saved the third recipe. No alert appeared.

“I then checked the network traffic logs and was dismayed to find that in all three cases, data about where I was on Epicurious, what action I had just taken, and what my Facebook account name is [were] transmitted to Facebook. The first two cases involve the transmission of user data despite ‘No thanks’ having been selected on the opt-out dialog, and are causes for deep concern. They pale, however, in comparison to the third case, where Facebook was receiving data about my online habits while I was not logged in, and was doing so silently, without even alerting me to the cross-site communication.”

Unsettling, such data collection practices. Though Facebook, of course, claims they are all on the up-and-up and conducted with proper privacy safeguards. “When a Facebook user takes a Beacon-enabled action on a participating site, information is sent to Facebook in order for Facebook to operate Beacon technologically,” the company said in response to Berteau’s report. “If a Facebook user clicks ‘No, thanks’ on the partner-site notification, Facebook does not use the data and deletes it from its servers. Separately, before Facebook can determine whether the user is logged in, some data may be transferred from the participating site to Facebook. In those cases, Facebook does not associate the information with any individual user account, and deletes the data as well.”

(Photo via FSJ)