Want CNET to notify you of price drops and the latest stories?

Microsoft's eye on open source

Software giant's Martin Taylor soldiers on, evangelizing that open source may not be all it's cut out to be.

10 min read
With the growing momentum of the open-source movement, one could say that Martin Taylor doesn't have one of the most enviable jobs.

As Microsoft's general manager of platform strategy, Taylor has to deal with anti-Microsoft sentiments while evangelizing his company's products. Despite the challenges, he maintains an unwavering conviction that his company can deliver better returns than those offered by open-source software.

According to Taylor, businesses that tried out Linux or other open-source tools are now realizing that they are putting in more investment into the technology than they had initially thought.

"The Linux phenomenon created this emotional hype or spike where, in some ways, people became less concerned about some of these practical issues around cost of ownership, reliability, security and so on," he said. "But I think now, two to three years into this, we're seeing these issues around cost and reliability coming up such that, we now know we need to go back to the basics on how we evaluate a platform and choose it."

In an interview with ZDNet Asia, Taylor explains why he calls the open-source architecture "brittle" and reveals what he thinks causes "a level of pain" for Microsoft.

Q: In the last six months, what have you been focused on in terms of development work?
Taylor: We continue to do the same things that we've been doing in the last couple of years. First and foremost, we are looking to understand some of the scenarios like why customers are considering Linux, and making sure we have the right offerings for the marketplace.

We continue to run our lab where we analyze and look at open-source software to understand and ensure we're still building the right things from a short-term or long-term basis.

There's really nothing innovative today that Linux does that we
can't do.

Within any technology, industry analysts would say it takes three to five years after people deploy something before they begin to evaluate whether they should upgrade, or if they should look into (a change of) platform. Or at least this happens in most parts of the world. We're hitting that part of the window now--in the last six months--where we're seeing customers who have been using Linux or an open-source technology in the last three to four years and had gone into this thinking they're going to save money but they actually applied more people to the challenge than they initially thought.

They're also realizing they can't migrate and evolve (open-source technology) as much as they had thought. For example, U.S. company Flyi.com handles about 90 percent of travel reservations through their online portal, which they run on Linux and Apache.

The systems were running fine until the company had a huge spike in traffic, and there were all kinds of downtime issues. So they did the upgrades, added a few servers, some hardware, some memory and new technologies around the Web site to do more customer relationship database tracking. It was all very complex, and some of the seams of the Linux architecture were beginning to show.

In what way is Linux or an open-source infrastructure unsuitable?
Taylor: You can build it, design it, and it will work great. The trouble begins when you want to add things to it, add some services and things like that. Because of the brittle nature of the platform, when you do that, other things break. We see that in the labs all the time, and our customers see that as well. So that has a (total) cost of ownership impact on it.

Most IT professionals don't want to be in the business of maintaining system-level software.

There is this issue of putting more (into) the problem than a customer thought, and not being able to grow around your Linux installations. You can do things just great--I want to be very clear about that--but (when it comes to) the adding of modules...it becomes more and more difficult (to manage). You almost have to start from scratch in some ways. There's a cost associated here.

It is also more of a commercial discussion now. These trends are not necessarily new, but we are really seeing it being played out now. It's also not so much about the open-source community or the millions of developers around the world building Linux. It's about Red Hat, it's about Novell, it's about IBM...really looking for ways to monetize sets of things around Linux. In some ways, this is a good thing for customers because things are more black-and-white now, and it allows us to have a very balanced conversation with them around these key issues.

So why do you think the ideals of open source--giving back to the community, being able to see, use and change source codes--have appealed to so many people? Do you think

it's more about people taking an anti-Microsoft stance?
Taylor: Well, first you have to define "people" because I can tell you that most IT professionals don't want to be in the business of maintaining system-level software. It's an interesting conversation when you talk about whether you can see source codes or not. But at the end of the day, people want to deploy technology to solve business problems, be it Windows, Linux, BSD and so on.

And what is open source? It is interesting in how you define it. Is it in terms of source visibility? Then, OK, in Microsoft's Shared Source program, people can access up to 65 percent of source codes for our core products. And through the government security program around the world, governments can access even more of our source codes, if they choose to. So we're not an open-source company, and yet people can do that.

And when we talk about projects, things where you build technology and give to the community, with our Windows Install and Template Library, we have projects available today that make Microsoft technology open source. So is that what it means to be an open-source company? Or does it mean that you have technology licensed under the GPL (GNU Public License)? If that's the only definition, then I see a lot of companies that people call open source but aren't, because they're not licensed under the GPL.

One of the issues that have come up in the open-source community has to do with the GPL. Do you think that if they were to make changes to it, it might change the way things are today for the open-source world?
Taylor: The GPL is a very complex licensing agreement, and they are working on different aspects of it.

When you license technology as a consumer or business, you should be comfortable that you're protected from patent (or) copyright...claims from anyone.

I don't know enough to even hypothesize how I would author it, but I would say that in any approach to licensing technology, the following things are important.

First, companies need to have some level of indemnification and protection from the technology deployed.

When you license technology as a consumer or business, you should be comfortable that you're protected from patent (or) copyright...claims from anyone. That should be a core fundamental principle of licensing software.

Second, people should have the ability to monetize that and build on top of it. So if I'm an ISV (independent software vendor), I should be able to take the technology that I've licensed, build something on top of it, and sell it. If I'm a reseller or distributor of this technology, I should have a way that I can build and monetize things around that. I think that's what helps you build a very vibrant ecosystem. It also allows you in some ways to protect the intellectual property in different ways.

So this ability to patent your technology and have some level of protection against it, and in the course be able to build on top of that and innovate on top of that, is exciting.

But software patents have been criticized for interfering in software development. Do Microsoft software developers worry about infringing on patents when they develop a piece of software?
Taylor: From a software perspective, we don't think the patent system is perfect. We had put forward some recommended restructuring to patent laws in the United States which will give (software) innovators more opportunities. I don't think that we work in a perfect system by any means, and we've been pretty vocal about some of these things or ideals (regarding) how to move toward a better system, though they're not perfect.

Special report
Staking a claim
Companies are trying to
profit from patents. But
does the system protect
opportunist litigants?

But when I look at the software industry today, we've been getting a lot of innovation from Microsoft, IBM, Oracle, Adobe, the list goes on...of software manufacturers that have built very great, vibrant innovative technologies in a world of patents that allow them to protect what they've built, to monetize it in some ways, and then to be innovative and to do more with it. So I think this notion of unique ideas that can become productized and finally reach the marketplace and be built upon is very exciting.

It's a good, rich discussion to have on the philosophical view of patents and innovation. Do patents protect or encourage innovation? There're obviously two good sides of the argument. I just look at history, and there's been a lot of innovation (in the last decade or so) in the software industry where patents exist and are enforced in so many countries.

So what kind of innovation are you doing in your area for Microsoft?
Taylor: There are things we're excited about, and there are things that are just the basics. We spend close to $6.8 billion in research and development; it really comes in a variety of areas.

One area is just some fit-and-finish, and taking basic simple processes and doing it better. We have a feature called Configure Your Server Wizard, which allows you to go in and choose a server role so you can take a file server and (rebuild it as a) media server. That takes four to five clicks of a GUI (graphic user interface)

screen to do that, and it takes maybe 15 to 20 minutes (to complete) based on size of server. In comparison, some guys I hired who've only coded on Unix and Linux all their lives showed me how long and the amount of effort it took to do that on Linux.

So a lot of our innovation is taking these complex tasks and making it simpler and easier, and reducing the time it takes to go do things.

We're always looking for new things that can allow you to do things uniquely different today. For example, this new feature tool we have would allow me to tunnel directly using HTTP into my corporate Exchange server without having to go through the whole VPN (virtual private network) process, bypassing the need to use a smart card. It's such a huge time-saver, for me at least, compared to how long it takes me now. We will be extending that functionality to the next version of Windows.

So we just want to look at what people do today, what takes up time and see how we can reduce the complexity.

While I'm not going to suggest that Linux is any more secure than your products, you can't deny that Microsoft has had a pretty rough time with security. Would you say that it's because software fundamentals were weak those years ago?
Taylor: You have to understand why we have security problems today. In some ways, it's because a lot more things are connected today than they were when we architected some of the things we built into Windows. This is one of the reasons why I scoffed at the notion that Linux is more secure, because people didn't really understand buffer overruns and port 80 and I/O issues 10 years ago.

When you look at the issue of buffer overruns, eight to 10 years ago in software development, you did not know how much space you might need for something so you just create a big buffer zone to allow things to happen. Who knew that people could go exploit that and use that buffer space to do malicious things?

That's why the security world is a never-ending job. The same way we didn't know things 10 years ago that we're addressing now, I'm sure there will be things 10 years from now that we didn't know today that need to be addressed and worked on. What we're trying to build though is processes which will allow us to be smarter about that and processes that will allow us to be even predictive in some ways.

You've talked before about how it's partly Microsoft's fault that some people had built up "anti" sentiments about the company. What's the one mistake you wished Microsoft hadn't made?
Taylor: It's no secret that as a company, we need to continue to find ways to listen and get closer to our customers. We need to focus on how to provide a much better experience for our customers in a way that they can consume our technology and work with us in a way that's easier for them.

For me, it's licensing in some ways...two to three years ago, we might not have managed that in the most efficient way that we should have. The good thing is I think we've worked with customers and have done things around Software Assurance to make good on much of that. But I think that's one that has caused us a level of pain in the market.

But do you think the problem is more about underestimating your competitors than not listening to your customers?
We need to continue listening more to customers. The great thing about Microsoft is when we're focused, we can listen very well and we can do very good things.

From a competitive standpoint, take Linux, for example. There's really nothing innovative today that Linux does that we can't do. There's no new feature or new design that can be done only on Linux, and not on Microsoft. So I don't worry too much about Linux and open-source projects out-innovating us.  

Eileen Yu of ZDNet Asia reported from Singapore.