Open? (Premium)

I didn’t attend Microsoft Ignite this year, electing instead to spend an extra week in Mexico. But whether I attend in person or not, I always download videos for various keynotes and sessions so I can watch them later. I do this with Build, as well, and with Apple WWDC and Google I/O.

But the point is always the same: There’s always more information to be had in these videos than is contained in the formal announcements. So I always learn something, and if it’s important enough, I can use it as a source for an article. For example, while Laurent and I were briefed about the Windows Resiliency Initiative ahead of Ignite, the discussions about this topic at the show triggered thoughts about the “two Windows,” and so I wrote an additional article.

Windows is always top of mind, of course. And so I returned to the Ignite website repeatedly during and after the show so that I could find sessions videos as they were posted. You have to search to find these videos–Windows is no longer a top-level topic at the show for some reason–but there are at least a few worth viewing. Key among them, of course, is What’s New in Windows Security, Productivity and Cloud, which features Windows lead Pavan Davuluri, David Weston, and others, though the shorter Windows 11 security and resiliency provides a reasonable overview too.

My initial reaction to the Davuluri talk was … nonplussed. A combination of surprised, confused, and amused. It was an interesting reminder of my reaction to Yusuf Mehdi announcing Recall back in May ahead of Build and totally glossing over the security protections it would include, as if Microsoft’s customers would for any reason just trust it to do the right thing. Breathtakingly clueless, in other words.

I mean, it begins innocently enough. Pavan repeats the groan-inducing “Win with Windows” tagline that was introduced in a marketing video before he comes on stage, and then he kicks off the talk in the typical Microsoft manner, meaning a style that is somehow both earnest and rote. And then it happens. Less than a minute into his talk, Pavan stands in front a slide that reads, simply, “Windows. The most open operating system.”

And. Wow.

What?

So I tweeted the following. And cross-posted to Mastodon and Threads.

I don’t know how to measure this, or if I can even measure this, since I will not pay for Twitter, but this has to be one of my most-read social media posts of the year. Twitter/X does tell me that it has over 540,000 views, over 500 replies, and almost 1,000 retweets. So that’s something, I guess.

The commentary is, of course, priceless.

Most seem to take this, as I did, as a complete misunderstanding of what it means to be open as an operating system. Many cracked jokes about security, which is ironic given the context, as in “Maybe open as in, open backdoors and security vulnerabilities.” Or bloatware. Or enshittification. Some, even more humorously, either agreed with this assertion or tried to defend it. Or used this as an opportunity to take a drive-by pot-shot at Linux, for some reason. And dear God, some even tried to mansplain to me. (“Remember, Linux is not an OS, it’s a kernel.”) There many animated GIF responses, so many animated GIF responses. And yeah. It kind of runs the gamut, really.

To be clear, I was not outraged by this slide. I found it to be humorous, mostly, which explains my tweet. But the cluelessness of this is curious. I realize he was speaking to a home crowd, but in a world in which Linux exists–and is killing Windows in the datacenter–and macOS is based on open source code and is just as open as Windows as a developer platform, it’s difficult to know what to think about this. And not to switch off the humor gene, but in this age of misinformation, where politicians can simply lie to us straight-faced and never be called on it, this type of thing felt even more off than it might have usually.

The way my mind works is that I sometimes hear something that’s so disruptive to my flow that I shut down to whatever it is I was doing and lose focus. This might happen during a movie, for example, when there’s a particularly funny line and I laugh so hard I miss the next couple of minutes. (This happened to me in the theater when I saw the South Park movie and the general brought in Bill Gates because Windows 98 had crashed. Hilarious. Also NSFW.) And it happened when I saw this slide behind Pavan.

After collecting my brain cells off the floor, I rewound the video. Surely, he says something that explains this assertion.

“Windows has always been the platform for the world’s innovation by creating an open operating system for the best product makers to do their work,” he says as the slide appears. “Windows has been able to meet the needs of over a billion customers worldwide and, as a result, Windows has become a part of the global infrastructure.”

So he was referring to Windows as an apps platform, I thought. That developers can target Windows, as they can any other desktop operating system–Linux or Mac, basically–with apps and not worry about a gatekeeping app store with silly rules and expensive fees. The Wild West, basically. But that second bit instantly made me think of the CrowdStrike incident this past summer, and, as it turns out, that was intentional: Pavan then discusses that event–which he refers to only as “the incident,” as does David Weston later. But that only confuses matters. By opening with the open platform bit, he seems to suggest this is a good thing. The Crowdstrike incident–sorry, the incident–strongly suggests otherwise, that maybe Windows should be less open. At least to kernel-level modifications.

Light dawns.

Weston appears on stage and in discussing the post-CrowdStrike security summit—which ended with no one agreeing to anything of note–he says that “the goal [of this summit] was to define new ways to increase resilience across the ecosystem and ensure Windows remains an open platform, enabling user choice and innovation while also maintaining the highest standards for security.” And he then introduces the security features we’ve discussed previously, features that dramatically improve the security posture of this OS.

“Rest assured, Windows remains committed to staying an open platform for innovation, providing flexibility and customer choice without locking down the operating system or determining a single way of working while enhancing security and reliability for all,” he claims in a “best of both worlds” win-win for everyone. “That’s what the Windows Resiliency Initiative is all about.”

And that’s it.

Microsoft promoted the term open at Ignite because of the CrowdStrike incident, and because of the feedback they received from the security vendor participants at the summit, that what they did not want was Microsoft locking down the Windows kernel. (In my post post-summit article, I noted that “taking security protections entirely outside the Windows kernel may be impossible,” and provided an unattributed quote from ESET stating that, “It remains imperative that kernel access remains an option for use by cybersecurity products.”)

And God help me, now the slide actually makes sense.

For all the ridicule and scorn that we heaped on Microsoft for this crazy slide, they were in fact sending the signal that they had heard the feedback from their partners and would not “close” Windows to them. Windows, in this context, would remain “open” and Microsoft would instead figure out other ways to secure the product. Remember, the title of this talk is literally “What’s New in Windows Security, Productivity and Cloud,” he opened with the security, and that’s the context. Windows is open, as Obi-Wan Kenobi might say, “from a certain point of view.” And that point of view is security.

So what we’re left with here is yet another example of Microsoft poorly communicating something important and leaving itself open–ahem–to criticism. Criticism, I must say, it richly deserves.

Open. Come on, guys.