Hail Storm

Note the information at end moved from HailStormAlternative

Hailstorm is an array of Microsoft public subscription web services, accessible by any platform implementing the (open) SOAP protocol. They store user data such as an online calendar, contact book, email, raw document storage, and favorite web sites list.

The system is described here:

http://www.microsoft.com/en-us/news/features/2001/mar01/03-19hailstorm.aspx or http://msdn.microsoft.com/theshow/Episode014/default.asp

Favorable reactions:

Hailstorm, or something very much like it, is needed to create rich Internet agents. -MichaelLeach

Negative reactions (primarily worried about losing PersonalPrivacy?):

I don't like it because it seems that lately new Microsoft technologies have been more geared towards increasing the consumers' dependence on other Microsoft technologies rather than doing anything particularly novel and/or useful. This facet of HailStorm seems fairly self-evident. HailStorm smells a lot like proprietary Windows APIs designed to keep non-MS products from effective competition. --AndyPierce

It's not that I don't find it useful - it's the words "open", "control" and "privacy" that worry me. When I saw the "always trust content from microsoft.com" tickbox I knew that some little hacker somewhere would go to work on it. If HailStorm became popular and was the hub of thousands of applications, I wonder where the hacking effort would go? Guess who's not using Microsoft Wallet?

Yup. Bill needs an insurance policy. I don't think his Terms Of Use are legal anywhere in the world plus it will breach Data Protection laws across Europe. From a business perspective, this is aimed at leveraging the XBox platform as a thin client. I think he's trying to outSony Sony and their growing PS2 based internet empire. --RIH.

It just strikes me that one annoyed employee could grab a DLT tape and walk out with half the world's identity details. I'm sure someone would have a nice fee waiting for that person. I need to see security so good that even Microsoft doesn't have access to my details. A SecureMemento pattern if you like. NealStephenson in Cryptonomicon looks at this sort of issue in an entertaining way. --RichardHenderson

"If Microsoft placed micropayments in the browser, then everybody would be able to build profitable Internet services, no matter what software they were running on the server. Customers would be charged through their browser... Instead, Microsoft is architecting Internet payments to reside on the back-end, as part of its Hailstorm service. When somebody is developing a new service for the Internet, they can only get paid if they use Microsoft's .Net platform. Use any other software, and you won't have an easy way of getting money from your users. The choice is easy: Use Bill's solution and you get a sustainable business model for your website. Use anything else (Linux, Apache, etc.), and you will go out of business for lack of a revenue stream. " From article by JakobNielsen @ http://www.useit.com/alertbox/20000625_hailstorm.html

Additional links:

Here's what I want from such a system - I want my data kept on a server where I feel it is safe, with the option to move it if I choose; a way to edit that data to mark errors generated by others (anyone ever seen what unknown 3rd parties can do to your credit rating?); a way to monitor who is looking at my data and why. The interoperability Microsoft is pushing is a great thing, but the control they want over the system and the data are not. I don't trust any one entity to control my data, but Microsoft has shown a serious lack of ethics in they way it does business, and therefore I do not trust it to manage my data in a way that will benefit me --PeteHardie

Such a thing is impossible with current technology and more importantly the state of humanity

Clarify, please. Which thing is impossible, and why? Also, what does the current state of humanity have to do with it? --PeteHardie

Sure - most security violations are internal affairs. i.e. the external cracker is not the chief culprit. IMHO there is no way you can have a server your data on it safely anywhere. The closest thing is to have it under your watchful eye - providing you're a security expert and it certainly isn't connected to any networks. The last thing you want is other people being able to access it routinely i.e. admins. I mean has no one seen JurassicPark?? :-) So my comment is that you can never wipe out all reasons for human admins for accessing your data, no matter what technology you put in place.

Oh, I'll agree that there will always be some reasons, but consider this - if the data for 10 people is all that is on a server, then it is not a juicy target for either the internal or external cracker. Yet one with 10 million people's data is a juicy target. Secondly, if I do not have control of my data, the entity that does can hold that data for ransom - see discussions of ASP technology for scenarios. Microsoft has shown little evidence of being either secure or ethical in its behavior towards other corporations or people. Imagine the situation (if HailStorm was in place) that MS blocks queries from companies MS does not affiliate with, but passes quesries from those it owns. Suddenly you only get loan approval from banks MS owns, you only get credit-card approvals when shopping at stores who are members of the MS E-Commerce Initiative, etc. See the Sabre airline reservation system for examples of how this can be done. I'd rather keep my info in a system that is closer to me, and preferrably have control over my data myself. --PeteHardie

Surely it would be much less threatening to sell hailstorm servers and provide a protocol for linking them together to form "webs of trust"... This might end up as a SOAP-enabled exchange server?

I would suggest a discussion of requirements that a system must have, that mimicks or exceeds Hailstorms functionality in an acceptable way. The gripes with Hailstorm listed here provide excellent input. We could create a page HailStormAlternative or something? --PieterVerbaarschott
moved from HailStormNews

Go to the source..


Also See http://www.microsoft.com/en-us/news/features/2001/mar01/03-19hailstorm.aspx
from HailStormAlternative

Fundamental Law of Information Systems Design: Security, Privacy and Convenience. You can have any 2 of the 3, but never all 3.

Let's face facts. MicroSoft is selling "Convenience" in Hailstorm which means something must give. AOL does the same thing. Not everyone will buy into it... but many will.

[Follow-up a few years later. HailStorm is dead... but will probably re-emerge in some form in WindowsLonghorn]


[Follow-up again. Lucovsky now works at Google and many believe he'll redo the HailStorm vision there. Perhaps that "do no evil" mantra will make people feel better about letting a corporate entity own their data :-)]


CategoryMicrosoft, CategorySecurity

View edit of November 23, 2012 or FindPage with title or text search