Hey, I'm Dave, Welcome to my shop!
According to legend, it is said that every copy of Microsoft Windows included a hidden copy
of Microsoft Bob, secretly planted there by one of the original Windows developers. The accuracy
of the story, and the identity of this developer, have never been confirmed. Until today that
is. Because it was me. It's been 25 years and I'm ready to tell you the real story:
the secret history of Microsoft Bob.
Microsoft Bob - which was not terrible, by
the way, at least for its time - failed in the marketplace. And it failed hard, and it failed
publicly. It was all the more complicated publicly because of who the marketing manager was on the
product: Melinda French. If that name doesn't ring a bell, you might know her better as the
now Mrs. Melinda Gates. So yeah... I'm sure Bill was watching when Bob went down in flames, but
then Bob didn't fail for any lack of marketing. Bob's failure was fundamentally inevitable
due to its slow performance on 1995 hardware, and no amount of marketing was going to save it.
It could really only have been saved by better code or the faster hardware of the future.
But how would I know?
I'm Dave Plummer, a retired Microsoft operating
system developer all the way back to the MS-DOS and Windows 95 days. And while Microsoft
wasn't able to sell many copies of Bob and it was quickly cancelled, as a big fan of
Bob myself, I did what Microsoft couldn't. I shipped a lot of copies of Bob. First
by the million, then tens of millions, then hundreds of millions, and ultimately a half
a billion copies installed on computers worldwide. What? How? Why? Well, that's today's story.
But first we need a quick little refresher on just what Microsoft Bob was all about.
Bob was what I would best describe as a cartoon shell for Windows. Instead of a home
folder you had an actual home with a door and living room and a dog named Rover. There was a
private study for reference apps. There was a large safe for financial things, and so on. Your
interaction with the home was guided by Rover, a relative of Clippy, who would provide
information and choices along the way.
Bob was developed under the codename Utopia,
though I had nothing to do with Bob development, nor can I even say I know anyone that did.
I was on the early beta, however, so I had installed it on both my machine and my wife's.
Neither my wife nor I were really the target market for the app, so I can't really say how
well it was designed or not. I honestly think it was one of those things that might have caught
on had they stuck with it for three versions. I know my wife had a great deal of fun organizing
the rooms and her apps and her contacts and calendar and so on, but she was occasionally
frustrated beyond measure by a few bugs that would cause her to lose her organizational
work. It was also a bit slow and demanding of your hardware. How much that experience was
true for other users, or what role its quality had in its adoption, I can only speculate.
There were even special OEM releases of Bob, such as the rare Gateway 2000 Bob Edition
complete with five additional rooms. But alas, Bob just never caught on. And all
I've got to show for it is this T shirt. And if Bob is the Microsoft product that people
love to hate, it also begat the font that people absolutely love to hate: That's right, Comic Sans.
One of the lesser-known secrets of Microsoft Bob is that Comic Sans was designed specifically for,
though ultimately not used in the product.
In the end, sources estimate that
Microsoft sold some 58,000 copies of Bob. Before I can explain how I shipped half a billion
Bobs I should explain why I did it. And before I explain why I did it, I have to explain a
little bit about Product Activation. You know, those big long annoying keys that you have to
enter in order to activate windows? Or worse, read over the phone? Yeah, see, that's mine too.
With a little help from some really smart friends, I wrote the first version of Product Activation
for Windows, which shipped with Windows XP. Which I'm just mentioning now? Yes. You'll notice
that I'm always eager to talk about Task Manager and Zip Folders and Space Cadet Pinball and
other stuff I worked on but I never mention Product Activation? Well, that's because it was a
necessary evil. Had to be done. Sorry about that. No one loves Product Activation other
than accountants and shareholders, but from a technical perspective, it was one
of the hardest things I ever worked on.
And by the way, when I say some "really smart
friends", I mean super smart, and I'm also talking about crypto people. Super smart programmers I
can deal with because even if they're twice as smart as me, I know the vocabulary and I'm
still smart enough to call BS when needed. But with cryptography, who's to say? They could be
wearing the Emperor's New Clothes, but it's hard to know. So, you get a couple of them that don't
know each other, and you have them fight it out in a mathematical Battle Royale of elliptical
curve cryptography. No quarter given, none asked. But if they agree, they're probably right, because
the last thing any of them want is to be wrong, let alone have the other one be right first. Their
heads are often what I call "door jamb bumpingly large" in order to accommodate their massive
brains, such that normal hats do not fit well, if at all, and they're generally delicate
artistes that operate on a whole other level and in a completely different world. We
had one researcher who, after a particularly arduous session of math during a meeting, would
need to take an immediate nap. He'd think so hard that he'd tucker himself right out.
I also remember a series of conference calls with a contract mathematician whose skills were
so specialized that she lived in another country entirely, many time zones away. Early in the life
of activation one of the master keys got leaked. It could ruin the whole activation effort,
so it was a big deal, and we were working on a way between systems and operations and the
crypto folks to disable the leaked key somehow. We would have a series of conference calls over
the course of a week, and this math head stressed every day that we had to call before 5PM, because
at 5PM she was baking brownies, and she couldn't talk after that. Being a crypto gal, I assumed
that was code for something. The mind marvels at it, but I had no idea what she meant,
so we just made sure to call early.
One day we called, however, a little too late.
I looked at my watch to see it was only 4:20, but apparently in her time zone, it was well past
five, and she had already baked the brownies. She still took the call, and she thought it was
quite hilarious. In fact, she thought pretty much everything was quite hilarious. Unfortunately,
she was also summarily unable to do any useful amount of actual math, so our questions
would have to wait for the morning.
Why is this important? Because we used
her math to protect the product in way such that your activation key only works with
the type of CD it was intended for - retail, OEM, and so on. For that protection to be at all
secure, there had to be some big differences between the retail and OEM CDs. And they had to be
mathematically different in a noncompressible way. That's because I didn't want a crack for
activation showing up on the Usenet forums thirty minutes after release. In those pre-2K
Internet days, hosting or posting a large binary was so prohibitively complicated or expensive
that all I had to do was to ensure the CDs were different by many megabytes of information and
that would solve 95% of those piracy cases.
We decided to fill up some of the spare room on
the CDs with digital ballast that was encrypted and signed and specific to the CD version.
We could confirm the ballast's signature and thereby confirm that you had the right disc. But
what should it be made up out of? Tempting though it might be, I couldn't just zip up a copy
of my driver's license photo. Photos are not very random to start with, and there are about a
dozen other reasons why that's just a bad idea.
So, I needed some big digital blobs that I
knew could not be compressed any further. Where to find data that I knew we had a license
to and that I trusted to be as precompressed as possible that I could then highly encrypt? I
knew from my MS-DOS days that the floppy images we shipped for products were as good as it gets,
and for obvious reasons - floppies cost money. They were super compressed, as compressed
as we mathematically knew how to do. So, I'd start with some floppy images. That's when I
decided to do something that would make me smile. Something that only I knew about: I decided
to secretly start with Microsoft Bob.
In those days we as a company had three
big servers, products1 and products2 and boneyard. Between them the image of pretty much
every product we had ever made was up on there. I grabbed the compressed floppy images
for Microsoft Bob and concatenated them into a single large Bob blob.
I then encrypted the blob of Bob with several passes of different encryption
tools and techniques, including a huge private/public keypair generated by a long
sequence of random mouse movements, and so on. I did a few other procedures that I felt were
important to the process, and out came a giant multi-megabyte blob that I could effectively treat
as a root of trust on the CD. If you had the OEM blob, you could use an OEM license key. If you had
a retail blob, you had to use a retail key.
Though he learned of the story after the fact,
as uber-developer and general super-genius Raymond Chen has aptly said of this issue,
in some ways Microsoft Bob was more useful to us dead than alive. I don't know how many
copies of Microsoft Bob were originally sold; if you ask Google, the answer is 58,000
copies. But in encrypted digital form, the spirit of Bob has gone on to live in the form
of a half a billion Windows XP installations.
Now, what does this all mean in a practical sense?
Does it mean that with a single password that only I know we could unleash a half billion
Bobs upon the world? Do I have legions of Rovers standing by worldwide to do my digital
bidding, ready to rise upon a single command?
Well, not exactly. Like the important product
formulas for Coca-Cola and KFC, you don't just store the whole Bob recipe in one place. The key
is multipart, and only part of it is stored up here. The other parts are elsewhere.
Can anyone prove any of this? Well, not without the full password. And it's
been 25 years and I never wrote it down. Do I even remember my password? And if I do,
is it even the right password? And if it is, what if I typed it wrong just once the first
time? Can the Bob binary even be decrypted?
I dunno, I'm a busy man, I haven't
actually checked. Maybe that's because the whole thing is moot. Maybe I was smart
enough to XOR the data with CryptGenRand. It's so long ago. Who's to say? The older
I get, the smarter I used to be.
What's ultimately important is that while
Bob never got to play on the big stage, he always followed the band around
and got to ride on the bus.
If you'd like to hear more Windows War Stories
from one of the guys in the trenches, please be sure to subscribe to Dave's Garage and turn on
the bell icon and personal recommendations. That way you'll be notified of future episodes. This
video is a bit of a test of new direction for me on the channel, so if you found it entertaining,
please drop me a like on the video so I know how people feel about it! And yes, I'm absolutely
using War Story ironically. My sincere thanks to the men and women who have actual war stories.
Thanks for joining me here today in Dave's Garage. In the meantime, and in-between
time, I hope to see you next time.
And just to be clear, I retired from
Microsoft more than 15 years ago. While I was there a long time, and I'm nothing
but proud of the work we did, I am not now nor was I ever an official spokesperson for the
company. All opinions are mine alone. Cheers!
I enjoy his videos.
Is there an easy way to get a working copy of MS Bob today?
That’s Dave Plummer. Dave is known as the original developer of Windows Task Manager (source https://en.m.wikipedia.org/wiki/Windows_Task_Manager), which hasn’t changed too much since he wrote it over 20 years ago. Speaks volumes as to his programming skills. He is a wealth of knowledge and is always willing to share.
I once won a retail box of Microsoft Bob back in the late 90s. They sell for $40-100 on eBay these days.
It was at a Microsoft (Technet?) event in Montreal and the other prizes included Windows NT Server 4.0 ...