A.

Are Platform Technologies A Scam?

By In Technology

Can someone actually explain to me what Sharepoint does?  If I worked in Microsoft’s sales department the best pitch I could give is:

“It’s the greatest, most versatile product that has ever existed. You can use it to run any complex system that your imagination could dream up.” This however would only be what I would pitch, not believe.

I’ve asked the question “ What does Sharepoint do?” to Microsoft sales staff, developers, and consultants. It always starts with something like: “Well… it’s, you know, like… a collaboration tool… BUT! It can do a ton of other stuff too”.

And that is the best answer I’ve gotten.

I’ve asked the same question of SAP vendors, Microsoft Dynamics consultants, and IBM Watson Cloud experts. The answer is always some amorphous, borderline ridiculous answer consisting of “well it does a lot of things” and “it greatly depends on the user”. This was not me asking rhetorical questions either. I was not trying to be glib, or overly clever, or even to pull some sort of #iamverysmart coup de grâce. I was trying to articulate what I do for a living by standing on the shoulders of “giants”.

You see, my company builds a “platform as a service” (roughly) type product as well. Something that could be more than one thing to more than one person. I struggle constantly with explaining that our product is better than anything else on the entire market. This is not a brag, nor a marketing ploy – but only because what we do is so niche that only 100 or so companies in the world might care. And that is not the game IBM, Microsoft, and SAP are playing. They are ultimately the owners of your software. Sure the configurations, the modifications, and the custom programming on top of these platforms is yours, but if they take the platform away, or stop supporting it, what do you really have left? It’s even tougher in “the cloud” business because then if your subscription runs out you’re dead.

I recently made a prediction to a friend who was starting a project with IBM. I warned them of the potential lock-in problem by making a prediction something along the lines of “They are going to tell you they can build it quicker and more effienctly with IBM Watson Cloud. No project ever runs perfectly, and when you finally step in to set things straight, you will find out you have zero leverage. They will simply say you are more than welcome to fire them, because they know you would have to build everything over from scratch”. My predictions were to no avail. No one ever gets fired for hiring IBM. And guess what happened? The only upside is that I get to say “I told you so” a little more often.

There is hope! There are other ways that platforms can be useful but also safe. One way is to use an open source platform, one that if at worst comes to worst, you can fire all your consultants and hire new ones, and the platform is still going to be around.

This is a little tougher with very niche enterprise products like ours, but we’ve done something a little different to combat my lock-in loathing: Our  products are OWNED by our clients. We sign a three year, non-exclusive agreement with our clients for support and maintenance,  and a traditional license fee is baked in. They get all the source code, and agree not to resell it. But if we don’t perform, or our clients want to go a different way, they get to keep the software and build on it themselves. We earn our right to be at the table by being the experts in a system we designed, working with their developers, adding new features, bringing our industry expertise to the conversation, and hundreds of other small bits of value. In this way we hope to be at the top of the renewals list in three years.

The idea of someone taking your software away from me is abhorrent. If your car company one day sent you an email saying that you now had to upgrade your fuel tank, and there was going to be a new subscription service if you wanted to keep using the same type of gasoline, you would riot in the streets. The model of software is not what is wrong here, what is wrong is the lock-in. Vendor lock-in is amoral. If there is no ability to keep something running, and there is no TRUE data portability option, then you are basically being extorted.

I get that as a business you are trying to maximize profit. I try to do the same thing. However I want to my product and my company to seen as sticky because we are valuable, and not because we would just be too painful to get rid of.

Previous ArticleNext Article
I help companies turn their technical ideas into reality.

CEO @Sourcetoad and @OnDeck

Founder of Thankscrate and Data and Sons

Author of Herding Cats and Coders

Fan of squash, whiskey, aggressive inline, and temperamental British sports cars.

Is Anyone Working on Agentic Authentication?

In Technology

Everyone is building AI-powered tools, even people who shouldn’t be. Agents seem to be the next obvious (and big?) step. But these little bots need a secure way to act on behalf of users without causing chaos.

Richard Dulude at Underscore VC wrote about the lack of identity standards for AI agents in this LinkedIn article. I don’t know Richard or Underscore VC (sorry). But, he’s right, traditional authentication assumes either a human or a machine with static credentials, and that doesn’t work for AI agents that need to make decisions and take actions. Companies want accountability (and probably liability), and users need control of what their potentially psychedelic robot is doing on their behalf. This balance doesn’t exist yet.

This is probably for another blog post, but right now, everyone, including the bots, are using human interfaces as a stopgap. OpenAI’s Operator is a great example, agents pretending to be humans to interact with systems that weren’t built for them. That’s fine for now, but eventually, the human interfaces will be an afterthought. Like how “mobile-first” design took over, we’ll be doing “agent-first” design with human-accessible backups. Having a dedicated standard for agentic authentication might be a good first step in that machine-to-machine way of thinking and designing systems.

Agentic Proxy Credentials (APC): A Solution (A Term I Totally Made Up)

I made this up. It’s probably a bad term, but naming things is fun. This doesn’t exist… if you are a large battery and power supply company, don’t sue me. I’m spitballing here.

One possible fix is the “sucked out of my thumb” Agentic Proxy Credentials (APC). This would let users grant their AI agents secure, limited permissions to interact with systems while making sure the right level of oversight are in place. There are things that I wanted to do this very week, but I don’t trust my bots with my actual usernames and passwords:

Stop me talking to Airline Idiot Bots

Talking to airline chatbots is painful. Right now, they can only regurgitate FAQ answers. With an APC, my AI assistant could log into my airline account, check flights based on my loyalty status, and rebook me without you having to touch anything. This would make AI actually useful instead of just a slightly smarter help page.

Paying for small things without having to deal with entering my ACH data AGAIN

I don’t want to give an AI full access to my bank account. But I wouldn’t mind letting it handle small transactions in a controlled way. With APCs, I could grant my assistant time-limited access to approve payments or move money within strict limits. The AI does the work, I stay in control, and my bank account doesn’t mysteriously empty overnight… unless I’m Ambien shopping again.

AI Dungeon Master’s Assistant

D&D is great, but session prep is a time sink. I want an AI that logs into my D&D Beyond account, manages stat blocks, generates lore-friendly content, and even takes session notes. The AI handles the boring admin work, and you get to focus on making your players cry (or cheer, if you’re nice). Yes, serious stuff here.

How It Could Work

There are a few ways to make this happen, I think. I’m no longer allowed to do actual engineering at my own companies I founded, so this blog is my outlet. Everyone needs a hobby.

Is Someone Already Building This?

Honestly, I wouldn’t be surprised if Okta, OAuth, or OpenAI are already working on this and I’m just ranting for no reason. But if they aren’t, they should be. The pieces are all there, someone just has to put them together.

I need this, but I can’t find it. If anyone is working on it, let me know. I’m too busy trying to solve employee gifting at scale at Thankscrate, implementing AI into every existing business at Sourcetoad, and making sure passengers can watch TV and book dinner reservations in the middle of nowhere at OnDeck.