Q. You've said that Applied Cryptography described a "mathematical utopia" of algorithms and protocols: what was the attraction of that utopia for you?
A. Cryptographic security comes from mathematics, not from people and not from machines. Mathematical security is available to everyone, both the weak and the powerful alike, and gives ordinary people a very powerful tool to protect their privacy. That's the cryptographic ideal of security.
Q. To what extent is the Internet and its global linking of computers together to blame for the destruction of that utopia?
A. They're entirely to blame, although "blame" is not really the right word. Cryptography worked well in the era of radios and telegraphs, where the threat was eavesdropping and mathematical cryptography could protect absolutely. But in the world of computers and networks, the threats are more complex and involve software and system vulnerabilities. Cryptography is much less able to provide security in this new world; that's the cryptographic reality of security.
Q. In Secrets & Lies you wrote that you had an epiphany about security in April 1999: can you say what it was?
A. As a cryptographic consultant, I did a lot of work analyzing operating systems. Invariably I would break them, but almost never would I break the mathematical cryptography. I eventually realized that cryptography is the strongest part of a very weak system, and that the system aspects around the cryptography - the software, the operating system, the network, the user interface, etc. - are much more important.
Q. One of the ideas in your book Secrets & Lies is that at the root of the computer security problems we face today is the lack of accountability by software manufacturers for their faulty products: why do you think that they have managed to evade the responsibility - unlike everyone else - despite the scale of the damage and the associated profits?
Posted by Glyn Moody in Interviews
Q. In April MyHosting.com introduced a "blended hosting environment" for shared hosting customers that includes both Windows and Linux accounts within a single plan. You'd previously been a Windows-only provider. What led you to add Linux hosting, and to adopt this particular approach?
A. Simply put, demand from our customers. Our experience with our customers showed us that it's not the operating system which drives their choices, but the availability of the applications. Most popular web applications are either in Perl or PHP and use MySQL. We had two options: either install Perl, PHP and MySQL on Windows platform, or offer our customers the native platform which these tools are developed on. This is the main reason we decided to offer a native Linux offering at no additional cost to our web hosting customers. So they get 2 for the price of 1, both Windows Server 2003 and Linux under the same account.
Posted by Rich Miller in Interviews
Q. It's been a year of big gains for Apache, which now runs more than two-thirds of the sites on the Web, according to the Netcraft Web Server Survey, erasing inroads by Microsoft during 2001. What's your take on Apache's continuing gains?
A. I could speculate all day long as to why it's continued to grow, and I'd love to see a real survey done on it. Anecdotally, my take is that I imagine most of the growth continues to be either with the small mom-n-pop companies, or web hosting ISPs, or internationally - all places where price sensitivity is high, where the economic downturn is still causing budgets to be hurt, and there's willingness to consider an Open Source approach to solving a given problem. No doubt the security holes in IIS have continued to plague its reputation, and while there have been some noticed recently (and fixed) in Apache, they have been much less serious. Finally, I imagine the rise of related Apache projects, like the continued rise in use of mod_perl and Tomcat and our friends over at PHP, have only increased the confidence in using the web server for mission-critical situations.
Q. What's your take on the long-term impact of the SCO lawsuits? What changes - positive and negative - do you see it producing for Linux and the open source community?
A. I'm assuming that thanks to the BayStar callback that this lawsuit is nearly dead. Of course SCO, could sue their own financial backers and prolong this further, but it feels like we're seeing the beginning of the end. But while it was alive, it did a lot for Open Source in some unexpected ways. The community at large had taken a largely see-no-evil, hear-no-evil approach to issues around IP ownership, clearance of rights, that sort of thing, except for a few organizations like the FSF and the Apache Software Foundation who actually put effort into collecting license agreements from contributors. Now, developers are more aware than ever that getting a clean history for code matters a great deal.
Born in Mexico City, Miguel de Icaza was the driving force behind the creation of the Gnome free software desktop, and co-founded the open source company Ximian, bought last August by Novell. In July 2001, he helped start another ambitious project, Mono: a free implementation for GNU/Linux of Microsoft's .Net framework. He talks to Glyn Moody about Mono's progress, how Ximian was bought by Novell, and why he is so scared of Microsoft's Longhorn.
Q. How has your vision of Mono changed since you began the project, and what are the main aims of Mono today?
A. A lot of the things that Microsoft was addressing with .Net were touching on existing pain points for us. We've been using C and C++ way too much - they're nice, but they're very close to the machine and what we wanted was to empower regular users to build applications for Linux. Windows has a lot of tools that address a particular problem but on Linux we're kind of on our own in terms of development So when Microsoft came out with this [.Net] thing, initially what we saw was very interesting, and that's how the project got started. But as people got together and started to work and collaborate on this effort, a couple of things happened.
The first one is that there was more and more momentum behind building APIs that were compatible with the Microsoft ones. Novell and Ximian were focused just on the core and C#; a lot of the people who came and contributed software to the project were interested in Windows Forms, or ASP.Net or Web services or databases, which were part of the Microsoft stack.
And at the same time we have grown organically a stack completely independent of the Microsoft stack, which we call the Mono stack but it includes things like tools for doing GUI development for Linux - that was one thing that we were very interested in and we actually invested a lot of effort into that.
So today at the core we still have Mono, which is what we wanted to do, and now we've got two very healthy independent stacks: the Microsoft-compatible stack for people who want to bring their applications from Windows to Linux, and also this completely new and fresh stack of things that in some cases are portable from Linux to Windows, and in some cases are very, very Linux specific.
Q. Microsoft doesn't seem to be making so much noise about .Net these days: what's your view of .Net's progress at the moment: how is it shaping up as a platform for writing software?
Jim Gray won the 1998 Turing Award "for seminal contributions to database and transaction processing research." More recently, he has been working as a Distinguished Engineer in Microsoft's Scalable Servers Research Group, based in San Francisco, on the creation of terabyte-sized distributed online databases. Talking with Glyn Moody, Gray reflects on his career, the power of Web services, and the arrival of sentient machines later this century.