I would say that we did thin interview because the world needs just one more
"cloud" post, but that's hard to justify. Still, the cloud seem to be
segmenting into infrastructure as a service (IaaS) providers, and platform as a
service (PaaS) providers. IaaS (like Amazon Web Services) is basically
virtual machines in the sky, and this differs from traditional hosting because
with a cloud provider, you should be able to start and stop dozens or hundreds
of VMs through an API, and pay only for the CPU hours you use. PaaS (like
Google App Engine) gives you a framework to code against, and it's a much more
restrictive environment (moving to PaaS is usually a rewrite), but you never
worry about individual machines, patching, or all that Jazz.
In this interview, we explore the concept or layering an arbitrary PaaS
implementation on top of an arbitrary IaaS provider. Hmmm…
This interview reminds me a little of those sci-fi stories that start with the
big bang, and end 40 billion years in the future. Con Zymaris has the
depth of experience to pull this off in the software space, offering some very
astute insights and provacative food for though along the way.
In this interview, we talk with Intel's Dirk Hohndel about Moblin, the explosion
of devices, and how large companies do (or don't) really "get" open source.
If you’ve ever used a Wii control or played an iPhone game, you’re familiar with the kind technology that Hillcrest Labs makes, and they make some of the best. In this interview, we talk about their decision to open-source their library and the benefits this brings back from their developer community.
We came across David Dennis and Simon Bennett at GroundWork Open Source, because they seemed to do something that didn’t entirely make sense. GroudWork is an open source company that released a plug-in for a completely proprietary product – a connector for Microsoft System Center Operations Manager, of all things.
Read on to see how they explain this, and how they school us on open source management tools.
In this second interview with Marc Frons, CTO for the New York Times digital operations, we discuss the Times use of open source in their infrastructure. In specific, we talk about:
In this interview, we talk with Doug Look, who’s a strategic designer for Autodesk Labs. The labs are interesting because they’ve built a strong, engaged, community around closed-source software. In this interview, we specifically cover:
The OSI has approved the two Microsoft software licenses, the Microsoft Reciprocal License, and the Microsoft Public License. This makes all the code on Microsoft’s CodePlex site (Microsoft’s equivalent of SourceForge) official open-source software, as much of it is licensed under the Microsoft Public License (formerly the Microsoft Permissive License). It also means that things like Microsoft’s Ajax Control Toolkit is open-source (with the inherent ability to fork, etc.)
There’s a good article on LinuxWorld about the security debate between open-source and Windows. My first question is, does it need to be a debate? In this day and age, isn’t it easy enough to quantify vulnerabilities?
If you are looking for subjective opinion, I recommend looking through the interviews we’ve done here. At the risk of sounding like a Microsoft fan-boy, the Microsoft interviews (in my opinion) demonstrate a company where secure coding is “in the water”. Code goes through threat modeling, risky function calls have simply been banned, code goes through automated and human inspection, and vulnerabilities that do slip through feedback into the process to determine how to prevent them in the future.
I simply don’t get the same feeling from the open-source people we’ve talked to. When we’ve brought the subject up, the response is almost universally “many eyeballs,” and faith (without data) that “many eyeballs” is effective.
Am I completely off base? Do things like the Linux kernel and Apache go through rigorous security reviews? Is there proof that “many eyeballs” in open source is at least as good as something like the Security Development Lifecycle in Microsoft? If you’re in a position to know, let’s chat!
According to Scott Guthrie, Microsoft will make the source for the upcoming .NET Framework 3.5 available under the Microsoft Reference License. This isn’t an open-source license (i.e. you couldn’t fork the code), but it is still a “good thing” in that developers can learn from the source and have an improved debugging experience with the ability to step-into the framework code.
Update: It seems that this isn’t seen as happy news by all. There’s an article on eWeek that’s just too irrational and frothing to pass up, claiming that this is all a ploy by Microsoft to kill Mono. As Microsoft is officially supporting Novell’s efforts in porting Silverlight to Linux (on top of Mono), the evidence would indicate that Microsoft is doing this to support .NET developers, and not as some clever conspiracy to kill off Mono.
A while back, we did an in-depth interview with Michael Howard about Microsoft’s Security Development Lifecycle, which has been one of our most popular interviews to date. It seems there’s a lot of interest in pulling back the covers and looking at how Microsoft is approaching building secure code.
