Miguel: "MS has a beautiful security system..." ???

An interview with Miguel de Icaza of Ximian / Gnome / Mono at [link|http://www.theregister.co.uk/content/4/23919.html|TheRegister].

He seems to be ignoring the problems of trying to keep up with MS's changes to .NET....

But aren't there large chunks of .NET you can only do on Windows. like authorization?.?

"Oh that is a very interesting question! The I/O model is based on the Win32 model - we have to emulate the behaviour - and it turns out that behaviour is extremely nice. We went and implemented that.

"They have a beautiful security system and we're emulating the whole security infrastructure. It's actually easier to use than the Windows counterpart. We're basically wrapping the Unix functionality inside the Windows functionality.

"What's important to keep in mind is that you do not actually use the Windows API in .NET - you use the .NET API - the clasese they have defined.

There's final area, he added, with Mono emulting the Windows forms, which will be based on Gtk for .NET.

Now about keeping pace. Only a small portion of .NET classes have been submitted to ECMA.

"Tiny, tiny yes. But we can do APIs too - if people like the APIs we do, we'll submit them to ECMA." Miguel cited Lloyd Dupont's OpenGL classes as an example.

So would he go as far as recommend .NET as a way to write web services?

"My main focus is the client. In the web services area there is not a big-buy-in to the Windows platform, because this is the first time they have brought it to Windows.

"Well in the Windows world they use SOAP... they do not talk about proprietary protocols.

"We're doing Mono because we care about upgrading the development platform, we care about language independence; and it's very nice two work on.

[...]

Security through obscurity

We were surprised to hear that Microsoft had a great security model, could he explain?

"OK there are two security modeks in place - one is the Windows NTN security model; which is actually a pretty [pauses] ? You've seen security holes in Microsoft products - buffer overflows - they're not problems in the security architecture - that happens with Unix too. They happen to be really bad at managing their bugs, and not providing fixes on time, but that's another issue. That's the NT security system.

"But .NET has another security system on top. It's designed to have same sort of security as Java. Instead of the application being the unit of security - you trust the whole app or you don't trust any of it - each portion of the program can be running on a separate trust domain.

"So you can have Gnumeric running and you import a file from 1-2-3. Gnumeric asks the network or service do you have a plug-in for 123 - but the problem is you cannot trust this code, right? So you give it limited permissions. You're not going to let them write to the file, just read, populate the spreadsheet. If they try anything else the plug-in is killed, it throws an exception.

It's a sandbox?

"Exactly - it's a sandbox at any point, and you can define what, which I find really interesting.

The bottom line

"It's critical to upgrade our development platform to a lower cost, with Mono we can develop in a quarter of time. Microsoft is not advertising that - they're talking about web services;

How so, what parts make for faster development?

"The libraries, the GUI tools, the compiler system - serialization, database access, directory services and management."

Quite a bit then.

"Yes, you shouldn't lock yourself out of .NET.

Mono has already slayed one of the holy cows of the Gnome project - the insistence that all code be released under the GPL. The decision to change to an MIT X11 license for some libraries passed off without too much protest this week, and Miguel said it was to avoid fragmentation, as it allowed the project to use Intel's optimizing run time:-

"We were able to take everything they developed and incorporate it in Mono, but they were not able to take anythng in Mono and integrate it into their platform. It's still open source - but other people can use it."

So a very enthusiastic endorsement of .NET, which will gladden the hearts of its authors, no doubt. Microsoft has made much of .NET's language independence and Miguel affirmed it as strongly as anyone could.

Is Miguel making sense here? I'd say he's giving MS an invitation to subvert Gnome.

Aren't there simpler, more open, ways to achieve language independence and the advantages he wants for Gnome by other means? Is this another instance of Miguel hopping on a buzzword bandwagon (e.g. basing Gnome on CORBA rather than something simpler) instead of trying to finish the existing framework?

Does he risk forking Gnome and/or making KDE the defacto open source desktop application framework?

It this emulating and translating and sandboxing for Mono going to even further decrease Gnome's performance (in some areas) compared to KDE (not that I've made detailed comparisons, you understand).

I've known that Mono was meant to be based on .NET and Miguel liked it for a long time, but this embrace of it seems extreme to me.

Thoughts?

Cheers,
Scott.

Opinions about Miguel that is.

As for the security model, it sounds like Microsoft has rediscovered the capability security model (and I don't mean capabilities as in "POSIX capabilities"). Which makes sense because a capability model maps directly onto an OO programming model. (Once you have an object you can do anything it can do. The security check is in the constructor.)

Which is a nice model. But it is not innovative enough to write home about. Unless you are getting a lot of cash from Microsoft, or unless you have never seen it before.

Cheers,
Ben

PS About chasing tail lights, has anyone pointed out to Miguel that he will have to not only match Microsoft feature for feature, but also bug for bug?

Post #26,897 by Another Scott 2/1/02 3:19:29 PM Reply	Miguel: "MS has a beautiful security system..." ??? An interview with Miguel de Icaza of Ximian / Gnome / Mono at [link\|http://www.theregister.co.uk/content/4/23919.html\|TheRegister]. He seems to be ignoring the problems of trying to keep up with MS's changes to .NET.... But aren't there large chunks of .NET you can only do on Windows. like authorization?.? "Oh that is a very interesting question! The I/O model is based on the Win32 model - we have to emulate the behaviour - and it turns out that behaviour is extremely nice. We went and implemented that. "They have a beautiful security system and we're emulating the whole security infrastructure. It's actually easier to use than the Windows counterpart. We're basically wrapping the Unix functionality inside the Windows functionality. "What's important to keep in mind is that you do not actually use the Windows API in .NET - you use the .NET API - the clasese they have defined. There's final area, he added, with Mono emulting the Windows forms, which will be based on Gtk for .NET. Now about keeping pace. Only a small portion of .NET classes have been submitted to ECMA. "Tiny, tiny yes. But we can do APIs too - if people like the APIs we do, we'll submit them to ECMA." Miguel cited Lloyd Dupont's OpenGL classes as an example. So would he go as far as recommend .NET as a way to write web services? "My main focus is the client. In the web services area there is not a big-buy-in to the Windows platform, because this is the first time they have brought it to Windows. "Well in the Windows world they use SOAP... they do not talk about proprietary protocols. "We're doing Mono because we care about upgrading the development platform, we care about language independence; and it's very nice two work on. [...] Security through obscurity We were surprised to hear that Microsoft had a great security model, could he explain? "OK there are two security modeks in place - one is the Windows NTN security model; which is actually a pretty [pauses] ? You've seen security holes in Microsoft products - buffer overflows - they're not problems in the security architecture - that happens with Unix too. They happen to be really bad at managing their bugs, and not providing fixes on time, but that's another issue. That's the NT security system. "But .NET has another security system on top. It's designed to have same sort of security as Java. Instead of the application being the unit of security - you trust the whole app or you don't trust any of it - each portion of the program can be running on a separate trust domain. "So you can have Gnumeric running and you import a file from 1-2-3. Gnumeric asks the network or service do you have a plug-in for 123 - but the problem is you cannot trust this code, right? So you give it limited permissions. You're not going to let them write to the file, just read, populate the spreadsheet. If they try anything else the plug-in is killed, it throws an exception. It's a sandbox? "Exactly - it's a sandbox at any point, and you can define what, which I find really interesting. The bottom line "It's critical to upgrade our development platform to a lower cost, with Mono we can develop in a quarter of time. Microsoft is not advertising that - they're talking about web services; How so, what parts make for faster development? "The libraries, the GUI tools, the compiler system - serialization, database access, directory services and management." Quite a bit then. "Yes, you shouldn't lock yourself out of .NET. Mono has already slayed one of the holy cows of the Gnome project - the insistence that all code be released under the GPL. The decision to change to an MIT X11 license for some libraries passed off without too much protest this week, and Miguel said it was to avoid fragmentation, as it allowed the project to use Intel's optimizing run time:- "We were able to take everything they developed and incorporate it in Mono, but they were not able to take anythng in Mono and integrate it into their platform. It's still open source - but other people can use it." So a very enthusiastic endorsement of .NET, which will gladden the hearts of its authors, no doubt. Microsoft has made much of .NET's language independence and Miguel affirmed it as strongly as anyone could. Is Miguel making sense here? I'd say he's giving MS an invitation to subvert Gnome. Aren't there simpler, more open, ways to achieve language independence and the advantages he wants for Gnome by other means? Is this another instance of Miguel hopping on a buzzword bandwagon (e.g. basing Gnome on CORBA rather than something simpler) instead of trying to finish the existing framework? Does he risk forking Gnome and/or making KDE the defacto open source desktop application framework? It this emulating and translating and sandboxing for Mono going to even further decrease Gnome's performance (in some areas) compared to KDE (not that I've made detailed comparisons, you understand). I've known that Mono was meant to be based on .NET and Miguel liked it for a long time, but this embrace of it seems extreme to me. Thoughts? Cheers, Scott.
Post #26,913 by tonytib 2/1/02 4:56:06 PM Reply	I'm not impressed.... maybe the increase in productivity is due to Miguel coming from a C background in the original Gnome project. What's leading edge about object serialization? Easy database access? I've got those in Python (which I like so far), as do many other languages. I'd be willing to be that the OS X development environment is much better than dot-net. I'm also skeptical about how good dot-net's security is in practice. MS stuff is always wonderful when described...and is horrible when it actually ships. Tony
Post #26,966 by ben_tilly 2/2/02 10:17:11 AM Reply	Just reaffirmed opinions I have had for a while Opinions about Miguel that is. As for the security model, it sounds like Microsoft has rediscovered the capability security model (and I don't mean capabilities as in "POSIX capabilities"). Which makes sense because a capability model maps directly onto an OO programming model. (Once you have an object you can do anything it can do. The security check is in the constructor.) Which is a nice model. But it is not innovative enough to write home about. Unless you are getting a lot of cash from Microsoft, or unless you have never seen it before. Cheers, Ben PS About chasing tail lights, has anyone pointed out to Miguel that he will have to not only match Microsoft feature for feature, but also bug for bug?
Post #26,998 by tonytib 2/2/02 3:59:11 PM Reply	Love your P.S. -- matching MS bug for bug!
Post #27,042 by static 2/2/02 11:47:03 PM Reply	He should hook up with Tridge... ... of the Samba team. They've been matching bugs with Microsoft for years. Wade. "All around me are nothing but fakes Come with me on the biggest fake of all!"
Post #27,072 by ben_tilly 2/3/02 9:29:21 AM Reply	Actually... The note that you have to match Microsoft bug for bug (because otherwise you aren't going to be compatible with real code) was one I saw in a public commment by Jeremy Allison about why Mono was an incredibly stupid thing for open source people to get involved in. In other words the most successful open source project at duplicating Microsoft's work concluded that the mix of techniques that Microsft is using with .NET makes tracking them impossible. (Another significant issue is the fact that Microsoft is reversing the ability to instantaneously roll out changes at will. The fact that they have to wait for an installed base to convert gives Samba room that Mono won't have.) Cheers, Ben

Welcome to IWETHEY!