Interview: Microsoft CTO Craig Mundie talks up the role developers will play with Longhorn, as well as the company's security strategy.
Microsoft Corp. this week officially started the process of driving interest in its next-version Windows client operating system, code-named Longhorn. The Redmond, Wash., software titan turned its attention to the developer community in the hopes that they will start building a wealth of new applications to run above the operating system. Craig Mundie, Microsofts chief technology officer, took time to talk to eWEEK Senior Editor Peter Galli from the companys Professional Developers Conference in Los Angeles.
What is the core of your message at this years PDC?
In the 1990s we began to establish a new platform, a connected universe of which traditional computers were just a subset, that was established on two applicationse-mail clients and Web browsers. Now that that has happened, its time for the programmers to do it again. So, the idea behind this PDC is that it is the starting gun in the race for new applications that will include a recasting of pretty much everything weve ever done before in terms of business software. But it now also has a far broader reach in terms of its extension into a class of applications never really approachable before, because you used to have to stop at the boundary of your enterprise in terms of identity and security and other things.
So, theres more of the maturation of the .Net stuff, the Indigo Web servicesthese are essentially the infrastructure and tools to allow people to program the Internet as a broad collection of computing devices as if they were one big computer system. And that I think is profound in terms of its implications and the PDC is significant beyond the technology because it signals the beginning of getting the platform established and then waiting for the confluence of new technology to be piled on top of it so that the programmers can start again.
The issue of security is taking center stage at Microsoft these days. As Longhorn is still some three years out, what emphasis are you placing on the security aspect of that code and what are you calling on developers to do to make the operating system more secure going forward?
A couple of key points. The idea that security is critically important is not new. I started the Trustworthy Computing initiative at the company some two-and-a-half years ago, and at that time I said this would be a huge task and we, the industry and application developers would have to all step up to the task of making all these computers trustworthy. We also said that could take as long as five to 10 years to see real progress. I think we have already seen real progress and we have certainly changed the culture within the company, and that has changed some of the trade-offs that are made by the people who design, build and manage our development. You can also see improvements in Windows Server 2003. But, that said, we have talked about Secure by Design, and while we are two-and-a-half years into that mission inside our company, the reality is I dont think people outside have given that much focus to what it really means to design software that is trustworthy.
So, what were doing now is giving people the tools, on the design side, to build systems or applications that are secure by default. I tell people that until this point weve been inventing antibiotics and aspirin and, after you get sick, we give you the medicine to make you better. But at the end of the day we want to stop most people from getting sick. So weve taken this to another level; were now going for vaccines and have identified a large class of attacks and are now starting to develop pre-emptive capabilities to defend against these, and weve got to the stage where we are now. If all the developers begin to use our tools and compilers, then everything will start to gradually improve. Lastly, were looking at auto-immunity, which is still some time away, where the machines are more adaptive to the environment theyre in and collaborate with one another to identify problems and even think about ways they can adjust to those problems.
You have started sharing much of your vision for Longhorn as well as some of the code with developers here this week. But the product is still some three years out. What was your thinking around making that available so early?
We know what the basic tenets of Longhorn are in terms of the file systems, the Indigo environment for connectivity, etc. Conceptually those are not going to change. Weve been working on them for some time, and while there is a lot of fine-tuning and performance work to be done, I dont think that we expect to see a lot of big conceptual changes, and that is why we have chosen to go out to the PDC now. It also takes developers some time to perfect an application so that it is ready to go when the platform is ready to deploy.
There has been a lot of interest in the new Windows File System, with many reports saying it was going to be "borrowed" from Yukon. Is that correct?
Its not that simple. But it will take many of the capabilities that have existed in sophisticated database systems like SQL Server and make them an integral part of the file system that everybody uses. So we have taken technology from Yukon [the upcoming next version of SQL Server] and will adapt it to work in a very dynamic way within the context of the operating system. So what we are doing is recording, or synthesizing, a lot more metadata so that the presentation people seewhether in an application or in the graphical environment of the Longhorn shelleverything is essentially a manifestation of queries done against the metadata that then points you to the actual stored information. The idea that you have, as we do now, a lot of folders assigned to some pre-determined location in a hierarchical tree then evaporates.
Microsoft has said it is hoping for developer feedback around Longhorn. What forms are you hoping that feedback will take?
We handed out actual Longhorn disks to all attendees here, so we expect them to tell us what they think. We have also put a lot more effort over the past few years into our developer communities. We really expect a lot more head-to-head community interaction than weve ever enjoyed before. By giving them early access to the code and encouraging their participation through these online communities, forums, etc., were creating the basis for a level of interchange far greater than weve had in the past.
Discuss this in the eWEEK forum.