Bill Hilf, Microsoft's Linux Lab Manager, got his answers to your questions back to us in time to publish them just before the San Francisco LinuxWorld, where he is speaking. Before you ask: Yes, Microsoft PR had a look at his answers before he sent them. So if you have any follow-up questions for Mr. Hilf, please post them below and I'll try to ask at least a few of them in person at LinuxWorld.1) Start with the obvious
Dear Mr. Hilf - Surely by now you have to have been accused of helping Microsoft try to exterminate Linux. How do you respond to such accusations?
I get that occasionally, you bet. But usually after I explain what I'm actually doing, it helps clear up the conspiracy theories (of which, there are quite a few). The truth is my job is to help Microsoft have a clear, unbiased and knowledgeable understanding of Open Source Software (OSS): the technology, the development models, how the community works, the pros and cons, and the mechanics of the overall process. So, no, Microsoft is not out to exterminate Linux or Open Source, Linux and Open Source Software will continue to be part of the software industry. My job is to help Microsoft have an understanding of the Open Source technology world.
In fact, Microsoft has benefited from OSS, has participated in OSS projects, and feels that OSS will continue to have an important role in the ecosystem. Both commercial and open source offer specific advantages. And several development models can and should coexist in healthy competition. After many years of working in both environments, a mantra I've seen pay off numerous times is "choose technology to fit the need" not based on a belief or religion: in other words, if the software doesn't solve the problem in a cost effective way, belief and religion won't stop the IT guys' cell phones and pagers from ringing at 2 AM, and that goes for *any* technology, regardless of the development model.
2) Open Standards
How does Microsoft internally deal with Open Standards and Open Document Formats?
I suppose more generally: In your testing is it solely relegated to Linux in the Server role, or do you address End-User issues as well?
We are interested in all sorts of distributions, commercial and non-commercial, of Linux and we test many types of Open Source software overall.
We are very active in helping our product teams test out their open standards implementations. For example, we are currently doing this with Windows Server R2 (a release of Windows Server due out later this year) and its support for NFS and NIS. In a broader answer to this question, Microsoft strongly supports the promotion of open standards. Microsoft's participation in standards bodies such as IETF, W3C and OASIS, and our royalty-free contributions of technology to Web Services standards supports this commitment.
That said, Open Source does not equal Open Standards. It surprises me that this is an issue that(some) people still don't really comprehend. Let's break it down:
* The term "open standards" describes the results of a process for establishing uniform technical specifications (when used in the broader sense);
* While the term "open source," by contrast, refers to a software development and licensing model.
* Open standards may be implemented by software developed under any development and licensing model - non-OSS and OSS alike.
The VCR is a good example of a standards-based product that allowed any video tape* to play on any player - providing a marketplace of competitive VCR implementations, competitive tape media suppliers, and commercial opportunities.
*go ahead, someone say "Hey, but what about Betamax?" - but you get my point.
3) Penguin Aid?
No doubt one of the activities of microsoft's linux lab is testing the security of linux.
My question is this: if you find a security vulnerability in linux, do you inform the linux community about it?
We definitely look at security technologies in OSS in general, including Linux, but we do not actively do security code audits on Linux/OSS. We do occasionally stumble on bugs by accident in various products, and we always email the parties concerned, and it's up to them to do the right thing from that point on.
Let me give you some examples. Michael Howard, one of our security gurus here at Microsoft, has come across some issues in some projects, such as Apache.
As a company, we strongly believe in and encourage responsible disclosure of vulnerabilities. The practice of reporting vulnerabilities directly to a vendor is beneficial to everyone. It helps to ensure that customers receive high-quality software updates for security vulnerabilities, without exposure to malicious attackers while the update is being developed.
In my team's day to day work, we have discovered bugs and submitted fixes upstream. For example, the smbtorture test suite included with Samba had a bug that we identified. We provided a backtrace to the developers, and it was fixed and committed.
We also found some problems with the GAIM Instant Messaging client. GAIM's MSN via HTTP feature didn't work. The bug was noticed by our team because we had a real need for MSN via HTTP on our Linux desktops. So we fixed the issue and submitted the patch upstream.
4) Can Microsoft Ever Give Us Free As In Freedom?
We've heard a lot about MS having a lower TCO etc., and who knows it may even be true in some cases, but does Microsoft realise that the reason some of us are on Linux is for the "Free as in Freedom" part? This may matter not to the PHBs, but some of the Linux users MS is trying to court such as HPC consist of engineers and scientists who operate things like particle accelerators and are unfazed by the "complexity" of Linux and appreciate the freedom to be able to customise it to their needs?
Can Microsoft ever be as liberal with their operating system as Linux developers are with Linux?
Great question, and as someone who has spent time in the academic world as well as in the HPC world, I very much understand your point.
There's always a trade-off between modularity and integration, or said another way, there is always a balance between the ability to customize anything and everything and the ability to deliver a consistent, tested and supported software solution to a broad base of users.
This is not a Windows vs. Linux thing but more of a software design issue. The key is realizing that there's a continuum of possible trade-offs. With increased integration you have certain advantages and disadvantages, and conversely with increased modularity you have other advantages and disadvantages. As an operating system designer, you can pick where you want to be on this modularity/integration spectrum.
Microsoft has found that pursuing a balance, rather than one extreme, is a successful approach that fits the needs of our users and customers in a broad and effective way.
For the global software ecosystem, the best environment for innovation is the coexistence of OSS and commercial software. There is a good review of this successful interaction between software models here.
We try to provide the transparency and flexibility you describe through our Shared Source program. The Microsoft Shared Source Initiative is a range of programs and licenses to make Microsoft source code more broadly available to customers, partners, developers, governments, academics and other people who are interested. Shared Source now serves more than 1.5 million developers through source code access programs. What surprises most people when I tell them about our Shared Source program is that 99% of the >70 programs have full redistribution and modification rights.
5) Stranger in a strage land
Doesn't working at MS isolate you somewhat from the OSS community? What do you do to keep your OSS perspective and skills current?
Believe it or not, I use more different types of OSS here at Microsoft than I've ever used before. Our team uses over 40 different flavors of Linux and BSD, plus several commercial Unix variants. Beyond this, we use an ever-growing number of OSS applications. In my spare time, I'm even learning some stuff about Windows J
I also interact with the OSS community and am in contact with many people in the OSS development community from all sorts of different projects. It's important to keep open lines of communication. We may not always agree, but the dialogue is always open and friendly.
6) Why doesn't Microsoft release Microsoft Linux?
The subject says it all (mostly).
One of the primary reasons Linux is somewhat inferior to commercial offerings when considered as a general-purpose desktop operating system is that there is a lack of a single guiding human interface standard for the various groups to work toward. Companies such as Apple Computer and Microsoft have invested large amounts of money in human interface studies, and although much of this information has been made readily accessible to the public, it would appear that very little of that information has been put to good use by F/OSS developers.
With Apple using the BSD branch of software as its operating system core, do you see a future for a Microsoft-branded Linux distribution, using a Microsoft-developed HCI design?
Though there is a large amount of enmity in the F/OSS community toward Microsoft, it cannot be denied that Microsoft's development methods are demonstrably capable of producing quality software. Could Microsoft serve as a catalyst for consolidation within the community, while remaining true to the F/OSS philosophy? Could such a strategy be profitable for Microsoft?
Without question, our strategic bet is on Windows. Windows Vista and Longhorn mark the threshold of our next wave of innovation. This might sound a bit like an 'I drank the Kool-Aid' type answer but I've seen what we've built and are in the process of building, and I've seen what we're architecting. Our developers are creating products and technologies that are redefining what is possible with software. It's an exciting time to be at Microsoft.
But you raise a good point, which is: can there be a positive reciprocal relationship between Microsoft and the OSS development community? I strongly believe the answer is "Yes" and I spend a lot of time trying to help this relationship mature. There is a great amount we can learn from one another, and we have just begun to explore the potential of this relationship.
Is one of your projects to assist in analyzing Samba source code to help coworkers better understand the SMB protocol?
This is not something we do, but as I mentioned above, we do use the smbtorture test suite in our labs and we do test for Samba interoperability.
8) Execs trying Linux?
by unsinged int
Have you ever managed to get any of the big shots (for example, Gates) to sit down and try Linux for a few minutes? If so, what did they say? If not, why not? Did they have an allergic reaction and try to run away from you, or have you not asked?
I think it would be interesting to hear the opinions of people at Microsoft who actually have tried Linux (with KDE, OpenOffice, Firefox, etc.), versus the standard "Linux is evil" public relations line.
All of our executives see and occasionally use non-Microsoft technologies. This is certainly going to get me flamed, but the Microsoft executives I have worked with are typically very technical, sometimes extraordinarily so. They grasp new technologies very quickly. Sometimes they say "Hey, that problem was solved five years ago - is that it?" -- other times they say "We've got some work to do". I personally have not had an experience here where someone said 'Linux is evil!' Microsoft is a company with deep roots in technology, so most people here approach technology - our own or others - with a technologist's curiosity and interest. Easily one of my favorite things about Microsoft is its culture of curiosity about technology and its potential.
9) Windows Services for Unix
Microsoft has long offered Services for Unix free for download to provide a unix-like environment on Windows. I've seen rumors and speculation that SFU will be included by default in Windows Vista, with some GPL'd portions replaced or rewritten to maintain compliance. If it's true, what level of functionality and compatibility can we expect?
You should attend my LinuxWorld session this week J
I can't confirm what functionality will be in what version of Windows Vista. However, I can confirm that the next-generation of several components of Services for UNIX are being integrated into Windows Server 2003 R2. The NFS client, NFS Server, User/Name Mapping, Telnet Server & Client, Password Sync and NIS Server components of Services for UNIX are all present in the Windows Server 2003 R2 builds. In addition, a revamped POSIX subsystem, the "Subsystem for UNIX-based Applications" or "SUA" is also available as an optional install in R2.
Integrating this functionality in Windows Server 2003 R2 provides native support of cross-platform management tools, Windows/UNIX interoperability and UNIX to Windows application portability. This is a big help for many of the customers I talk to and something I will demonstrate at my LinuxWorld session this week.
10) Beat em or Join em?
Having been in IT a looong time, I'm pretty familiar with all of the major players.
All of them have their +'s and -'s, but one of my biggest gripes about Microsoft is that instead of trying to leverage OSS, they continually try to crush or marginalize it. Over time I find myself less and less likely to consider a Microsoft solution because I know that over time Microsoft will try and make that solution less interoperable with all of my other solutions.
Microsoft would sell more software to me if I could be sure that they are NOT going to try and lock out all of my other platforms going forward.
Given your current position, does it look as if Microsoft will continue to try and marginalize OSS, or will they do an about face and work to try and ensure ongoing interoperability?
If there's one thing that I'd like people to take away from this interview, it's that we can, and should, cooperate and learn from one another.
We love to write great software. One thing Microsoft knows well is the art of 'co-opetition' - competing and also cooperating. Both Microsoft and OSS technologies will continue to be around. We can compete - and competition is healthy - but just as important, we also need to cooperate and make sure that we pursue interoperability as a common goal. We need to be comfortable doing both, simultaneously. We need to have an open, mature relationship.
The key to making this happen is to have open lines of communication. If someone in the OSS community runs into a technical interoperability problem with Microsoft products, I want to know about it. In many cases, we'll be able to do something to resolve the issue. There may be a solution that already exists. Or the problem could be related to an issue that might need to be addressed by one of our product teams. But at the very least, I'll try my best to help and give you a straight answer.
One of my first demos to a high-level executive involved showing some standards-based Linux/Windows interoperability scenarios. I expected to receive an "If it's not built here, then I don't care" kind of response.
To my surprise, his reaction was the opposite: "This is good--we should do more of this type of thing." And I've seen this commitment from many others here at Microsoft, in a variety of roles. At the end of the day, we want software to "just work" too. That's what great software is all about.
If you'd like to contact me directly, I can be reached at billhilf at microsoft dot com.