Where Do We Go From Here?
Alan: Google made Chromium open-source in the hopes that other companies would adopt the security model. While collaboration helps concentrate resources, it also limits diversity of ideas. What are other security models besides sandboxing that have been considered?
Collin: Another approach to mitigating vulnerabilities is to write more of the browser in managed code. Rendering engines are fantastically complicated and need to be fast, which makes them a good candidate for running as unmanaged code in a sandbox. However, the privileged "kernel" of browsers can be made fairly simple, so if you put it in type-safe environment like Java or .NET, you can get protection both inside and outside the sandbox. There's a Microsoft Research project called Gazelle that is trying this approach.
Alan: While the focus of our interview has been on Chromium so far, I’m sure your time at Stanford has involved looking at other platforms. I’m sure that Chrome is your recommended browser for Windows Vista users, but what browser should we be using on Mac and Linux?
Adam: I recommend against using IE 6 with Wine. Browsers have come a long way in the past 8 years. If you're still using IE 6, you might consider upgrading. :)
Alan: So what browser is running on your Mac Mini (Adam) and your laptop (Collin)?
Adam: On my Mac Mini, I usually use Firefox because I often have Safari running with a development build of WebKit in the debugger, which can be confusing if I'm also using it for Gmail. When it's time for me to debug Firefox, I usually switch to Safari or Opera.
Collin: Yes, this is a common pattern. I'll use any browser except the one I'm debugging, because I hate restarting my browser.
Alan: Final question: having gone through it, what advice would you give to a kid interested in pursuing a career in computer science?
Collin: A great way to get exposure to real-world software development and meet other developers with similar interests is to contribute to an open source project. You can even get paid to do this through Google: Summer of Code--check out http://code.google.com/soc/. Unfortunately, the application deadline for Summer 2009 was April 3. But there's always next time.