|By Linux News Desk||
|February 13, 2004 12:00 AM EST||
"Analysts are already out with their flapping lips talking about how the source code could benefit Microsoft's 'rivals.' We in the Linux community know they are talking about us," Spencer writes.
"The analysts have it all wrong though," he continues. "They missed it completely. Open source projects can't and would NEVER intentionally take advantage of this leak. This leak is as much a disaster to open source as it is to Microsoft and its users."
The key to this assertion lies in the very openness of open source, Spencer points out.
"The open source community lives in a glass box. We always show our source code and we accept help from anyone around the world to make our projects better. As a result of this leak all projects that deal with Microsoft interoperability, such as WINE, Samba, and the Linux kernel, are going to need to be vigilant about someone slipping some tainted Microsoft source code into our projects."
The Linux community has always been vulnerable in this way, Spencer observes. "But until now Microsoft couldn't claim that we really could have done it on purpose," he adds.
"This shifts where the benefit of the doubt falls, even though 99.999% of all Linux advocates and developers would never use or even look at proprietary code," says Spencer.
He goes on to speculate that perhaps Microsoft will use the opportunity to make this source code available for the public good.
With his tongue - one suspects - in his cheek, he writes:
"I expect [Microsoft is going] to make it available so that security experts around the world can aid them at fixing the bugs that have been exposed. I know they are going to use it as an opportunity to help with cross-platform compatibility issues. Most importantly I know that they are going to use this problem as a chance to give open source developers the opportunity to develop code analysis tools so that we can check against their leaked source code and make sure it doesn't appear in our projects."
He doesn't mention whether or not he will be holding his breath.
|Perros 03/04/04 03:52:14 AM EST|
The Windows 2000 source code is pretty much public anyway, all the top Computer Science departments in Universities already have it. As well as other companies allied with MS.
It probably leaked from one of those companies, only takes one disgruntled employee to copy some files and put them on a P2P.
|Read It 02/27/04 11:05:03 AM EST|
On the point of Windows source code finding its way into open source projects:
I would be very surprised if anyone does this. It just wouldn't make any sense to try to compile Windows source under Linux. Most of the Windows source is littered with calls to Windows API calls (and so on and so on). How could you hope to get this to compile without implementing all those functions?
The best way to use this to your advantage is to extract a design from the source and write your own version. Would the resultant code really be subject to copyright? Everything I've read up until now refers to copy and paste of code as a violation of copyright. I've not read anything referring to the copyright of the IDEAS in the Windows source code.
Unless someone can prove otherwise, I think the whole notion of Microsoft using the leaked source as a weapon against open source is pure hype.
Has anyone here actually READ the Windows source code??!!!
|Gary Edwards 02/17/04 02:13:10 PM EST|
Nicely said Peter. The bottom line is that we have two approaches to security to consider. The open source approach is based entirely on the quality of the code. The more people who "see" the code, the more "secure" it becomes.
Then we have the shared source approach where security by obscurity" is the rule of the day. Only a privileged few are selected to "see" the code. The operative equation being the fewer people who "see" the code, the more secure it is. One things for sure, the code that was released does not qualify as quality code. Over at Slashdot they're laughing their asses off. So perhaps it's a good thing Microsoft is careful in their selection of marketplace "winners" and "losers". Otherwise "shared source" would be everywhere, if only for the entertainment value.
In their first quarter filing last year, Microsoft stated that one of their more difficult revenue challenges was to upgrade over 350 million Win9x installs to XP. (USAToday has put the number at 400 million.) They realize that they can't maintain their growth rate based on new users. The installed base has to be churned. Once churned, revenue stability is assured by new licensing schemes and a cascading design of interlocking interfaces and interdependencies that bolt next generation collaborative computing features across an entire stack of XP servers, desktops, applications, devices, frameworks, and developer tools. Want to use the latest greatest features in MS's XP only Office System? You'll need XP Server 2003, XP Sharepoint, XP Collaboration Server, XP ......
From a marketing point of view, Microsoft has to ask themselves the basic questions as to what compels the installed base, the great monopoly, to upgrade? Killer applications that demand more horsepower is one reason. Seriously improved features and dramatically increased stability in existing products is another. (Indications are that existing, all ready paid for features are good enough, and over the years of marching on the costly upgrade treadmill, users have accustomed themselves to unstable performance.) A third reason would be improved security. A fourth would be a corollary to improved security. The end of life withdrawal of critical security patches.
We've already seen that EOL (end of life) plans can be changed and juggled to pacify an oft angry and increasingly demanding user base. The great herd that makes up the Microsoft monopoly is determined to move at their pace, on a time table that meets their needs. Not the needs of Redmond's quarterly reports.
Rightfully jaded and cynical after years of witnessing a veritable crime wave of reprehensible and often illegal business practices, i find it hard to see this recent release of source code, intended or not, as anything but an opportunity for MS to churn the installed base of over 350 million users. And for Microsoft, this opportunity comes none to soon. Before this year is out, an alternative Linux solution will attain desktop friendly consciousness. The battle for the great herd will be joined.
|Peter 02/17/04 06:10:34 AM EST|
The source code leakage has prompted some bizarre responses which I'd like to consider.
Firstly, the source code would have been leaked from one of the many hand picked ISVs that MS has chosen to reveal their source code. Would this have been done for reasons of ideology? By someone who secretly harbors pro OS source views? Yes, sure.
Secondly, MS hasn't shown any tolerance for Free/Open source software nor any company that competes in the same market. The "Halloween Documents" indicate how fundamental to MS is their hostility to Open Source. Their subsequent strategies aimed at pouring scorn and vitriol on GPL are further evidence of this. I think it naive to suggest that the source code leak will make life tougher for the Open Source community.
Thirdly, the idea that the leak was part of some sophisticated conspiracy designed by MS is nutty. The core of NT, Win2k, 2003 and Longhorn is the same. They all share the basic design conceived by David Cutler (the same guy that designed VMS). Longhorn will have lots of new code but it will still have lots of the 2003 code in there. DWORDs may become QUADWORDs and Win32 will not be the native API but much of the logic will remain the same. The idea that MS are throwing away the NT source code base implies that Longhorn will be entirely new -- it isn't, consult the beta reviews.
Fourthly, it is not true that all of the MS OS were designed for the desktop. There were two distinct streams of development in Redmond until quite recently. These were the MS-DOS/Windows 1-3.1/Windows 9x/ME group on the one hand and the NT 3.1/4/2000/XP/2003/Longhorn group on the other. NT was designed as a server OS, as was 2000. The desktop versions of these are merely feature limited versions of their server counterparts.
Fifthly, the leak will effect security in a quantitative rather than an qualitative manner. We already have a steady, regular stream of defects being discovered and exploited. The availability of source code will only increase the frequency with which exploits are discovered. The good reverser can do quite well with the PE files, only its a rather labor-intensive process. The source code will make the hackers job easier, more pleasant. The hacker will still need to perform disassembly but only to check that source code hasn't changed.
Sixthly, both Linux and BSD -- two Open Source OSs -- are used in trusted, security critical settings. If the leak is a disaster for security it would only because the emperor indeed has no clothes. Security by obscurity -- which is what those in moral panic are implicitly appealing to -- is a poor form of security, as amply demonstrated by the many hackers and reversers that don't have the source code.
Seventhly, I feel that the fear that the leak will threaten the /detente/ between MS and Open Source is entirely imaginary. MS hasn't, doesn't and never will have any tolerance for Open Source. MS is a nasty company. Bill Gates is no different from the robber-barons that featured in the early stages of North American capitalism. Microsoft behaves as all monopolies behave.
Eighthly, MS selectively releases its source code to ISVs. In this manner it picks winners, it decides which MS OS third-party developer wins in the apparently "free market". The truly independent ISV that develops system software for the MS OSs is at a distinct disadvantage. This is fundamentally unfair.
Ninthly, MS have behaved in a most odious and unconscionable manner towards end-users, MS certification holders, ISVs, developers, administrators and competitors. Are they not deserving of this disaster? Am I the only one that has tired of their games, scheming and hubris?
|Penth 02/17/04 03:33:33 AM EST|
I don't believe any open source developer had anything to do with the code leak, but I just hope that none get it thrown in their faces, either. We all need the key Linux/Gnu/Open____ community to be able to say they've never even been near the stuff (unlike, alas, the user side of the Windows desktop) even if such exposure was against their will.
Remember that the Macintosh source was released several years back. It had no effect on Linux, although we can't verifiably say the same about some development teams in Redmond. If anyone inserts thais buggy batsh!t code into Linux, it will probably be someone from the SCO group.
Just for myself, though, I have a gnawing curisoity. I don't want to see any of the executable code, though, just the comments. There just might be stuff in there that would make the BOFH look tame.
|LIZ 02/16/04 07:09:24 PM EST|
I just discovered linux a year and a half ago. Open office, the rest is history, I'm not a rocket scientist, actually a "housewife" with some college, very little computer related and the computer was as big as a piano!
During conflicts all sorts of horrible stories are perpetuated upon the other side in the name of propoganda. I thought I was being paranoid about the supposed "leak" but others evidently feel as I do, and after the supposed attack upon SCO by a linux user (or a Russian, take your pick), the number of companies coming forth with plans to adopt linux as at least an alternate os and develop drivers for the os, the burgeoning number of people who are even aware that there are alternatives to windoze, -----what makes more sense than microsofts code gets released?? Will they use it for the good of mankind and say what the hey, we can still make a profit if we open it up?? I seriously doubt it. Will they use it to their advantage in the battle against linux and the various mac os?? It would surprise me if they didn't.
|Gary Edwards 02/15/04 10:35:28 PM EST|
Damn those guys in Redmond are clever! Unethical, but oh so clever!
The facts are that Microsoft's entire product line was developed for a personal computing architecture. Clearly they are having problems moving from the vision of their early roots to that of a networked world. Microsoft systems are inherently insecure the moment they connect to any kind of network because they were designed for a different purpose. Maybe when all the talking about Longhorn ends, and the new architecture is finally released, Microsoft will be able to transition the user base to a truly network platform. But that's a ways off. And there are so many quarterly reports to be filed in the meantime.
The truth of this dilemma proves itself on a near weekly basis at incredible cost to the great monopolized herd of Windows users.
So if they can't "fix" the fundamental design flaws of their pc oriented architecture, the marketing masters of Redmond had to come up with perception fix. With this strategic leak of source code, Microsoft can now shift the "blame" to open source evil doers. It's brilliant!
Instead of the great herd blaming Microsoft for selling them shoddy products, that they are unable (or unwilling) to "fix", Microsoft can now point at evil free grazing robbers who have no respect for intellectual property (i.e. shoddy, half baked, woefully insecure and hap hazardly constructed software products that should never be connected to a network without the cover of a enormously precautious shell).
We all know Microsoft has two very big problems. One is security. The other is convincing an angry user base of over 450 million users to upgrade to the next generation of profitable products. When it comes to basic product features, the great herd is quite satisfied with the applications and systems they've already paid for. Except for one thing - security! They're mad that the products Microsoft sold them are so susceptible to misuse and abuse of all sorts. Susceptible the moment they connect to other computers.
So the challenge for Microsoft is to get out from under taking the heat, er, responsibility for their products, while shifting the blame to the only meaningful competition left standing. And do it in a way where the great herd finally accepts the bottom line engorging argument that the only way to resolve the security problems of end of life Windows systems is to upgrade enmass.
Of course Microsoft will officially downplay the "security" concerns about the released code, while putting the blame on open source evil doers who have no respect for intellectual property rights. The tech press has already taken the bait. We are guaranteed that from this day forward there will never, ever, be a MyDoom type story in the press that doesn't reference the release of this code as the problem. Security pundits and techsperts of all sorts are already preparing their power points and bulletin templates with this soon to be boilerplate message.
It's brilliant. The strategic release of this code paves the way for moving the installed base. It is exactly the woeful insecurity of those 450 million plus legacy Windows systems that will provide the impetus for force marching the great herd to the tightly bolted Windows XP Stack, rife with patent restricted interfaces, and yearly subscription licenses. A whole new generation of lock in, perfected at the expense of the only meaningful competition left standing - open source communities.
It's brilliant! It's end game.
|TOM ANTONY 02/15/04 09:42:55 AM EST|
YOU DONT HAVE ANY SENCE IN SECURITY IN TODAYS WORLD.NOW THE TECHNOLOGY IS SO HIGH THAT YOU CAN MAKE SOFTWARE OF YOU OWN YOU ARE NOTHING MICROSOFT I WILL TAKE THE REST OF THE SOURCE CODE FROM YOU I AM DAM SURE ABOUT IT I WILL . BE WARE OF HACKERS HE IS IN YOUR SYSTEM THE IS NO WHERE TO HIDE . WE ARE COMMING . IT IS THE END OF THE MICROSOFT
|Mas 02/14/04 02:20:08 PM EST|
No. MS can NOT change its primary personality it had from the very beginning. Which means they will DEFINITELY try to sue the pants off every developer who brings the L*nux-MS-Interoperability a little bit further. Claiming that every single char in his source code were originally MS's for decades.
- Linux & Games: Installing TransGaming's Latest Release, Cedega 4.0
- Migrating to Linux not easy for Windows users
- Migrating the Desktop from NT to Linux
- Sailing the Wine Dark Sea With Macromedia Fireworks MX
- Linux on the Desktop: Bringing Linux into the Corporate Environment
- How to install Neverwinter Nights on Linux
- Graphics Still the Hot Topic in Open Source .NET
- Fedora Software
- Novell Paying Microsoft Not to Sue
- Catching up with WINE