Microsoft To Share Office Source Code

I_Love_Pocky! writes "According to this article, Microsoft is going to give its source code for Office 2003 to more than 30 different world governments. The purpose? So they can inspect the code for security flaws."

I'm wondering...

[leonmergen]

Not only security is the purpose of making it available, but also so that governments can adapt file formats for cross-software compatibility. Now I'm wondering, what will happen if a government wants to adapt this document format to some opensource program, which happen to have a license that requires to donate all adjustments to the code to the opensource community... I'm pretty sure Microsoft will not allow this, will it ?

Re:I'm wondering...

[Kingsly]

The important questions is...

Is there a way for the governments to verify if the binaries that MS ships is from the same source that they are getting to see?

Will the governments be allowed to compile their own version ?

Re:I'm wondering...

[bob_avernus]

It's their new tactict to take over the world. First let governments look at their source, then once they use the source in something sue them. They are probably also hoping they will use the source in Open Source projects so they can get rid of them, the old kill two birds with one stone...

Re:I'm wondering...

Good point, This offer should be rejected on many levels, first and foremost, shouldn't Microsoft be responsible for their own security.

Surely with a $500.00+ dollar pricetag for Office MS can afford to do their own homework !!

Re:I'm wondering...

[Tyndmyr]

Im certain that they wouldnt allow it...why would they? If they make them all sign NDAs, theres no reason to believe MS intends to allow them to use it for open source projects.

Re:I'm wondering...

[mirko]

Well, if they compile these and they do not get the exact same binaries, they might claim they are cheating but as we know Microsoft, they will explain that their WC++ might not always produce the same output depending on many factors...
So, well, they have to believe it.

Re:I'm wondering...

[EvilGrin666]

They wont have a license to distribute the MS office code and any license they do have from MS is likely to be so encumbered that it would be incompatible with the opensource license.

The only viable option a government wishing to do this is to do a clean room design. Unless of course there are patent restrictions.

Re:I'm wondering...

[ThePilgrim]

This won't work in the UK. You can't sue the UK Government unless it allows you to. Somthing called Crown immunity

Re:I'm wondering...

[jai0]

..who is going to get benefited out of this. Is it microsoft or the governments? If it is the government, why are they restricting it and not share it to major corporations too?

Re:I'm wondering...

[lachlan76]

To get the same binaries, they'd need to use the same compiler, all the same options, breath the right way, and hope that they get the right thing.

Re:I'm wondering...

I think this is a very bad idea. What if China (for example) is one of the governments that got a copy? Could they exploit vulnerabilities that they find against the US Government or China's own citizens?

Re:I'm wondering...

[AstroDrabb]

That is exactly what I was thinking. MS gets tons of government programmers to do the job for MS in finding security problems. Then MS keeps all that _tax payer_ work and gets to turn around and sell that back to the governement. What a great business model!

This still doesn't fix the problem of governements putting out documents in a closed format that limits who can use/view those documents. Sure there is the free MS Word Viewer, though that only says it supports MS Word 2000 and doesn't mention WinXP. So it may or may not work. Also, MS realeases these viewers a long time after the most recent version comes out, so the most recent viewer is usually a version or two behind the most recent MS Office Suite. I think all governments should stick with an open doc format like PDF. Any government can use an suite like OOo.org that will let them convert documents to PDF or even Flash.

Re:I'm wondering...

[wo1verin3]

>> explain that their WC++ might not always produce

Wisual C++? Great for Russia but what about everyone else?

Re:I'm wondering...

[halowolf]

Well we should begin the countdown to when the source code will be leaked once its made available to all those governments. I'm sure it will be well and truely checked for security flaws that way.

I'll start with... 10.

Re:I'm wondering...

[eric_ste]

Or maybe use the binaries they compiled instead of the ones shipped by MS. This way they know that the binaries is from the source code provided by MS...

Re:I'm wondering...

[Geek+of+Tech]

>> Surely with a $500.00+ dollar pricetag for Office MS can afford to do their own homework !!

Or at least teach Clippy (or whoever is in Office now) how to do my homework. For that kinda cash, I expect to see that paperclip doing my Physics....

Re:I'm wondering...

[geordie_loz]

Here in the UK, WC used to stand for "Water Closet", also known as the toilet.

Are you saying that their compiler is 1 better than a crapper?

Re:I'm wondering...

Wouldn't that only apply if you tried to sue the UK govt in a UK court?

I'd suspect that infringing on MS copyrights in this way cause the suit to be filed in Washington State, for that "home field" advantage that sports fans seem to go on about.

Re:I'm wondering...

No, one better than a crapper after you've used it. ;-)

Re:I'm wondering...

[FiniteLoop]

you underestimate the stupidity of certain governments..

Re:I'm wondering...

That won't work since the US courts don't have any jurisdiction over what happens in the UK.

Re:I'm wondering...

[shutdown+-p+now]

Not exactly, since postfix ++ returns the old value... so it's actually exactly as good as a crapper =)

Re:I'm wondering...

[patches]

Actually the postfix ++ returns the current value then increments the old variable, so it would be one worse then the crapper since the crapper got incremented by them....

Re:I'm wondering...

[FauxPasIII]

> Yeah, great joke... other than that you're stupid and obviously unaware that there is no 'w' sound in Russian.

Then vere do you keep your nuclear wessels ?

Re:I'm wondering...

[Orgazmus]

Then they have to send the UK royal family to Washington for trials? ;D

Re:I'm wondering...

[tsa]

What happened to 'security through obscurity'? MS was allways opposed to open source because of security reasons. Now they turned around like a leaf on a tree, it seems.

Re:I'm wondering...

[xhost_plus]

VS Does not create the same output even with the same options and source code. It takes 2 compiles and 2 links to get the same binary image. GO M$!!

Re:I'm wondering...

[HardTronic]

Or perhaps Microsoft is betting that at least one of the countries will leak the file formats/program code/etc and maybe work its way into openoffice or other open source programs. I'm sure this source code is being presented under the strictest of contractual circumstances. Are they intentionally trying to set the stage for later law suits against open source groups?

Re:I'm wondering...

[abischof]

Could someone enlighten me as to the origin of this meme? It's amusing, of course, but a Google search wasn't much help :(.

Re:I'm wondering...

[I+didn't]

Trojans can still be introduced by evil compilers. See Ken Thompson's Turing Award Lecture.

Re:I'm wondering...

[pfleming]

You are not a geek.
"Nuclear Wessels" is from Star Trek IV, The Journey Home. It is also the source of "just use the keyboard," "the keyboard, how quaint".

Re:I'm wondering...

Component testing only. Many rungs down on integration testing. If word opens a jpeg, you are sunk.

Source code, for security purposes, is useless, unless you actually DO compiles, and reproduce the same results and the same checksums, and can do it over and over again. If ineffective enterprises do scan, if is quite futile if you can't make 'changes'.

Even then, results can vary. Even simple batch scripts can be made to get different results by altering the registry, or issuing a SET command.

Is the XML saved format valid? Does word dynamically build and update tables in memory (probably)? What do all these OS calls, and binary includes do?.

Re:I'm wondering...

I'm hoping these governments spend the effort looking for _patent_ problems rather than security problems.

What if Office infringes on a local company's intellectual property!!! They should search for those and fine Microsoft large fortunes if they find infringing code.

Re:I'm wondering...

[john82]

Star Trek IV movie. The gist is TOS crew goes back in time to pick up a whale. This requires a trip to California and Alameda. Chekov is the one who asks about inspecting "Nuclear wessels".

This is also the movie where Scotty picks up an Mac Plus mouse and tries to talk into it. Then, after a spate of rolling his knuckles on the keyboard, up come the instructions for creating "transparent aluminum".

Re:I'm wondering...

[arodland]

But will it be like Windows, where the source provided isn't complete or compilable? Then it doesn't mean diddly for security.

Re:I'm wondering...

[waferhead]

Well, if what they modify is GPL, they don't have to worry about that, unless they are distributing their mods...

What one does in-house is ones own buisiness as far as the GPL is concerned.

Besides, all one would have to do is modify an input and output filter here and there, assuming MS source actually would really help.

Re:I'm wondering...

[Chiron+Taltos]

... 9 ...

Re:I'm wondering...

[malfunct]

They also need to hope that the non-deterministic optimizer results in the same output.

Re:I'm wondering...

[10scjed]

if you're talking gpl, they would not have to give back their modifications unless they DISTRIBUTE the code (my understanding, im sure i will be corrected shortly if i am wrong...), to make internal-use modifications is under the radar, so to speak.

i dont think that MS will give them modification rights, usually its view only access they give out, so i dont think anyone will be allowed to extend or even patch the code, just see the holes and try to mitigate the vulnerabilities.

Re:I'm wondering...

[iamsunilk]

Why on earth Goverment fear about Licencing terms. if a government want to publicise the code at there will once the code is at there hands.

Re:I'm wondering...

[SpaceLifeForm]

It doesn't matter if they compile the code, and it works. It doesn't matter if the binaries match. It doesn't matter that inspection of the source does not reveal any security problems.

The bottom line is that they will never see all of the source, so there is no way to verify that lower level DLLs don't have security issues/backdoors.

This entire 'handout' from MS is nothing more than a ploy to taint those reviewers, and to hopefully lock those governments into MS.

Re:I'm wondering...

[Coryoth]

Sure there is the free MS Word Viewer, though that only says it supports MS Word 2000 and doesn't mention WinXP. So it may or may not work.

Rather more significantly (for me, and many others) it is only available for Microsoft operating systems. That means the "free viewer" is useless to anyone using a Mac, Linux, BSD, Solaris, or any of a number of other operating systems. Yes, they're all small percentages of the market, but according to Google by the time you add all those up, you're looking at almost 10% of the desktop market. That's a pretty significant chunk that you've just relegated to being completely unable to read Word Documents properly.

Jedidiah.

Re:I'm wondering...

[smittyoneeach]

Wow. Great link.
Even assuming no Trojans in the compiler source, what if there is a prophylactic patch to an executable, applied later?
Time to stock up on tinfoil hats...

Re:I'm wondering...

[BeerCat]

Unless things have changed in the last few years when I was involved with computer security, governments don't do their own security testing. That's what evaluators are for. In the UK, there are only 5 licenced evaluators, who will look at both commercial and government written code.

So, giving the source only to governments gives a good sound bite, but little actual usefulness (unless said governments are allowed to pass the source to evaluators)

Re:I'm wondering...

[7-Vodka]

Well then explain to me why one night when my russian friend wanted to drink really fast he blurts out:
"Jood, just inyecht it into my weins!!"

Re:I'm wondering...

[Slime-dogg]

If you've ever spoken with a native Russian speaker, you'd realize that they're 'v' sound is extremely soft. So soft, in fact, that it sounds extremely like a 'w.'

Re:I'm wondering...

[ESqVIP]

More like an object-oriented toilet.

Re:I'm wondering...

[Slime-dogg]

What legal system would they use? Right... the one in place under the government that MS would be sueing.

The U.S. doesn't have jurisdiction in other countries' governments, with exception of the retards sitting in Australia.

Re:I'm wondering...

[AstroDrabb]

Your preaching to the quire brother : )

Linux is my primary desktop. I was just trying to make a point that the free viewer is not very useful and with your additions, even less so.

Re:I'm wondering...

[rm+-vrf]

Not sure, but it sounds like Monty Python (the roman emperor in The Life of Brian).

Re:I'm wondering...

[Minna+Kirai]

The U.S. doesn't have jurisdiction in other countries' governments

Tell that to "sovereign" Iraq.

Re:I'm wondering...

[LousyPhreak]

i really dont want to dampen your enthusiasm, but wasnt the windows source code available to gouvernments and selected companies?

it was even given to the chinese government and didnt leak until very recently... so somehow it seems microsoft hast quite some control over the source they give out.

Re:I'm wondering...

[Piquan]

Another data point regarding this:

A couple of years ago, I was at Defcon. A Russian gentleman started his talk, when he was interrupted by the man who organizes Defcon. The speaker was asked to say "nuclear wessels". The speaker was clearly confused by the request, but the organizer persisted. I doubt the speaker knew what he was saying: he was working from a script that he'd prepared before, and obviously was not able to speak conversational English, let alone understand "nuclear wessels". Finally, after much prodding, the speaker said "nuclear wessels" into the mic, with a very confused expression on his face. The organizer sat down and the talk began.

The next day, that speaker was arrested. I keep wondering if he considered that the two events were somehow related.

Of course, now we all know that Dmitri was in fact arrested for a DMCA violation, but until somebody explained that to him...

Re:I'm wondering...

[lousyd]

It doesn't need to actually leak out. Someday, mark my words, Microsoft will be claiming that some kind of source code made its way into an open source program, and this code release is the card they're playing to make that future claim more plausible.

Oh, and... 8.

Re:I'm wondering...

[GileadGreene]

choir

Re:I'm wondering...

[bubkus_jones]

Star Trek IV: The _VOYAGE_ Home
You, are not a geek.

Re:I'm wondering...

"This entire 'handout' from MS is nothing more than a ploy to taint those reviewers, and to hopefully lock those governments into MS."

Well, it can be even more than that, if needed.

There will be a day, and I hope it will be sooner than later, when software producers, at least privative license ones will be liable for clear defects on their software. When that day comes, and (put here your favorite USA's friend government) tries to ask for resposibilities to Ms, Ms will say "Hey! you can't blame *me*! you did audit *that* code too!"

Re:I'm wondering...

"I think all governments should stick with an open doc format like PDF"

PDF is really a bad format to choose, being no better than say, PostScript. When you maintain tons of documents you need "semantic" access to them. With paper documents you can have immediate access to their meaning by using your "hardware" eyeballs to read them. Of course you have then the problem of its storing, indexing and retreaving. Electronic documents dramatically reduce the by-volume storing problem, but can make really dificult the problem of restoring (who really can expect to retrieve a Word 97 document by year 2085? still your Constitution Act can be read by any child being much older). An open format *with an open implementation* is a must in order for these electronic documents to be retrieved on the long future, if that's needed. On the other hand, as many USA public agencies know quite well, it's format should be easily reproductible, auto-defining, and sematically-oriented (versus presentation oriented), so current and future automation tools upon the contents of that documents can be deployed (for indexing, migrating formats, remixing...). And that points directly to SGML implementations and, currently, XML-based ones. I really don't know that much about OOo/KOffice XML format, but probably is a much much much better candidate (or, at least, being an open format on open implementations, it can be done so) that presentation-wise formats like PDF or PS, specially if there's no open implementation (look at the fate of RTF for instance).

Re:I'm wondering...

[AstroDrabb]

Thanks, I also mess that up. I don't know what I was thinking : )

Re:I'm wondering...

[lachlan76]

Like I said, breathe the right way.

It is also dependant on your karma ;)

Re:I'm wondering...

[randomblast]

It's from one of the original-series Star Trek films, the one with the aliens that want to destroy earth because they can't find any whales.
Chekov's wandering around somewhere in San Francisco in the mid-80's or something, asking random people where the keep their "nuclear wessles" with a Russian accent.

lol

Let's see the Anti-MS crowd flip this around. Because you know they can and will.

Re:lol

So far we've got:

Checking the code will waste taxpayer money.

It's only to going 30 governments.

It's so complicated they'll be afraid to change anything.

It's so complicated they'll be unable to understand it.

OpenOffice has been giving their code away forever.

This won't include all the code.

They won't release any of the code.

This is just a ploy to get these governments to switch to MS products.

MS is getting the governments to bug check their code for free!

Re:lol

[tomhudson]

It's so complicated they'll be afraid to change anything.

Without all the source code, how would they be able to change anything?

It's so complicated they'll be unable to understand it.

Again, without all the source, how can you even do a proper analysis?

# This is just a ploy to get these governments to switch to MS products.
# MS is getting the governments to bug check their code for free!

Ah, grasshopper, you learn quickly :-)

Interesting

[StateOfTheUnion]

Interesting . . . wonder how long it will take to leak out of one of these offices and wind up on file sharing sites?

Re:Interesting

[blowdart]

If it's anything like the windows code that got leaked, it will be watermarked, so it can be tracked back.

Re:Interesting

[cermanius]

Then I wonder how long after that happens that M.S. starts whining like a baby and takes all the code away from everyone.

Re:Interesting

[EvilGrin666]

how exactly does one watermark code?

Re:Interesting

[Lumpy]

that would be devastating.

Any of these "governments" will have a hard time getting competent coders to look at the code, as the second you do, you become "tainted" and pretty damn unemployable. Microsoft would love to be able to play the lawsuit card on any company that hired someone that ever saw that code... ESPICALLY if they worked for a company making software that interoperates or is even remotely similar to Office.

Having access to any of Microsoft's source code is the poison/suicide pill for any programmer in today's sue, sue, sue litigation is business as usual environment.

Re:Interesting

Knowing Office formatting, they can change constant definitions slightly on each release of the code.

Re:Interesting

[SirGeek]

Interesting . . . wonder how long it will take to leak out of one of these offices and wind up on file sharing sites?

Just wait for it to get to Los Alimos, it will dissapear from them quickley enough...

Re:Interesting

[1u3hr]

Having access to any of Microsoft's source code is the poison/suicide pill for any programmer in today's sue, sue, sue litigation is business as usual environment.

They won't be in America, probabaly working for the local equivalent of the NSA. Or if they are seconded from the private sector, good luck for MS proving that any code they write was "tainted". Unless it's a cut-and-paste job, like the Chinese compnay that copied a bunch of Cisco's code, they won't get anywhere in court, or even get a court to hear them, in most countries.

Re:Interesting

[AstroDrabb]

If it's anything like the windows code that got leaked, it will be watermarked

Huh? Where did you get that from? Exactly how does one watermark a plain text file?

#include "windows.h"
int main(void)
{
RunWinders();
return 0;
}
/* this is the MS WaterMark (tm), do not remove */

Re:Interesting

[WebTurtle]

Maybe it also explains the provision in their agreement with SUN that allows MS to sue them over StarOffice/OpenOffice.

Regardless, it's ominous for OSS/FS and programmers who might work on similar projects.

Office software project maintainers need to be very careful about what contributions they accept from now on. They need to be sure to vet the sources contributing the code and document all contributions and the name and contact info of the contributor, perhaps requiring the contributor to sign some legal statement affirming the code they are contributing is all original or otherwise free code.

Re:Interesting

Why is this necessarily true? Unless you signed an NDA, I don't see how your code, assuming you actually wrote it and didn't copy it outright, would be tainted. Copyright protects a specific implementation, but you can't copyright an idea.

On the other hand, if the idea is patented, it makes no difference what the source of the idea was, you can't use it period. Most patents have some kind of external manifestation anyway, so most patented ideas could be inferred just by looking at or using the final product, nevermind the source code. From a patent point of view, just using the product would probably "taint" you more than inspecting its source code.

Writers don't avoid reading other people's books for fear that their writing will become "tainted". That's ridiculous. The way they learn how to write well is exactly by reading other people's books.

Re:Interesting

[JohnFluxx]

I've been thinking about this for a while.

You need to modify the source code for each copy - renaming variables, changing comments, etc.

Unfortunately, I can't work out the math to determine how many modifications you need to ensure that any combination of released sources and diffing between them will still reveal which sources were leaked. I suspect it's (N^N)-1 modifications, but can't think it through :(

Re:Interesting

Unless you signed an NDA, I don't see how your code, assuming you actually wrote it and didn't copy it outright, would be tainted.

if you painted a house aqua green and then a local billionare artist sue's you for psinting your house aqua green because it's an infringement on his art because you saw his aqua-green house because it's down-town and you have to drive past it every day.

his justification? you saw his house and stole his idea to use aqua green. Even though they sell that paint color down at the paint store, and you used a different color of paint.

He has a holy-crapload more money and resources than you ever could have even in your wildest dreams. are you ready for a 1.2Million dollar lawsuit that will take about a year of your life? Or are you simply going to roll over like a good doggie and obey.

Betting that you don't have 1.2 million dollars to blow on a lawsuit, so you have no choice but to listen to your new master.

do you understand now? This is how the US court system works. he who has the most money wins.

Truth and Law has nothing to do with it.

Re:Interesting

[AstroDrabb]

Most people wouldn't take the source code and use it. They would take it to _learn_ about the different protocols, specs and document formats that MS keeps locked up. Then you can do a "clean" implementaion on your own. Though it technically wouldn't be "clean" since you looked at the other code, but who would know right : )

Re:Interesting

[shutdown+-p+now]

Whitespace and formatting style in general. Slight changes in local variable names. Some random NOPs scattered throughout the code. Many possibilities...

Re:Interesting

[timmyf2371]

Presuming the code will have variable strings in at least some if not all of the files, it could surely be a case of simply changing the variable names in several locations and it could be determined that way where the leak came from.

Re:Interesting

[glyph42]

Source code watermarking is a hot research topic. You do it by inserting *logic* into the code, not just text. The logic, thanks to the hardness of SAT, can be constructed so that it is nigh impossible to see which parts will be run and which will not. Thus it becomes impossible to remove the logic, even for a nice optimizing compiler. There are side effects built into these bits of code, such that no matter how it is modified, rearranged, and compiled, the side effects can be read (by you, the programmer) to identify which copy of the source code it comes from. Of course, the code will become somewhat obfuscated and difficult to read, but hey :P There are tools already available for watermarking Java.

Google for: "source code" watermarking filetype:pdf

Re:Interesting

[WhiteDeath]

What if software companies start requiring new programmers to sign something to declare they had never worked for or seen code from companies or software that was not open source?

That would definitly bugger up any chance of programmers moving from one closed source company to another - but it would force everyone to start developing OSS, because all programmers working for closed source outfits would be tainted, and thus un-employable by anyone else (and who would want to take a job that guaranteed they could never get another job in programming?).

sometimes great advances come from the stupidest things :)

Re:Interesting

[Destoo]

Version 1:

#include "windows.h"
int main(void)
{
RunWinders();
return 0;
}

Version 2:

#include "windows.h"
int main(void)
{
RunWinders();
return 0;
}

Then a version with tabs.. and stuff like that.
And pass each section through some sort of CRC checks.

Easy to find if you get your hands on two versions leaked. But what are the odds of that happening.</sarcasm>

Re:Interesting

[ajp]

If this were true then not one person who previously worked at Microsoft would ever be able to work anywhere else. Rob Glaser, for example, who left Microsoft's media division to open up Real Audio.

Thank you. Next?

Re:Interesting

if Rob worked on the windows media player then he certianly would not be able to even a blind man can see that.

Thank you. Next?

Re:Interesting

[ajs]

It's much easier to just add whitespace at the ends of lines. There's software out there that hides text in source code by doing this. Bottom line: if you get source from MS, don't give it to anyone else unless you're unafraid of being fingered as the one who did it. There are DOZENS of ways to embed IDs in code (changing variable names, subtle differences in whitespace, bury an ID in an include file somewhere, encode it in filenames, switch which files constants are defined in, etc, etc.) If they're smart (and while MS may be large and unscrupulous, we should give them credit for being smart), they'll use several of these techniques at once.

Re:Interesting

Though it technically wouldn't be "clean" since you looked at the other code, but who would know right : )

That's why you get the person who has seen the code to write all the specs and get someone else who has not seen the code to write the actual code.

Re:Interesting

[mattdm]

Source code watermarking is a hot research topic. You do it by inserting *logic* into the code, not just text. The logic, thanks to the hardness of SAT, can be constructed so that it is nigh impossible to see which parts will be run and which will not. Thus it becomes impossible to remove the logic, even for a nice optimizing compiler. There are side effects built into these bits of code, such that no matter how it is modified, rearranged, and compiled, the side effects can be read (by you, the programmer) to identify which copy of the source code it comes from. Of course, the code will become somewhat obfuscated and difficult to read, but hey :P [....]


Greaaat. That'll make the security audits even easier, I'm sure.

Re:Interesting

FUD

that is patently untrue that you will become unemployable.

how much are you going to remember 10 minutes after leaving the secure room?

how about 2 years later.

Re:Interesting

[passion]

...in other words, steganography.

Re:Interesting

[jrockway]

for i in *.c; do perl -e 'while(<>){ s/\W//g; print; }' > $i; done;

Re:Interesting

[jrockway]

DAMN! I AM BRAINDEAD. That needs to be cat $i | perl ... > $i or perl < $i > $i . Oh well. You get the point. Delete the whitespace.

Re:Interesting

[ajs]

One more thing... your code is REALLY buggy. It just hangs on the first file (after truncating it). I assumed you meant:

for i in *.c; do perl -i.bak -ple 's/\s+$//' $i ; done

Right?

Re:Interesting

That's the whole fucking point. He worked in their media division. On codecs. Rob is a direct counter-example to the kind of bullshit the start of this thread was throwing around.

Re:Interesting

[pommiekiwifruit]

A trivial example I posted 15 years ago is by ordering the definition of global functions. If you have n functions in a file then you have n! ways of ordering them (assuming they are all prototyped correctly).

Re:Interesting

[SewersOfRivendell]

So Rob Glaser had access to the source code for Windows Media Player? Interesting. Are you sure?

Re:Interesting

[d_jedi]

That is pure FUD. Have you even seen the NDA Microsoft makes you sign to view the code? No? I thought so..

Re:Interesting

[AstroDrabb]

But that is assuming that the person who gets your source code just wants to copy-n-paste it into thier own project. Not very smart IMO. The real benefit would be to see how someting is done. That could cut out tons of reverse engineering. Maybe a competitor wants 100% MS Office compatibility or specs for different MS proprietary protocols. Just learn from the source and write your own. There would be no way to track that. No plain text watermarking would work.

The only thing that "watermarkign" source would do is as you pointed out. Say if MS gives their source to 30 different governments. They could have different versions that just change trivial things like #include orders, local variable names, etc. Then if there is a code leak, it would be easier for MS to find out what government did the leak.

P.S. How do you get spaces to stay in code examples on /.? <ECODE> removes all that when I try.

Re:Interesting

[AstroDrabb]

That only helps if someone what to actaully copy-n-past the source code. What if a competitor only wants to learn from it to save from reverse engineering? Say someone wants 100% MS Office doc compatitibliy or MS Exchange protocols or any of the other stuff MS keeps locked up? No watermarking is going to stop that. I don't think most legit companies of good size putting out products would risk a copy-n-paste job of source code from any competitor. It would be far too easy to find and put a stop to.

Re:Interesting

[AstroDrabb]

See my other post. But I agree that it would work pretty well to find out _who_ leaked the code.

Re:Interesting

[Coryoth]

What's with the for loop? Given that you're using -i and -pe you may as well just do

perl -i.bak -ple 's/\s+$//' *.c

Which will do exactly the same thing.

Jedidiah.

Re:Interesting

[SilentChris]

"Having access to any of Microsoft's source code is the poison/suicide pill for any programmer in today's sue, sue, sue litigation is business as usual environment."

Wow. Falsehoods, meet FUD and alternate reality. "Charmed."

Re:Interesting

[rocket97]

Los Alamos... not Los Alimos

Re:Interesting

Rob Glaser, for example, who left Microsoft's media division to open up Real Audio.

hmm, ws Real started onlyu a few years ago? no.

Glaser was the archetypal Microsoft employee: supersmart and hyperaggressive. Glaser quickly became a star. He worked on Microsoft Word, moved to the company's networking group, and eventually became vice-president of the multimedia systems group. He quickly worked his way up the ranks. Bill Gates even threw his bachelor party.

After 10 years at Microsoft, Glaser walked away from the company a wealthy man, took some time off, and then in 1994 founded Progressive Networks which became Real Networks.

He had NOTHING to do with the media code. he was a VP someone that doesn't do crap in the coding.

Therefore cince he did not work on the code and did not go to a company writing code but to act as management hiring people for his new company.

nice way to make up crap, A code monkey in the trenches and a VP are two different things. I suggest you learn that.

Re:Interesting

[pommiekiwifruit]

Or if some small software company wanted to obtain a poor clone (QDOS) of an old version (1.4) of the dominant small business operating system (CP/M)...

Re:Interesting

dont know much about that do you.

I qoute... "Especially in November of 1998 when Microsoft announced it would be unloading their 3.3 million shares of RNWK and accelerating the development of it's own media player which would "compete" with Real Player. Real Networks estimates Microsoft made about $100 million on its investment." from an online history of real.

Microsoft was a HUGE investor of his from day one, when they decided to go it on their own they broke ties.

you do not SUE those that you give gobs of money to and invest in. any moron knows that.

Nice try, NEXT?

Re:Interesting

[ajs]

I was re-writing the gp's for loop, not golfing their code.

Re:Interesting

Rob Glaser created:
1. Software that Microsoft did not have.
2. Unlike Open Source code which MS can check, RealNetworks source code is not available for checking if copyright violations have taken place.

Re:Interesting

Lawrence Rosen's article regarding the dangers of Microsoft's shared source license are in this article: License FUD http://www.rosenlaw.com/lj8.htm This article explains why Microsoft's shared source licenses are dangerous.

World governments

I didn't realize there was even one world government. I have no idea how they could manage 30 with overlapping jurisdictions... ;)

Re:World governments

[Mr2cents]

That's why scientists are working so hard on string theories etc.. The plan is to give those new dimentions to the redundant governments and keep them all happy, and then return to daily life.

Re:World governments

[johannesg]

Actually the whole Iraq-thing is just a big inter-office dispute...

Re:World governments

[Hooya]

that's volume licensing for ya.

Re:World governments

[tonywong]

Well...Microsoft did publish "Rise of Nations."

Perhaps Bill was playing a little too much of it.

Re:World governments

Who cares about the world government. We live in the united states...

its ok, but nothing radical

[Tyndmyr]

Well, its not open source, but its probably a good move for MS. Its at least a possibility that someone will do the work of bug hunting for them.

On the flip side, how many goverments keep enough trained programmers to effectively search through so much complex code?

Re:its ok, but nothing radical

[rhsanborn]

No kidding. Is this the MS way of saying, "We can't fix this crap, so we'll leave it to you to figure out" ?

more than 30 different world governements

[Bromrrrrr]

Will the real world governement please stand up!

Re:more than 30 different world governements

[ceeam]

No, he lives on that remote planet doing basically nothing.

Spell Check for /.

[WillRobinson]

Maybe Rob could build this into the core of /. as a spell checker.

Re:Spell Check for /.

[peragrin]

What and ruin /. by teaching these kids how to spell???

If they do anything why don't they just update slashcode to be w3c complaint.

Re:Spell Check for /.

But then Slashdot would lose its comedy value.

Re:Spell Check for /.

[1u3hr]

Maybe Rob could build this into the core of /. as a spell checker.

No, this is for governements only.

Re:Spell Check for /.

[AstroDrabb]

There is already a great one for Firefox called SpellBound

Re:Spell Check for /.

[Phleg]

complaint

Without fail, whenever you make a comment on someone's spelling/grammar, you make a mistake yourself. Nice law of physics there.

Jesus

[gowen]

And exactly how many of those governments are going to waste their taxpayers money debugging the code for MS, when the license under which they've seen the code, doesn't allow them to do anything with it?

<TIN FOIL HAT>
and what happens when the members of a gov IT team that's licensed this code, then want to use and contribute to an Open Source project that better suits their needs -- hey! they can't! You've signed a prescriptive NDA!

Re:Jesus

This is a good point. Open source platforms like AbiWord present an opportunity for large institutions and small governments to cut their software licensing costs. They can pay their own programmers to adapt the application for their own use.

The lifecycle of the office apps is almost over. The featuresets have stopped growing, and the apps just adapt to the contemporary networked environment. There's little reason to upgrade the apps.

With each potential upgrade cycle, there's a greater incentive to switch to an open platform that can be customized. This move to expose the code seems to be a preemptive measure to build some lock-in with existing big customers.

Re:Jesus

[Angostura]

Precisely. It strikes me that in most cases this program will just be used to fill in the right check box on a tick list. "We can look at the source code if we want to" . Good. Next.

I doubt there will be much real examination going on.

There are numerous benefits to be gained by a programmer who examines real open source code. They can implement new features, squash bugs, tweak functionality - and potentially learn programming techniques.

The potential return on investment in time is great.

By comparison, the return on investment of examining MS code is small both to the organisation, and to the individual programmer - there is little or nothing that can be *done* with the knowledge gained. In fact the tainting issue referenced by others can even have a chilling effect on the use of *existing* knowledge.

Re:Jesus

[vidnet]

There are numerous benefits to be gained by a programmer who examines real open source code. They can implement new features, squash bugs, tweak functionality.

Are you perhaps referring to free software, rather than open source software in general?

Re:Jesus

[Angostura]

Apologies, indeed. Moreover free as in speech, rather than beer.

Re:Jesus

[Grayden]

Yeesh! You have to close those tags or this thread will never validate!

Re:Jesus

[gowen]

I haven't taken it off yet, and I'm not closing the tag until I do.

No source for you

[cermanius]

Only 30 eh? It doesn't mention anything about M.S. letting the US government see the code. Think they might still be a little bitter with that whole "You have a monopoly. We can't let you do that..." thing? Or do you think M.S. is afraid the Department of Homeland Security might issue another advisory saying that Office 2003 is insecure and everyone should switch to Open Office.

Re:No source for you

[Antique+Geekmeister]

No, they're afraid the US governmentn will run Eric Raymond's "shredder" programm and find more lovely bits of source code they've stolen, and verify that OpenOffice in fact does not use Microsoft's source code despite the lawsuits.

Re:No source for you

[infinite9]

It doesn't mention anything about M.S. letting the US government see the code.

Why would the US government want to see the code? They're backdoors are probably already in there. I suspect this is why the other 30 governments really want to see the code. It's all a joke anyway. Who knows what they're really compiling.

Re:No source for you

[Stephen+Ma]

It doesn't mention anything about M.S. letting the US government see the code.

Watch how fast this changes when the U.S. government threatens to switch to Open Office and/or Linux.

Re:No source for you

[SlashDread]

"Or do you think M.S. is afraid the Department of Homeland Security might issue another advisory saying that Office 2003 is insecure and everyone should switch to Open Office"

If the US Gov. cannot see the code than that is why the DHS should issue EXACTLY that warning.

After all, BillyG sold OBLaden that nifty "we can read your see-crets" exploit.

Or didn't he?

"/Dread"

Readable?

[Daengbo]

If the reports that I've heard are true about the code, it's so confusing that the developers are afraid to change much lest they break something. All that backward compatability screws everything up. Could the govenments make much sense of it if the MS developers are having a hard time?

Love this part:

Redmond, Washington-based Microsoft keeps its source code closely guarded, and requires any governments or companies to sign agreements not to divulge the data that is used to create its software programs.

The Linux software system, which is now a major competitor to Windows and other Microsoft products, and its source code are freely available to anyone under an open source license that guarantees that the data will always be shared.

Re:Readable?

[winchester]

The Linux software system, which is now a major competitor to Windows and other Microsoft products, and its source code are freely available to anyone under an open source license that guarantees that the data will always be shared.

And this is exactly the one reason the majority of the open source community overlooks and this is exactly why open source is so important to the world. This should be a prime motivation for using open source. This, and the use of open standards of course.

Re:Readable?

[Daengbo]

I feel like elaborating on this quote a little. OMFG -- It's a press move by MS, and Reuters ... Reuters ... prints a story which will probably be picked up verbatim by many newspapers mentioning that Linux already does this, and does it better.

I'll say it again... OMFG!!! What is the world coming to?

Is the govt. of Slashdotia included ?

[DrSkwid]

Because then we too can have the benefit of a world class spell checker

"30 different world governements"

Re:Is the govt. of Slashdotia included ?

I think a logic checker would be more useful.

"30 different world governements"

Re:Is the govt. of Slashdotia included ?

[DrSkwid]

lol, yeah I didn't even notice that part

I for one welcome our 30 new MS source code reading overlords

In related news...

[dpoulson]

Programmers in 30 countries all seem overcome by fits of laughter.

Re:In related news...

[bsodbsod]

What is this? We have to pay for Office and then spend our time to fix their security bugs? Be a company about it and fix your own bugs thankyou.

Clippy

clippy() {

if (disabled == true) {<br/>
disabled = false;<br/>
annoying_interrupt();<br/>
random_cr ashes();

}

Re:Clippy

[shutdown+-p+now]

Yeah, well, that would be a killer if we had to compile MSOffice from the source (as us poor Gentoo souls do with OpenOffice). Why? That just won't compile, because you've missed a closing brace...

Re:Clippy

Yeah, well, that would be a killer if we had to compile MSOffice from the source (as us poor Gentoo souls do with OpenOffice). Why? That just won't compile, because you've missed a closing brace...

Yeah well I also arsed up with the br tags being left in because I used ecode (slashcode's version of pre) tags and I put a space in the middle of a method name... blah blah... I couldn't check compiler errors on /. :-(

Re:Clippy

[electrichamster]

If you're compiling openoffice from source on gentoo I consider you to be a bit of a muppet, there are openoffice-bin ebuilds for a reason you know ;)

Re:Clippy

[the+Hewster]

if (disabled == true)

The most annoying part of your code is not that it enables clippy (although...) but it uses a negative expression (disabled) for the name of a Boolean. Very annoying.

Re:Clippy

[yo_tuco]

I think their Clippy() routine is more like this:

<snip>
int Clippy(int *clippy_active) {

static int auto_activate_clippy_count = 0;

if !clippy_active {
*clippy_active = true;
auto_activate_clippy_count++;
}

/* Clippy script routines */
switch (auto_activate_clippy_count) {
case 0:
ClippyBeCute();
ClippyActCute();
ClippyFlirtWithUser();
ClippyHelpUser();
break;
case 1:
ClippyRemindUser();
ClippyStillBeNice();
ClippyActCute();
ClippyHelpUser();
break;
case 2:
ClippyTakeControl();
ClippyActTuff();
ClippyBeAnnoying()
ClippyOfferNoHelp();
break;
default:
ClippyBePissedOff();
ClippyBugTheHellOutOfUser();
ClippyInterfereWithWork();
break;
}
}

Re:Clippy

[shutdown+-p+now]

There are no binary ebuilds for openoffice-ximian-1.3.x

Sounds more like a nefarious Microsoft plan:

[MurrayTodd]

1. We give source code for Office 2003 to more than 30 world governments.
2. They show their brightest computer programmers this code.
3. Trying to comprehend the source (written in typical Microsoft Quality) the programmers' heads implode, causing death within 2 hours.
4. With all the programming talent taken care of, we get all the world governments to outsource their internal I.T. operations to us.
5. We take over the world!

Re:Sounds more like a nefarious Microsoft plan:

[stupid_is]

you forgot:
...
6. Profit!

Re:Sounds more like a nefarious Microsoft plan:

[thetroll123]

the programmers' heads implode, causing death within 2 hours.

2 hours seems like a long time to hold out with an imploded head...

Re:Sounds more like a nefarious Microsoft plan:

You seem to forget that these are Windows-capable programmers we're talking about. An imploded head is like a hang-nail to these dudes. If they scrambled a brain cell their problems won't show until the other brain cell gets lonely.

Bet this doesn't include . . .

[acceleriter]

. . . the DRM components and the secret file format parsers. Besides, all those governments, if they're that paranoid, should each worry about the other twenty-nine governments that will all have access to the supposed source.

I'll believe it when the government of Randomistan announces that they received the source code and build tools, and have compiled a version that bit-for-bit matches the retail CD.

Re:Bet this doesn't include . . .

[IamTheRealMike]

The so-called "secret" file format parsers aren't really secret at all, you can license the specs from Microsoft if you have enough $$$.

The main problem is that they come with lots of nasty license clauses that prevent you from redistributing the knowledge and such, so it's not helpful for open source projects.

Hmmmm, doubtful

[rpbailey1642]

I have my doubts that MS is really going to do what it states it will. It'll probably release some code, of that I'm sure. But, my gut tells me it will be non-important code. Who is going to know? Odds are their document formats and their proprietary secret stuff is still going to be hidden. Sure, we'll have the code to see how to finally axe Clippy, but we won't be able handle Word Documents any better.

My glass is just half-empty, I guess.

Some questions not answered in the article

[StateOfTheUnion]

Are any of these governments already using open source technologies? I wonder if this effort is to get governments to switch back to MS products or only to prevent others from joining those that have already defected from Microsoft's empire . . .

Alos, are any of these governments developing countries? Or southeast Asian? In other words is Microsoft entrusting the code to any governments that seem to take a blind eye to software piracy?

Re:Some questions not answered in the article

[Shimmer]

I think the answer to your second question is certain to be no. Microsoft is perhaps evil, but not stupid.

Will They Understand It?

[Azghoul]

Do 30 different world governments employ programmers who can understand this junk? What are they going to do with the code, exactly? How much money will be wasted around the world?

What a waste of time, but gotta give it to 'em, it's an interesting PR move.

Good Start

[nathanh]

A marathon starts with the first step.

I wonder if governments will be permitted to publish documents describing the file formats? If so, this could be the biggest benefit of the source code being made available to them.

But wait!

[netsharc]

Didn't MS say, if "hackers" can see the code, it would be easier to write exploits for it? Why are they exposing their own code then?!?

Re:But wait!

[zoeblade]

Didn't MS say, if "hackers" can see the code, it would be easier to write exploits for it? Why are they exposing their own code then?!?

Because they know it's FUD, because they're the ones who made it up? I seriously doubt they expect the code to not be leaked.

I hope Sealand is one!

nt

~~~

Waste

[kn64]

While I'm sure it would make it easier for governments to find security flaws, I don't think that goverments will see any benefit in hiring teams of people to hunt for bugs to save MS a few bucks.

Re:Waste

[LiMikeTnux]

"I don't think that goverments will see any benefit in hiring teams of people to hunt for bugs to save MS a few bucks."

erm, ms was never going to fix those bugs in the first place, so how can it save them money? ;)

lame

[SQLz]

Its not open source. Whats so great about doing Microsoft's work for them and getting nothing in return?

This is a good thing

[hfis]

With all due respect (cough) to you MS bashers out there, this is a good thing and I don't believe MS should be given a bad rap for it.

Isn't one of the main arguments against Windows that its closed-sourcedness makes it harder for security holes to be found and fixed? To me, it looks like Microsoft has taken the first step in recitfying this problem.

Another SCO?

[iammrjvo]

When (not if) the source code is leaked, then how long will it be before MSFT claims that office code was integrated into OpenOffice. How much in royalties will they demand?

Is this a preemptive legal defense strategy?

[StateOfTheUnion]

After thinking aoubt this for a while I think that it may be a brilliant strategy on MS's part . . .

If the government of a country has the source code of the software to examine for security flaws, doesn't this give MS a defense against liability from future lawsuits? For example, if the UK government gets to inspect the source code, continues to use MS-Office, and then has a major problem due to hackers hacking MS-Office; MS can say that the software was given a clean bill of health by the British government, so MS shouldn't be held liable.

I know that no defense is necessarily bulletproof, but this is just going to give MS's legal dept. more ammunition so that that MS can get away with writing sloppy code and not be found as grossly negligent.

Re:Is this a preemptive legal defense strategy?

[sw155kn1f3]

I think that "limited liability" is already stated in EULA. Why do you think nobody sued MS or other software giant for bugs/exploits?
And that's a good thing actually, because it's market force in action, not freaking lawsuits (If the software is buggy - just stop buying. Simple).
The least of two evils.

Re:Is this a preemptive legal defense strategy?

[maximilln]

I know that no defense is necessarily bulletproof

The EULA defense has held up pretty well. The only way to call an EULA into question is if it involves death or dismemberment. Outside the realm of physical human mutilation it seems the concept of product quality and false advertising holds no water once the product is purchased. I guess they get around false advertising by carefully not including any real information in any advertisements.

Living in a world with Microsoft is like living in a world composed entirely of beautiful women--who are all 100% psychotic. Oh wait...

Re:Is this a preemptive legal defense strategy?

[oneandoneis2]

If the government of a country has the source code of the software to examine for security flaws, doesn't this give MS a defense against liability from future lawsuits?

No.

For example, every medical product sold in America & the UK has been cleared by the very stringent government regulations. People are still able to sue if they have an adverse reaction to those same products.

So the fact that SOME of the source code has been LOOKED at by the government won't offer the slightest defence against lawsuits. If "The government says its okay" was a valid escape clause, lawsuits would probably be halved at a stroke.

My Q(s) is/are...

[danalien]

* what's "_most_" of the src(s)?

• /* Quote [emphasis added]: "The new initiative is an extension of Microsoft's Government Security Program, which allows the governments of more than 30 countries to examine
• most of Microsoft's underlying source code, or software blueprint for its flagship Windows operating system." */

* what is 'required' to agree beforehand with? ..and how will this agreement effect ones ability to work (with other 'source code(s)') in the future to come?

• /* Quote [emphasis added] : "Redmond, Washington-based Microsoft
• keeps its source code closely guarded, and requires any governments or companies to sign agreements not to divulge the data that is used to create its software programs." */

And just how many of these unnamed governments

[achurch]

. . . have people with the expertise to actually check the MS Office source for security holes? Especially given how (probably) huge and internally messy that source code is? (The OO.o 1.1.2 source, which is probably on the same order of magnitude, is over 200MB--compressed.)

Re: Goverment programmers gets tainted?

I'm wondering if this is a sinister MS plan to taint government programmers?

Will any Open Source project be able to accept code from a programmer that has signed a NDA and seen Microsoft code?

This "offer" seems like a cup of sugar with a teaspoon of poison...!

Another Alternative

[wackysootroom]

Why not go with an open source product that has already been audited for security holes by the general public.

Why waste goverment money when there are free alternatives?

Re:Another Alternative

Waste not. Want not. Shovelfuls. Into the bit-bucket. Suddenly. It's brilliant. Have others paint the fence. Free. Illusory. Similar to, ownership of a computer...hmm ? Or, as telling as the the cofounder of Symantec now comfortable as the Chief Executive Officer of Clarion. Why not go with an: Open-Sourced Product ?
You've literally taken the words out of Microsoft's Office.

Office 2003 Espionage?

So what happens if say North Korea gets the source and finds security flaws but doesn't tell anybody then uses those flaws to exploit USA government workers?

Should speed the adoption of OSS

[onlyjoking]

Let M$ delude themselves into believing this will alter a jot. They're so blinkered that they think this kind of thing will turn government IT depatments away from OSS. Hah! It'll probably convince them to accelerate the transition to OSS once they realise what crap is inside that black box called Office and how, even with the code visisble, their hands are tied.

Every move M$ is making right now (Longhorn, DRM etc.) gets me excited about how many more users they're driving to towards OSS.

Re:Should speed the adoption of OSS

[hfis]

Microsoft: We don't feel like releasing our source code. Security stuff, y'know?

LiNuX_ZeAlOt666: wtf taht is fkcued man dont u care about teh SECURITY????? how can we fix ur security holez without teh source????????111/1

(Time Passes)

Microsoft: Ok, we did a bit more thinking, and have decided to release some of our source code to help improve security, just like you OSS chaps have been suggesting all along.

LiNuX_ZeAlOt666: lol fag u suk
--
They just can't win, can they? Man, this inane shit is starting to sicken me..

Re:Should speed the adoption of OSS

[stealth.c]

Well you gotta admit, the history of MSFT makes it awfully hard to trust ANYTHING they say or do.

So wait...

[mozingod]

They want their customers to find their own bugs? Like "hey, we know it's bug ridden and we're admitting it by giving you this, so you find the damn bugs if you're so worried about them". I hope car manufacturers don't follow suit and start making customers fix their own car that's still covered under warranty. "We're not worried about the loud banging sound under the hood. If you are, here's a wrench, have at it".

Taxpayer Source instead of Open Source

[StateOfTheUnion]

So I guess Microsoft is going to use "Taxpayer Source" to compete with open source . . . in other words, have "taxpayer funded government-paid" people find security flaws in Microsoft software so that Microsoft doesn't have to pay its own people to do it.

Sounds like a sneaky way to get a subsidy . . .

Don't Look

[suezz]

If anybody develops for OpenOffice or any other office suite I would not even get in the same room as the code. If you look at the code and develop for OpenOffice then Microsoft will probably come after you saying you stolen their code because you read it and it gave you the ideas and means to do the programming. Be very, very, very careful - why would a proprietary company want people to see it's secrets that has been its cash cow for the past 4 or five years. I think they are gearing up for an attack on open office - now that we have seen part of the agreement between sun and them - why would open office even have to be mentioned in the agreement - it has nothing to do with them. I smell something rotten in denmark.

Re:Don't Look

[Seahawk]

I smell something rotten in denmark.

Sorry - didnt meen to fart!

Indeed!!!

[burnttoy]

Why should my tax pounds go to debug MS Windows? If the government wants to spend money on software projects they'd be better off building their own infrastructure designed to be used by and for the people. MS should debug their own software using the money I forked out to buy it. I'm DO NOT want to pay twice.

If this were MS's real reason then they could just provide all of with the source code to any hackers who wanted to look for holes (or... shudder... even a free (as in beer) license). It is protected by copyright in the same way as the OS or apps are. It is easier to copy a CD than recompile the Office CD I suspect!!!

There are so many tin foil hat answers to this it is mind boggling. How long before we see real improvements then?

Tax-Paid for Labor

[deathsyn]

Looks like MS just found a nifty way to get free (to them) debugging for their code. And what's even better is, EVERYONE else pays, because the time it takes to examine the code has to be paid for, and its coming out of YOUR pocket. Fun fun fun!!

Code Flashing

[webzombie]

Show'm the code...

Get'm to sign LONG-TERM usage agreements

Go back to Redmond and continue working on the real code!

Speaking of code... wouldn't it be a blast if one of those "worlds" governments propellerheads found proprietary code or IP in MS's code!

I hear the hounds a howl'n!

Re:Code Flashing

[lowe0]

On the other hand, wouldn't it be hilarious if these governments combed over the source and found no IP violations?

Lawsuits to follow

[walterbyrd]

That's exactly what I was thinking.

If I was a software developer, I wouldn't want to go anywhere near that code. You can be sure that anybody who views this code will no longer be able to work in software development. After you view that code anything you write that works with msft files, will be considered a stolen idea.

Besides, who needs it?

Re:Lawsuits to follow

[fishfinger]

I completely agree.

Given the current situation with software patents, I (as a software developer) wouldn't want to look at any commercial code!

Re:Lawsuits to follow

[SilentChris]

"When (not if) the source code is leaked, then how long will it be before MSFT claims that office code was integrated into OpenOffice."

Because we all know with the NT/2000 source leak they immediately litigated against Linux. Next.

some questions...

[tobi-wan-kenobi]

i wonder how long it will take to figure the average software analyst / programmer, to understand the code that is released. i mean, the code-base for an office suite is bound to be enormous.
plus... what is the actual outcome supposed to be? will some government-sponsored IT professional point out "this and that is not secure, not reliable, not interoperable" and MS will change it? or is it like "hey, that's fine (and i am not sponsored by MS), everyone should prefer M$ office over Open Office, now that i have seen the revela.... ehm... source-code)"?

someone pointed out that MS might take this as a starter to label itself as "Open Source company", which i personally believe to be utter nonsense, why should MS try to appear as supporter for something it fights with all its power (and money)? i do not think this is what they are aiming at.

summarized, my believe is that the outcome will be an IT "professional" for every participating government feverously pointing out the superiority of MS Office over any other product, proved by source-code examination that cannot be verified or counter-proved by anyone who has not agreed to a NDA.

Re:some questions...

[thegnu]

>>>i wonder how long it will take to figure
>>>the average software analyst / programmer,
>>>to understand the code that is released

That's why at Microsoft we use Microsoft Visual Studio (C)(R)(TM), with its extensive help features and standards-compliance with commenting tags, it makes coding easy for everyone!

*hacks*~

Re:some questions...

[tobi-wan-kenobi]

good, but try reading into such an enormous project, it will take time, a whole lot of precious time, to grasp the functionality, no matter how well documented and commented it is (which it is, i have no doubt about that)

Wearing my tinfoil hat and...

[presarioD]

... running naked up and down the corridors screaming:

The monster has capitulated, the monster has capitulated!!!!

Ahhh don't you love Linux?

Smoke and mirrors

[Slinky+Saves+the+Wor]

This is basically a load of crap. Why? Well...

If you cannot compile the given source to a fully working Microsoft Access (or whatever source is provided), how can you be sure that the program you buy from the store contains the same source code?

You can't, since you most likely can't compile the given source, and keep on using that compiled version!

This is just smoke and mirrors. Now Microsoft can say their code has been provided for auditing by some instance, so it's got to be safe. However, there is no guarantee that the defects found will be fixed at all, and that the fixes will ever be found in the actual product. There is also no guarantee that the software you obtain from the store is the same as that for which the source was provided.

You can easily implant backdoors to the supposedly "audited" source code: just don't give the newly modified source code with the backdoor back to auditing...

Re:Smoke and mirrors

[matthewg42]

Also, if you cannot compile it, you will have trouble doing basic code auditing, like checking for buffer exploits. Sure, you can try to trace a million lines of code, but without those missing bits, it's a pretty fruitless exercise...
I wonder if the NDA will have a "No laughing" clause... ;-)

Re:Smoke and mirrors

[slashname3]

I also suspect that if you did find a bug in the code you would be prevented from telling anyone about it. And since you probably can't compile it anyways you won't be able to fix it yourself.

Sounds like a semi-clever move by MS to taint as many organizations as possible to make sure they are locked into buying MS products. Pure and simple.

Inspect MS' code?

Why bother? Why would anyone want to work for MS for free?

Allowing you to see bits of the code does not change the fact that MS owns all the rights to it and you still have to pay for MS Office.

If one wants to inspect Office code, OpenOffice is much better way to go.

how to adopt MSOffice2003 formats

[linuxislandsucks]

Its simple download OO at:

http://www.openoffice.org

and best bet no security flaWS!!!!

Re:how to adopt MSOffice2003 formats

It's never wise to claim something has no security flaws. Can you point to a comprehensive OOo audit?

Looks like MSFT will soon have 30 to point to, for free...

Skip it!

[brianjcain]

Just inspect the source of OOo instead.

MS are hypocrites, claiming that Open Source is a problem, yet trying to reap its rewards on their own products.

Correct me if I'm wrong

Correct me if I'm wrong, but the government has no time/money to spend and do Microsoft's job.

This is totally absurd. How could government engineers take the time to learn of office works, etc,etc the code structure (and I'm sure it's NOT a simple thing) and then search for bugs.

That'd be doing Microsoft's job.

Microsoft is making two big mistakes with this

[Quinn_Inuit]

Other commentors have opined that this is a clever Microsoft strategy. Perhaps. I have my doubts.

First, they're implicitly acknowledging the security arguments in favor of open source. What will their corporate clients think? Like _they_ trust the gov't to vet their code for them. Doing this will only strengthen the demand on a number of fronts to see the Windows source.

Second, the only way for two people to keep a secret is if one is dead. I don't care what those EULAs say, if you distribute some of the most valuable closed source in the world to 30...30!...gov'ts, someone's going to leak it. Remember the .bmp buffer overrun? I wonder what's going to flow from this.

Re:Microsoft is making two big mistakes with this

[tobi-wan-kenobi]

i think the article didn't read "we do this because open source has fewer security flaws". they just want to strengthen the government's trust in their products by letting them peek at their code. there's a huge difference. i guess your argument, if used against microsoft, could backfire quite heavily. they do not make concessions in that regard, i think.

2. who says ms really cares about the disclosure of that code? if it gets into public so much the better, chance for sueing someone later onwards. what do you mean by "most valuable closed source"? supposedly it's such a bunch of messiness of years of development (no offence meant, such things just happen) that it would take aeons to figure out it's actual purpose ("hey, this is a document composer").

Just a PR stunt

[Andy_R]

From the article (emphasis added by me)

The new initiative is an extension of Microsoft's Government Security Program, which allows the governments of more than 30 countries to examine most of Microsoft's underlying source code, or software blueprint for its flagship Windows operating system.

What's the benefit in looking at "Most of" the code and seeing if it is secure?

Absolutely nothing at all, apart from Microsoft getting an NDA signed on your behalf by your Govern(e)ment without any consultation with the public.

Re:Just a PR stunt

[stinkpad]

Yeppers... Examine MOST of the doors and windows on my house and find big deadbolts, and everything locked up. Examine ALL the door and windows and find one WIDE OPEN, just walk right in. ( Hmmm, would that be the windows XP? )

Candidate Goverment

[matthewg42]

I vote that the Principality of Sealand gets a look!

governements might.....

[unit01]

find office to be insecure. Then they might think our country has many good programmers, so much software is imported from America its not good for our economy and there is alot unemployment in our IT sector. Then the government would feel more inclided to support its country's IT companys or make an example to their public and switch to open source. doubtful but I can dream.

Crown immunity

[JCMay]

ThePilgrim wrote:

This won't work in the UK. You can't sue the UK Government unless it allows you to. Somthing called Crown immunity

That's generally true here in the United States, as well.

Re:Crown immunity

[mefus]

ThePilgrim wrote:

This won't work in the UK. You can't sue the UK Government unless it allows you to. Somthing called Crown immunity

That's generally true here in the United States, as well.

That's why, for example, John Gilmore is suing John Ashcroft and not the DoJ. But "The Government" is still referenced in the text of the suit.

Re: Goverment programmers gets tainted?

[Tyndmyr]

That seems a bit paranoid to me. Ive not seen this specific NDA, but standard ones generally just prevent unauthorized use and disclosure of code in project.

Seriously now, what coder in their right mind would sign something that would prevent them from doing future work to look at code they really cant do anything with? As a govmnt programmer, my responce to any superior that asked this would be something along the lines of "F*** You*

Do It The Dinosaur Way

[darth_silliarse]

Microsoft should give it that fat bloke out of Jurassic Park because apparently he can debug a million lines of code while pigging out on coke and shaving cream...

There may be sarcasm involved in this post

Not sure if it is really necessary

[rauhest]

I guess most (if not all) liability issues are ruled out by EULA.

It's not sharing

If Microsoft are still telling them what they can and can't do with the code, it's not sharing, just disclosure. Not even that if they can't compile their own binaries.

Half of a puzzle

[maximilln]

Is it possible to do a worthwhile security audit of Office source if one doesn't have access to the OS source with which it so tightly integrates?

My brother discovered that the best way to make a perfect maze in Racing Destruction Set was to start with the + piece and just click like mad random all over the potential map. After strategically *g* placing about 10 intersections the next 30 minutes would be spent connecting them. This resembles the logic structure for any operating system and accompanying massive application suite (though, metaphorically, at least Linux uses stoplights and everyone drives on the same side of the street). If we take that map and reveal 1/2 the squares (Office source) but black out the other 1/2 (OS source), will we really be able to have a good feel for the security?

As others have noted I feel this is a political play by MS to 1) get free bug-hunting services and 2) gain a stronger voice in political arenas. It's good business for MS but I sure hope that my tax dollars don't get wasted on it. If MS wants beta testers they should pay for them or acknowledge that their product will fall to the superior products.

Will the feds do MS's work?

[WindBourne]

This should be interesting to find out if governments will actually do MS's work for them? And for that matter, why should a government do MS's work, and then pay for all the millions of copies of Office, when they can simply go into OpenOffice and update that one and then elect to upgrade to SO or stay with OO.

Point Taken

[p.rican]

With all due respect (cough) to you MS bashers out there, this is a good thing and I don't believe MS should be given a bad rap for it. Isn't one of the main arguments against Windows that its closed-sourcedness makes it harder for security holes to be found and fixed? To me, it looks like Microsoft has taken the first step in recitfying this problem.

I'm not a big fan of MS but they are very reactive to anything that threatens their primary source of revenue. MS should have been doing something along these lines from the beginning as opposed to spouting off FUD for all of these years. I welcome honest debate between the pros/cons of each OS. I use Slackware primarily at home, but there are some MS apps that I can't live without. There's room for both OSs to coexist. MS tactics in preserving 90+% market share is what really irks me. On the surface, it seems that MS is responding to their customers wishes but, I can't see how a government or customer feels that they are getting anything useful out of seeing the source. From what I understand about MS Shared (not Open) Source program, one must pretty much sign your first born away to see the code. In this economic climate who can afford to let their workers 'debug' MS code (for free) without getting any compensation for their time? I guess my main gripe is what is the customer/government gaining by seeing the code? Can they make a derivative work? No. Can they document any specifics regarding file formats for the sake of interoperability? No. Then, why bother?

I agree that there is a high amount of MS bashing on this site but keep in mind that this site's target audience is not the typical MS apostle.

Anti-Microsoft?

[thegnu]

This is little more than a metacomment, but I have to say this. I'm really not sure that anyone here who finds a problem with MS's actions is anti-MS. The truth is, this is a bullsh. cop-out release of source code. This is NOT open source code.

Also, it is unbearably true that Microsoft has been dealing more and more directly with government officials these days. And taxpayers do, in fact, pay for absolutely everything a government does.

I'm not upset about this particular issue. I'm upset enough about the nature of Longhorn. But these are valid points.

Re:governements

[1u3hr]

... are all evil ... evil I tells ya!!

Yeah, whatever the fuck a "governement" is.

Slashdot "editors"; what an oxymoron.

I just realized...

[thegnu]

Maybe someone can surgically remove Clippy! YAY! I hate that spiteful little prick.

Me: *searches* "mailing label"
Clippy: Please phrase your query in the form of a question, so I may better serve you
Me: *searches* How do I print mailing labels?
Clippy: Do you want to:
* Print a picture of your dog?
* Set margins?
* Eat flan?

Me: *shoots clippy*

OT, but

[stealth.c]

I'd have to guess that it isn't the USA, but rather Saudi Arabia.

And whoever else sells a lot of oil to the USA.

The bludgeoning foreign policy (and horrific "mistakes" that led to 9/11) of the USA can mostly be traced to trying to satisfy oil-bearing nations like the Saudis. The United States of America is so dependent on oil that it'll do almsot anything with its vast military-industrial-media power in order to satisfy its need.

The USA might be the biggest powerhouse, but it is being led around by the nose by the interests of a certain few who have never set foot in the Americas.

but...

[JustNiz]

Its Windows that has all the security holes, back doors and spyware, probably not office.

Re:but...

[praxis]

"Thank god other OS's such as Linux aren't stupid enough to allow user-level apps or their installers to install/replace shared libraries directly in the OS, or change the way the OS is configured (registry)."

Sure they do. If you run the installer as root, there's nothing to stop an installer from replacing shared libraries or changing configuration files. It's just that the Unixes are heterogenous enough that it would be hard to write such an installer that works on any flavor or architecture, so other methods are used. But the OS doesn't per se restrict it. I mean, even on Windows, if you run the installer as non-admin, it can't do what you suggest it can.

Re:but...

[JustNiz]

Note the part where I wrote 'user-level' apps.

Yes, if you run the installer as root you're absoving the OS of responsibility. Root would not be your regular user, unless you're an asshat.

Now maybe we'll get decent copy-n-paste

[Provocateur]

Hey didn't they use zlib, vulnerabilities and all?

Poor Government drones

[dJOEK]

I don't know about the rest of the world, but generally People Working At Governments aren't exactly the best and brightest or the best motivated workers. Let's call them Very Good at being Mediocre.

Imagine the following:

Boss: Jim, you're a programmer right?
Jim: uh, right
Boss: Management told me to inspect some code for bugs. I tossed it to the printer. Can you mark all the bugs with magic marker?

So 30 governments will know the security flaws

Microsoft is going to make sure that 30 governments have access to their source code so that they will know where the security flaws in Microsoft Office are. You have to ask yourself, what color hats are these people wearing? Why exactly would I want to use Office after this disclosure?

Consequences?

[wombatmobile]

If developers who look at MS Office code are prhobited thereafter from working on other software projects such as open source projects that cross Office's domain, how many less contributers might there be to open source projects as a result of this?

Well, I'm wondering....

[jaaron]

If a government is going to have to go through all the trouble of inspecting code for security flaws, why not just inspect open source software and at least be able to have a return on investment?

It's one thing when the burden of providing secure code is shared between developer and user in the case of open source software since the benefits and rights to the code are also shared. But in the case of proprietary commercial software, I expect this burden to be on the vendor. The "privilege" of inspecting the source code is really just asking customers for free quality testing. Moreover, if the situation gets to the point that security inspections are needed, then you've chosen the wrong vendor.

Re:Well, I'm wondering....

[SkiingOnMars]

Yes! Mod this up insightful.

Re:Well, I'm wondering....

[elegie]

Inspecting open-source or free (as in "freedom") software personally is probably one of the best ways to ensure that software is secure when security is a concern. An alternative would be to have a trusted party perform the inspection. With proprietary software, it is usually necessary to rely on the vendor to do this. Consider that items like "easter eggs" (hidden surprises e.g. messages from the developers) have probably been sneaked past quality assurance before.

but...

[JustNiz]

Its Windows that has all the security holes, back doors and spyware, probably not office.

Don't forget with Microsoft, there's hardly any distinction between apps and the operating system components.

Thank god other OS's such as Linux aren't stupid enough to allow user-level apps or their installers to install/replace shared libraries directly in the OS, or change the way the OS is configured (registry).

Too Little Too Late

IMO: M$ should wake up and smell the coffee. This reminds me of the part in the 80's movie Weird Science where the guys get in the shower with the chick and they keep their pants on.

Either go 100% open source M$, or don't waste our time. I defecated on my Windows CDs for a reason.

And what happens when they find bugs?

[WampagingWabbits]

Can they do anything about the bugs they find? Apart from asking Microsoft to fix them, and waiting for the next service pack?

My first thought...

[BBPursell]

Although nothing was mentioned about the US government being a candidate to look at the code, I'm sure that other governments have something similar to the Freedom of Information Act.

I wonder how good MS's lawyers are, and whether the contracts that they write up for this will be able to ensure that their code won't end up in the public domain, either immediately or some time down the road.

Re:My first thought...

[eagl]

Forget the legal recourse, just check the more shady BT repositories for the CD set because you KNOW someone's going to leak it out of spite. I give it a month after release before the "Office 2005 davelopers soarce kit pack" hits the streets on the pacific rim and a week more before it gets to middle eastern markets to be bought for 10 dinars by returning US servicemen/women.

CDs marked "Windows 99" were on the street in Bahrain and Saudi Arabia before I even bought my first win98 upgrade cd, and this probably won't be any different.

interesting..

[trendescape]

according to the last article they were going to washington to say that open soruce limits innovation. hypocrites..?

BUT

[Progman3K]

I thought Microsoft was lobbying aggresively AGAINST open-source.
They claim it stifles economic growth and prevents innovation...

How can anyone trust a company like this?

Liars.

I'll NEVER buy another Microsoft product.

Code Review

[Finsterwald+P+Ogleth]

Oh, and yes, we must remember that the Feds/other governments have the finest coders in the world to review, identify and understand the implications of any security faults they pull out.

Move along, we have nothing to fear...

FPO

WARNING WARNING

[slashname3]

This is a trick to taint as many programmers as possible. By releasing the source code MS will then be able to go after open source software in a year or two claiming that proprietary code has been used getting the courts to grant them huge sums against various firms using open source products.

This includes those products that were reverse engineered since similar code has to be found in the open source programs to make them compatible with MS programs.

WARNING WARNING Will Robinson!

Out of Interest...

[Singletoned]

People keep talking about programmers becoming tainted by looking at proprietary source code, but has anyone ever been sued or prosecuted after having done so?

Office source code is not enough

[cpghost]

This is not nearly enough to satisfy governments. First of all, code that they don't compile themselves is not guaranteed to stem from the same set of sources. Second, the source code to the OS, and to the compilers is needed as well, because, hey, what does that black box kernel, dll, or compiler toolkit add to the pristine source?

Responsible governments would either avoid closed-source products completely, or they should require a complete source code system that they could bootstrap themselves. No hidden binary at all!

Would Microsoft provide such a complete, source code system that could bootstrap itself? It was reported many times earlier that they are having a helluvatime to maintain their own compiling environment. Would they be able to package it in such a way that non-Microsoft personnel could do something with it...

... assuming that they were sincere, and not just pulling a cheap PR stunt?

Re:DIE $MICROSOFT DIE!!!!

The Demise of Microsoft In the long saga of the battle between the world and its detested adversary, the Microsoft corporation, everybody is dying to see how the movie end. Everybody also knows that in the movie the antagonist always dies at the end, but the question is how? To most who detest Microsoft vehemently they would like to see a quick and horrid death and those who detest even more so would only find a sadistic pleasure in seeing nothing less than having Microsoft being slowly skinned alive on a burning stake. An IT Fairy Tale Once upon the time, there was a computer software company named Microsoft, whose craftiness in marketing made it become one of the most popular software company on the planet. However, once that company attained its dominant position in the marketplace, greed and fear filled the unsettled soul of Microsoft. The company then aggressively pursued and eliminated almost all of its contenders, names that once were legends one by one fell to Microsoft's sword, WordPerfect, Borland, Novell, Netscape, Corel and more. Soon, people saw Microsoft for what it was, a cunning roguish company that had no conscience to stop itself doing whatever it needs to achieve its ambitions. All the other software companies realized that there will be no end to Microsoft's unquenchable thirst for power but none dared to challenge Microsoft until one day a young knight developed an operating system called Linux. Linux came with a license called Open Source, which represented to all the other companies a platform from which they can rally together in a silent treaty to overthrow the software tyrant. One day, Microsoft woke up and saw a huge army amassed upon the hills, companies that once were shot, wounded, cheated and humiliated now all carry the same banner, the flag of Linux. Amongst the valiant warriors, were IBM, Novell, Sun, Oracle, Sony, Fujitsu, Red Hat and CA and amongst the catapults and shields they used were forged from the power of Open Source, Apache, OpenOffice, Mozilla, PosgreSQL, MySql, Python, PHP, Samba and much more. What Microsoft saw shook its heart, however its power to control the market is still immense and with 56 billion dollars in the vault, its going to put up a very good fight. This is the year 2004 and the battle has just begun. The Crystal Ball So my young seer, you wish to see how this battle unfold? First, you have to understand how unlike previous battles where the companies were easily and ruthlessly cut down by Microsoft, this time the catapults and shields that the Allies formed from Open Source were impenetrable, in fact, the more Microsoft attacked the slowly advancing catapults and shields, the stronger the catapults and shields became. How can that be? The magic of Open Source. All artifacts created from Open Source do not obey the laws of the jungle, first of all artifacts are immortalized by having the source code freely distributed across the earth, as Microsoft attacks one point more heads would sprout from different places. Another power of Open Source is leverage, in the old times when a developer was to write a software, he practically has to write most of the libraries himself/herself or purchase or license expensive code sets from other companies like Microsoft. Nowadays, these libraries are all available freely from Open Source, graphics libraries, network libraries, XML libraries, parsers, compilers, were all there for all to share. This is the leverage that hasn't been available to developers before, now all the Davids have slingshots. Rebellion of the Serfs Back to that same once ancient period, almost all developers lived under the direction and command of Microsoft. Their blind obedience contributed immensely to the growth of Microsoft. They created applications of all sorts of shapes and sizes which made the Microsoft platform very popular. All these times while they toiled away using the Microsoft platform, the power of the source code were hidden from them. They used APIs that had features hidden from them. They used document form

Re:Obligatory last bullet

No, no. You mean.

7. Profit!

Clever!

[ooze]

Just give the Office Source code to any organisation to examine, and you will never hear anything from them again, due to overload. Actually that's the best Microsoft could have done to get rid of those bugging gouvernemnts...

Re:DIE $MICROSOFT DIE!!

[samvo]

The Demise of Microsoft

In the long saga of the battle between the world and its detested adversary,
the Microsoft corporation, everybody is dying to see how the movie end.
Everybody also knows that in the movie the antagonist always dies at the end,
but the question is how? To most who detest Microsoft vehemently they would
like to see a quick and horrid death and those who detest even more so would
only find a sadistic pleasure in seeing nothing less than having Microsoft being
slowly skinned alive on a burning stake.

An IT Fairy Tale

Once upon the time, there was a computer software company named Microsoft,
whose craftiness in marketing made it become one of the most popular software company
on the planet. However, once that company attained its dominant position
in the marketplace, greed and fear filled the unsettled soul of Microsoft.
The company then aggressively pursued and eliminated almost all of its contenders,
names that once were legends one by one fell to Microsoft's sword, WordPerfect,
Borland, Novell, Netscape, Corel and more. Soon, people saw Microsoft for what
it was, a cunning roguish company that had no conscience to stop itself doing whatever
it needs to achieve its ambitions. All the other software companies
realized that there will be no end to Microsoft's unquenchable thirst for power but
none dared to challenge Microsoft until one day a young knight developed an operating
system called Linux. Linux came with a license called Open Source, which represented
to all the other companies a platform from which they can rally together in a
silent treaty to overthrow the software tyrant. One day, Microsoft woke up
and saw a huge army amassed upon the hills, companies that once were shot, wounded,
cheated and humiliated now all carry the same banner, the flag of Linux. Amongst
the valiant warriors, were IBM, Novell, Sun, Oracle, Sony, Fujitsu, Red Hat and CA and
amongst the catapults and shields they used were forged from the power of Open Source,
Apache, OpenOffice, Mozilla, PosgreSQL, MySql, Python, PHP, Samba and much
more. What Microsoft saw shook its heart, however its power to control the market
is still immense and with 56 billion dollars in the vault, its going to put up a very
good fight. This is the year 2004 and the battle has just begun.

The Crystal Ball

So my young seer, you wish to see how this battle unfold? First, you have to understand
how unlike previous battles where the companies were easily and ruthlessly cut down
by Microsoft, this time the catapults and shields that the Allies formed from Open Source
were impenetrable, in fact, the more Microsoft attacked the slowly advancing catapults and shields,
the stronger the catapults and shields became. How can that be? The magic of Open Source.
All artifacts created from Open Source do not obey the laws of the jungle, first of all
artifacts are immortalized by having the source code freely distributed across the
earth, as Microsoft attacks one point more heads would sprout from different places.
Another power of Open Source is leverage, in the old times when a developer was to
write a software, he practically has to write most of the libraries himself/herself or
purchase or license expensive code sets from other companies like Microsoft. Nowadays,
these libraries are all available freely from Open Source, graphics libraries,
network libraries, XML libraries, parsers, compilers, were all there for all to share.
This is the leverage that hasn't been available to developers before, now all the
Davids have slingshots.

Rebellion of the Serfs

Back to that same once ancient period, almost all developers lived under the direction and
command of Microsoft. Their blind obedience contributed immensely to
the growth of Microsoft. They created applications of all sorts of shapes
and sizes which made the Microsoft platform very popular. All these times

Its a total con

[EEproms_Galore]

This isn't what it seems its really a fly trap in disguise. Anyone looking at this code will legally be tainted and will have allot of problems producing "open source code". I'm supprised it took Microsoft this long to figure out it could lock in people even more so buy showing them the source code with a big nasty shared source license/contract attached that removes all your rights as a programmer. Yep your now Bills, slave you have seen the forbidden ones true makings though shall not go to open source Nirvana thou shall always be my slave mwahahaha

Re:Its a total con

Yep your now Bills

My bills are what? Oh, you're now Bills. Looks like you've already read the microsoft source code and your brain is collapsing.

Re:Its a total con

That sure sounds possible, but you know what ? it works both ways...

Look at the code? Why?

[Serious+Simon]

I don't think that OpenOffice.org developers would see the need to look at this code. They have done pretty well without access to the MS Office sources so far...

This Makes a Lot of Sense

[SloWave]

Microsoft and many Governments have a common interest in keeping knowledge and power to themselves, and considering individual people as nothing more than consumers and taxpayers. Therefore Microsoft is proposing to collaberate with Governments to keep taxpayers and consumers in their place. If Microsoft was really concerned about improving their code then they would make it visible to all as shown by the example of true open source code.

Goal #2: To taint them for life..

[nurb432]

Remember, if you get to look at the code, and all the agreements you have to sign, you will be effectively tainted for life.. And everything you do from then on will be in question..

All we need is one of the tainted programmers to contribute source to an OSS project to kill that project... Either accidentally, or intentionally....

Actually, tainting intentionally worries me the most.. It would be easy to sabotage projects this way..

Nelson sez Ha Ha !!!

[gelfling]

Cute headline I thought it said MS has to share office.

Is that a real office or a cube farm/veal pen arrangement?

PDF no good for collaboration

Other than Adobe Acrobat, is there a program (Open- or Closed-source) that allows PDFs to be edited?

Yes, I have read the PDF specification, so I know that changes can (at least in theory) be tracked and encrypted etc.

However, I have yet to find a single program that can *edit* PDF and do a decent job of round-tripping it as opposed to just outputting PDF as OOo and PDFCreator do.

Karma points for reasonable suggestions.

Re:PDF no good for collaboration

[Tim+C]

How is this Offtopic?

The gp suggests that government agencies should use pdf as a file format, the parent asks (as I was going to) whether there are any programs other than Acrobat that enable one to edit pdfs.

That's tenuously offtopic for the story, but perfectly ontopic for this discussion thread.

So, I'll ask - is there any software other than that produced by Adobe, Free or propriatary, that can edit pdf files? As the parent also says, that's editing pdf, not just outputting another format as pdf - so accept pdf as input, edit it, create pdf as output.

Re:PDF no good for collaboration

[jaylene_slide]

Adobe Illustrator (for single-page documents-versions 8 to 10 do a more predictable job than CS, IMH observation) and Adobe InDesign for multi-page documents. Huge overkill, but there you are. slide

Re:PDF no good for collaboration

[jbolden]

I think the original author gave .pdf as an example of an open format. .pdf is really not a document formating language, much more of a page formating language. As such its a bad choice even if editors were available.

Now TeX OTOH gives you .pdf output has tons of programs which give you WYSIWYG interfaces, exists in every major language, has an open specification....

Re:PDF no good for collaboration

[opposume]

http://www.enfocus.com/setregion.php?chosencountry id=137&ref=/index.php?... It's a fantastic program. Allows you to check for errors in the pdf and also allows you to edit the pdf right then and there...

Re:PDF no good for collaboration

Well, they seem to be... hum... from Adobe too.

While I see the other poster didn't mention it, probably he wanted to know about *third party* "pdf writers".

So let's reformulate again: Is there any tool *not from Adobe*, that makes possible to use PDF as the only support format (so you can take a PDF, reformart or reedit it and the save it again as PDF)?

Re:PDF no good for collaboration

[PastaLover]

The point as I understand it is not that the government actually use PDF internally (although it would be nice if they used open formats there) but that the file format of documents they put out for the public is something readable by all, eg. pdf. Most editors these days can export to pdf or you can just convert to it from another format with the right app.

Could you give it to...

[theendlessnow]

Microsoft,

Could you make sure that Inodnesia gets a copy so everyone can take a look at your source code?

Thanks.

It's not about inspection

[toolz]

The question is not whether one can inspect the code for security flaws.

The question is whether one can fix them when one finds them.

MS Office loses an argument against OSS

[roesti]

Hang on a second. I thought that even if you let other people review your source code, they're highly unlikely to do so. Isn't that one of the arguments that the anti-OSS crowd march out all the time? Now, Microsoft are doing it, and they're telling people it's for security purposes. Aren't they conceding that this argument is flawed, if they themselves can see some merit in doing so?

Coming up in the news, Microsoft will announce it will start making good design choices, writing good documentation, publishing their binary file formats, and giving away their flagship software for free. For the government. Foreign ones, even. Probably.

Re:MS Office loses an argument against OSS

Hey, if this bit of FUD works so well for OSS (Really it's the only thing going for it) Then why not adopt it themselves? It means nothing, it's easy to do and it pairs you with your competitors. Pretty smart!

Re:MS Office loses an argument against OSS

[emurphy42]

I thought that even if you let other people review your source code, they're highly unlikely to do so. Isn't that one of the arguments that the anti-OSS crowd march out all the time? Now, Microsoft are doing it, and they're telling people it's for security purposes. Aren't they conceding that this argument is flawed, if they themselves can see some merit in doing so?

Microsoft is letting a clearly targeted set of people review their source code. If they bother answering this charge at all, they'll probably make some over-broad blanket statement like "oh, OSS authors just toss their stuff on SourceForge and think they're done".

Dont you get it?

MS is trying to get as many eyes looking at the source to Office as they can. Then Government workers wont be able to work on the OpenOffice code for fear of retaliation from MS. The only reason MS lets anyone look at their code is so that they can spread more fud about the GPL, and scare customers away from FOSS with threats of lawsuits.

Trojan Source!

[mefus]

Hopefully govt. IT ppl will be careful not to be "tainted" by this source if they are also working to improve OpenOffice.org or other Open Source or Free Software!

only 90%

[ghum]

citing Financial Times Deutschland:

"Wir werden 90 Prozent des Quellcodes von Produkten wie Word, Excel und Powerpoint freigeben", sagt Jason Matusow, der bei Microsoft die so genannte Shares Source Initiative leitet."

Translation

"We will open 90 percent of the source of products like Word, Excel and Powerpoint", says Jason Matuswo, responsible for the so called Shares Source Initiative at Microsoft.

Question:

Would the world be satisfied if Iran would allow to inspect 90% of his nuclear facilities?

Re:will these governments....

[gadget+junkie]

Check for pilfered open-source code bases?

You know, this has not been a one way street. the SCO case was possible just because the code base is GPL'd. Wonder if they still have some money left of what Baystar gave them.......;-)

And You Thought SCO Was a Bad Trip

[4of12]

The only viable option a government wishing to do this is to do a clean room design. Unless of course there are patent restrictions.

Or unless too many of its talented programmers have seen the Office source code and signed an NDA. Any work they produced on a FOSS implementation of Office could potentially be under heavy scrutiny by Microsoft's legal team.

Come ON...

2 options...

1 - Get SOME source from MS, bound by God knows what kind of restrictions. Hope you can read it, hope you can modify it, hope that the source doesn't leak. Give MS some security changes then get to buy 10,000 licenses!

2 - Get ALL the source for OO.o, inspect it for security. Hope you can read it, KNOW you can modify it, AND give it back to the public so that OTHER coders can look at it and make sure it's all good. Per-seat licenses? What are those?

Is this realy so hard to realize?

It's a Trojan Horse

[JavaNPerl]

That's what Microsoft is hoping for, it cannot grow it's business fast enough for shareholders, so litigation will be it's new growth vehicle and you will soon see signs like... Welcome to Liechtenstein a wholy owned subsidiary of Microsoft Corporation

Tax payers funded Microsoft?

I don't want any of my tax dollars spent on anything related to Microsoft products, in order to buy a Microsoft product.

Really?

[gstoddart]

You do it by inserting *logic* into the code, not just text. The logic, thanks to the hardness of SAT, can be constructed so that it is nigh impossible to see which parts will be run and which will not.

Do they generate a different set of logic for each watermarked bit of code? Is it automagic or manual? How do the developers maintain code which has completely not-understandable code in it that can't be tracked down? What if the two side effects start arm-wrestling? Does it depend purely on the abilities of the programmer to decipher these side effects, or is it automated?

I'm not doubting what your saying, I'm just a little confused as to how the heck one would maintain that code. It sounds like old fortran code which has sections which may or may not be used, but nobody can tell for certain so the program keeps getting bigger and bigger.

I just have grave fears of these really arcane sections of code which even the internal people would have troubles with, let alone any potentially nefarious person. [ think self-obfuscating perl ;-]

Cheers

Re:Really?

[twiddlingbits]

The source code is already copyrighted (and some is patented) so watermarking does not do a lot of good to prevent theft of the MS IP. And of course China will ignore the copyright/patents anyway. With good source code deconstruction/profiling tools you can find that watermark code. It's also VERY bad programming practice(what else would we expect from MS) to rely on side effec, hidden calls and obtuse un-needed code (more bloatware anyone?)to perform logic. Plus maintenance would be a nightmare. Why ever watermark code, when you could use a digital key signature or MD5 hash checksumming to validate the originality? However it is hidden, I'm betting it can be found and removed/circumvented quickly. There are a lot of very sharp people out there who would love to get this code, not to mention those very sharp people who wear black hats and would love to engineer some virii/worms. I wonder if the watermark is or will be used by some feature of the OS that checks it and if it is not there the executable from that source is aborted? Kind of a DRM process, which we all know MS embraces.

Re:Really?

So in that case you would simply insert a jump around that checker code.

Conspiracy theory...

[rgm3]

Don't trust it! It's all part of a ploy to kill Open Office! They'll claim that part of their code was used illegally, and try and pull an SCO on us. It goes something like this:

1. Write some software, then don't innovate for a while, since you're a monopoly.
2. When open source software catches up, panic and throw your legal team at them, since OSS doesn't have many legal resources. Go after companies that USE the open source version.
3. PROFIT!!

Like these are experts???

[Nom+du+Keyboard]

give its source code for Office 2003 to more than 30 different world governments.

Like these people are, or even know, good security experts? I don't think so.

It may only be me, but I'd expect this move to result in 30 countries whose spy agencies now will know vulnerabilities that can be used to spy on their citizens.

If MS was serious about improving their code, they'd be passing it on to White Hat Hackers (based on said hackers past track record of reporting flaws) and security firms.

This is obviously nothing more than a sales move to try and keep governments comfortable with MS software. I doubt any of the rest of us will benefit at all.

Microsoft - You're dumb!

Raymond's "many eyeballs" meme strikes again.

[argent]

It's not the eyeballs that make open source attractive, it's the lack of central control.

If Office was open sourced we could pull the design flaws that lead to security holes out. Back in the '90s there was a smart fellow in Florida who came up with an effective counter to the word macro virus problem... he came up with a macro that disabled all the automatically executing macros, so you could open a Word document with macros without having them trigger. Unfortunately a later version of Word disabled it as part of Microsoft's virus protection feature. Unfortunately Microsoft's feature gave you the option of completely disabling and hiding all the macros, so you couldn't even see what they were, and leaving them enabled. So if you actually needed to use macros you were just as exposed as if they had done nothing... worse, in fact, because you couldn't kill the autoexecute capability.

In an open source project we could back that out, we could even restrict macros to making changes in their own document only, so they couldn't propogate or do harm. But no matter how many eyeballs there are on the code, if the brains behind the eyeballs can't make changes then there's not much point... even if every line of Word was free of buffer overflows, so long as it's got that powerful a macro language with no way to control it the basic security problem remains.

create a new checklist then!

[nietsch]

This obviously is a checklist item, designed to satisfy some beancounter that his beloved office will pass the new requirement at first glance.
The move to counter this one is to make a whole lot of 'office software purchase requirement lists' to help gouvernment pencilheads to make a requirements list. The wording in each item is plausible, but designed to exclude closed source products. With the help of all OSS suporters, these will come up on top in google. Supporters with too much cash can buy adwords for them.

The headline should be

"Microsoft Open Office." You failed it!

Oh, the irony

[FunkyMonkey]

MS releases the source code in order to improve security thereby validating one of the main pillars of OSS - more eyes on the code makes for more secure code - although I'm sure you'll never hear them say that directly.

it doesn't matter

[MasTRE]

They are opening it up now because at this point it's so bloated that nobody would have time to go thru it during their natural life.

open secret

[Doc+Ruby]

Are governments, especially those in competition with America's Microsoft economy, as likely to share insecurity discoveries with the public, or even Microsoft, as the open source community, or the security community? Or are we looking at a group that includes a gang who will pass the source to patrons like spammers and other mafias, which will create new attacks? It's clear that Microsoft must have people who identified this risk. Why does Microsoft love insecurity?

AGAIN: Microsoft gives source to infowar depts.

[Ungrounded+Lightning]

Once again, Microsoft gives the source of one of its major components to the foreign intelligence and information warfare departments of 30 foreign governments, including several whose interests are at odds with the US.

Tinfoil hat? THINK about it. What department in the US has the talent and infrastructure to examine software for security problems, and is charged with, among other things, protecting the US information infrastructure? (drumroll ...) The NSA!

They had to SIGN AN AGREEMENT? Since WHEN do the spooks play by the rules? (Remember when the CIA stole that little company's banking application, hotwired it with spyware, undersold it into all the major banks in the world, used the backdoor to trace dictators' (and who knows who else's) funds, and used soverign immunity to kill the suit from the original author?)

Is it just a coincidence that, soon after the source code for the OS was given to the same groups we began to experience a series of worms installing spam forwarders, and keyboard loggers collecting account data for phishing scams, apparently run by the Russian mob (composed mainly of former members of the Red Army)?

Seems to me that Microsoft is just ASKING for a charge of treason, come the next major world conflict.

But of course...

Just like OSS, having access to the code means that there is still /zero/ chance that anyone will actually inspect the code...

And who checks for all the design flaws?

at the station:
"wheres my train?"
"it left off an hour ago"

Oh the irony

[The+Infamous+Grimace]

What and ruin /. by teaching these kids how to spell???

Ah, yes...

If they do anything why don't they just update slashcode to be w3c complaint.

Got the spelling correct. Now lets work on context.

(tig)

And the countries are....

[NIN1385]

Pakistan
Afghanistan
Iraq
Iran
North Korea
North Vietnam
China
Japan
Germany
Russia
And anyone else with their eyes set on world destruction by utilizing its Nazi-like ways just like MS!

Government Skill Sets?

[Safety+Cap]

You're assuming the government employs programmers with the technical skill sets to be able to 1) understand the code, and 2) determine if there are security flaws.

With the government "techs" I had the pleasure of working with, this is equivalent to asking a USian 5th grader to make a working Saturn 5 armed with popsicle sticks and string. We're talking about half the techs in one department resigning because the dept Director mandated all machines would be upgraded to use W2k instead of 95, and the techs said W2k was "way too complicated."

Re:Government Skill Sets?

[DriedClexler]

Are you trying to say that government employees aren't as qualified as private sector employees? Well let me tell you my mom and my dad both work in the public sector and they are very intelligent people. They understand Windows 2000 and wouldn't have any problem making a switch to it. You're just respewing old conservative rhetoric about the god-like power of the market to cure all ills.

Re:Government Skill Sets?

"Are you trying to say that government employees aren't as qualified as private sector employees? Well let me tell you my mom and my dad both work in the public sector and they are very intelligent people."

There are exceptions to nearly every rule, was your comment really necessary?

Wrong!

The purpose? So they can inspect the code for security flaws.

Oh, bullcrap! The reason governments are examining the code is not for security flaws but for security compromises built into the code on purpose.

Microsoft has spent so long screwing so many people that no one trusts them anymore. The unfortunate thing is that, without the ability to compile the code themselves, participating countries still have no guarantee that what they are examining is really what they will be running.

Double standards--the only real MS innovation

[inkswamp]

Let me see if I can get this straight. When it's a bona fide open source project, Microsoft's FUD dept. and their apologists will claim that many eyeballs viewing the source code doesn't make a piece of software any more secure than closed source, proprietary software. However, when it's a Microsoft product having some of its source pried open just slightly for viewing by a select few, then it's considered a way to make it more secure.

I believe this is called having one's cake and trying to eat it too.

More eyes, less bugs.

[MarkByers]

Hopefully the more eyes looking at the source code will mean that more of the security problems will be fixed earlier and that the overall quality of the product will be improved.

Re:More eyes, less bugs.

[Tokerat]

Hopefully the more eyes looking at the source code will mean that more of the security problems will be fixed earlier and that the overall quality of the product will be improved.

Yeah, but do you really think Microsoft is going to let anyone modify and compile their own version of Office? I'm sure it's "look but don't touch" only.

Is Microsoft baiting open-source developers?

[GhodMode]

Is Microsoft hoping that they can kill more open source by making copyrighted code available? Do they hope they will then find it in something like OpenOffice.org or AbiWord so they can sue those projects into non-existence?

If that's the case, how is this possible? ...
Nothing is truly original. Writing an original program is the result of taking ideas from other people's work, and putting them together in a different way.

Here's a story: Some talented and enthusiastic programmer (like I hope to be) from viewing Microsoft's "shared" code and saying to himself "Oh... That's how they do that.". Then this person closes the Microsoft code, never to look at it again, and makes some new changes to the code in OpenOffice.org based on his experience and understanding of all of the code that he has read and learned from in the past.

Can Microsoft now sue this person?

If so, Brian Kernighan and Dennis Richie have one Hell of a Payday coming from their lawsuit.

--
-- GhodMode

Yes indeed

[Anonymous+Brave+Guy]

Now lets work on context.

And mayhap the use of the apostrophe as well?

Sorry, couldn't resist. Hoping I'm not about to submit an embarrassing typo now... :-)

Re:Yes indeed

[The+Infamous+Grimace]

And mayhap the use of the apostrophe as well?

Nah, lets not. ;-)

(tig)

MOST

which allows the governments of more than 30 countries to examine most of Microsoft's underlying source code
---

Well, now. That just makes everything allwhite, now doesn't it?

Shared != Open

Please O please

[superpulpsicle]

It's a publicity stunt. Do you really think the code is for real. By the time the countries around the world figure it out, there will be a Windows extralonghorn 2008 enterprise edition service pack 16 + 19 million hotfixes available.

M$ need to stop this bullshit. Go back to what you do best. Flood market with buggy products and make generous donation to avoid taxes!

I was kidding...

[thegnu]

you know... har har?

Re:I was kidding...

[tobi-wan-kenobi]

hehe, and i always thought i'd recognize sarcasm if i see it. thanks for pushing me down that cloud :-)

Wrong

[spitzak]

"Seeing the source code" does not taint you. Only if you sign an NDA are you "tainted". You are not even tainted if you see the source code without permission (though that means that either somebody who signed the NDA is guilty of violating it, or you are guilty of breaking and entering or industrial espionage)

It is true that if you copy the code you are doing a copyright violation. This is because copyright is defined by US law as existing without signing any contract. But just seeing the source code and learning ideas from it does not violate any normal US law.

If what you were saying was true, then Steven King must have never read anybody else's horror novel, as that would "taint" him and make it impossible for him to write his own.

This is also why looking at GPL code does not "taint" you and prevent you from working on closed-source. Microsoft hires thousands of programmers who have looked at GPL code at least once, so they know this big piece of FUD is false, but they continue to spout it.

I'm not sure that you're right...

[Eric+Damron]

"...but also so that governments can adapt file formats for cross-software compatibility."

I haven't read the agreement or seen the code but I would be surprized if Microsoft didn't have a NDA attached and restrictions on use of their patented IP.

No software freedom and infringement down the line

[jbn-o]

By default in the US, no, because compilation of a computer program is preparation of a derivative work. Of course, this depends largely on what the client agrees to and what is covered in copyright law there (which can vary, despite how widely the US is able to export its copyright regime around the world via so-called "free trade" agreements). I'm guessing that Microsoft isn't going to allow anyone to share or modify the source code, or prepare derivative works from that source code.

In other words, it's still not free software and it would not benefit anyone (whether you are an individual programmer, would-be programmer, or representative of a government) to look at it lest they be accused of infringing upon Microsoft's copyright in the future.

Does it work for game servers

[lakeland]

Hi, I tried the google link you provided but didn't get very far. For a game client server architecture is it possible to check if the client has been modified? (I'm thinking about go, but it would apply to chess too).

Specifically, the current go servers are quite anti open source for fear that somebody will modify their client to add (e.g. offline editing) when they're playing as well as when they're just watching games.

But it would be really cool if people could modify their clients but just not connect to the official server with a modified client. Even better if the unmodified client could be built on different archs and still connect to the official server.

I guess quake must have similar problems?

Like Eric Raymond Says...

[Ann+Elk]

Given enough eyeballs, all bugs are shallow.

Sensible color scheme

http://shit.slashdot.org/article.pl?sid=04/09/20/0 13243

Well, that's the end of Open Office.

[ewe2]

1. Get Sun to agree that OpenOffice users have no protection against patent infringment.

2. Make Office code widely available to governments.

3. Target Linux-based OpenOffice developers.

4. Game over, man.

Wall Street Journal Confirms...

In today's Wall Street Journal, there were a couple more details than the Reuters article. The last couple of graphs are...

The program in part is a security blanket for government agencies worried that Microsoft products have ways for the company or the U.S. government to view sensiteve data on computers around the world. Access to the code should prove that such "back doors" don't exist, Microsoft executives say.

Several important government computer buyers haven't signed on to the government program. One holdout is Japan, which has concerns about certain legal restrictions Microsoft places on governments that view the code. Company executives say they continue to negotiate with Japan.

Under the program, Microsoft doesn't completely lift the veil. Governments are able to see 90% of the source code. The bulk of the rest is code where a third party owns the copyright, according to Microsoft. The company also holds back from exposing code that relates to antipiracy technology.

I imagine the the percentage given of "seeable" code is a number provided by Microsoft. Take it for what you will.

I'm curious who the third party is, and what the code involves.

Re:Wall Street Journal Confirms...

I'm curious who the third party is

SCO?

~~~

GREAT... more M.S. B.S.

[ocularDeathRay]

what a bunch of crap. The governments won't spend the money to hire people good enough to find all that is wrong with this code... not only that, but the majority of security flaws aren't gonna be found in a office suite... they will be found in the OS/server/browser software. So when all is said and done on this deal MS will just have more "evidence" that their software is safe. Those bastards make me sick.


MICROSOFT: if you want your softare to be more secure why don't you let US take a look at the code. fine keep the license... but if you had good code you shouldn't mind us taking a peek... or would we find too many dangerous flaws?

Misunderstanding

[Yenin]

Is it just me or does it sound like a bad thing that all these governments are going to be searching for security flaws?

Outsourcing?

[febuiles]

I want to outsource to my government tooo!!!!

Re:DIE $MICROSOFT DIE!!

This is a great and acurate portayl of the doom that Microsoft will inevetiably face. the Linux uptake is growing every day and users are getting sick of the crap that is microsoft and are seeing that there are alternatives. I think linux is now getting better at aiming at dumb ass users who want to feel like there still using windows which i think is a good step in the right direction to fufill the demise of Microsoft. there will always be people who just don't want to know shit about anything and if Linux can aim at these users i believe well see this great fall happen sooner than latter!

How About The Cost

[rtb61]

I wonder if microsoft counts the cost to the customer for auditing it's code in TCO. IF you go to all the trouble and cost of employing and training staff to audit and work on somebody else's code it seems a really pointless exercise unless it is open source.

What can governments be thinking if the buy into this i.e. pay licence fees for the code, pay for the cost auditing the code, pay to debug the code and then pay for the next round of licence fees for the inevitable upgrade.

Great profit for Micrsoft, I know it likes to use (abuse) it's customers as free bug testers but now they expect us to fix the code at our expence as well (tax payer funded).

Re:DIE $MICROSOFT DIE!!

in short - "best, post, ever!"