Slashdot Mirror
Microsoft To Share Office Source Code
I_Love_Pocky! writes "According to this article, Microsoft is going to give its source code for Office 2003 to more than 30 different world governments. The purpose? So they can inspect the code for security flaws."
Not only security is the purpose of making it available, but also so that governments can adapt file formats for cross-software compatibility. Now I'm wondering, what will happen if a government wants to adapt this document format to some opensource program, which happen to have a license that requires to donate all adjustments to the code to the opensource community... I'm pretty sure Microsoft will not allow this, will it ?
- Leon Mergen
http://www.solatis.com
Interesting . . . wonder how long it will take to leak out of one of these offices and wind up on file sharing sites?
I didn't realize there was even one world government. I have no idea how they could manage 30 with overlapping jurisdictions... ;)
On the flip side, how many goverments keep enough trained programmers to effectively search through so much complex code?
Support more choices in goverment-Vote 3rd party.
Will the real world governement please stand up!
What a rotten party, have we run out of beer or something?
Maybe Rob could build this into the core of /. as a spell checker.
And exactly how many of those governments are going to waste their taxpayers money debugging the code for MS, when the license under which they've seen the code, doesn't allow them to do anything with it?
<TIN FOIL HAT>
and what happens when the members of a gov IT team that's licensed this code, then want to use and contribute to an Open Source project that better suits their needs -- hey! they can't! You've signed a prescriptive NDA!
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Only 30 eh? It doesn't mention anything about M.S. letting the US government see the code. Think they might still be a little bitter with that whole "You have a monopoly. We can't let you do that..." thing? Or do you think M.S. is afraid the Department of Homeland Security might issue another advisory saying that Office 2003 is insecure and everyone should switch to Open Office.
"Don't sweat the petty stuff and don't pet the sweaty stuff." -- by an Unknown Wise man.
Love this part:
Put identity in the browser.
Because then we too can have the benefit of a world class spell checker
"30 different world governements"
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Programmers in 30 countries all seem overcome by fits of laughter.
http://www.22balmoralroad.net/ http://www.tinynetworks.co.uk/
1. We give source code for Office 2003 to more than 30 world governments.
2. They show their brightest computer programmers this code.
3. Trying to comprehend the source (written in typical Microsoft Quality) the programmers' heads implode, causing death within 2 hours.
4. With all the programming talent taken care of, we get all the world governments to outsource their internal I.T. operations to us.
5. We take over the world!
Murray Todd Williams
I'll believe it when the government of Randomistan announces that they received the source code and build tools, and have compiled a version that bit-for-bit matches the retail CD.
CEE5210S The signal SIGHUP was received.
Alos, are any of these governments developing countries? Or southeast Asian? In other words is Microsoft entrusting the code to any governments that seem to take a blind eye to software piracy?
Didn't MS say, if "hackers" can see the code, it would be easier to write exploits for it? Why are they exposing their own code then?!?
What time is it/will be over there? Check with my iPhone app!
Isn't one of the main arguments against Windows that its closed-sourcedness makes it harder for security holes to be found and fixed? To me, it looks like Microsoft has taken the first step in recitfying this problem.
When (not if) the source code is leaked, then how long will it be before MSFT claims that office code was integrated into OpenOffice. How much in royalties will they demand?
Ha, ha! Nobody ever says Italy.
If the government of a country has the source code of the software to examine for security flaws, doesn't this give MS a defense against liability from future lawsuits? For example, if the UK government gets to inspect the source code, continues to use MS-Office, and then has a major problem due to hackers hacking MS-Office; MS can say that the software was given a clean bill of health by the British government, so MS shouldn't be held liable.
I know that no defense is necessarily bulletproof, but this is just going to give MS's legal dept. more ammunition so that that MS can get away with writing sloppy code and not be found as grossly negligent.
* what is 'required' to agree beforehand with? ..and how will this agreement effect ones ability to work (with other 'source code(s)') in the future to come?
I don't claim I know more than I know, and if you know you know more than I know, then by all means, let me know.
If anybody develops for OpenOffice or any other office suite I would not even get in the same room as the code. If you look at the code and develop for OpenOffice then Microsoft will probably come after you saying you stolen their code because you read it and it gave you the ideas and means to do the programming. Be very, very, very careful - why would a proprietary company want people to see it's secrets that has been its cash cow for the past 4 or five years. I think they are gearing up for an attack on open office - now that we have seen part of the agreement between sun and them - why would open office even have to be mentioned in the agreement - it has nothing to do with them. I smell something rotten in denmark.
That's exactly what I was thinking.
If I was a software developer, I wouldn't want to go anywhere near that code. You can be sure that anybody who views this code will no longer be able to work in software development. After you view that code anything you write that works with msft files, will be considered a stolen idea.
Besides, who needs it?
plus... what is the actual outcome supposed to be? will some government-sponsored IT professional point out "this and that is not secure, not reliable, not interoperable" and MS will change it? or is it like "hey, that's fine (and i am not sponsored by MS), everyone should prefer M$ office over Open Office, now that i have seen the revela.... ehm... source-code)"?
someone pointed out that MS might take this as a starter to label itself as "Open Source company", which i personally believe to be utter nonsense, why should MS try to appear as supporter for something it fights with all its power (and money)? i do not think this is what they are aiming at.
summarized, my believe is that the outcome will be an IT "professional" for every participating government feverously pointing out the superiority of MS Office over any other product, proved by source-code examination that cannot be verified or counter-proved by anyone who has not agreed to a NDA.
If you don't learn from history,
then you are an idiot by definition.
--- Vadim Yasinovsky
If you cannot compile the given source to a fully working Microsoft Access (or whatever source is provided), how can you be sure that the program you buy from the store contains the same source code?
You can't, since you most likely can't compile the given source, and keep on using that compiled version!
This is just smoke and mirrors. Now Microsoft can say their code has been provided for auditing by some instance, so it's got to be safe. However, there is no guarantee that the defects found will be fixed at all, and that the fixes will ever be found in the actual product. There is also no guarantee that the software you obtain from the store is the same as that for which the source was provided.
You can easily implant backdoors to the supposedly "audited" source code: just don't give the newly modified source code with the backdoor back to auditing...
I do not moderate.
LiNuX_ZeAlOt666: wtf taht is fkcued man dont u care about teh SECURITY????? how can we fix ur security holez without teh source????????111/1
(Time Passes)
Microsoft: Ok, we did a bit more thinking, and have decided to release some of our source code to help improve security, just like you OSS chaps have been suggesting all along.
LiNuX_ZeAlOt666: lol fag u suk
--
They just can't win, can they? Man, this inane shit is starting to sicken me..
Other commentors have opined that this is a clever Microsoft strategy. Perhaps. I have my doubts.
First, they're implicitly acknowledging the security arguments in favor of open source. What will their corporate clients think? Like _they_ trust the gov't to vet their code for them. Doing this will only strengthen the demand on a number of fronts to see the Windows source.
Second, the only way for two people to keep a secret is if one is dead. I don't care what those EULAs say, if you distribute some of the most valuable closed source in the world to 30...30!...gov'ts, someone's going to leak it. Remember the .bmp buffer overrun? I wonder what's going to flow from this.
Stop learning! Only you can prevent esoterrorism.
From the article (emphasis added by me)
The new initiative is an extension of Microsoft's Government Security Program, which allows the governments of more than 30 countries to examine most of Microsoft's underlying source code, or software blueprint for its flagship Windows operating system.
What's the benefit in looking at "Most of" the code and seeing if it is secure?
Absolutely nothing at all, apart from Microsoft getting an NDA signed on your behalf by your Govern(e)ment without any consultation with the public.
A pizza of radius z and thickness a has a volume of pi z z a
It's never wise to claim something has no security flaws. Can you point to a comprehensive OOo audit?
Looks like MSFT will soon have 30 to point to, for free...
Is it possible to do a worthwhile security audit of Office source if one doesn't have access to the OS source with which it so tightly integrates?
My brother discovered that the best way to make a perfect maze in Racing Destruction Set was to start with the + piece and just click like mad random all over the potential map. After strategically *g* placing about 10 intersections the next 30 minutes would be spent connecting them. This resembles the logic structure for any operating system and accompanying massive application suite (though, metaphorically, at least Linux uses stoplights and everyone drives on the same side of the street). If we take that map and reveal 1/2 the squares (Office source) but black out the other 1/2 (OS source), will we really be able to have a good feel for the security?
As others have noted I feel this is a political play by MS to 1) get free bug-hunting services and 2) gain a stronger voice in political arenas. It's good business for MS but I sure hope that my tax dollars don't get wasted on it. If MS wants beta testers they should pay for them or acknowledge that their product will fall to the superior products.
+++ATHZ 99:5:80
This should be interesting to find out if governments will actually do MS's work for them? And for that matter, why should a government do MS's work, and then pay for all the millions of copies of Office, when they can simply go into OpenOffice and update that one and then elect to upgrade to SO or stay with OO.
I prefer the "u" in honour as it seems to be missing these days.
I agree that there is a high amount of MS bashing on this site but keep in mind that this site's target audience is not the typical MS apostle.
This is little more than a metacomment, but I have to say this. I'm really not sure that anyone here who finds a problem with MS's actions is anti-MS. The truth is, this is a bullsh. cop-out release of source code. This is NOT open source code.
Also, it is unbearably true that Microsoft has been dealing more and more directly with government officials these days. And taxpayers do, in fact, pay for absolutely everything a government does.
I'm not upset about this particular issue. I'm upset enough about the nature of Longhorn. But these are valid points.
Please stop stalking me, bro.
I don't know about the rest of the world, but generally People Working At Governments aren't exactly the best and brightest or the best motivated workers. Let's call them Very Good at being Mediocre.
Imagine the following:
Boss: Jim, you're a programmer right?
Jim: uh, right
Boss: Management told me to inspect some code for bugs. I tossed it to the printer. Can you mark all the bugs with magic marker?
Exercise caution when modding this message up: the author acts like a jerk when his karma is excellent.
If developers who look at MS Office code are prhobited thereafter from working on other software projects such as open source projects that cross Office's domain, how many less contributers might there be to open source projects as a result of this?
If a government is going to have to go through all the trouble of inspecting code for security flaws, why not just inspect open source software and at least be able to have a return on investment?
It's one thing when the burden of providing secure code is shared between developer and user in the case of open source software since the benefits and rights to the code are also shared. But in the case of proprietary commercial software, I expect this burden to be on the vendor. The "privilege" of inspecting the source code is really just asking customers for free quality testing. Moreover, if the situation gets to the point that security inspections are needed, then you've chosen the wrong vendor.
Who said Freedom was Fair?
Forget the legal recourse, just check the more shady BT repositories for the CD set because you KNOW someone's going to leak it out of spite. I give it a month after release before the "Office 2005 davelopers soarce kit pack" hits the streets on the pacific rim and a week more before it gets to middle eastern markets to be bought for 10 dinars by returning US servicemen/women.
CDs marked "Windows 99" were on the street in Bahrain and Saudi Arabia before I even bought my first win98 upgrade cd, and this probably won't be any different.
People keep talking about programmers becoming tainted by looking at proprietary source code, but has anyone ever been sued or prosecuted after having done so?
This is not nearly enough to satisfy governments. First of all, code that they don't compile themselves is not guaranteed to stem from the same set of sources. Second, the source code to the OS, and to the compilers is needed as well, because, hey, what does that black box kernel, dll, or compiler toolkit add to the pristine source?
Responsible governments would either avoid closed-source products completely, or they should require a complete source code system that they could bootstrap themselves. No hidden binary at all!
Would Microsoft provide such a complete, source code system that could bootstrap itself? It was reported many times earlier that they are having a helluvatime to maintain their own compiling environment. Would they be able to package it in such a way that non-Microsoft personnel could do something with it...
... assuming that they were sincere, and not just pulling a cheap PR stunt?
cpghost at Cordula's Web.
The Demise of Microsoft
In the long saga of the battle between the world and its detested adversary,
the Microsoft corporation, everybody is dying to see how the movie end.
Everybody also knows that in the movie the antagonist always dies at the end,
but the question is how? To most who detest Microsoft vehemently they would
like to see a quick and horrid death and those who detest even more so would
only find a sadistic pleasure in seeing nothing less than having Microsoft being
slowly skinned alive on a burning stake.
An IT Fairy Tale
Once upon the time, there was a computer software company named Microsoft,
whose craftiness in marketing made it become one of the most popular software company
on the planet. However, once that company attained its dominant position
in the marketplace, greed and fear filled the unsettled soul of Microsoft.
The company then aggressively pursued and eliminated almost all of its contenders,
names that once were legends one by one fell to Microsoft's sword, WordPerfect,
Borland, Novell, Netscape, Corel and more. Soon, people saw Microsoft for what
it was, a cunning roguish company that had no conscience to stop itself doing whatever
it needs to achieve its ambitions. All the other software companies
realized that there will be no end to Microsoft's unquenchable thirst for power but
none dared to challenge Microsoft until one day a young knight developed an operating
system called Linux. Linux came with a license called Open Source, which represented
to all the other companies a platform from which they can rally together in a
silent treaty to overthrow the software tyrant. One day, Microsoft woke up
and saw a huge army amassed upon the hills, companies that once were shot, wounded,
cheated and humiliated now all carry the same banner, the flag of Linux. Amongst
the valiant warriors, were IBM, Novell, Sun, Oracle, Sony, Fujitsu, Red Hat and CA and
amongst the catapults and shields they used were forged from the power of Open Source,
Apache, OpenOffice, Mozilla, PosgreSQL, MySql, Python, PHP, Samba and much
more. What Microsoft saw shook its heart, however its power to control the market
is still immense and with 56 billion dollars in the vault, its going to put up a very
good fight. This is the year 2004 and the battle has just begun.
The Crystal Ball
So my young seer, you wish to see how this battle unfold? First, you have to understand
how unlike previous battles where the companies were easily and ruthlessly cut down
by Microsoft, this time the catapults and shields that the Allies formed from Open Source
were impenetrable, in fact, the more Microsoft attacked the slowly advancing catapults and shields,
the stronger the catapults and shields became. How can that be? The magic of Open Source.
All artifacts created from Open Source do not obey the laws of the jungle, first of all
artifacts are immortalized by having the source code freely distributed across the
earth, as Microsoft attacks one point more heads would sprout from different places.
Another power of Open Source is leverage, in the old times when a developer was to
write a software, he practically has to write most of the libraries himself/herself or
purchase or license expensive code sets from other companies like Microsoft. Nowadays,
these libraries are all available freely from Open Source, graphics libraries,
network libraries, XML libraries, parsers, compilers, were all there for all to share.
This is the leverage that hasn't been available to developers before, now all the
Davids have slingshots.
Rebellion of the Serfs
Back to that same once ancient period, almost all developers lived under the direction and
command of Microsoft. Their blind obedience contributed immensely to
the growth of Microsoft. They created applications of all sorts of shapes
and sizes which made the Microsoft platform very popular. All these times
This isn't what it seems its really a fly trap in disguise. Anyone looking at this code will legally be tainted and will have allot of problems producing "open source code". I'm supprised it took Microsoft this long to figure out it could lock in people even more so buy showing them the source code with a big nasty shared source license/contract attached that removes all your rights as a programmer. Yep your now Bills, slave you have seen the forbidden ones true makings though shall not go to open source Nirvana thou shall always be my slave mwahahaha
Other than Adobe Acrobat, is there a program (Open- or Closed-source) that allows PDFs to be edited?
Yes, I have read the PDF specification, so I know that changes can (at least in theory) be tracked and encrypted etc.
However, I have yet to find a single program that can *edit* PDF and do a decent job of round-tripping it as opposed to just outputting PDF as OOo and PDFCreator do.
Karma points for reasonable suggestions.
Hang on a second. I thought that even if you let other people review your source code, they're highly unlikely to do so. Isn't that one of the arguments that the anti-OSS crowd march out all the time? Now, Microsoft are doing it, and they're telling people it's for security purposes. Aren't they conceding that this argument is flawed, if they themselves can see some merit in doing so?
Coming up in the news, Microsoft will announce it will start making good design choices, writing good documentation, publishing their binary file formats, and giving away their flagship software for free. For the government. Foreign ones, even. Probably.
Attack its weak point for massive damage!
It's not the eyeballs that make open source attractive, it's the lack of central control.
If Office was open sourced we could pull the design flaws that lead to security holes out. Back in the '90s there was a smart fellow in Florida who came up with an effective counter to the word macro virus problem... he came up with a macro that disabled all the automatically executing macros, so you could open a Word document with macros without having them trigger. Unfortunately a later version of Word disabled it as part of Microsoft's virus protection feature. Unfortunately Microsoft's feature gave you the option of completely disabling and hiding all the macros, so you couldn't even see what they were, and leaving them enabled. So if you actually needed to use macros you were just as exposed as if they had done nothing... worse, in fact, because you couldn't kill the autoexecute capability.
In an open source project we could back that out, we could even restrict macros to making changes in their own document only, so they couldn't propogate or do harm. But no matter how many eyeballs there are on the code, if the brains behind the eyeballs can't make changes then there's not much point... even if every line of Word was free of buffer overflows, so long as it's got that powerful a macro language with no way to control it the basic security problem remains.
I believe this is called having one's cake and trying to eat it too.
--Rick "If it isn't broken, take it apart and find out why."