Slashdot Mirror
Microsoft Ponders Shared-Sourcing SQL Server
i_frame writes "C|net is reporting in an interview with Tom Rizo, director of product management in Microsoft's SQL server unit, that 'the company is thinking about including the forthcoming SQL Server 2005 in Microsoft's shared-source program for disclosing product source to customers'.
Is Microsoft reinventing themselves, and are they ready to learn the benefits of open source?" From the article: "It's not finalized. It's not anything there, but if a lot of customers demand it, we'll definitely look at doing shared source with SQL Server..."
It is look but do not touch
Microsoft may be willing to open up the source to allow for open peer review of its app; this may be a necessity to stay in the government contracts. The still won't be giving people an open "GPL" type license to use it. Knowing M$, they will find a way to realease enough source to review but not to compile it...
This is just another attempt to try to dillute the term "open-source" by injecting their new buzzword "shared-source".
The preceding message was based on actual events. Only the names, locations and events have been changed.
They said they would consider it if they received sufficient requests from customers. Thats like me saying I would consider it if I received enough request for me to wear a tutu while on site with clients. At the end of the day consideration is not action.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
As part of our Shared-Source[tm] initiative, you have requested to see the main SQL server[tm] source code.
We at Microsoft[tm] strive to meet customer demands. As part of the Shared-Source[tm] initiative, we are happy to disclose parts of our source code, in stages, after approval of our Customer's requests.
Your request has been approved. Please find attached to this email the main SQL server[tm] source code.
We hope this source code disclosure meets your requirements. The next scheduled disclosure will happen in 450 days.
Regards,
Joe Blow, Customers Satisfaction Manager, Microsoft Corp.
PROJECT: SQL_SERVER
FILE: main.c
*/
#include <common.h>
main(int argc, char **argv)
{
start_sqlserver(argc,argv);
}
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I have a tough time believing that you have the skill to make genuinely useful improvements to the Linux kernel... yet somehow seem totally unable to understand the GPL.
Oh well!
(yeah, parent's a troll, but I'm bored).
shared source is not opensource or a license like BSD or GPL so I'm not interested an I will stay with potsgres.
Do they need permission from sybase to do that?
GETPKG - Package Management for Slackware
1) Ship half-arsed product.
2) Let customers spot and fix all bugs, but don't give them the right to use the code they write.
3) Charge same customers again for new and improved product.
4) Profit!
At least until they find out what Free software is really all about... at which point the game is up.
I really wonder those shared-source service of Microsoft? Is it checking source only one time? I hardly believe any other developer get to the point he wanted by just checking source at once. So it's actually no use at all apart from marketting trick.
That gets posted in practically every thread on /.
It's not even a matter of understanding the GPL, they have no idea what they are talking about (Gnu Protective License?! come on).
It still needs an non-free OS, so it's hardly free beer.
Still Interesting to see how Linux/Apache/Mysql/PostgresSQL is shadowing microsoft - They are giving IIS away free, they have to sell WS 2003 web edition cheaper xp home, and now they have to give sql server for free... Ms users should be happy about the competition.
But Shared source is a hideous "Have a look, don't touch, and definetly don't touch any competing product after looking at this". Nice if you are a researcher, but it escapes me why do research where only one corporation can profit from it, when there are less restricting alternatives.
Regardless of the fact that 'shared source' is not 'open source' ( actually its worse, as it could potentially create 'tainted programmers' and ruin their careers, and any open project they touch ) i dont see Microsoft letting anyone take a peek at one of their few GOOD products..
Too much risk for them. Just imagine the next 'slammer worm'...
---- Booth was a patriot ----
While shared source is not nearly as good as open source, this is pretty dramatic stuff. Microsoft would only be discussing this publicly if they believe that they're getting seriously hurt by open source stuff, e.g., PostgreSQL and mySQL.
This means that open source is really and truly getting a serious chunk of the market.
Personally, I've been using PostgreSQL in situations where I'd otherwise be using SQL Server if PostgreSQL did not exist. PostgreSQL is phenomenally powerful and robust. And, for those who want to go the Windows route, its new Windows installer is so user-friendly that it approaches SQL Server in that department.
How exactly does shared source work? With various other FREE and Open-Source databases out there (MySQL, PostGreSQL) then why would people be tempted? The TCO of a windows server is lower admittedly but that's only because your server management team need to be less skilled to start with. With a linux/unix server you're stuck with a system that requires more competant Admins right from the start but once the system is up and running they get to sit around all day playing tetris. Without getting into the linux/windows debate surely microsoft opening up their systems to any kind of peer review is better than them keeping it closed down? Hopefully with it being open (and I hop ethey mean the recent versions and not MS-SQL2000) then maybe more skilled developers can take a look at the code and pass across suggestions? Even if we end up suggesting improvements for MSSQL surely that's better than trying to pander to MS to improve a flawed system? (by flawed I mean that MS_SQL has severe problems when your DB gets to 2TB). Just a thought.
SQL Server is a joy to use, in medium-sized databases. So if MS was truly sharing it with the world gratis, that would be wonderful.
But the bigger concern is that by opening their source code, every open source database is now subject to a lawsuit from MS, claiming that it misappropriated some for-loop or comment line that appeared in SQL Server.
IMHO, the open-source DBs are catching up to SQL Server just fine, and would be far better off without the lawsuit risks associated with MS exposing its source code.
syb_open(...), syb_close(...), syb_reindex(...)
I have not used shared source, so please correct me if I misunderstand this:
When they did this to ATL 7, that seemed useful since that is a lightweight library that developers commonly call into. A C++ developer could trace into it and it would help them figure out a crash in their app, or contribute bug fixes/improvements to ATL7.
I want access to the source for libraries that I call into directly such as MFC. That would me debug MFC applications better. Shared source of IE would help me figure out why IE doesn't render something properly or why it crashes when I embed it in my application to do something.
But what good is shared source to SQL server? SQL server isn't a library I call into directly. I don't plug-in to it or link to it directly. It is a huge program, and not likely that an individual developer will find bugs or contribute patches to it. So what's the point? Do I understand the purpose of shared source?
Oh Microsoft, oh great giant, have thou at last found the joys of open source?
Will thy code be available to me, as it now is to thy developers or thy partners?
Will the flag of Windows proudly flutter beside Tux, no longer divided, but united?
Will it?
Will it?
I do not think so, Microsoft.
>Is Microsoft reinventing themselves, and are >they ready to learn the benefits of open source?
NO. Messages like the above only serve to confuse and distract. Microsoft's shared-source scheme is nothing like open-source.
'Nuff said. Rumor has it that this even has some lower level marketing types at Oracle a little nervous.
My office has been taken over by iPod people.
While not exactly source code, I was very impressed to see the inclusion of the SQL Server 2000 System Tables when I got my copy eons ago. Now with the hints of shared-source, I'm actually less suprised than I might have been.
-- In Soviet Russia, radio listens to YOU!
Once you look at someone else's source code, you run the risk that they claim that your own future work is "derived" from theirs. Some shared source agreements are quite explicit about that, while others are merely silent on the issue. Some shared source agreements also explicitly state that the code you are looking at is unpublished and contains trade secret information.
The only way to guard against those claims is not to look at other people's source code unless the license not only permits you to look but explicitly permits you to reuse. Open source licenses do that, shared source licenses don't.
Shared source isn't new. AT&T UNIX and DEC VMS were "shared source", for example. Companies hand out shared source licenses because they are too cheap to fix their own bugs and want to get bug reports with fixes from customers, because they want customers to be tied more closely to their product (making it harder to switch), because they want others to do their porting work for them, and/or because they actually want to lay traps for open source developers.
If you have looked at any shared source source code under a non-open source license, do not work on any related open source or proprietary project; you would be putting those projects in jeopardy. Do not be fooled by "shared source" that's downloadable with a click-through: it may look like open source at first glance, but whether it's downloadable or whether you have to go into a room with five lawyers and sign an elaborate agreement may make some difference if it came to a court case, but it doesn't change the principle. Furthermore, most of those cases won't get to court: your future employer or open source project will probably unceremoniously dump you if there is even a hint that you have looked at shared source.
In other words, before you look at some company's proprietary source code, think carefully whether you want that company to own a piece of your brain for the rest of your life, because that's what it comes down to.
What about the Timeline patents? Is this going to be used to allow Timeline to harass companies other than MS?
I suppose the freetds folks could benefit from it, but SQLServer is probably patent encumbered, so perhaps they'll avoid looking ?
WTL is FREE and OPEN and its pretty damn good. What I would like to see is somebody port this to Linux as a PORTING aid to help get more apps onto the linux desktop.
WTL
I wonder how much of the SQLServer code base is actually Sybase code still? Could get interesting from a legal perspective if they ever did try and release it under shared source.
1) Ship half-arsed product.
2) Let customers spot and fix all bugs
Why is this +5 insightful? If you think MS SQL server is "half-arsed" or somehow not mature enough to have had the bugs shaken out of it yet, then you have clearly never ever used it.
If you ever write code that even looks remotely like something M$ put out as "shared" source, and whatever you write has some commercial success, what do you think M$ is going to do to you?
Yeah - sue your ass off.
Never let M$ shared source touch any computer you log on to.
Maybe that's the problem with all the bugs M$ releases: their developers don't even bother to compile and test their code!
Compare it with a dictatorship where all decisions are exposed to the public. The public can whine, rant, yell, scream, protest, but it's still the govt's decision anyway.
Open Source is in contrast, a democratic government, run by the people. Open source isn't about "opening" your source. Open source projects are community driven, designed for and by the people.
If Microsoft wants to share its SQL server source, they must ensure:
a) That the whole thing is released so people can compile it at home,
b) Support the community requests to change this or that part of the code
and most important, c),
NOT use this as a weapon to end the competition. How do we know that they'll sue open source projects because one of their developers has even glimpsed at Microsoft code?
Call it FUD if you like, but As much as Bill says GPL can infect projects, I fear that the "microsoft share code" will "infect" open source projects so that Bill can sue them all and vanquish the competition.
Because you can't compile the code, you have no way to verify that it is even the right source code.
The only thing you will get is [i]some[/i] source code. It might be from a 5-year old version of the product, it might even be from another product.
Once you look at M$ "shared" source, you're tainted - you're now subject to having M$ review all the code you ever write to make sure you didn't "steal" the ideas you saw in M$'s code.
Have a nice career - my company won't even interview anyone who's signed one of those "agreements" that allow folks to see M$ code. You have to sign an affadavit that you've never done such a thing to work with us.
Bill G: Steve, are you pondering what I'm pondering ?
Steve B: Sure Bill. But how are we going to find chaps our size?
1) They tried to 'dirty' open source, and still do, calling it viral, commie... dirty words in the US/IT dictionary.
2) Open source is a big buzz word, something each IT manager is worrying his job over.
3) Open source is seen as growing competition against M$, they want to remove any unique selling points
4) pressure from gov's looking to switch to open source
IBM have opensourced a DB, sun have/are about to.
So Microsoft invent shared source... I thin they were forced to do this... so they went along... it is pathetic at least.
Now they are trying to us thier 'shared source' to confuse the unwashed masses that microsoft has the benefits of open source... the best of both worlds... pathetic shit like that.
still, doesn't work on me.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
That's right, I suffer from the presence of the britsh island in Europe, too. Average IQ would be higher without you.
It's going to be hard for Microsoft to talk out of both sides of its propaganda mouth on "Shared Source". They've got 3 points they hammer Open Source on:
1> No corporate accountability
But there are big, sueable companies which specialize in open source support contracts: IBM, Novell, RedHat. Their bizmodel is exactly consistent with Microsoft's whining that SW TCO comes from the support costs, not the purchase. While Microsoft's model treats support as a burden, an afterthought. And with all its noninterop, bugs and holes, the MS support costs are huge. And sueing Microsoft is a nightmare from which few ever wake.
2> Insecurity through unobscurity
The idea that open source is insecure because anyone can see its holes, compared to the safely secret closed source, is preposterous. It's plain wrong, as esoteric security experts have explained for years. As open source becomes more common, and people switch to Firefox after the press and their companies have actually checked the source code for problems, everyone will know that transparency means reliability.
3> Source pedigree makes it safer
This is the actual HW for MS closed source defense. They claim that you don't know where open source code comes from, so you can't trust it, while MS code comes from MS, a known quantity. Of course, no one knows who those MS programmers are from which their code comes. Certainly no one outside MS, and often no one inside, as their own project management sacrifices details in favor of shipping schedules. But this point goes to the heart of the value of the Microsoft brand, with which no open source group can yet compete. Even Firefox is too new to have longterm trust - one high-profile security debacle (perhaps manufactured at the MS Security/PR labs) will degrade its brand compared to familiar old Microsoft. But since reality is on the side of open source, it's just a matter of proper promotion. And "paper trails" - more documentation of releases for companies and people to consume. An killer PR app would be an easy web interface that lets anyone click a feature of an app, and get the documentation, the source code (with checkin/patch-post attribution), bugzilla items, and the discussions of the developers within just that feature's source. That would shine a light through the transparent open source process. Of course it would be a great help to people quickly scaling the learning curve to help with a single feature that interests them. But it would make completely obvious, in an executable fashion, just how clear are the open source version control, pedigrees and project management. While the closed source will be obviously dark, obscured and mysterious in comparison.
--
make install -not war
Yes, get over it. I'd rather microsoft NOT share its source code. Microsoft isn't exactly well known for security, and if finding loopholes in policies, buffer overrides, ect is as easy as it is now without the source, imagine how much easier it will be WITH the source? Need I remind everyone what happened a few years ago when SQL Server got wormed up the ass and took out a third of the internet with it? It probally would've been worse, if the creators of the worm saw the source code for SQL Server.
It's very different to start a project as open source and keep that way, then to take a "mature" application and share its sourcecode 5 years down the road. And this has nothing to do with money, the risks financially are superfluous compared to the security implications. A big company will take weeks, even months to fix security holes while a large open source project will take hours, maybe days, it's just one quick visit to the CVS tree for an update. When people are going to find exploits in MS code, hell will be unleashed.
So MS, please, either learn security, or keep your code to yourself.
The thing about the "shared source" concept that cements its place in the Uselessness Hall of Fame is that it is wholly insufficient to help you, the implementor, say "This is the binary that is compiled from this source code." Study it and audit it all you want; this deal gives you no way at all (legally, at least) to demonstrate and know that what you're seeing is what you're running.
So, any notion of "open peer review" is broken before it starts. Any Government agency or private sector outfit who falls for this ruse of Microsoft's is foolish.
Many above have mentioned that Shared Source is a one way system. It only benefits the owner (Microsoft), by having lots of eyes (and brains) on their code.
Ingres source was also opened recently. It did not do them much good. Hope that Microsoft learns the lesson there.
This is mainly a PR ploy: they want to say that they are "open" too, and they are putting out the source like others do, so they are like Linux et. al.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Of all the things they could open, this is one I'm pretty happy they've have the caps on.
SQL server is the only product to my knowledge that preforms reasonably well, is incredibly stable and is probably the least affected by malicious attacks. (yes I know that's still a lot of attacks, just less than windows/iis/ie)
It's so touchy opening a product up that's in use already in the market. At least in opensource, there's a public alpha and beta and people have a chance to work out some of the bugs/exploits before the product hits peoples production environments.
Q: Would Microsoft willingly let crackers view its source code?
A: Of course not.
Yet this is what Open Source software has been doing for years.
The Shared Source way of allowing select users to check code for flaws is fine; but, surely one of the greatest benefits of Open Source is that anybody can see it?
Secure coding is mandatory for popular Open Source software - it's a prime target!
Open Source software can stand up to being thrown to the masses, yet Microsoft prefers security through obscurity.
Shared source is a way of achieving security through obscurity, while allowing others to find your bugs for free (and then charging the same users to upgrade to the latest version for enhanced security).
Linux/Open Source/Anti Microsoft News
you mean the source code that originally belonged to Sybase
The lunatic is in my head
Eventually, it will become a good idea for Microsoft to create a charity and donate its code to get a multi billion dollar tax writeoff, but they already missed the boat with Windows95, since it is obsolete and donating that to a charity would be such a transparent move that the IRS probably won't accept it.
Since the vast majority of the SQL Server codebase is straight from Sybase (that's where MS licensed the database from in the first place), M$ has little to lose by opening the kimono on SQL Server with other BigCo licensees.
What a strange bird is the pelican, his beak can hold more than his belly can.
I modify software I work with quite a bit, actually.
... I rather doubt code mods would be a big step above the often rather major surgery they already do. I've certainly heard enough people swearing about being unable to change a particular setting via group policy....
I usually do so unhappily, bitching and moaning the whole time, as I'd prefer not to have to - but if I need a cusomisation for my site that's not configurable, I'll still modify the product if necessary.
I also fix the odd problematic bug and provide a patch with my bug report. As somone who does OSS development work, I *know* how happy that makes the developers.
That said, I'm working under different constraints than apply to a company buying MS software. We "pay" some of the gains we make on licensing in fixing the bloody software so it does what we need and does it properly. For my workplace this turns out well, for others it probably doesn't. I had someone to scream at for support who would actually fix things, I'd prefer to do that.
I do think the ability to modify MS products would be useful for some. Look at the extent of modifications many outfits already do to their SOEs
Shared source is bullshit.
There is an argument for security by obscurity. I am completely unconvinced by it, but it's there. So now you take a product that is highly dependent upon obscurity for its security and you let (world - dog) check it out. Now the set of people who can audit for vulnerabilities is larger. Oooh - I'm sure there's no economic espionage coming from China! I'm sure there's no maladjusted contract programmer at THIS Fortune 1000 company going to share the shared source on IRC. But we're still gonna cut off peer review and correction.
It's the worst of both worlds.
WTF and WTP (What's The Point).
...for them to submit this to the press and soak up the free publicity and subconscious geek cred?
Nothing.
So I give them their points for better marketing - even if the sentiment stops at the "pondering" stage.
and what's yours is ours too...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
You don't get enough of the code to compile the entire server. Also, modifications and patches are against the license. RTFA
SQL Server has some features that aren't yet in Postgresql(I'm thinking clustering and some aspects of the web services interface). Shared Source SQL Server would mean that folks like the Wine team could probably get SQL Server running flawlessly under Linux/FreeBSD. I can believe some folks might actually use this configuration-but I suspect Postgresql and MySQL will get equivalent features soon enough there won't be much point.
I wonder what would happen if Bill suddenly woke up one day and said "What the hell are we doing, I should have seen that Open Source is the future!" And after this revelation decided to be truly open, instead of playing the current games they're playing?
Of course they wouldn't make everything open source. What impacts would a REAL change in strategy mean for the community?
GJC
Gregory Casamento
## Chief Maintainer for GNUstep
Shared Source is simply a way to allow certain users (gov't primarily) to review code for certain audits. It is in no way a relative of Open Source. MS would not be offering the code to just anyone who wants to download it. It is in very controlled circumstances with NDA's being signed. The comparisons to "opening up" code in a limited fashion are just silly. It's comparing apples to oranges.
Big deal.
Microsoft is just finally doing something to fight against postgresql, which finally has a fast and easy install for windows machines.
George Bush + Linux = "I will not let information get in the way of the fight against Windows"
Stuff as complex as a mature RDBMS can't be suddenly open-sourced. It's all about the learning curve, which is too steep due to size, quality and complexity of the codebase.
Size/complexity: It's HUGE! Parser, optimiser, thread pooler, memory manager, read and write sorting...
Quality: The code's a mess because there hasn't been the scrubbing effect of collaboration.
There's too much to assimilate before anyone can make a meaningful contribution. So no one will contribute. Without contribution, there is no peer acclaim. The Bazaar fails to open for business, because it looks and smells like a Cathedral. And there's a tax collector lurking by the door.
Borland already tried this trick with Interbase and it failed. At the time this puzzled me. Interbase was a pretty good DB, and had superb quality JDBC drivers (making it my preference of the day).
Day after day, people didn't change Interbase, they just downloaded and used it.
Across the road, a much less complete DB called MySQL got all the attention. Why? Primarily BECAUSE it was much less complete. What can you contribute to a complete working product? MySQL was simpler, there were still plenty of trails to blaze for those seeking recognition and it had a functioning OSS community to offer acclaim and assistance.
I wish MS would share the @$#%@!! dotnet source. Now THAT would be useful. Handy for the Mono crowd, too...
- They were using myisam tables
- They were running an old version of linux with broken fsync
- They were using non-battery backed disk cache
The first is the most common cause of corruption in mysql databases. The last two would have killed any database.now give me a headline
If MS-Shared Source is anything other than a PR move, then perhaps it is to taint developers to prevent them from contributing to free or open source projects in the future.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.