Microsoft Discloses 14,000 Pages of Coding Secrets

OrochimaruVoldemort writes "In an unexpected move, Microsoft has disclosed 14,000 pages of coding secrets. According to The Register: 'This is Microsoft's latest effort to satisfy anti-trust concerns of the European Union, which is possibly a tougher adversary for the company than Google.' The article mentioned that this will be done in three phases. 'Between now and June it will garner feedback from the developer community. Then, at the end of June, Microsoft will publish the final versions of technical documentation — along with definitive patent licensing terms.' Lets just hope those terms are pro open source."

bring on the virii

[seanadams.com]

Unlike existing open source projects, these protocols/code/APIs have never been scrutinized by independent security experts. I'll bet this reveals hundreds of new attack vectors.

WINE

[Bitter+and+Cynical]

Can anyone (intelligently) comment on the implications for projects like WINE? It seems that having so much information released would benefit these efforts in some manner, yes?

Re:WINE

[Your.Master]

Or, maybe they just have some common libraries throughout the company which could hypothetically be implemented by anybody else. Most large software companies I've been in have had one.

You can see that in things like DUI, which is used by people interacting with Windows Live Messenger and is a distinct dll shipping with Windows.

I have seen the Windows source code. I was at such an academic institution. I didn't read the whole thing top to bottom, but I didn't see any secret APIs or undocumented advantageous interactions.

And many others have seen it to. The Windows source IS widely available to governments and academics. If there were said secret APIs, they would be known by more than just you.

I've seen this meme travel around and I'm glad it's quieted over time. Hell, maybe at one point in the past there was something to it; I don't know.

Pick on Microsoft for valid reasons, not made-up ones. Unless you have some evidence of this?

Re:Ummmm, no

[Airconditioning]

Wasn't the JPEG vulnerability discovered after the source code leak?

Re:Ummmm, no

[Victor+Antolini]

People said this same thing when the Windows 2000 source code leaked. Nothing happened.
Well, I wouldn't say that nothing happened:

http://www.securitytracker.com/alerts/2004/Feb/1009067.html
It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.
The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

Ok, I know it's not much but sure is something!

You stole our code!

[Auraiken]

I'm starting to think that this looks a whole lot like the 'we know there is source code from windows in your apps' thing. It might look good for MS to the EU, but it also looks extremely well for MS if they put in some legal clauses into the documents and twist their tongue around making it look friendly.

Could open up a whole new can of worms where they start taking out open source projects based on the fact that those people have SEEN the code.

Re:Well of course not

[Thinboy00]

I've seen software offered under a dual license: either the release or a slightly outdated release is GPL or whatever, and either the dev version or the latest release is proprietary, eventually becoming GPL as new ones come out. See www.virtualbox.org

Re:Documentation

As one of the several thousand people at Microsoft who write specs--I assure you, EVERYTHING has a spec before it becomes code. (Posted anonymously since we Slashdotters aren't supposed to work at Microsoft. :) )

Re:Why is parent flamebait?

[setagllib]

You got modded interesting instead of funny. The mods must know something the rest of us don't.

The problem is

[Sycraft-fu]

I think you'll find may who don't agree. I've gotten in to this same argument many times before. Personally, I think open standards are open source friendly. You can get a license for them, distribute your program with full source included, with whatever mods you like, and so on. Only requirement is you have to pay licensing. I see no problem.

However I've found that view is not common in the OSS community. Many seem to think it is only truly open if you can have it for free. They seem to think the GNU/GPL idea is the One True OSSS(tm) and anything else isn't open.

So that's what I mean. I imagine MS's terms will be perfectly friendly to having the source code open, as it'll have to be that way if it is an open standard. You get the code for MPEG-4 or VC-1, for example. However I do imagine that, like those, it'll cost money. So while someone could buy a license and make something for Linux based on the code by paying the fee, they couldn't just take the code for free and use it to make something.

Re:Why is parent flamebait?

[jimicus]

MS has NEVER done anything yet that is pro open source

You'd better tell the Samba people that. They think they've been given the documentation for the protocols they implement under a reasonable license which will significantly aid development:

    http://news.samba.org/announcements/pfif/

Re:Why is parent flamebait?

[aweraw]

Only because they were forced to by the EU. They rarely, if ever, do anything pro open source unless they're forced or they see a large benefit to their platforms (e.g. WiX - it's used to create installer packages for Windows.)