Microsoft Releases Source Code For Web Sandbox

nandemoari writes "After flirting with open source development for some time, Microsoft has made another step towards real commitment with the release of source code for Web Sandbox, a program used to test and secure web site content. The Sandbox source code will be released under the Apache 2.0 license, an open source license agreement allowing the content creator to maintain copyright while permitting others to develop the product for their own use. Microsoft has gradually been increasing their involvement with the Apache Software Foundation (ASF) since 2008 when they agreed to fund development of certain ASF initiatives."

Excellent.

[Corpuscavernosa]

I'll assume that Windows kernel, IE, Office, and that new song making program are next!

The deep end

[Temujin_12]

An interesting section of code:

if (sandbox.isDeepEnd()) {
      Message message = sandbox.getLeprechaun().getMessage();

      if (MessageInterpreter::isBurnCommand(message)) {
            environment.burnItAll();
      }
}

self.citeRalphism();

Rule of Acquisition #76

[NonUniqueNickname]

Every once in a while, declare peace. It confuses the hell out of your enemies.

Profit!!!

[carrier+lost]

Microsoft has gradually been increasing their involvement with the Apache Software Foundation (ASF) since 2008 when they agreed to fund development of certain ASF initiatives.

The whole "Embrace, Extend and Extinguish" thing is sure taking a lot longer these days...

Apache?

[qoncept]

The really surprising part of this story, to me, is that Microsoft didn't draft it's own, new license for this.

Re:Apache?

[glenstar]

Um... the Apache license is MUCH more free than the GPL in that you can do anything you want with it, including closing it if you are so inclined. Plus you don't have to buy into the feverish and rabid philosophy of the majority of GPL disciples.

Plus, let's flip this on its head: do you REALLY want to have to publish your changes so that Microsoft can take advantage of your hard work?

Re:Apache?

[ianare]

No it is compatible with GPLv3, and Apache licensed software and Linux have always played nice (there's this minor thing you might have heard of, called 'httpd').

Re:Apache?

[FranTaylor]

I want to publish my changes so that EVERYONE can take advantage of my hard work.

Re:Apache?

[h4rr4r]

The GPL protects the "commons", the other open licenses do not. With another license like the Apache one microsoft or anyone else is free to take the code close it up and sell a product that makes the open version obsolete or at best less featured.

The freedom for end users to have and be able to modify the source is the only one that really means anything.

Re:Apache?

[JustinOpinion]

If you'll indulge a tangent here...

the Apache license is MUCH more free than the GPL

I find the debates about which OSS license is "most free" to be rather silly, because:
1. All the "major" OSS licenses (GPL, BSD, Apache, etc.) are awesome, in my opinion. They all do great things and greatly help free software. So debating about which one is "the best" seems counter-productive because it obscures the fact that they are all good.

2. The debates usually have an implicit assumption that "freedom" is a one-dimensional axis, and we are trying to maximize the amount of "freedom." Occasionally someone will insightfully explain how freedom is more complex: one person's freedom may come at the expense of another; you need to distinguish between user freedom, developer freedom, distributor freedom; etc. Overall I prefer to think of "freedom" as being multi-dimensional.* A particular license may maximize along one freedom-axis, while not being maximal along another freedom-axis. And there may not be any license which simultaneously maximizes along every axis. Hence no such thing as the "most free" license. (But there may still be ways to rank things; e.g. most proprietary licenses are less free along every axis.) In other words (and you would think this would be obvious): the "best" license depends very much on the particular situation and one's particular priorities.

(* I believe this multi-dimensionality applies to many "wavy-gravy" human concepts/principles/emotions. Too frequently we argue about things as if they were binary or 1-dimensional, when even a cursory analysis shows them to be more complex than that.)

Re:Apache?

[lucas_picador]

Um... the Apache license is MUCH more free than the GPL in that you can do anything you want with it, including closing it if you are so inclined.

Yeah, just like America was a much freer place in 1750 because you were free to own slaves or to sell yourself into indentured servitude.

Re:Apache?

[glenstar]

There is nothing stopping other from enjoying your work under the Apache license.

Re:Apache?

[glenstar]

The end-use has just as much access to the original project under Apache (or BSD) as they do under the GPL...but they may not necessarily have access to the changes that a developer makes to the original. I don't see this as a giant hurdle since the only people who would give a flying fuck about source are developers and they are perfectly capable (maybe) of adding whatever changes they want to the original.
</dragged_into_troll_debate>

Ray Ozzie

Given Wired's article on Ray Ozzie, this doesn't surprise me. Ray seems to really believe the future of Microsoft lies firmly in the cloud, and the Microsoft is behind the curve in that arena.

Trusting your business to the cloud, and Microsoft's cloud means you must trust them for security.

Microsoft, internet and security haven't exactly gone together over the years.

Maybe this is an honest effort to improve how IT professionals view Microsoft's commitment to web security.

Update the Microsoft icon?

[RevWaldo]

Isn't it about time the Microsoft icon was updated? Bill the Gates is doing other things these days and who follows ST-TNG anymore?
Maybe a screaming Steve Ballmer in a Darth Vader helmet instead?

Re:Update the Microsoft icon?

[Colonel+Korn]

He is the most meaningfully philanthropic billionaire. As of a year or two ago he'd given 56% of his total accumulated wealth to charity over his lifetime. That's pretty cool, and the B&M Gates Foundation does a lot of great stuff, like pay for my local NPR and PBS stations. Compare to, oh, the Walmart heirs, who have given less than 0.01% of their wealth to philanthropic causes.

Don't Forget Rule of Acquisition #48

[rsmith-mac]

The bigger the smile, the sharper the knife.

Coming around finally?

[Mephistophocles]

I'm not ready to condemn this MS move as some sort of veiled treachery quite yet. There's no denying that Open Source is finally beginning to transform the marketplace. Couple of reasons for that IMHO - one is Microsoft's decline in recent years, if not as a market-share holder than at least in terms of reputation (and I mean reputation in the eyes of the average consumer, not the tech world). The other might be the slow but sure loss of market-share by entertainment giants (extrapolate to your heart's content - it's not coincidence that Vista's copyright protection measures caused, in large part, it's bad reputation, and those measures were dictated by the entertainment industry). I think we just might be beginning to see the fall of copyright law, at least as we know it today. Open source has contributed a lot to that. MS just might be beginning to see the light at the end of the tunnel.

Re:So what?

[NineNine]

That's cutting your nose off to spite your face. Free Software is only useful on Linux, then? That seems absurd. There's no reason that free software can't exist within the framework of a proprietary platform. As always, if you don't like it, you don't have to use it. Your attempt to somehow paint this as a bad thing doesn't really hold water.

Stop it!

[jonaskoelker]

Stop it! You're being overly rational in a perfectly emotional debate.

Re-licensing

[rbanffy]

Can we re-license it (or fork it) under GPL?

It would break my heart if someone improved the software just to see the improvements turn into proprietary ugliness.

Re:Re-licensing

[FishWithAHammer]

Thank you for being another example of why I really, really don't like the GPL or its users.

"How do we lock this up so the original developers can't use this?"

I'd say you ought to be ashamed, but your sense of shame has likely atrophied away a long time ago. (And you lot do the same to BSD developers on occasion, who are at least nominally "your own." Pathetic.)

Re:Re-licensing

[rbanffy]

Why should I be ashamed? Microsoft can use whatever they wrote. The question is why would anyone else help them build their next release of anything for free? Why would anyone with half a brain help a convicted monopolist to screw its users even further for no reward beyond, perhaps, a poorly paying job on a company regarded as "second rate" by any programmer that could contribute to the project?

What re-licensing as GPL does is that it keeps the downstream users "honest" by forcing them to be as nice to their downstream users as their predecessors were for them. It would say "Dear Microsoft, I give you my contributions on the condition that you never subvert my will and turn them into proprietary software I can no longer study or modify". Is that too much to ask?

The license difference between BSD and Linux is probably the most influential factor in the development of the healthy community that surrounds Linux and that does not surround BSD. Why would IBM contribute to BSD if HP could take their contributions and implement them in HP-UX without giving anything in return? IBM gives code to Linux because they know that HP, SGI, Intel, Red Hat, Novell and just about everyone else will do the same. Everybody is kept nice by the force of the license, which is the "law" of the community around it.

So, again, what is the advantage this license gives the community that, for some incomprehensible reason, decides to give their time and dedication to this initiative?

Re:So what?

[dedazo]

Considering I've been happily using "closed" products for more than a decade to make a living, you're a little late on the warning front.

For all practical purposes I would be just as screwed if I found a bug in the .NET CLR as I would if it were in the Python VM, because I'm not in the business of developing or fixing languages or runtime libraries, but corporate applications.

That's why I choose tools that are established and have solid backing behind them. I trust the Apache Foundation as much as I trust Microsoft. I trust Guido van Rossum and his troupe of geniuses. I trust Zend and I trust Debian. Not so much the SuperDuperPHPCMSOfTheWeek Team, so I might use their product to run my personal blog about kittens, but I wouldn't trust my livelihood to them.

Understand that money has nothing to do with this.

Re:A step in the right direction

[Americano]

let them release all the docs the Wine project would need to be 100% interoperable.

Why not just run Windows then? You're bitching about wanting free software all over the comments here, and then you're going to claim that you want to run closed-source windows software on your Free OS? What's the point?

Then release real interoperability docs for exchange, sharepoint, etc.

If freedom is of paramount concern, why would you care to run software that will interoperate with non-free systems at all? Why not pressure them to accept a better (standard) way of doing things? You know, by using the robust & stable FLOSS software that does the same job as Exchange, Sharepoint, etc., but does so while conforming to GPL & open standards? And then when you've achieved a market leadership position with your superior products, you can simply freeze out Microsoft products if they don't conform to your standards.

Or is all this really about forcing Microsoft to commit some bizarre form of hara-kiri ritual to atone for the grievous sins they've committed against you?

Re:Wal-Mart Donations

[spisska]

The founders and heirs of Wal-Mart have made donations, just not as vocal about them. The bible teaches to give in secret. Can you verify to me your source for the .01% or did you just pull that out of the air.

Parent is not a troll, and GP did pull the 0.01% figure out of the air. The Walton family, are in fact major-league philanthropists. Who do you think is behind the Walton Arts Center? And that's just a drop in the bucket.

The Walton Family Foundation gives away around $250 million per year, much of it to support K-12 education programs, while the Wal-Mart Foundation gives away another $200 million or so.

I'm no fan of Wal-Mart, just as I'm no fan of Mr. Gates. But credit where it's due. At least the Waltons don't seek publicity and adulation for giving away money they could never hope to spend.