Microsoft Releases Source Code For Web Sandbox

nandemoari writes "After flirting with open source development for some time, Microsoft has made another step towards real commitment with the release of source code for Web Sandbox, a program used to test and secure web site content. The Sandbox source code will be released under the Apache 2.0 license, an open source license agreement allowing the content creator to maintain copyright while permitting others to develop the product for their own use. Microsoft has gradually been increasing their involvement with the Apache Software Foundation (ASF) since 2008 when they agreed to fund development of certain ASF initiatives."

Excellent.

[Corpuscavernosa]

I'll assume that Windows kernel, IE, Office, and that new song making program are next!

The deep end

[Temujin_12]

An interesting section of code:

if (sandbox.isDeepEnd()) {
      Message message = sandbox.getLeprechaun().getMessage();

      if (MessageInterpreter::isBurnCommand(message)) {
            environment.burnItAll();
      }
}

self.citeRalphism();

Rule of Acquisition #76

[NonUniqueNickname]

Every once in a while, declare peace. It confuses the hell out of your enemies.

Profit!!!

[carrier+lost]

Microsoft has gradually been increasing their involvement with the Apache Software Foundation (ASF) since 2008 when they agreed to fund development of certain ASF initiatives.

The whole "Embrace, Extend and Extinguish" thing is sure taking a lot longer these days...

Apache?

[qoncept]

The really surprising part of this story, to me, is that Microsoft didn't draft it's own, new license for this.

Re:Apache?

[glenstar]

Um... the Apache license is MUCH more free than the GPL in that you can do anything you want with it, including closing it if you are so inclined. Plus you don't have to buy into the feverish and rabid philosophy of the majority of GPL disciples.

Plus, let's flip this on its head: do you REALLY want to have to publish your changes so that Microsoft can take advantage of your hard work?

Re:Apache?

[ianare]

No it is compatible with GPLv3, and Apache licensed software and Linux have always played nice (there's this minor thing you might have heard of, called 'httpd').

Re:Apache?

[FranTaylor]

I want to publish my changes so that EVERYONE can take advantage of my hard work.

Re:Apache?

[h4rr4r]

The GPL protects the "commons", the other open licenses do not. With another license like the Apache one microsoft or anyone else is free to take the code close it up and sell a product that makes the open version obsolete or at best less featured.

The freedom for end users to have and be able to modify the source is the only one that really means anything.

Re:Apache?

[JustinOpinion]

If you'll indulge a tangent here...

the Apache license is MUCH more free than the GPL

I find the debates about which OSS license is "most free" to be rather silly, because:
1. All the "major" OSS licenses (GPL, BSD, Apache, etc.) are awesome, in my opinion. They all do great things and greatly help free software. So debating about which one is "the best" seems counter-productive because it obscures the fact that they are all good.

2. The debates usually have an implicit assumption that "freedom" is a one-dimensional axis, and we are trying to maximize the amount of "freedom." Occasionally someone will insightfully explain how freedom is more complex: one person's freedom may come at the expense of another; you need to distinguish between user freedom, developer freedom, distributor freedom; etc. Overall I prefer to think of "freedom" as being multi-dimensional.* A particular license may maximize along one freedom-axis, while not being maximal along another freedom-axis. And there may not be any license which simultaneously maximizes along every axis. Hence no such thing as the "most free" license. (But there may still be ways to rank things; e.g. most proprietary licenses are less free along every axis.) In other words (and you would think this would be obvious): the "best" license depends very much on the particular situation and one's particular priorities.

(* I believe this multi-dimensionality applies to many "wavy-gravy" human concepts/principles/emotions. Too frequently we argue about things as if they were binary or 1-dimensional, when even a cursory analysis shows them to be more complex than that.)

Re:Apache?

[lucas_picador]

Um... the Apache license is MUCH more free than the GPL in that you can do anything you want with it, including closing it if you are so inclined.

Yeah, just like America was a much freer place in 1750 because you were free to own slaves or to sell yourself into indentured servitude.

Re:Apache?

[glenstar]

There is nothing stopping other from enjoying your work under the Apache license.

Ray Ozzie

Given Wired's article on Ray Ozzie, this doesn't surprise me. Ray seems to really believe the future of Microsoft lies firmly in the cloud, and the Microsoft is behind the curve in that arena.

Trusting your business to the cloud, and Microsoft's cloud means you must trust them for security.

Microsoft, internet and security haven't exactly gone together over the years.

Maybe this is an honest effort to improve how IT professionals view Microsoft's commitment to web security.

Update the Microsoft icon?

[RevWaldo]

Isn't it about time the Microsoft icon was updated? Bill the Gates is doing other things these days and who follows ST-TNG anymore?
Maybe a screaming Steve Ballmer in a Darth Vader helmet instead?

Re:Update the Microsoft icon?

[Colonel+Korn]

He is the most meaningfully philanthropic billionaire. As of a year or two ago he'd given 56% of his total accumulated wealth to charity over his lifetime. That's pretty cool, and the B&M Gates Foundation does a lot of great stuff, like pay for my local NPR and PBS stations. Compare to, oh, the Walmart heirs, who have given less than 0.01% of their wealth to philanthropic causes.

Don't Forget Rule of Acquisition #48

[rsmith-mac]

The bigger the smile, the sharper the knife.

Re:So what?

[NineNine]

That's cutting your nose off to spite your face. Free Software is only useful on Linux, then? That seems absurd. There's no reason that free software can't exist within the framework of a proprietary platform. As always, if you don't like it, you don't have to use it. Your attempt to somehow paint this as a bad thing doesn't really hold water.

Stop it!

[jonaskoelker]

Stop it! You're being overly rational in a perfectly emotional debate.

Re-licensing

[rbanffy]

Can we re-license it (or fork it) under GPL?

It would break my heart if someone improved the software just to see the improvements turn into proprietary ugliness.

Re:Re-licensing

[FishWithAHammer]

Thank you for being another example of why I really, really don't like the GPL or its users.

"How do we lock this up so the original developers can't use this?"

I'd say you ought to be ashamed, but your sense of shame has likely atrophied away a long time ago. (And you lot do the same to BSD developers on occasion, who are at least nominally "your own." Pathetic.)

Re:Re-licensing

[rbanffy]

Why should I be ashamed? Microsoft can use whatever they wrote. The question is why would anyone else help them build their next release of anything for free? Why would anyone with half a brain help a convicted monopolist to screw its users even further for no reward beyond, perhaps, a poorly paying job on a company regarded as "second rate" by any programmer that could contribute to the project?

What re-licensing as GPL does is that it keeps the downstream users "honest" by forcing them to be as nice to their downstream users as their predecessors were for them. It would say "Dear Microsoft, I give you my contributions on the condition that you never subvert my will and turn them into proprietary software I can no longer study or modify". Is that too much to ask?

The license difference between BSD and Linux is probably the most influential factor in the development of the healthy community that surrounds Linux and that does not surround BSD. Why would IBM contribute to BSD if HP could take their contributions and implement them in HP-UX without giving anything in return? IBM gives code to Linux because they know that HP, SGI, Intel, Red Hat, Novell and just about everyone else will do the same. Everybody is kept nice by the force of the license, which is the "law" of the community around it.

So, again, what is the advantage this license gives the community that, for some incomprehensible reason, decides to give their time and dedication to this initiative?

Re:So what?

[dedazo]

Considering I've been happily using "closed" products for more than a decade to make a living, you're a little late on the warning front.

For all practical purposes I would be just as screwed if I found a bug in the .NET CLR as I would if it were in the Python VM, because I'm not in the business of developing or fixing languages or runtime libraries, but corporate applications.

That's why I choose tools that are established and have solid backing behind them. I trust the Apache Foundation as much as I trust Microsoft. I trust Guido van Rossum and his troupe of geniuses. I trust Zend and I trust Debian. Not so much the SuperDuperPHPCMSOfTheWeek Team, so I might use their product to run my personal blog about kittens, but I wouldn't trust my livelihood to them.

Understand that money has nothing to do with this.