Slashdot Mirror
Microsoft Finally Open Sources Windows 7 Tool
Jan writes "Microsoft has
open sourced the Windows 7 USB/DVD Download Tool by releasing it under the GPLv2 license. The code is now available on CodePlex, Microsoft's Open Source software project hosting repository, over at wudt.codeplex.com. The actual installer for the tool is now again available for download at the Microsoft Store (2.59MB). (Microsoft previously took responsiblity for the violation.)"
It's good that Microsoft took responsibility for this, kudos to them.
I took a quick look at the article and I have no idea what this tool is supposed to do. I couldn't even venture a guess. So some tool that I know nothing about and have no idea what it does now has the source code available for it. I think the term "underwhelmed" would apply. What exactly is a USB/DVD download tool?
As someone mentioned in the original story, Microsoft does not write all of its code itself but sometimes hires other companies to write a specific tool for them. Such was the case here. As for it taking a week, I think that's a pretty short period of time for something to take in a bureaucracy.
It's a tool to download Windows 7 into a USB drive, hence it's a tool FOR Windows 7. Shortening it to "Windows 7 Tool" is just common English usage -- that's just like saying a drive for reading CD-ROMs is a CD-ROM drive. Get over it.
Pet peeve: Profane people propagating perfunctory pedantry.
Or it's proof that they made some changes so that the tool uses public API's instead of private windows internals and instead of just throwing it out the door, tested the changes made.
"I use a Mac because I'm just better than you are."
For a company that believes so strongly in the inviolability of Software licensing, it's nice to see them practice what they preach when it comes to the rights of others. Fair play to Microsoft for meeting it's requirements, and score one for the GPL and Open Source.
So there I was, scribbling down some notes off the PC screen by hand, when I reached for the keyboard and Ctrl-S'd.
I've seen some of the Windows Source code when I worked there. Trust me, it's WAY more professional than the Linux source code.
Microsoft's problem with code quality isn't the engineers - they're the same as everywhere else. In Windows 2000, they set out to eliminate BSOD, and they mostly did. In XP SP2, they set out to make it secure, and it's better.
The problem is no one asks them to do the right things.
Anyway, trust me - it's very professional, clean code, nice design, and not filled with hacks like the Big Global Lock that used to be in the Linux kernel.
You apparently have never worked in a large company before. There were probably 27 meetings before someone high enough up the food chain stuck their neck out to say "ok". We're talking about opensourcing code from a company that generally doesn't do it. Legal was involved, top executives were involved, someone had to talk to PR about spinning a press release, etc etc. This isn't like some dev got emailed and said, "Shit! I better get that posted right away!"
First the SEGA logo brazenly appeared on a Nintendo console
Now it's Microsoft publishing GPL licenced-code. TWICE (the other being their contribution to the kernel)
Pigs expected to fly next week.
And this post is PROOF that you're a MORON. Microsoft hires the most expensive people. They may outsource some of their coding, but if you think Microsoft writes any "worse" code than anyone else, you're an idiot. It's like you think suddenly because highly paid, highly educated, highly experienced developers start working for a company you irrationally hate that they become bad developers.
Wouldn't changing the code at this point still be a violation of the GPL? They released a certain version containing GPLd code, they need to make /that/ version available, right?
Obviously there are plenty of other reasons it's likely to take a week to do anything at a megacompany like Microsoft.
Slashdot is not a game, Slashdot is not a game. Crap, I just lost points.
The bigger news is not that Microsoft open sourced the tool after their GPL violation (that was inevitable). The news here is that Microsoft kept the open source tool instead of replacing it with one of their own. Microsoft has open sourced portions of their code before, that really isn't newsworthy. Keeping an open source tool that will be used to deploy their crown jewel operating system by millions of people - that's newsworthy.
This is PROOF that Microsoft KNOWS they are producing bad code. They put something out there, and then when they had to open source the code, they were all like "Well now everyone will see how bad our coding is, better take a week to fix it up before releasing it to the public!"
Having been involved with open source at Microsoft, I'd guess that the real reason for the delay was to "scrub" it to make sure that no intellectual property was inadvertently being given away.
The difference between theory and practice is that, in theory, there is no difference between theory and practice.
You keep using that word. I do not think it means what you think it means.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
It's been, what, a month since they were informed of the lapse, and less than that since they acknowledged the error?
Show a reasonable amount of patience.
I can't help but notice the "finally" in the title.
Really slashdot, can't you post any MS related story without personal bias?
or at least code they don't want shown to the public /* This chunk written by Sir_Sri ext 1111 e-mail ... */ //coudn't get this sh*t to work right, used a hack but if you swirl the mouse around counter clockwise 7 times the program always crashes // Sir_Sri is an idiot, incompetent and has been moved away from coding into marketing, he won't touch this again, I fixed this crap up for him Bill ext 1, office 1 e-mail 1@microsoft.com.
1) What programs do people here like for applying .ISO images to USB drives in Windows? Is this one "locked" to Windows 7 ISOs or can I use it to, say, put Puppy Linux onto a USB drive? I tried to install this one to find out but it's telling me "This application requires the Image Mastering API v2" and I don't want to put too much effort into this if it isn't for general use.
2) Anyone know how to do the same thing in OS X? I tried using Disc Utility but it will only let me a) burn ISOs to CDs or b) apply Apple .DMGs to drives. I tried mounting the ISO and using that as a source to create a DMG and that worked, but then when I went to apply that DMG to a disk it gave up at the last minute. (Sorry, that machine is at home, I don't know the exact error message. It basically said "Sorry, can't" after I clicked 'restore'.)
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
If what you write is true, the reason there's still buffer overflows in Microsoft code is simply that nobody's asked the programmers to get rid of them. Frankly, I find htat hard to believe.
Good, inexpensive web hosting
Is that on SourceForge?
Populus vult decipi, ergo decipiatur...
"Force shits upon Reason's back." - Poor Richard's Almanac
I'm sure Microsoft's source code looks much more professional than the Linux source code. The company probably has rigid coding standards that all programmers must adhere to. Not only standards that have to do with the kinds of constructs you are allowed to use, but how the code must look, how many spaces to indent, how to format your comments, and where to put comments. In other words they probably have a 'grammar police' for code. (Do they still use Hungarian notation?). OTHO the Linux kernel was written by coders from ALL walks of life with different views on how to write code. There is only a very loose coding standard for the kernel, if Linus can read it and understand it, it gets used as is.
Does this make Microsoft source code work any better than Linux? No. Does it make it more supportable (for the programmers actually working on it)? Probably. But the people working on the Linux Kernel are used to the hodge-podge of coding standards in use. Still it could make it harder for someone to break into kernel support.
BTW, I've heard of some diehard Mircosofties getting windows tats. Wonder if Linux coders have a Tux tat. (yuck).
For a company that believes so strongly in the inviolability of Software licensing, it's nice to see them practice what they preach when it comes to the rights of others. Fair play to Microsoft for meeting it's requirements, and score one for the GPL and Open Source.
Yes, it is good that Microsoft did the Right Thing here and opened the code under the GNU GPL. But color me pessimistic. I'm somewhat concerned that in a few months, we'll hear lots of hay being made from this - and it won't be good for F/OSS.
Microsoft is trying to kill Linux and pretty much all "Free / Open Source" software. One wedge they have continued to use is "the viral nature of the GNU GPL is evil", spreading misinformation like "if you use GNU GPL tools to build your software, you will need to publish the source code of your software under the GNU GPL."
So it's not a big stretch to think that in a few months, we'll hear Microsoft (probably Ballmer himself) say "Look, see how Linux & the GNU GPL is viral & evil, even we [Microsoft] had to publish the source code to an important tool." They'll surely omit details like "we copied GNU GPL code into ours, we were dumb" or "we weren't paying attention to what our subcontractors were doing". The spin will be "Linux and GNU are bad."
I'd love to be proven wrong.
I think your comment about asking the engineers to solve the right problem is very insightful.
But I'm curious - did Windows have more fine-grained locking than a single kernel lock at the time Linux introduced SMP support with 2.0? I can imagine Windows may well have been better re locking scalability back then. Both Linux and Windows have been using increasingly fine granularity locking over the years, which is nice. It's somewhat frustrating that the Big Kernel Lock is still hanging around but at least it's not on most / any important critical paths now. And one day hopefully it will go away properly :-)
Other reasons to stop calling it the "Windows 7 Tool" include the similarity between:
"Microsoft Finally Open Sources Windows 7 Tool" and
"Microsoft Finally Open Sources Windows 7 Too!"
I spent the first 30 seconds in shocked disbelief as I tried to remember anything else they've open sourced.
Now that I think about it, I'm pretty sure everything I just said is completely wrong.
filled with hacks like the Big Global Lock that used to be in the Linux kernel
The spinning hourglass begs to differ.
If they did make changes to how the tool works with Windows (changed to using the same public API's normal people have to for instance) presumably they are no longer distributing the infringing product. As such I don't think they would have to release both, just no longer distribute the first release.
"I use a Mac because I'm just better than you are."
Eh... I understand what you are saying. And yet, Linux has never produced anything nearly as bad as Longhorn. Seriously, Long- freaking-horn. You can't praise them for 2000 and xp SP2 and ignore their obvious mistakes with xp/xp-sp1 and longhorn/vista. Every version of windows that is released is accompanied by a story interviewing some Microsoft fellow that describes how bad the source code for the previous version was and how no one really knows how all of the different parts of windows interact. I'm sure its not bad code full of obvious hackery and bad coding. I am however convinced that its a more difficult of a design than the Unix philosophy and it suffers because of that.
Plus, as closed source we can just sort of imagine the code that causes the problems we run into, where as with linux we can actually see the code that caused the problem so we don't have to imagine any code crappier than what we find.
Well.. maybe. Or Maybe not. But Definitely not sort of.
not sure about that but their excuse that it happened was that it was 3rd party code. If that really is the case, where is their process for handling licensing? Did they really have a licensing process in place for the 3rd party contract and one of the coders there subverted any code review process or licensing policies and brought in GPL'ed code? For a company with so much to lose brand-wise and with so much cash as Microsoft has, this would seem extremely careless. If it really was 3rd party code. If we look at the code now, we should see what company really did produce the code right? Or did Microsoft take 100% of the credit for 100% of the code except for the part which was the originally GPL'ed?
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Some retard got a zune tat a while back, so a windows tat is possible. Of course, the zune logo is much cooler. As for linux tats, I've been a penguin for years and have the tux tat to prove it. I've met a number of other guys with tux tats. You know how tapping your foot is a gay bathroom hookup thing? The tux tat is like that, too. Except we compare distro preferences before the suck-n-fuck. I'm ubuntu, but I get along with debian. Most twinks are ubuntu or gentoo. RedHat and Centos do not get along.
Microsoft's been doing this a lot lately (a lot being relative to their past conduct).
It's good that they're doing good and paying down their negative karma, but sometimes I wonder if people are deliberately infecting their sources with GPL'ed code just to make them cough it up once it gets published. A windows 7 tool getting fingered for a GPL violation so quickly makes me think that the exposure had a bit of inside help.
Time will tell.
Kudos to Microsoft though if their efforts are sincere.
Anyway, trust me - it's very professional, clean code, nice design, and not filled with hacks like the Big Global Lock that used to be in the Linux kernel.
Bad example. Just about every uniprocessor-developed OS had a Big Global Lock until they went multi-cpu - and even then it usually took a few releases before it was really eliminated. I would be hugely surprised to find that the Win9x series didn't have one too. When did the linux kernel deprecate it? Like a decade ago?
When information is power, privacy is freedom.
Frankly, I find htat hard to believe.
Letter overflow!
This third party code would have been produced under contract as "work for hire". Presumably, the contract stated that the third party had to assign all rights to the code to Microsoft, like any other work for hire, and that the end product must be wholly assignable.
Most likely, the third party actually violated their contract with Microsoft by creating a work that uses GPLed code.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
I've seen some of the Windows Source code when I worked there. Trust me, it's WAY more professional than the Linux source code.
That's not what we saw with the Windows NT 4 and Windows 2000 source code leak back in 2003. It was an absolutely horrible mess with practically no comments what so ever except meaningless crap at the top of each source file. It seems it wasn't too terribly bad to figure out eventually since Linux's NTFS write support improved quite a bit not too long after the leak.
ehm, back in my day we called it the Big Kernel Lock. You kids!
now get off my lawn!
Depends on your definition of "deprecate" and "decade". As late as last year (2008), the kernel people were still working on removing it.
Je ne parle pas francais.
"Microsoft Finally Open Sources Windows 7 Too!" And I wondered whether anyone would care if they did.
You downloaded the tool (a.k.a. application), not the source code.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Nah, just one of those "off by one" bugs.
Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
Microsoft did the right thing, they shouldn't be bashed for it. Consider the following:
You're standing in line thinking that the guy next to you, Steve, is a pretty normal guy; perhaps you don't like him a lot, but he seems to keep to himself. Suddenly Steve turns to you and junk-kicks you right up in your man business. When you come to several minutes later, Steve apologizes profusely. Apparently there was a mix-up which unfortunately resulted in your swollen nuts. Wanting to make things right, Steve allows you to junk-kick him in his man business.
I think it is safe to say Microsoft is doing the right thing allowing you to junk-kick their man business.
He said it looked professional. Not that it looked like something written in Visual Basic by an amateur.
Well, your definition of deprecate obviously doesn't match anyone else's.
Hint: Deprecate is not a synonym for remove.
It doesn't matter if they continue to infringe. They have already committed copyright infringement at this point. They didn't distribute with accompanying license terms or with a notice that those they distributed to were entitled to the source upon request or distribute the source itself.
Distributing the source for the binary as distributed would bring them closer to the spirit of the license but there is nothing they can now to change the copyright infringement. It's like a murderer regretting the killing after the fact, oops too late now.
Fortunately for Microsoft this is something they did to the open source community and not to a company like Microsoft. Most companies would only be interested in the fact that they were entitled to damages whether MS willingly came into compliance or not.
But the community has different views of copyright and will be pleased that MS is complying now.
Totally Misleading!!
Firefox rss (live bookmarks) chops out the "tool" and so you just read "Microsoft Finally Open Sources Windows 7"
(Off course no sane person would believe that.. but.. anyway)
BTW, I've heard of some diehard Mircosofties getting windows tats. Wonder if Linux coders have a Tux tat. (yuck).
I have a co worker that got a fedora tattoo a little while back.to add to his Red Hat tattoo. A quick google search shows that some people get Tux tattoos.
"Microsoft's problem with code quality isn't the engineers - they're the same as everywhere else. In Windows 2000, they set out to eliminate BSOD, and they mostly did. In XP SP2, they set out to make it secure, and it's better."
So in 1999 they set out to eliminate the BSOD but they failed. Then they blamed the failing on third parties... when the reality is that Microsoft is responsible for the fact that hardware drivers are maintained by thousands of third parties in the first place. In XP SP2 they set out to make windows secure and again they failed, miserably.
"Anyway, trust me - it's very professional, clean code, nice design, and not filled with hacks like the Big Global Lock that used to be in the Linux kernel."
I'm sure its very pretty. But at the end of the day, it doesn't work as well as the Linux kernel.
Much worse, it was a racing condition between his left and right index fingers!
...and FOSS being the sane choice for the most hostile company towards it doesn't qualify as success? Do I need to remind you of their past EEE and FUD strategies against it?
The strategy against Xandros on the ASUS Eee PC amounted to slashing the price for an OEM Windows XP Home license on the smallest laptops and keeping it around long into the Vista era. Or what am I missing?
Nice suggestion, but it was really a failure to poorfraed.
Good, inexpensive web hosting
Actually, it is. They're using C, and unless I'm more mistaken than usual, they're doing all these copies with strcpy() which copies as many bytes as you give it instead of strncpy() which copies up to n bytes, where n is one of the function's parameters. Simply changing from strcpy() to strncpy() with n fixed to the size of the buffer (with room for the terminator) would probably get rid of 90% of the overflows. If I can figure that out, they should be able to too, if they're really worth what MS is paying them.
Good, inexpensive web hosting
There are two kinds of people who don't like copyright (as a general concept) (1) Those so prolifically and amazingly creative that they put very little value in any one thing they create, and (2) Those who are so incredibly lazy or uncreative that to get anything they have to rely on others to do it for them.
People in category (1) are incredibly rare. Lots of people THINK they're in (1), but most of them just produce a hell of a lot of useless crap, kindal like that Shampoo guy. I've never encountered anyone like this. A lot of writers create way more than they publish, but most of them will admit that the stuff they didn't publish wasn't very good, so they're really not in category (1).
People in caregory (2) are shamless wastes of carbon, leeching off everyone else because they're too stupid or lazy to do anything for themselves, and they don't want to work to earn money so they can PAY for the stuff other people create. They're the kinds of leaches that inevitably make socialism fail, sucking the system dry at the expense of everyone else who IS willing to work and contribute to society. This actually accounts for the vast majority of people who whine on and on about how copyright is EVIL. WRONG. Current US copyright LAW is evil. And people should be entitled to far more "fair use" than they have. But a proper and fair system of copyright enhances productivity for everone, because moderately creative people are encouraged to create more, because they can profit from it.
That leaves category (3), which is the rest of us people who are at least moderately creative. We have to work HARD to create something, and we're not happy when fools in category (2) decide to shamelessly rip us off. Say I create something. If I hadn't, then you wouldn't have it. You, worthless brat, are not entitled to it. If I hadn't worked on it, maybe someone else would have. Maybe not. Either way, we put time, money, and other resources into creating this thing, and I am as entitled to recouping and profiting from my investment as much as I am entitled to ask you to pay for a physical object I just built if you want to have it.
Money, BTW, isn't the only form of compensation that people want. When I compose a scientific conference paper, I am putting the knowledge into the public domain. But thereafter, if someone else uses my idea, they are required to cite my work. They cannot claim it as their own. The knowledge is in the public domain, but the mindshare is mine. I get credited for making my invention or discovery and doing all of the work and research necessary to prove that my idea is worthwhile.
What makes the GPL brilliant as a copyright license is that it allows people to both share information (which is very important), and also profit from it. If I put the GPL on something, I can release the source code so that others can learn from it, and if it's wrong, they can fix it. But if someone wants to just COPY what I worked so hard to create, then they have to follow the rules. If they embed it in another product, either they have to contribute knowledge to the world just as I did, or they can PAY me for a commercial license.
What's really evil about proprietary software, for instance, is not so much that they don't release the source code. It's that you pay money for something without any guarantee that what you're getting is any good, and if it IS broken, you are completely screwed. I've bought commercial software before. Some of it was really good and worth the money I spent. Some of it made me want to claw the eyes of of the scheisters who cheated me out of my money. In general, having the source code is the only way to permanently guarantee that you get your money's worth out of software you purchased.
Keep in mind that most people like Free Software not for the sake of freedom but because they don't want to pay for it. Again, LEECHES. They take and take but never give anything back to the community. Stop fooling yourselves into thinking most people use Linux
good point. It's easier for Microsoft to miss when the original source had the license text removed before handed over to Microsoft and if they had an agreement that all code and licensing were to be handed over to Microsoft.
It does surprise me that Microsoft would hire out for little tools like this. Unless, it's in payment for some other more 'serving' task(s). Like how they hired Mainsoft to create Internet Explorer for UNIX while at the same time they just about quadrupled the cost of licensing their Windows sources needed to do the task. MainSoft had the dough to pay the higher licensing fees but none of the other Win32 on UNIX vendors could afford that expense. Mainsoft survived but all other products which allowed Win32 to compile on UNIX were shut down. It was a great trick to get vendors to port UNIX apps to Win32 and then eliminate the ability of those apps to be updated and run on UNIX.
I wonder who the 3rd party was and why they were hired to do this little tool for Microsoft?
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
It's been snowing outside where I live. Does that count?
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
It's too bad users here on Slashdot don't simply take the time to read MS code. Windows kernel code is available for researchers. You can see the code for the CLR largely in Rotor. And the .NET Fx source code has been released as well.
It's not hard to see what they're code looks like. And for the most part the code is very reasonable looking.
MS doesn't have the problem with code quality they get accused of. There real problem historically has been lack of vision. If you give them a target they can generally hit it -- see how they've done on things like security, IE (until IE6), Win7, Bing, etc... What they don't do is see what's over the hill, ala the iPhone. This is why I think WinMo7 will be a very solid OS as they have competitors to target, but I'm not sure they know what's after that.
Microsoft does not write all of its code itself but sometimes misappropriates GLP code for specific tool[s]...
FTFY
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
As opposed almost everyone fussing about "teh M$" and nuances of "freedom", I decided to take a look as see this professionalism.
The first, the first, line I read had a pre-processor no-no. Here:
#define ReleaseStr(pwz) if (pwz) { StrFree(pwz); }
You can read all about it here: http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.4
Here's how it doesn't work:
if ( something )
ReleaseStr(pwz)
else
foobar;
So there. The code might look professional. It might but it doesn't mean that it is.
what is that very faint oinking sound I am hearing. OMG I see pigs fly in the distance!
I would say that the Solaris code is even cleaner and clearer than the Win-NT codebase. Linux is a bit all over the place depending on what level of cutting edge you want to be at.
Many would prefer working code rather than beautiful/elegant looking code. From a maintenance POV it is often easier if the code adheres to the KISS principle and that can at many times make the code look fugly, unpolished and in great need of refactoring. Too much re-factoring "can" result in too congealed code where it becomes "impossible" to extend beyond certain inherent thought paradigms regarding the solution.
You think MSFT are the only people that occasionally have buffer overrun bugs?
HAHAHAHAHAHHAAHAH....
* Note, boolean logic here is faux
Jibe!
Note, this isn't a W7 thing ,this all happened 8 years ago for XP SP2.
Jibe!
[Citation needed], and /usr/src/linux/Documentation/CodingStyle would disagree with you. I'll reproduce the first paragraph here, in case you don't have the kernel source handy:
While it says nobody will be *forced* to obey it, "this is what goes for anything that I have to be able to maintain", implies that ignoring it would make it difficult to get code accepted into the kernel. Indeed, IIRC, one of the major reasons kernel developers didn't get on with Hans Reiser and wouldn't include Reiserfs4 in the kernel tree was Reiser's refusal to use kernel coding standards (he insisted his own style was superior, apparently missing the point that, in the absence of general consensus on style, the important thing was consistency).
# cat
Damn, my RAM is full of llamas.
This is especially true for the simply typographic stuff (tabs, spaces, where curly braces go, etc).
Note, there are widely followed best practices. But these are not mandated. They are followed because its the right thing to do.
-Foredecker
Jibe!
Anyway, trust me -
Sure I could trust some random guy from the internet, but I think I'd rather trust my own judgement and take a look at that professional, clean, nicely designed Windows source code. Oh wait --
most of what follows is true
http://blogs.msdn.com/e7/archive/2009/04/25/engineering-windows-7-for-graphics-performance.aspx
http://blogs.technet.com/markrussinovich/archive/2009/10/22/3288577.aspx
-Foredecker
Jibe!
I find this the strangest part of the whole thing actually. They where forced to open source it because of the GPL lines in there but they could just as well made them available under a BSD license. That would make way more sense from Microsoft's perspective I say.
Dyslexics are teople poo
Most of the extensions to the .Net framework. Libraries, samples, and other tools within .Net. They've also pushed source viewing into Visual Studio for the entire .Net framework directly. Most notibly ASP.Net MVC is available under MS-PL (a very BSD-style license).
Michael J. Ryan - tracker1.info
The motivation of Microsoft doesn't matter because their actions are all we are privy to. Let their behavior encourage the other GPL violators to "do the right thing" and also see that GPL-licensed software can co-exist with other-licensed software; one just need follow the terms of the licenses.
IANAP, but is there anything useful to the community in the GPL'ed code released by Microsoft? It seems like a useful utility and there are FOSS ways to make USB/thumb drives bootable.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Except something like Vista isn't comparable directly to Linux as it's like Linux + KDE + a bunch of other things. I'm not surprised no-one knows how all those things link together, it's a much larger scale codebase with a much wider set of design goals than Linux.
Depends on your definition of "deprecate" and "decade". As late as last year (2008), the kernel people were still working on removing it.
My definition of "deprecate" is to stop accepting new code that depends on the BKL. What's yours?
When information is power, privacy is freedom.
I'm sure its very pretty. But at the end of the day, it doesn't work as well as the Linux kernel.
Obviously you haven't experienced the joy related to binary Linux drivers (WIFI and 3D come to mind). Let me guess you're doing studio audio production on Linux because of the low latency performance?
Linux makes for an awesome hackable server and it is very flexible. The tools available for networking and development stand on their own but the awesome begins to fade after that. If only BeOS had lived (yes I've been following HaikuOS)...
Man blir trött av att gå och göra ingenting.
What I heard, a couple of decades ago, and with no way to verify it, was that each independent group at MS had to work in ignorance of the code that the other sections were writing, and the decisions they were making.
If this it is true, it would go a long way to explaining the series of disasters, even if each group was writing "pretty good" code. (OTOH, I've also heard *that* called into question. Perhaps it depends on what you think of as good.)
One thing to remember is that with each group hiding the code that it writes (true?) even a few bad choices could really foul things up, and nobody might be certain of why.
I think we've pushed this "anyone can grow up to be president" thing too far.
I guess that proves that multi-core programming is still hard to do..
"We need to get over this notion, that, for Apple to win... Microsoft must lose." - Steve Jobs, 1997
the real reason for the delay was to "scrub" it to make sure that no intellectual property was inadvertently being given away.
Is that allowed? I thought they were required to release the source code for the binary that they posted before.
Otherwise they could "scrub it" until it consists of int main(void){return 0;} and call that the source code.
"Sorry, we removed our intellectual property first."
If you're a zombie and you know it, bite your friend!
The design work you described is all done by the core product teams. My team did a bunch of it directly for Vista and W7.
On another note, do you really want to call people fucked up individuals? Really? Would you say that to them directly if we were all together in a pub having a beer? Feel free to dislike MSFT as much as you would like. But with little exception, the people here are pretty groovy folks.
- Foredecker
Jibe!
And by banned, he doesn't just mean there is a policy against them. They run regular code scans for "illegal" functions and then send out high priority bug reports to the code owners if any are found. I had to fix a couple of them when I worked there (and they weren't for strcpy, it was more subtly problematic functions). In my entire time at MS, I never saw one instance of strcpy. Usually the code used StringCchLength and StringCchCopy, which are not only safe if called with the appropriate buffer size, but function well with both ASCII and UTF-16 strings environments (though in practice, all our code was compiled with unicode support).
$_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
Exactly. That's my point. Its a much more complex, more difficult design which leads to the problems that it has. But please don't point to its success (win 2000, xp sp 2) and ignore its failings (longhorn) to defend it. Look at the whole picture honestly.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Not at all. I was merely pointing out that if they required all their devs to use the right string copy function in the first place they'd make it almost impossible to introduce more. I'd also go so far as to suggest that if they made it a habit to change the code to use the right function any time they were updating it, they'd probably eliminate potential overflows that nobody's found yet. Of course, doing that takes time and, to a company like Microsoft, time is money, so there are trade-offs involved. Not working there, I can't judge if it's more cost effective to stomp on that kind of thing as you go, or wait until it turns out to be an issue.
Good, inexpensive web hosting
Linux audio. Just... Linux audio.
---
Most of the senior engineers at the time were working on Windows Server 2003. The people working on Longhorn were less experienced, and after a bit they started to put their pet projects into Windows, similar to the Copland fiasco Apple went through. (The difference was probably pride rather than fear of getting fired, like "see that? That's my idea!", but meh.)
Jim Allchin wrote his "I'd buy a Mac" memo here.
After they shipped Server 2003, they tried to clean up the Longhorn mess - first by cutting out some of the projects, then by stripping it down and then building up to Server 2003-level. Only then did they decide it was too unworkable, and decided to rebuild straight from the Server 2003 codebase.
Not trying to refute anything here, just giving some background info. Yeah, they definitely could have done a lot better, but they also could have done worse, and I'm not sure that open source would have helped them at all.
I doubt it. At least if they're using VS. I swear it's the most anal compiler ever when it comes to buffer overflows. Even memcpy is marked as "unsafe" and yells at you to use memcpy_s.
Thank you; I sit corrected. However, if they are, as you say, using functions that don't allow unbounded copying, how do you explain all the buffer overflows. Granted, my programming skills are way out of date, but from where I sit it looks as though using copy functions with built-in bound-checking should prevent them.
Good, inexpensive web hosting
"Linux makes for an awesome hackable server and it is very flexible. The tools available for networking and development stand on their own but the awesome begins to fade after that."
Not in my experience. There are annoyances with binary drivers but that isn't really the fault of Linux, it is the fault of manufacturers.
The issues you mention are all due to vendor support. There is no technical issue with linux in the latency department for recording. In professional recording dedicated hardware is used to process the audio, the vendors don't support Linux so there are only software answers available. If the vendors did support linux performance would be better than windows, Macro kernels outperform micro kernels by definition.
The fact we have to deal with binary drivers is annoying and a vendor issue again but the headaches aren't really a modern concern. Unless you are one of those who refuses to use something like Ubuntu for your desktop Linux simply because it's headache free. You install, boot Ubuntu says "hey you've got a wifi card, lemme download some magic for ya" you click okay and it uses the wired connection to download and configure everything for you. About the same time it spotted the wifi, it also said "hey you've got a 3d accelerated card, lemme download some magic for ya". And that's it, you have working wifi and 3d accelerated video.
It's an extra two or three clicks but after that 2 min experience you can spend another 30 secs and get the sexiest 3D desktop experience available on any of the desktop OSes so far.
Of course I can point out real weaknesses. Like the inability to plug and play monitors. Users still can't drop their box off with a bench tech and bring it home after repair and expect everything to work.
Yeah, audio's a bit messy to say the least. I completely understand the issues surrounding Longhorn. I was an early beta testor, went through a lot of the develop previews, ect. It still sucked. No explanation makes up for it. And again, I think its the base design that is more of a problem than the quality of the coders or Open source vs Closed. Hopefully MS is correct this time and they really did address the fundamental design flaws that were present in the xp/vista code base. Time wil tell.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Anyway, trust me - it's very professional, clean code, nice design, and not filled with hacks like the Big Global Lock that used to be in the Linux kernel.
Bad example. Just about every uniprocessor-developed OS had a Big Global Lock until they went multi-cpu - and even then it usually took a few releases before it was really eliminated. I would be hugely surprised to find that the Win9x series didn't have one too. When did the linux kernel deprecate it? Like a decade ago?
Actually, one of the major changes in 7 is the removal of a global lock in the scheduler. Prior to this windows didn't really scale beyond 64 cpus, now I don't know what the limit is, but I've seen pics (on the web) of server 2008 r2 running on 256 cpu machines.
More info here: http://channel9.msdn.com/shows/Going+Deep/Arun-Kishan-Farewell-to-the-Windows-Kernel-Dispatcher-Lock/
Snafu cleared up and Microsoft didn't act evil about it, so nothing really to do here. Next article please.
That's exaclty right.
Jibe!
I'm not sure what buffer overflows you are refering to. We're very careful to use the bounds checked type of copies you are referring to. There are many ways to do this. The safe string copy functions are one, so is the new secure CRT. String handling C++ classes are anohter.
Of course, its impossible to claim that there are no 'run of the mill' buffer overlows in Windows XPSP2, Vista, Win7. But we went to great lenghts to avoid them. This includes code reviews, and the use of automated tools (static analysis) among others. But there are very, very few.
Of course, there are still things that need to be fixed and they may be due to simple coding errors, or they may be more complex.
-Foredecker
Jibe!
We do exactly what you describe. Secuirty is super-high priority for us. We spend a lot of time on it. Feature work does not trump or take a higher priority than security work.
I can tell you it is way, way more cost effective to do (as you say) "stomp on that kind of thing as you go".
-Foredecker
Jibe!
Indeed, something similar happened when at I was Sun. With modern servers you just have to have an IPMI client for remote lights-out management. The most popular one is IPMItool, an OS product that got support on Unix-like systems early on. But somebody managing a remote system might well be running Windows. IPMItool will run on Cygwin, but Sun can't redistribute Cygwin, so they needed to provide customers with a native Windows version. For that, they hired a software consulting firm to make the port, then released the source code in accordance with the original software license.
The difference here is that Sun is a very bureaucratic place where you can't do anything without jumping through all the right hoops. So if you use OS software or code, you're required to tell the company lawyers so they can make sure you don't break any rules. At other places I've worked, it was pretty common for some engineer to see some OS code he wanted to borrow and just go ahead and use it. Any OS license requirements might be ignored or the engineer might try to interpret them on his own, with the resulting mistakes that amateur lawyers always make. Either way you have a violation of the OS license that has more to do with stupidity than with any grand conspiracy. A classic example of Hanlon's Razor.
On a related note, the author of ImageMaster took his code off Codeplex, and has not as of yet announced an alternative site for it. Has anyone seen Imagemaster, or know where the source can be obtained?
--- Generation X: The first generation to have SIG lines inferior to their parents... ---
I see you like the play of devil's advocate.
This goes against the spirit of the GPL.
However, in legal perspective (IANAL), I don't think it will work out like that. You see, either you accept the license (GPL) and you get to redistribute the software under the GPL license.
Or you don't accept the GPL license, in such case, copyright would still be with the original copyright holders.
Now, any works under copyright doesn't have to have been sold yet. You can always discuss the price with the copyright holder for proprietary use.
Better do it before using the code though, as you may have more bargaining power then.
The fact that you didn't, even if you didn't know, copyright still stands. The copyright holder can make you have to pull all your violating binaries / code from any distribution, which could actually cost alot by itself if infringement is big.
Price will be at market price, or whatever agreement with the copyright holder. Not sure if there are any limits to demands here.
Just because the sourcecode can be distributed under the GPL license doesn't mean it no longer have any market value. It can be relicensed under any other free or non-free license by the actual copyright holder (not those who merely redistribute under GPL), with or without monetary or other compensation.
This vibes very much with what other posters have said, that the GPL itself give value back in form of collaboration. If you don't want to collaborate with the rest of the world though, you gotta pay something else. Many companies are already using this strategy to make money off of GPLed software, selling their rights to companies who wants to do proprietary work.
Always remember: GPL == free software, GPL != free beer
http://www.debunkingskeptics.com/
Thank you. I'm sure you're going to great lengths to avoid adding any new buffer overflows. However, there have been so many over the years that it made me suspect that you weren't using the safe copy functions, because it's hard to imagine how they were happening if you did. Glad to know you're using the safe forms, now. I don't use Windows myself, finding Linux more to my liking, but that doesn't mean that I don't want Windows to be as secure as possible.
Good, inexpensive web hosting
Excellent! However, I don't work for Microsoft and I haven't worked as a programmer in well over a decade, finding tech support fits my temperament and interests better. (I like the idea that twenty to thirty people have a better day because they spoke to me, and I have the patience to work with computer illiterates.) From where I sit, I couldn't judge the cost effectiveness and wasn't going to express my opinion with no facts.
Good, inexpensive web hosting
So in short the lock is being removed only now in Windows 7 and it did exist in all older versions up to Vista.
"deprecate" means "strongly discourage use". Removal is the step afterwards, when you're sure nothing will break when you take it out. This may take a while - notice that windows still has emulation modes for stuff down to Win95 (and probably even DOS), even though those are long out of support.
What a depressingly stupid machine.
There are different ways of triggering a buffer overflow than a simple unbounded copy. While most of them end up as a buffer overflow, they are caused by much more subtle problems, e.g. integer overflow, which can lead to the bounds you set up being incorrect in the first place.
Beyond that, the vast majority of the buffer overflows that have occurred recently aren't in string processing code; they're network facing operations that operate on raw byte buffers. And they've always had bounds checking, but problems like integer overflow occasionally crop up; automated checks can't catch them with 100% accuracy. It's up to security review teams to do fuzzing and code reviews looking for that sort of problem.
$_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
No problem:) Negative perceptions are hard to erase over time. While its still Windows, Windows has adanced tremendously since XP-SP1.
Just curios - how do Linux developers avoid these problems? For example, what 'safe' buffer and string magnment tools do you use? What are the static analysis tools used?
-Foredecker
Jibe!
Alas, I haven't done any real coding in well over a decade, and the last time I did, it was for MS-DOS. However, the project I worked on used strncpy() at all times because we were using string manipulation and that avoided any problems with a malformed string. (We were working on ANSI transaction records submitted by doctors, so hacking wasn't an issue, but transmission errors were.)
Good, inexpensive web hosting
strcpy, and memcpy and such are only the most obvious ways for buffer overflows to occur.. there always seems to be new kinds of buffer overflows, these can result from integer parsing errors, numerical overflows, hand optimized byte buffer loops, etc.. i'd wager that there are more ways to over flow a buffer than there are programmers.
If you need web hosting, you could do worse than here
The problem with your theory is that 7 is virtually the same design as Vista, just more mature. All it shows is that Vista shipped too early, and that was because of the intense OEM pressure to get a new OS out the door to sell more new computers. Yeah, one can make snarky comments about 5 years being "too early" but in reality, Vista as we know it was less than 2 years of work.
There's also a case to be made for "pulling the plug". Vista enforced a lot of new rules on applications and drivers, and they knew it was going to be painful. So get something out there, no matter how crappy, to get developers writing code to the new system so that in another 2 years, you can release the "real" new system.
If you need web hosting, you could do worse than here
What exactly is my theory? I think it was something about windows suffering from poor design which lead to the longhorn/vista debacle. Longhorn, you may remember was supposed to be released in 2004. Windows design sucked, so they had to start over in the middle. I was specifically referring to the process leading towards Vista (But I guess if you want to add a couple years onto that to make it 7, then go ahead).
If you remember correctly, longhorn/vista was always supposed to be less that two years work. MS wanted to adopt a two year release cycle to keep up with apple's OS X point releases.
If they've fixed the problems with 7 somehow ( min win?), great wonderful. I guess if they continue on a two year release cycle of quality releases, then that would lead some credence towards it. The really interesting question is what they will do next. Will they completely redo windows into managed code ala Singularity/Midori? If so how long will it take?
Well.. maybe. Or Maybe not. But Definitely not sort of.
Your theory was that there were fundamental design flaws in XP's design, and Vista sucked because of this... yet 7 is just a slightly more mature Vista and is an order of magnatude more well accepted.
The problem with Longhorn that caused a "reset" had little to do with design, and everything to do with the fact that all the experienced programmers were working on XP SP2 and 2003 SP1, leaving pretty much unexperienced programmers to build Vista. Once the experienced developers moved back to Vista development, it was realized that they couldn't ship the hodge podge of technolgies that had been developed and they did a 'reset' starting over from the XPSP2/2003SP1 codebase.
If you need web hosting, you could do worse than here
http://www.betanews.com/article/Mark-Russinovich-on-MinWin-the-new-core-of-Windows/1259792850
That is my point. Read it. He's smarter than me. Is in charge of Windows architecture. If he says it sucked, then it sucked.
Well.. maybe. Or Maybe not. But Definitely not sort of.
I'm not sure you actually understood what that article was about. It wasn't about "the old way sucks". It was "The old way was efficient in the past, but now the efficiencies are different, and a new design is called for".
This is like an argument about a microkernel being better than a monolithic kernel. Each has tradeoffs and works better with different assumptions and different envionrments. That's why Linux is *still* a monolithic kernel. A modular one, to be fair, but still monolithic at runtime.
The environment is different today than it was in 1987 when NT was being designed. If NT were being designed today it would be a very different OS. That doesn't mean the choices they made 20 years ago were bad for the time.
If you need web hosting, you could do worse than here
Microsoft, the company who made windows from scratch : "we don't understand all of the dependencies". "evolved organically" . "Without any real focus on architecture"...
That is bad design. Bad Architecture. A lack of focus on architecture is bad architecture. Don't misunderstand, I understand OS design is never easy. I'm not blaming anyone. It sounds like its getting better. But, it was bad, bad, bad. It was more than junior engineers that lead to its problems. Anyone working in such a complex beast with no architectural oversight and no understanding of all the dependencies, is going to make any problems worse.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Russinovich is talking about design from a purely architectural standpoint, which is something you can do when your average machine will be 4GB of RAM and a quad core processor with 1TB of hard disk (which is about the average machine in about 2 or 3 years).
If you read other parts of the article, it talks about the fact that api's were included in DLL's for performance reason, not architectural ones.
And no, it wasn't bad design, because it achieved the goals it was trying to accomplish at the time. It's only "bad design" from an architectural purist standpoint. That's the point of view where architecture trumps performance, as in most Microkernel OS's.
His comments about not understanding the dependancies doesn't mean nobody understands them, just that they aren't logical because of the performance optimizations necessary for 386 computers with 4MB of memory.
This is all about modernizing the OS because we now have hardware that can run modern designs.
If you need web hosting, you could do worse than here
I understand what you are saying, but I don't believe it. Win 7 outperforms Vista on low end hardware. XP out performs Vista on low end hardware. It requires too much suspension of belief and tortured reading of his comments to come to that conclusion without further information. Your interpretation could be true, but from the article ( and others written along the same lines) its is not the logical conclusion.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Is that your website?
Man blir trött av att gå och göra ingenting.
NMGrow? Yes, it is.