Welcome!

Linux Containers Authors: Jignesh Solanki, Yeshim Deniz, Karthick Viswanathan, Pat Romanski, Mehdi Daoudi

Related Topics: Linux Containers

Linux Containers: Article

Windows 2000 Source Code Leak "Is a Disaster for Open Source, Too"

Windows 2000 Source Code Leak "Is a Disaster for Open Source, Too"

In a commentary at NewsForge.com, Chris Spencer underlines how important it is that the Open Source / Linux community does not seek to take advantage of the leaked Windows 2000 source code.

"Analysts are already out with their flapping lips talking about how the source code could benefit Microsoft's 'rivals.' We in the Linux community know they are talking about us," Spencer writes. 

"The analysts have it all wrong though," he continues. "They missed it completely. Open source projects can't and would NEVER intentionally take advantage of this leak. This leak is as much a disaster to open source as it is to Microsoft and its users."

The key to this assertion lies in the very openness of open source, Spencer points out.

"The open source community lives in a glass box. We always show our source code and we accept help from anyone around the world to make our projects better. As a result of this leak all projects that deal with Microsoft interoperability, such as WINE, Samba, and the Linux kernel, are going to need to be vigilant about someone slipping some tainted Microsoft source code into our projects."

The Linux community has always been vulnerable in this way, Spencer observes. "But until now Microsoft couldn't claim that we really could have done it on purpose," he adds. 

"This shifts where the benefit of the doubt falls, even though 99.999% of all Linux advocates and developers would never use or even look at proprietary code," says Spencer. 

He goes on to speculate that perhaps Microsoft will use the opportunity to make this source code available for the public good.

With his tongue - one suspects - in his cheek, he writes: 

"I expect [Microsoft is going] to make it available so that security experts around the world can aid them at fixing the bugs that have been exposed. I know they are going to use it as an opportunity to help with cross-platform compatibility issues. Most importantly I know that they are going to use this problem as a chance to give open source developers the opportunity to develop code analysis tools so that we can check against their leaked source code and make sure it doesn't appear in our projects."

He doesn't mention whether or not he will be holding his breath.

  • Read the full commentary at Newsforge
  • More Stories By Linux News Desk

    SYS-CON's Linux News Desk gathers stories, analysis, and information from around the Linux world and synthesizes them into an easy to digest format for IT/IS managers and other business decision-makers.

    Comments (9) View Comments

    Share your thoughts on this story.

    Add your comment
    You must be signed in to add a comment. Sign-in | Register

    In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


    Most Recent Comments
    Perros 03/04/04 03:52:14 AM EST

    The Windows 2000 source code is pretty much public anyway, all the top Computer Science departments in Universities already have it. As well as other companies allied with MS.

    It probably leaked from one of those companies, only takes one disgruntled employee to copy some files and put them on a P2P.

    Read It 02/27/04 11:05:03 AM EST

    On the point of Windows source code finding its way into open source projects:

    I would be very surprised if anyone does this. It just wouldn't make any sense to try to compile Windows source under Linux. Most of the Windows source is littered with calls to Windows API calls (and so on and so on). How could you hope to get this to compile without implementing all those functions?

    The best way to use this to your advantage is to extract a design from the source and write your own version. Would the resultant code really be subject to copyright? Everything I've read up until now refers to copy and paste of code as a violation of copyright. I've not read anything referring to the copyright of the IDEAS in the Windows source code.

    Unless someone can prove otherwise, I think the whole notion of Microsoft using the leaked source as a weapon against open source is pure hype.

    Has anyone here actually READ the Windows source code??!!!

    Gary Edwards 02/17/04 02:13:10 PM EST

    Nicely said Peter. The bottom line is that we have two approaches to security to consider. The open source approach is based entirely on the quality of the code. The more people who "see" the code, the more "secure" it becomes.

    Then we have the shared source approach where security by obscurity" is the rule of the day. Only a privileged few are selected to "see" the code. The operative equation being the fewer people who "see" the code, the more secure it is. One things for sure, the code that was released does not qualify as quality code. Over at Slashdot they're laughing their asses off. So perhaps it's a good thing Microsoft is careful in their selection of marketplace "winners" and "losers". Otherwise "shared source" would be everywhere, if only for the entertainment value.

    In their first quarter filing last year, Microsoft stated that one of their more difficult revenue challenges was to upgrade over 350 million Win9x installs to XP. (USAToday has put the number at 400 million.) They realize that they can't maintain their growth rate based on new users. The installed base has to be churned. Once churned, revenue stability is assured by new licensing schemes and a cascading design of interlocking interfaces and interdependencies that bolt next generation collaborative computing features across an entire stack of XP servers, desktops, applications, devices, frameworks, and developer tools. Want to use the latest greatest features in MS's XP only Office System? You'll need XP Server 2003, XP Sharepoint, XP Collaboration Server, XP ......

    From a marketing point of view, Microsoft has to ask themselves the basic questions as to what compels the installed base, the great monopoly, to upgrade? Killer applications that demand more horsepower is one reason. Seriously improved features and dramatically increased stability in existing products is another. (Indications are that existing, all ready paid for features are good enough, and over the years of marching on the costly upgrade treadmill, users have accustomed themselves to unstable performance.) A third reason would be improved security. A fourth would be a corollary to improved security. The end of life withdrawal of critical security patches.

    We've already seen that EOL (end of life) plans can be changed and juggled to pacify an oft angry and increasingly demanding user base. The great herd that makes up the Microsoft monopoly is determined to move at their pace, on a time table that meets their needs. Not the needs of Redmond's quarterly reports.

    Rightfully jaded and cynical after years of witnessing a veritable crime wave of reprehensible and often illegal business practices, i find it hard to see this recent release of source code, intended or not, as anything but an opportunity for MS to churn the installed base of over 350 million users. And for Microsoft, this opportunity comes none to soon. Before this year is out, an alternative Linux solution will attain desktop friendly consciousness. The battle for the great herd will be joined.

    ~ge~

    Peter 02/17/04 06:10:34 AM EST

    The source code leakage has prompted some bizarre responses which I'd like to consider.

    Firstly, the source code would have been leaked from one of the many hand picked ISVs that MS has chosen to reveal their source code. Would this have been done for reasons of ideology? By someone who secretly harbors pro OS source views? Yes, sure.

    Secondly, MS hasn't shown any tolerance for Free/Open source software nor any company that competes in the same market. The "Halloween Documents" indicate how fundamental to MS is their hostility to Open Source. Their subsequent strategies aimed at pouring scorn and vitriol on GPL are further evidence of this. I think it naive to suggest that the source code leak will make life tougher for the Open Source community.

    Thirdly, the idea that the leak was part of some sophisticated conspiracy designed by MS is nutty. The core of NT, Win2k, 2003 and Longhorn is the same. They all share the basic design conceived by David Cutler (the same guy that designed VMS). Longhorn will have lots of new code but it will still have lots of the 2003 code in there. DWORDs may become QUADWORDs and Win32 will not be the native API but much of the logic will remain the same. The idea that MS are throwing away the NT source code base implies that Longhorn will be entirely new -- it isn't, consult the beta reviews.

    Fourthly, it is not true that all of the MS OS were designed for the desktop. There were two distinct streams of development in Redmond until quite recently. These were the MS-DOS/Windows 1-3.1/Windows 9x/ME group on the one hand and the NT 3.1/4/2000/XP/2003/Longhorn group on the other. NT was designed as a server OS, as was 2000. The desktop versions of these are merely feature limited versions of their server counterparts.

    Fifthly, the leak will effect security in a quantitative rather than an qualitative manner. We already have a steady, regular stream of defects being discovered and exploited. The availability of source code will only increase the frequency with which exploits are discovered. The good reverser can do quite well with the PE files, only its a rather labor-intensive process. The source code will make the hackers job easier, more pleasant. The hacker will still need to perform disassembly but only to check that source code hasn't changed.

    Sixthly, both Linux and BSD -- two Open Source OSs -- are used in trusted, security critical settings. If the leak is a disaster for security it would only because the emperor indeed has no clothes. Security by obscurity -- which is what those in moral panic are implicitly appealing to -- is a poor form of security, as amply demonstrated by the many hackers and reversers that don't have the source code.

    Seventhly, I feel that the fear that the leak will threaten the /detente/ between MS and Open Source is entirely imaginary. MS hasn't, doesn't and never will have any tolerance for Open Source. MS is a nasty company. Bill Gates is no different from the robber-barons that featured in the early stages of North American capitalism. Microsoft behaves as all monopolies behave.

    Eighthly, MS selectively releases its source code to ISVs. In this manner it picks winners, it decides which MS OS third-party developer wins in the apparently "free market". The truly independent ISV that develops system software for the MS OSs is at a distinct disadvantage. This is fundamentally unfair.

    Ninthly, MS have behaved in a most odious and unconscionable manner towards end-users, MS certification holders, ISVs, developers, administrators and competitors. Are they not deserving of this disaster? Am I the only one that has tired of their games, scheming and hubris?

    Pe

    Penth 02/17/04 03:33:33 AM EST

    I don't believe any open source developer had anything to do with the code leak, but I just hope that none get it thrown in their faces, either. We all need the key Linux/Gnu/Open____ community to be able to say they've never even been near the stuff (unlike, alas, the user side of the Windows desktop) even if such exposure was against their will.

    Remember that the Macintosh source was released several years back. It had no effect on Linux, although we can't verifiably say the same about some development teams in Redmond. If anyone inserts thais buggy batsh!t code into Linux, it will probably be someone from the SCO group.

    Just for myself, though, I have a gnawing curisoity. I don't want to see any of the executable code, though, just the comments. There just might be stuff in there that would make the BOFH look tame.

    LIZ 02/16/04 07:09:24 PM EST

    I just discovered linux a year and a half ago. Open office, the rest is history, I'm not a rocket scientist, actually a "housewife" with some college, very little computer related and the computer was as big as a piano!
    Tis sad that something is threatning my little fat penguin buddy. I believe for one that microsoft may have done this supposed source code leak (why now??) deliberately in an effort to squelch any growing support for open source. Let's face it, software isn't a car---no parts we have to buy but a computer to write code on and some cds to burn it on and we have our own little software factory. Problem is someone has/had a monopoly on most of the os in the world at one time. When a monopoly is threatened we know what happens usually. Commercials haven't helped microsoft, neither have shows, press conferences or whatever else they have tried.......... Open source is not a monopoly, it is the opposite, even though some of it is proprietary the code is still free that was free, that is the gist of the license or constitution if you will.
    I compared this supposed slip of code earlier in a mailing list to Nazi Germany, not as serious perhaps but nobody believed our dear old friends/relatives from Germany could be dealing underhandedly at that time either.
    I believe a better comparison may be the Revolutionary War, basically we are tired of being taxed for the priviledge of using our own machines to do new and wonderful things. Windows xp on this machine probably cost microsoft $5.00 perhaps $10, I know it was not too much more because upgrades were available for the miserable few that had windows ME for $34.00. Windows xp home is still around $100 as are most of the other os, even the ones that will be useless soon (planned obsolescence) 98, ME, 2000, and why will they be useless?? Because they have security loopholes and since microsoft has the code no one could figure out what had been breached when a virus did strike except microsoft. Without support for these os they will be sitting ducks for the virus writers and hackers of this world. In no way am I advocating the leak of the code. Sharing would have been nice at some level??

    During conflicts all sorts of horrible stories are perpetuated upon the other side in the name of propoganda. I thought I was being paranoid about the supposed "leak" but others evidently feel as I do, and after the supposed attack upon SCO by a linux user (or a Russian, take your pick), the number of companies coming forth with plans to adopt linux as at least an alternate os and develop drivers for the os, the burgeoning number of people who are even aware that there are alternatives to windoze, -----what makes more sense than microsofts code gets released?? Will they use it for the good of mankind and say what the hey, we can still make a profit if we open it up?? I seriously doubt it. Will they use it to their advantage in the battle against linux and the various mac os?? It would surprise me if they didn't.
    What has linux done wrong?? I can't recall stealing source code, I have enough problems with automating my start up preferences. I just hope everyone realizes how ridiculous it is to first lump virus writing on a group of people and then to even think that a bunch of underpaid people who have a consuming hobby to develop programs and os and give them away mostly for the pure joy of developing them and using them and then doing it again, would even think about stealing source code?? Yes it's attractive, does it do any good?? No, it can be tainted very easily now, will probably cause cross platform development to come to a standstill now at the very least. At the worst it will be turned into a propoganda campaign against the open source world or some open source code will be in the ms code and they will try to claim it as their own. Which is just about like me trying to get paid for running my mouth.
    We linux people would just like things to be free and easy, or at least affordable, I just bought a mac, can I network with xp?? Nope, because it's xp home. Have to upgrade surprise surprise. I tried networking linux and windows xp, linux could see the shares on xp home just fine, xp wouldn't even recognize there was something knocking @ it's network door. Windows xp home is rather a bigoted os in that it only conects to windows xp home happily, I'm no newbie but gave up on a parallel connection with windows 98. I ask you, which is the superior operating system?? One that offers multiple platform connctivity or one that is built on isolationism and world domination?? or was that Britin circa 1776 or Germany circa 1939??
    Liz

    Gary Edwards 02/15/04 10:35:28 PM EST

    Damn those guys in Redmond are clever! Unethical, but oh so clever!

    The facts are that Microsoft's entire product line was developed for a personal computing architecture. Clearly they are having problems moving from the vision of their early roots to that of a networked world. Microsoft systems are inherently insecure the moment they connect to any kind of network because they were designed for a different purpose. Maybe when all the talking about Longhorn ends, and the new architecture is finally released, Microsoft will be able to transition the user base to a truly network platform. But that's a ways off. And there are so many quarterly reports to be filed in the meantime.

    The truth of this dilemma proves itself on a near weekly basis at incredible cost to the great monopolized herd of Windows users.

    So if they can't "fix" the fundamental design flaws of their pc oriented architecture, the marketing masters of Redmond had to come up with perception fix. With this strategic leak of source code, Microsoft can now shift the "blame" to open source evil doers. It's brilliant!

    Instead of the great herd blaming Microsoft for selling them shoddy products, that they are unable (or unwilling) to "fix", Microsoft can now point at evil free grazing robbers who have no respect for intellectual property (i.e. shoddy, half baked, woefully insecure and hap hazardly constructed software products that should never be connected to a network without the cover of a enormously precautious shell).

    We all know Microsoft has two very big problems. One is security. The other is convincing an angry user base of over 450 million users to upgrade to the next generation of profitable products. When it comes to basic product features, the great herd is quite satisfied with the applications and systems they've already paid for. Except for one thing - security! They're mad that the products Microsoft sold them are so susceptible to misuse and abuse of all sorts. Susceptible the moment they connect to other computers.

    So the challenge for Microsoft is to get out from under taking the heat, er, responsibility for their products, while shifting the blame to the only meaningful competition left standing. And do it in a way where the great herd finally accepts the bottom line engorging argument that the only way to resolve the security problems of end of life Windows systems is to upgrade enmass.

    Of course Microsoft will officially downplay the "security" concerns about the released code, while putting the blame on open source evil doers who have no respect for intellectual property rights. The tech press has already taken the bait. We are guaranteed that from this day forward there will never, ever, be a MyDoom type story in the press that doesn't reference the release of this code as the problem. Security pundits and techsperts of all sorts are already preparing their power points and bulletin templates with this soon to be boilerplate message.

    It's brilliant. The strategic release of this code paves the way for moving the installed base. It is exactly the woeful insecurity of those 450 million plus legacy Windows systems that will provide the impetus for force marching the great herd to the tightly bolted Windows XP Stack, rife with patent restricted interfaces, and yearly subscription licenses. A whole new generation of lock in, perfected at the expense of the only meaningful competition left standing - open source communities.

    It's brilliant! It's end game.

    ~ge~

    TOM ANTONY 02/15/04 09:42:55 AM EST

    YOU DONT HAVE ANY SENCE IN SECURITY IN TODAYS WORLD.NOW THE TECHNOLOGY IS SO HIGH THAT YOU CAN MAKE SOFTWARE OF YOU OWN YOU ARE NOTHING MICROSOFT I WILL TAKE THE REST OF THE SOURCE CODE FROM YOU I AM DAM SURE ABOUT IT I WILL . BE WARE OF HACKERS HE IS IN YOUR SYSTEM THE IS NO WHERE TO HIDE . WE ARE COMMING . IT IS THE END OF THE MICROSOFT

    Mas 02/14/04 02:20:08 PM EST

    No. MS can NOT change its primary personality it had from the very beginning. Which means they will DEFINITELY try to sue the pants off every developer who brings the L*nux-MS-Interoperability a little bit further. Claiming that every single char in his source code were originally MS's for decades.
    MS fights on war grounds they know the best. An this is out of the coders' boxes and into the lawyers' libraries and into the courts.
    Oh no.

    @ThingsExpo Stories
    Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in order to protect your data and privacy, IoT applications need to embrace Blockchain technology for a new level of product security never before seen - or needed.
    In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settle...
    Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mobility, enabled by an automated and seamless flow across on-premises and cloud resources. In his general session at 21st Cloud Expo, Greg Tevis, an IBM Storage Software Technical Strategist and Customer Solution Architec...
    Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, discussed how from store operations and ...
    Imagine if you will, a retail floor so densely packed with sensors that they can pick up the movements of insects scurrying across a store aisle. Or a component of a piece of factory equipment so well-instrumented that its digital twin provides resolution down to the micrometer.
    A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
    When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
    We are given a desktop platform with Java 8 or Java 9 installed and seek to find a way to deploy high-performance Java applications that use Java 3D and/or Jogl without having to run an installer. We are subject to the constraint that the applications be signed and deployed so that they can be run in a trusted environment (i.e., outside of the sandbox). Further, we seek to do this in a way that does not depend on bundling a JRE with our applications, as this makes downloads and installations rat...
    Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
    DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
    In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
    Digital Transformation (DX) is not a "one-size-fits all" strategy. Each organization needs to develop its own unique, long-term DX plan. It must do so by realizing that we now live in a data-driven age, and that technologies such as Cloud Computing, Big Data, the IoT, Cognitive Computing, and Blockchain are only tools. In her general session at 21st Cloud Expo, Rebecca Wanta explained how the strategy must focus on DX and include a commitment from top management to create great IT jobs, monitor ...
    "Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
    The IoT Will Grow: In what might be the most obvious prediction of the decade, the IoT will continue to expand next year, with more and more devices coming online every single day. What isn’t so obvious about this prediction: where that growth will occur. The retail, healthcare, and industrial/supply chain industries will likely see the greatest growth. Forrester Research has predicted the IoT will become “the backbone” of customer value as it continues to grow. It is no surprise that retail is ...
    "Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
    SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of the 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to gre...
    The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develop...
    In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
    "Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
    To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...