Microsoft Discloses 14,000 Pages of Coding Secrets

OrochimaruVoldemort writes "In an unexpected move, Microsoft has disclosed 14,000 pages of coding secrets. According to The Register: 'This is Microsoft's latest effort to satisfy anti-trust concerns of the European Union, which is possibly a tougher adversary for the company than Google.' The article mentioned that this will be done in three phases. 'Between now and June it will garner feedback from the developer community. Then, at the end of June, Microsoft will publish the final versions of technical documentation — along with definitive patent licensing terms.' Lets just hope those terms are pro open source."

Oh come on now ...

Who stole the Heart of Gold !?

Re:Oh come on now ...

Please,

Improbibility is not required....

Think business. What better source to find your bugs than the many thousands of angry coders who are not M$ fanbois. Let your hatred consume you Luke, find the flaws in the code..... or rather "Your hatred, a tool, it is. Fix that which is broken, and glory you will find" /yoda voice

And you suckers ^h^h^h^h guys will do it for FREE!!

stupid summary

Lets just hope those terms are pro open source

Come on, guys. There's no chance in hell that the licensing terms will be pro open source and we all know it. Can we please stop propagating false hope?

Re:stupid summary

Well, on the other hand, we never expected MS to disclose 14k pages of anything but contracts.

Why is parent flamebait?

MS has NEVER done anything yet that is pro open source. They have gone to great lengths to make sure that something has the appearance of such, but that it would not help. The only question should be, how far ahead is MS thinking? They have always been a pretty good chess player.

Re:Why is parent flamebait?

MS has NEVER done anything yet that is pro open source.

What about the 700 CSS testcases [msdn.com] they recently contributed to the W3C under the BSD license? Or any of their other releases under OSI-approved licenses, for example WIX? Are you seriously going to argue that releasing things under open-source licenses is not pro-open-source?

Well of course not

Since "Pro open source" seems to mean "Can't cost anything, and can't put any restrictions on it other than requiring the code to be open." That is pretty much going to kill almost anything from being pro open source.

I imagine it'll be similar to MPEG-4 and such as it'll be an open standard with RAND licensing. What that means is anyone can get a copy of the standard and licensing to use it, and the price of that license will be reasonable and standard. However, that does mean you have to pay if you want to use it. I can't see them just wanting to give it away for free.

So if you are willing to adjust your definition of open source to accommodate things that are open standards, where it is open to all, but you do have to pay a license, then I imagine you'll be happy. However if you take the stance that it cannot cost any money, well then you are probably SOL.

Unexpected?

Unexpected, as in they told us very loudly that they were going to do it? [microsoft.com]

Re:Unexpected?

Well until now, we assumed it was just an idle treat.

Re:Unexpected?

Unexpected as they actually delivered. They had promised several times in the last several years that they would release the documentation but never did. The EU Commission said as much when MS announced the last time they were going to release the documentation:

The European Commission takes note of today's announcement by Microsoft of its intention to commit to a number of principles in order to promote interoperability with some of its high market share software products. This announcement does not relate to the question of whether or not Microsoft has been complying with EU antitrust rules in this area in the past. The Commission would welcome any move towards genuine interoperability. Nonetheless, the Commission notes that today's announcement follows at least four similar statements by Microsoft in the past on the importance of interoperability.

bring on the virii

Unlike existing open source projects, these protocols/code/APIs have never been scrutinized by independent security experts. I'll bet this reveals hundreds of new attack vectors.

Ummmm, no

People said this same thing when the Windows 2000 source code leaked. Nothing happened. Multiple problems with that theory but one of the biggest is simply that it is wrong. Lots of people have the Windows source code. MS has a license where universities can get a copy for research. One university I know that does is ASU in Tempe, Arizona. So this idea that only MS has ever seen the code is false, thus the argument is invalid, never mind the other problems with it even if it weren't.

Re:Ummmm, no

Wasn't the JPEG vulnerability [microsoft.com] discovered after the source code leak?

Re:Ummmm, no

People said this same thing when the Windows 2000 source code leaked. Nothing happened. Multiple problems with that theory but one of the biggest is simply that it is wrong. Lots of people have the Windows source code. MS has a license where universities can get a copy for research. One university I know that does is ASU in Tempe, Arizona. So this idea that only MS has ever seen the code is false, thus the argument is invalid, never mind the other problems with it even if it weren't.

I'm not sure that's correct. If you are only talking self-replicating viruses that spread to continue replication, you may be correct. However,the appearance of rootkit anchored malware "in the wild" closely followed that release which made the information widely available outside limited academic and security research circles. The first rootkit was published as far back as 1999 by Greg Hoglund, founder of rootkit.com. There was a lot of academic interest and discussion in rootkit development specifically on Windows NT based systems before that time but almost none had been detected "in the wild". But rootkit anchored, serious malware infections have ballooned are now "professionally" developed for criminal purposes and used as the base for most, if not all, of the botnets. The release of the Windows 2000 source code certainly removed the need for extensive reverse engineering.
The Windows 2000 source code leak dates back to 2004 http://news.zdnet.co.uk/software/0,1000000121,39146176,00.htm [zdnet.co.uk]

Hackerdefender was also coincidently released early in 2004 by holy father

One of the most frequently encountered is Hacker Defender, created by an Eastern European who calls himself Holy Father. The latest free version was published early in 2004 and, more recently, premium and customized versions of this malware became available for a fee.

http://searchwindowssecurity.techtarget.com/news/column/0,294698,sid45_gci1112754,00.html [techtarget.com]

On MSDN already

The prelimnary docs are here [microsoft.com].

I have to admit I'm tempted to be interested in the Exchange stuff. The
company I work for uses it. As with most MS products it's not, um, horrible,
when it's working but it's a PITA to troubleshoot problems. The MAPI Tool for
looking at the "innards" is horrible. Maybe this documentation will at least
spawn some better third party management tools that I can convince my employer
to buy.

For now most pages (all?) are prefaced with:

[This topic is preliminary documentation and is subject to change in future documentation releases.]

I haven't had a chance to search out legalese to answer the summary's question on open source friendlyness.

I figure a "hope-for-the-best-expect-the-worst" attitude is the best way to approach this one...

Press release in docx? What a joke!

The article links to:
http://www.microsoft.com/presspass/presskits/interoperability/default.mspx [microsoft.com]
where several documents in non-standard formats are describing how well ms are complies with standards.
Not to mention you have to buy a licence of M$ Office too read it.

M$ laughs EU in the face with this one.

All available as PDF

The browser interface is broken on Iceweasel for me. I thought at first that all
the pages had for now was a bunch of disclaimers. Turns out this is just the
first page of each document. I, for the life of me, could not see a way to go to
the next page. The side table of contents doesn't work either.

But every doc is available as a PDF and you can grab whole sections in zip files.
I found it interesting that they chose a cross platform format like PDF and
didn't try to shove Word Docs at the world or their MDI(?) format, their supposed
PDF killer.

Anyway the legalese is vague and scary for now...

Intellectual Property Rights Notice for Protocol Documentation

      Copyrights. This protocol documentation is covered by Microsoft copyrights.
      Regardless of any other terms that are contained in the terms of use for the
      Microsoft website that hosts this documentation, you may make copies of it in
      order to develop implementations of the protocols, and may distribute portions
      of it in your implementations of the protocols or your documentation as
      necessary to properly document the implementation. This permission also
      applies to any documents that are referenced in the protocol documentation.

      No Trade Secrets. Microsoft does not claim any trade secret rights in this
      documentation.

      * Patents. Microsoft has patents that may cover your implementations of the
      protocols. Neither this notice nor Microsoft's delivery of the documentation
      grants any licenses under those or any other Microsoft patents. However, the
      protocols may be covered by Microsoftâ(TM)s Open Specification Promise (available
      here: http://www.microsoft.com/interop/osp [microsoft.com]). If you would prefer a written
      license, or if the protocols are not covered by the OSP, patent licenses are
      available by contacting protocol@microsoft.com.

      Trademarks. The names of companies and products contained in this
      documentation may be covered by trademarks or similar intellectual property
      rights. This notice does not grant any licenses under those rights.

      Reservation of Rights. All other rights are reserved, and this notice does not
      grant any rights other than specifically described above, whether by
      implication, estoppel, or otherwise.

* emphaisis mine

And a Pony!

Lets just hope those [patent licensing] terms are pro open source.

I'm going to hope for a pony too! A flying one!

treasure trove of Microsoft coding secrets?

- customizing AUTOEXEC.BAT and CONFIG.SYS for Windows Vista Ultimate?

- Hungarian Notation 2008 from Cosmonaut Charles Simonyi?

- A vastly more powerful set of MFC macros that will now make it possible to maintain different versions of an enterprise project code base from a single source file?

- 3D OLE Automation DCOM interfaces from the Visual Basic team?

- the difference between "Unrecoverable Application Error" (Windows 3.0) and "General Protection Fault" (Windows 3.1)?

- a detailed explanation of what each alternative does in the "Abort, Retry, Fail, Ignore" dialog?

The mind boggles at the possibilities.

Re:What?

along with definitive patent licensing terms.' Lets just hope those terms are pro open source.

Anyone care to explain how Microsoft might put these two things together?

String.

Or a stapler maybe.

NO WAIT!!! - a hot glue gun! It's gotta be better for geeks - it plugs in.

Although if it's on paper, they could rub their feet on nylon carpet then hold them together and static will do it's magic, baby...

Ok, ok. You might think my answers are silly, but then - so is the question. Like it would ever happen.

Re:What?

Clippy to the rescue!!!

I see you are trying to draft a patent trap. Would you like some assistance with that?

Re:WINE

Not really. With the exception of a few bits of Microsoft-written software, most Windows software is written against published APIs with the occasional work-around for bugs in the APIs. WINE 'just' needs to implement the already-public APIs (including replicating bugs) and code will work. The WINE team only need access to secret APIs if code has been written using them.

Re:WINE

I believe Wine, ReactOS, and MingW are using MSDN and "clean room reverse engineering" to develop (meaning a group writes documentation, another group implements). And they are well making sure that no code in the trees are taken from the leak of the Windows 2000 code a few years ago, and no code is written via direct reverse engineering Windows. This information MIGHT be helpful, but Microsoft is unpredictable when it comes to enforcing its patents and loves them. If I were on any of these teams, I would advise to stay away from this documentation until it is cleared with FSF that the licence is compatible with GPL (which I highly doubt it will be).

Re:WINE

Your UID suggests you signed up within the last day or so. You don't get to make those jokes yet.

Re:Admitting They're Lying is Reassuring?

That's not what they're releasing.

On show for the first time in public are underlying protocols for Office 2007, Office SharePoint Server 2007 and Exchange Server 2007.

This isn't a list of 'secret APIs' for Windows. This is the stuff that glues their Office system together and they were going to keep a hold of as long as possible. It's completely seperate to the anti-trust concerns you're referencing, but they do seem to be using it as a bargaining chip against the EU investigations. It remains to be seen whether that will work or not.