Don't mean to be a moaning Michael but...
.. does no one else see this as a Malware creators wet dream??
In an apparent bid to calm still feisty regulators, Microsoft has agreed to publish application programming interfaces (APIs) for its major software products and provide free access to those interfaces. In addition, Microsoft will free up protocols around its client and server software and has vowed not to sue open source …
Looks like they they finally see the need to respond to a changing world. Ironically, if they do all of this properly it will most likely make their products much more popular. Heck, since I notice they didn't include XP in the list (anyone surprised?) it might become an incentive to switch to Vista...
So, let's get this right....
MS will bend over backwards to let open source people write stuff that will talk to Word and Excel and Exchange etc etc.
....and it WON'T sue anyone (including the open source people) if they develop their own solutions for same.
...and it'll sell you a licence for the APIs covered by its patents at pretty good rates.
...and ....oh, hang on, rewind....
Anyone else see the flaw in this for the average free (ie - we don't charge you a penny) opens source project?
whats the odds that somewhere in every useful protocol and api they have published there will be a patent. so we can fix up samba, and fine tune openoffice, but then nobody could use those products without having to pay microsoft a patent royalty tax. which is what they have been after for years.
That is good news ...... and Great news for Great Gamers/New World Order Players/Non State Actors/Universal Drivers/Psychopathic Megalomaniacs/White Hat Wizards/Horny Angels.
And it would really be quite uncharitable to suggest otherwise, given the amount of vitriol which is spread whenever they man the barricades against invasion and penetration.
This is good. Being able to interface with the most widely used OS and productivity suites on the planet will really add a lot of potential and creativity to other projects. While I'm not a big open source kind of guy, this is just the kind of traction that open source products need to get into the big leagues.
Yeah Microsoft.
This does not mean that the leopard will change colours overnight. Although the documentation is available, the "sabotage competitors products" department may not have completely been dismantled. And what about the attitude of the thousands of employees who have been indoctrinated in the 'Siege Mentality', can one really believe that it will change ?
And also, what about all those bugs ? Just because it is documented does not mean it will work as documented. A programmer intimate with the Microsoft APIs once told me that the API documentation should be treated more like a 'Wish List' and that the fingers should always be crossed before implementing products using them.
"it will publish the APIs for Windows Vista .... "
Putting the source code to Windows XP into the public domain would be several times more useful, ensuring that third parties can support it when Microsoft stops doing it and ensuring that users aren't effectively forced to move to Vista against their will.
"Open source". Not "free software". Microsoft has drawn this distinction before - allowing certain rights to projects under, say, BSD, but not projects under GPL.
"Non-commercial". i.e., they won't sue Andrew Tridgell, but they reserve the right to sue Red Hat.
This ultimately means nothing has changed much, because everyone always knew they would not sue the non-commercial projects which actually build components like Samba, but the commercial projects which use said components - like Red Hat. This is just common sense. Suing non-commercial projects is all downside (lawyers' bills, terrible press) and no upside (they don't have any money for you to win, and it doesn't take any competitors out of the market). Of course they would go after the commercial entities, not the non-commercial ones.
"30,000 pages of documentation surrounding Windows client and server protocols."
Thirty thousand pages to document the protocols? Am I just ignorant or is this a reasonable volume of documentation? Sounds way out of line to me, pagecount-wise if nothing else.
As others have commented, opening the APIs is probably going to reveal a lot of security holes. Rumor has had it for years that Windows' memory management is so poor that Excel, Word, and other applications have trap doors into the Windows kernel so they can do their own memory management, otherwise performance takes a significant hit. Sounds like institutionalized rootkits to me, just waiting to be exploited by scammers, phishers, and their ilk.
I anticipate that El Reg will feature a long series of articles on Windows APIs and the various incompetencies, stupidities, and inefficiencies they reveal.
this is good change.
I have a question: Can someone please explain to me the problem with the non-commercial limitation to the patent thingy? In the article, Jerry says it's meaningless, and POPE Mad Mitch says above "nobody could use [OO with the Microsoft APIs] without having to pay microsoft a patent royalty tax."
I think this is incorrect. As I understand the release, if it's non-commercial distribution, no patent license needed, no lawsuit. How is that meaningless?
Now let's have the source, and redistribution rights. Otherwise this is not 'the bell tolling' for OOo or any other Open Source project; this is still a substandard product and I won't be using it just because the documentation is finally being released.
It's nice that MS Office will soon support ODF, but OOo already does that, is cheaper, and runs on my chosen platform.
I have no love for M$... that's fer sure. You couldn't pay me enough to work with thier shi'ite!
If Microsoft is being genuine here... great! More power to ya!
I'd like nothing more than to see M$ open up some of the sucker products they have. Folks may not be able to contribute code/fixes yet... but at least being able to track down the issue... will be dog gone nice.
Go Billy Goats! Go!
This post has been deleted by its author
Sorry, but am I the only one who thinks that the only reason a company carries on paying fines of 1M/day for not agreeing to hand over documentation is because they didn't actually have any to hand over.
Great now they've written some.
Pity the EULA won't let you sue them when their own software fails to implement their own documented protocols.
OK, on one hand we have the conspiracy theorists that believe the yanks cleared a rather large area so that they could land the alien mothership (satelite shooting gallery is almost as far fetched). Then Microsoft makes an announcement like this that lets face it, is completely against what they have ever done or believed in. Anyone else think that our lizard overlords have arrived and setup camp in seattle?
Mines the foil one please ...
Beyond the obvious attempt to pacify the regulators, particularly the EU, I think there's a certain inevitability to this.
Mixed computing environments are not uncommon now, with Windows on the desktop and anything *but* Windows in the server room. By making it unnecessarily hard to interoperate, I'm sure they thought they could make everyone switch to their server OS too.
Turned out that wasn't the case. Now perhaps they have no choice but to throw open their protocols, before too many companies conclude that the best way to avoid these problems is to avoid Microsoft entirely.
"does no one else see this as a Malware creators wet dream??"
Not particularly. The malware problem isn't an API availability thing, it's enabled by poor architecture and design dating back years and years, bad decisions which now mean an average user who runs everything exactly as it came out of the box will be browsing the web with a program that has hooks right into the kernel, all with full admin rights.
Think about it: If closed APIs make it so hard to write malware, why are we awash with the stuff on what until now has been the most closed platform of all?
Overall this has to be a positive thing, but Microsoft have a lot of work to do in order to prove they really *can* be trusted. 3 decades of untrustworthiness doesn't just go away overnight.
Oh yeah?
What about Microsoft's Developers? I seem to remember Novell taking M$ to court over Published Hooks not being quite the same thing as the internal hooks which MS developers were using (supposedly there should be Chinese Walls between development teams, but this was apparently not the case). The difference incorporated effectively at minimum "Do Nothing" statements which were there for portability reasons, but by MS not using those hooks meant that its' products would run faster (eschewing portability in the process, which explains some things). I believe Novell won that case.
They aren't doing it out of the goodness of their hearts.
World economy going down the tubes, the last thing they want is wholesale defection to OS products, as part of the squeeze. Better to have people still using their stuff, and if their margins have to go down a bit to maintain market share, then so be it.
".. does no one else see this as a Malware creators wet dream??"
No. Most malware (decent malware at least) relies on reverse engineering of the binary code which provides the implementation of some function. The API (Application Programming Interface) only defines the interfaces to those functions.
In essence, an API document set (and the related header files used by application developers) provides a set of definitions of data structures, function names and return types and parameters which constitute the interface to these functions. Publishing the API does not reveal the details of the implementation of the functions.
It is not equivalent to publishing the source code of the underlying functions, so in order to (for instance) discover a buffer overflow in some function that will allow arbitrary code to be inserted into some handy place and then executed still requires that the malware author work at the binary level.
Even knowing the size of the buffer to be passed into a function (a common piece of info in API documentation) doesn't necessarily help the malicious of intent, since until you're looking at the disassembly, and have fully grokked the location of all the variables on the stack and/or heap, you don't know weather the function does any checks on buffer size, or where your data will end up if you overrun the buffer size the function expects. (Other methods of arbitrary code execution are available of course)
I'm pretty sure I haven't explained that very well, but basically, the answer is no because you still don't actually have the implementation source code. TBH even where the source is available, you're still going to need to be looking at a screen full of assembly and stack frames before you can code a successful exploit.
I wasn't really following the issue/investigations on the topic, but it was also the thing that immediately struck me: blah 2007, bleh 2008. Maybe they actually have published all their respective 2003 and earlier APIs, then credit to them, but i suspect not.
Only doing it for their latest betas, hrrm nice ploy. Not biting.
This stuff simply doesn't interest me enough. NT5 and the related apps still look satisfying (disclaimer, != perfect, of course). A possible exception might be dot net which could have gotten better since, but that thing can at least be safely ignored on NT5 which i fear is harder on their newer system.
If Microsoft writes such bad code why the hell would you want or care if they open their APIs?
If anything this will prolong Microsoft's dominance of the market. It was inevitable that open source software would start to catch up with Microsoft in terms of software viability. OSS is still nowhere close on the desktop, and the server leaves much to be desired. By opening their APIs Microsoft is allowing developers who would have otherwise had to develop alternatives, to simply use an already existing Microsoft standard. So how is that going to increase competition and create better software? That was the whole point of this EC stuff wasn't it? All I see this creating is more client applications for Microsoft servers which will still require Microsoft licenses.
I just think its hilarious that all the fanbois are all "hurr mikkro$oft's code is shite" and then in the next sentence "i wish Microsoft would open their code so i could use it". If OSS really wanted to compete with Microsoft they would have written better, open standards that would run across all OSes. Since they've failed in doing that, they decided to get the gov to force Microsoft to open their supposedly junk standards. Good work guys.
I don't see any good in this, and nobody here has come up with anything credible on the positive side. What really surprises me is just how many people think the world of IT is now a better place, citing all kinds of imaginary or useless things, and completely ignoring history, especially Microsoft's. I don't see any real MS shills here, so ... Paris, because innocence is the word of the day.
Even the brown noses at Microsoft Watch are sceptical:
"For quick clarification: The principles aren't really new -- the European Union's Competition Commission required the principles' framework, in response to Microsoft's March 2004 adverse antitrust ruling. The timing also is suspicious, given the potential public relations bang Microsoft could get about a week before a key vote will determine whether or not ISO adopts OOXML (Open Office XML) as a standard."
Read the full sobering report...
http://www.microsoft-watch.com/content/corporate/whose_principles_are_they.html
:<
The full sobering report ..... http://www.microsoft-watch.com/content/corporate/whose_principles_are_they.html .... suggests that Microsoft are more phishing for Great Whites/Grand Wizards in the Virtualised Server Cloud, which even now is stratifying into Maslowian Self Actualisation Hierarchical Control Layers, [creating Wwweb3.0 Controls for Universal Powers], than feeding the Masses with the Seeds of Information that they Need.
Spin the Tale/Spread the Non-Information/Reveal the Recipe of Stale and Mouldy Bread ... "30,000 pages of documentation surrounding Windows client and server protocols." ..... whenever all that is sought are the Ten Commandments for Making Cake and Living in Clover, would be much more the Perceived Third Party Reflection from the Smokey Mirrors of Microsoft.
And it is a Perception, which if not cultivated by MS, at least has taken deep root and hold throughout the Field ...... or is that a false Vista based upon a malicious Premise?
Build any Software upon anything other than the Rock of Truth and IT will riddle it full of holes and fill it with worms and viruses to XXXXtraordinarily Render it as an Enemy Combatant whose Assets can be Sequestered and Used against them. The Good Old American Way, Redmond ...... or just Simply CompleXXXX Natural Universal Justice?
If IT is both, then the Wwworld is on to AI Winner.
The Battle is not Won by any Particular or Peculiar OS and/or Driver or by any Alliance of OSs and/or Drivers, but by what they Choose to Power. And that can be even further refined and defined/concentrated by what Individual Programmers Creating new Intellectual Property Choose to Power with their Network InterNetworking Grid Connection. ......... NET Plug In.
An Alien Power would QuITE Naturally Choose Hearts and Minds for Human Earthed Control .....for the Real Physical Semantic Buzz LightYears ahead of Yesterday's Colourful Climaxes.
Seventh Heaven MadamfM BrothelTerritory for Global Operating Devices ....... with Venus in Control. ...... which is also always Virgin Forest for ManKind ...... and you can Thank your Lucky Stars and GOD for that too. :-)
Parcel that little Lot up and Sell IT/Show IT for Free and what is to stop you Making a Fortune and Leading in an Advanced Artificial Intelligence DirectXXXXion?
The Open Source community doesn't need to write better, open standards that work everywhere. They exist. The Open Source community, by and large, tries to conform to existing standards. If Microsoft can't manage to conform to those same open standards, that's not our fault.
Developers (not Open Source people exclusively) wanted access to Microsoft's APIs so that they could compete on a level playing field on Microsoft's platform. That's how this will open the market up to competition and allow better software to be produced by Microsoft's competitors on Windows - which will mean Microsoft might actually have to get their fingers out and produce some decent software instead of the horrendous bloatware their customers have had to satisfy themselves with so far.
I disagree that "OSS is still nowhere close on the desktop, and the server leaves much to be desired" - could you back that up with any supporting evidence?
What you don't seem to realise is that those who want access to Microsoft's APIs and those who detest their shitty software are two separate, though overlapping, groups. I for one am more a member of the 'their code is shite' crowd and this release of API and protocol documentation makes no real difference to me personally since I don't run their crap anyway and wouldn't recommend it to anyone.
I notice that they only seem to be offering information on new / hideous / unused / unwanted / unloved protocols...
Can anyone clarify whether they've ever released full file specs (word etc) for earlier and far more commonly used products ?
(Paris, because it's the only one with a question mark)
This post has been deleted by its author
Well, given Vista's droopy sales, and the EU's continued pressure, MS needed to do *something* to make Vista, Office 2007, and other new products more attractive. This move can't hurt. Does it help the vast installed base of people who happily manage with XP, Office 2003, and so on? No. Does it make me more likely to recommend Windows-for-Warships? No.
So let's see: where I work, we have a substantial network of older Windows machines, running older Office, which we try to integrate with newer apps. We can get the new-found benefit of MS interoperability for all the stuff we've already licenced, bought and paid for by, uhhh, paying MS loads more money to upgrade to Vista and Office 2007. Riiight. Which means we'll also have to replace half our fleet of PCs to manage the extra load. Riiiiiight. Green, or what?
Or we can gradually convert what we have to use existing open products which conform to existing open standards, with no extra payments to MS. And free our documents and data for ever more.
Put like that, it's not really a decision, is it?
Embrace - i.e. provide them access with everything possible and let them stuff it in
Extened - i.e. help out with various standard bodies etc...
Extinguish - this is the hidden bit that will get it all killed after the reveal some interesting patents that aren't covered under it all...
The other shoe is a size 666. Can't wait for it to fall and prove yet again that Microsoft doesn't play fair, nice, or legal when it comes to its monopoly.
I'd want legal definitions of every single word they've put into their statements that they are "opening up" the standards, that they "won't sue", and so on. Then I'd double check. Then I'd want sworn testimony (under oath, etc.) of every senior exec at Microsoft that what everything THINKS they mean is what they ACTUALLY mean.
On the other hand, even if it's partially true, I hope people remember that it took a EUROPEAN legal system to finally make Microsoft bend over just a little. The US legal system was only recently still humming and hawing over whether to continue their "oversight", which has been completely ineffective anyway and has allowed Microsoft to continue "business as usual" until they finally got caught on the hard rock of European consumer protection laws.
Pssst .......... Is the following Past, Alien to you, or just Spookily too much like all that you may know of Present DirectXXXXion. ......
http://www.john-f-kennedy.net/thefederalreserve.htm
http://whale.to/b/war_qg.html
A Change for Future Opportunities rather than more Neanderthal Conflicts/Balkan Bonking, would be AI Beta Program and with MicroSoft doing the Iwo Jima Flag Raising thing, and providing Systems Support and Electronic Rogue Systems Lockdown to flush the Bugs and Atomic Cockroaches out of Systems, for that is what IT and the Internet can easily do, it would be surely a Certifiable Madness not to Boldly Go into AI Virtualised Space, CyberIntelAIgently Designed Space: The fertile frontier of Imagination and ITs Voyages, Magical Mystery Turing .....ITs Mission ...To explore strange new worlds ... To seek out new life and new civilizations.... To boldly go where no man has gone before.
*http://en.wikipedia.org/wiki/Impressment
Every day, another piece of the Future Jigsaw, which Actions Shared, Create as AIReality, to be left behind as Historical Fact for SMARTer Generations and Beings. Or do you just Believe in Nothing Really?
That would be both Sad and Bad and QuITe Mad, if you have a Brain which you thought worked, for quite obviously it isn't working at all well, .......classic sub-prime performance.
There's just no pleasing some people.
The open source crowd have been complaining for years about Microsoft not allowing access to this information, and now those very same people are the first to complain.
Microsoft tend not to give things away for free and I'm sure it will be the same in this case, but it's entirely possible that instead of money, what they are hoping to get in return is an entire community of 'quality' programmers to go through their code and feedback all the problems/fixes. This will save them millions of dollars and make them look like a better company at the same time.
It also means that companies who don't use their software will be more likely to try Microsoft products when they know they can make those systems interoperate properly. And before people start saying they wouldn't touch Microsoft with a barge pole, big companies use whatever system will work for them, they all have an associated cost, Linux is only really free if your a home user, businesses pay in all kinds of different ways.
something that I always see missing from the arguments that spring from the "we should get rid of all microsoft servers from companies" is the suggestions of realistic alternatives for a small to medium sized business to microsofts active directory and other, tightly integrated services such as MOM, exchange, group policies, sharepoint, ISA, WSUS, WDS/RIS et al.
I know they exist, after all AD is based on LDAP (and even apache is getting in on the ldap game) and there's even a good exchange alternative in zimbra (could that be behind microsofts interest in yahoo? the services that is, as they can't kill the software) and that the granularity of systems such as HP's flavour of unix provide massive control over users. But, for a small/medium company it is far easier and cheaper in the long run (since there isn't a need for expensive staff and training courses, basically making their staff hot swappable not to mention the vast difference in licensing costs) to implement a microsoft based solution to centrally control all aspects of their user base.
Come on you linux/unix advocates, stop giving out the vague "don't use microsoft" crap and actually come up with solid alternatives to active directory and all of the various services that hook into it. The onus is on YOU to provide the windows world with evidence as to why they should leave it behind.. or is that too much of a task for you?
Well, I think this marks the beginning of the next stage in Microsoft's progress. Essentially they have had a monopoly of the desktop OS and office suite market for over ten years - this is a jolly good run for their money. This monopoly is surely coming to a close, maybe not this year, but within 5 years there will be a significant proportion of IT users who use appliances of some sort (such as the EEEPC) rather than a computer.
So if MS saw their future as being "more of the same" they wouldn't be parting with billions! for! Yahoo! - but they clearly want to be a technology and content provider. They will have considered the place of their proprietary APIs in the new world of technology, and decided that they want the new offerings (for example, online office suites such as Google Office) to be interoperable with MSOffice: users of these suites have *some* association with MSOffice, rather than either/or.
This is neither a selfless act nor a deceptive stratagem. It is, however, a strong indication that things don't stay as they are for ever, and MS are thinking about what happens next. So, on balance, halo rather than horns.
does so at their own peril... and will this include every single API or just the old backward compatible ones developed for ME... so move along please - nothing of interest here but the second death throw of some old bloatware... and why does it bloat with every release? because each release mainly consists of wrapping the old APIs in a new API wrapper with a new look and feel... so basically nothing has changed in years except the wrapping paper... and when you read the reviews its all about the eye candy... life really is too short to waste your time with this...
"The Open Source community doesn't need to write better, open standards that work everywhere. They exist. The Open Source community, by and large, tries to conform to existing standards. If Microsoft can't manage to conform to those same open standards, that's not our fault." .... By Geoff Mackenzie Posted Friday 22nd February 2008 06:21 GMT
I disagree, Geoff. It is open source/Open Source which create future standards which the likes of Microsoft then monetise and silo/silo and monetise but it always slows down progress and may even halt it for a while and that is always not good ...... but that is a problem created by the Profit Business Model and Failing Capitalism and not necessarily any particular Business.
But this oughta help the WINE guys and like a little bit more. Crumbs tossed out no less, but would you spite them and not use the info?
Okay. I qualify that. This is for the guys that need to interoperate with M$. I know some guys who would definitely... or shall I say always have and still do flip M$ the bird.
Look, I'm sorry I broke into your house and stole your stuff, screwed your doggie and ate your goldfish.
But putting me in jail is damn unfair.
Instead, how about I share 30% of the money I got from selling your stuff (it was all crap anyway, trust me) and I show you the pics of me humping your dog?
OK 40%.
Oh, that's not fair!!!!
(now how come MS can ask for money when doing what the court requires them to do to redress illegal actions?)
Jeremy Allison - "Doesn't mean any change for us (Samba) as we already had all these docs ...". Bitten by the tiger? Were some of these docs part of what the Samba team got to see a just a few months ago in trade for concessions (whatever those may have been) that would now be unnecessary? Hope not.
30,000 pages of documents - the Deluge Ploy as occasionally practiced by our beloved US govt in response to FOIA reqests, the search for possible value being stymied by the Herculean task of sifting through the mountain of documentation?
Boon to malware creators - see above. Further, anyone who wants to make malware can be fully occupied with the already thoroughly mapped terrain of M$ products, with new opportunities appearing every Patch Tuesday, if not before, without source code or documentation available.
Credit to MS, they always seem to be able to spin things to their favour.
They are required to publish their APIs but notice they are only agreeing to release them for their very latest products. The products that they are having significant trouble pushing onto the public.
By opening up these APIs and not the ones for the products people actually use (XP, office 2003 etc) they will be able to meet the EU demand and make the new white elephant versions of their products more appealing.
I think the EU should not fall for this and demand MS publish the APIs for all versions of the products they support (as of now, MS can't be allowed to say they will then stall until support lapses so never publish them).
and their you have it. no you won't have to pay a licence fee anymore, you'll have to pay patent royalty tax. Not the same thing at all.
Just like the community charge wasn't a poll tax <yawn> someone wake me up when there's some actual news please. MicroSoft are just trying to keep the regulators quiet whilst maintaining their market share and obscene profits for their rubbish products. In fact, they can now get 3rd party devs to fix those rubbish products and charge them for the privilege. It's a win/win for Bill.
BIllzebub, 'cos M$ haven't really changed at all.