back to article Windows better off closed, says Microsoft

Open sourcing Windows is more hassle than it's worth and Microsoft sees little gain in releasing code, according to the man leading Microsoft's server marketing and platform strategy. Microsoft general manager Bill Hilf has said the Windows source code is "irrelevant for what people want". Hilf said "most of the knowledgeable …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    MS Source Code

    "Hilf said "most of the knowledgeable people" are actually asking not to be given the source code for Windows"

    Most smart people don't want to look at MS Source code because if they do they'll never work for anyone again...

  2. Ian

    Uh?

    "Hilf said "most of the knowledgeable people" are actually asking not to be given the source code for Windows"

    I can't envisage any circumstance where people would actually ask not to be given it, it almost sounds like Microsoft is suggesting they've offered it but people begged them not to give them it.

    I can understand that there are reasons for not open sourcing Windows, and in a way I kind of agree that it should probably stay closed source to avoid the kind of branching problems you see with Linux where there are 10 versions of everything in some cases. However, I'd still like to see the Windows source code, ironically for the very reasons Hilf mentions - not because I want to modify it, but because there's no better documentation for seeing how parts of the OS work together and communicate than actually being able to see the source code first hand.

    Adding the "knowledgeable people" comment is just insulting and is doing the company no favours, he's implying if you want to see the Windows source code that you're not knowledgeable.

  3. Avi
    Stop

    What's the disadvantage of opening?

    Surely I can choose to approach an open-sauced OS in the same way as I do a closed one?

    If I don't look at the source, I can pretend it was never opened.

    If they'd carried on the uncharacteristic honesty of the last couple of weeks and said "It wont be open sourced because we make more money this way" that would have been entirely understandable...

  4. dervheid
    Gates Horns

    Typical...

    Microstuffed.

    If it wasn't for all the independant outfits outwith their own "Ostritch" mentality, pointing out all the (usually glaring) security (and other) holes in their products, Billy boy's company would (and should) have sunk, without trace, long ago.

  5. Anonymous Coward
    Anonymous Coward

    "they want to know how does Outlook talk to Exchange"

    That's the theory but it's been tried before. And MS being MS, don't follow their own standards, document poorly and can never resist holding something 'clever' back. Hence the fact the Samba guys would much rather have a look at the source than being told 'hot it works'.

  6. Kjetil
    Gates Horns

    Hilf said...

    Hilf said "most of the knowledgeable people" are actually asking not to be given the source code for Windows,

    Well ofcourse, they know the mere sight of it would give them nightmares for years to come ;)

  7. Anonymous Coward
    Anonymous Coward

    Translation

    The Windows code is such an unparalleled mess of hacks, cludges and make-do fixes we really don't want to embarrass ourselves by letting anyone else see it. Not to mention it would allow hackers to tear Windows yet another arsehole.

  8. Andraž Levstik

    First... and

    Well they have a point... From some twisted microsoft sort of world view...

    They should keep it and their security flaws hidden well in their security by obscurity setup...

    That way nobody else could possibly look at their bitrotten code and figure out how to actually fix everything wrong...

    But yeah "MOST" ppl want to know how to interoperate fully with the windows systems...

  9. Mark
    Gates Horns

    OSS != GPL

    If they just open the source code, there's no need to GPL or BSD it. No need for ANY license.

    It's just open code so that when copyright expires (hah!) you can use the copyrighted work as the copyright deal was supposed to allow you to.

    If they DO GPL it, think about this: would you buy Microsoft Windows XP or Joe Bloggs Wondows XP?

    So MS would lose nothing by open sourcing their code.

    Nothing that copyright allows them to do anyway.

  10. Ken Hagan Gold badge

    Too right

    "They don't want source code, they want to write an application like we can write an application: they want to know how does Outlook talk to Exchange."

    Absolutely, and he would also be right to suggest that no-one actually wants to *build* Windows from the source code.

    However, he hasn't picked the best example to illustrate his point, since MS have made it clear over the years that they won't be documenting that. In the absence of such documentation, the next best thing is to publish the source code and let the community reverse engineer such documentation. But they won't be doing that either.

    Why? Because they know full well that the application "they" want to build is an Exchange Server replacement.

  11. Greg

    Hehe

    "Microsoft general manager Bill Hilf has said the Windows source code is "irrelevant for what people want" "

    How true!

  12. NB

    bollocks

    Here's a thought, might it have something to do with the fact that every leak of windows source code so far has shown it to be a load of buggy shite? Maybe, just maybe, MS are unwilling to release their code because they know how crap it is.

  13. Martin Owens
    Gates Horns

    Translation: Embarrassment

    We all know that closed software is so crappy that it would make my dear ol' mum cry in her sleep. Why do'ya think it took so long to salvage Netscape code and turn it into firefox, or the mess that was StarOffice before it became OpenOffice?

    No for the love of bob don't release any of your thoughtless code, Microsoft. The world will be a better place when you bury it under 37 meters of rocks and boulders followed by a steel cap and some guard dogs.

  14. Tom

    From the donkeys mouth

    So we're expected to listen to the company that thought it was a great idea to re-invent the inefficiencies of the paper office on a computer and add a lot of new problems too?

    Microsoft - the man with a red flag walking in front of your computer!

  15. Joseph Haig
    Coat

    What really happened

    (Developer shown Windows code)

    "Aagh! My eyes! Show me no more!

  16. Anonymous Coward
    Flame

    Documentation

    The open source lot complaining about MS poor documentation

    Pot meet Kettle

    An awful lot of open source doesn't even have any, never mind well written documentation. If there is any, it's usually done as an afterthought written by somebody who really can't be bothered - and it shows

  17. myxiplx

    Bending the truth

    Interesting twist on things there. It's true that most knowledgable people currently don't want to see the source code, but they are careful not to mention that it's only because Microsoft ensure that viewing their code has legal ramifications if you ever want to work on something similar.

    It also nicely avoids the real point, which is that if they open sourced it, with no hidden catches, all of those concerns would go away, and those same knowledgable people would jump at the chance to have a look.

    Interesting how they can use their own actions to justify doing exactly what they want, and to put words in their opponents mouths.

  18. Phill Holland
    Gates Horns

    working 9 till 5

    Theres little point in releasing the source code unless you wanted to change certain functions of windows because it didn't do what you want. (or heaven forbid you wanted to fix the bugs yourself)

    Figuring out how Windows, or any software works and interacts with other bits of software from the source code is a friggin' knightmare and a waste of time if somebody is providing the API documentation anyway.

    It opens up a huge can of worms if you find something wrong with the API implementation compared to the documentation; imagine people willy nilly fixing all the bugs and problems in Windows, and then breaking all the years of work arounds everybody else had to write to get their own software working?

    Maybe I'll be writing a simular statement when ie8 is offically released.

  19. paul
    Flame

    @AC

    Yes there are a lot of open source projects that have poor documentation.

    On the otherside , there are many projects with great documentation.

    There is nothing stopping YOU! writing good documentation for the projects you like (if there are any).

    Not everyone who contributes to open source is a programmers, many people help our in translation and documenting services.

    Who can document windows except MS?

  20. Antony King
    Go

    Copyright

    If we don't ever get to see the windows source code, no-one can then be accused of stealing bits of it (a la SCO) and incorporating it into GPL'd code. "Hey, you stole the line 'int i=0;' from our code! We're gonna sue ya!".

    On the flip side of course, if we got to see the source any infringements would get picked up real quick.

  21. I. Aproveofitspendingonspecificprojects
    Paris Hilton

    @Andraž Levstik

    ""Well they have a point... From some twisted Microsoft sort of world view...

    That way nobody else could possibly look at their bitrotten code and figure out how to actually fix everything wrong...""

    That's the problem.

    They know exactly how to fix everything wrong. That's why I never update their stuff.

  22. Joseph Haig

    Re: Documentum

    It is true that many open source projects have poor documentation but to suggest that this is the case for all is not true. The documentation of Lilypond (http://lilypond.org/doc/v2.10/Documentation/) is amongst the best documentation I have seen anywhere. To be fair, though, this is one project run by musicians first and geeks second.

  23. alistair millington
    Thumb Up

    Nice.

    The other factor is, to release it they would have to clean it up first.

    Removing the bad syntax, the swear words, the appalling grammar. the pages of stuff that no longer has a purpose.

    Wasn't there an article on the reg from one developer that detailed what the MS 2000 source code contained.

    I doubt they want the hassle of actually going through all that code to clean up for public scrutiny.

    gotta love M$

  24. Andy Turner

    "What's the disadvantage of opening?"

    Well here's just a few:

    * Malware authors being able to find hooks and holes with much more ease.

    * Malware authors being able to create 'pirate' versions of Windows with the malware built right into the OS. Far more undetectable than even rootkits. Idiot users would love to buy a copy of Windows for £5 at a car boot sale, without realising the full payload.

    * Software developers being able to see how things work will start to use and rely on internal behaviours. API not doing quite what you need? Edit it and build another.. All comes tumbling down when MS release a new SP or version.

  25. Mr B
    Coat

    Agreed ...

    ... some things are better kept closed!

    M$ $ource code,

    Vista DVD case too.

  26. Anonymous Coward
    Anonymous Coward

    @alistair millington

    There are also issues about who owns the source. I'd imagine that Veritas would have a whole lot to say about the disk manager being open sourced, what with it being Veritas Foundation Suite, just chopped down a bit. Likewise NTbackup is based on backupexec (or was) and there has got to be a whole load of IBM OS/2 code still in there and we all know their position of open sourcing OS/2...

  27. SImon Hobson Bronze badge

    Anonymous Coward, 9:25

    >>> Hence the fact the Samba guys would much rather have a look at the source than being told 'hot it works'.

    I'm not sure that's true. One of the first things I believe they do with a protocol is to build a test suite around it - and then test the existing implementations to see what doesn't work. Now, under the terms of the EU settlement, if it turns out that the shipping MS products don't implement the protocol as documented, MS are REQUIRED to fix the documentation.

    So, the Samba team really do not need to see the source code, and as other have already pointed out, it really is in their interests not to ever have access to it (so there is no opportunity for even unintentional plagiarism).

  28. Michael
    Happy

    Can't give it away?

    "Hilf said "most of the knowledgeable people" are actually asking not to be given the source code for Windows"

  29. Andrew Moore
    Gates Horns

    I am reminded of Monty Python...

    ...and the Funniest Joke in the World. The reason why MS will not release the source is because one look at it by any sane person would be enough to make them laugh themselves to death.

  30. Anonymous Coward
    Anonymous Coward

    generic title

    wonder how much of this is related to DRM being about obfuscation and not security after all...

  31. Phill
    Happy

    If they open...they lose

    Within a week of open sourcing Windows, Wine would have all your Windows only apps on Linux and suddenly everyone would switch

  32. Anonymous Coward
    Anonymous Coward

    Sausages

    Seeing their code is probably akin to analysing the contents of sausages.

  33. Geoff Mackenzie

    Various responses to comments above

    "would you buy Microsoft Windows XP or Joe Bloggs Wondows XP?" - I think the answer here is "no."

    Disadvantages of opening the source:

    * Malware authors being able to find hooks and holes with much more ease.

    Yeah, because that's so difficult now. On the other hand, you'd also have potentially thousands of volunteers peer-reviewing the code and helping to get those holes closed.

    * Malware authors being able to create 'pirate' versions of Windows with the malware built right into the OS. Far more undetectable than even rootkits. Idiot users would love to buy a copy of Windows for £5 at a car boot sale, without realising the full payload.

    You don't need the source to do this. It's been done a great many times.

    * Software developers being able to see how things work will start to use and rely on internal behaviours. API not doing quite what you need? Edit it and build another.. All comes tumbling down when MS release a new SP or version.

    This happens even if you do use the 'official' APIs. Also, hiding internals from programmers isn't the right way to deal with this. If developers rely on internals, then let their software break, who cares? But that doesn't mean the rest of us, who would use APIs responsibly, shouldn't see the source.

    It's really quite simple. I use open source software because I like to have the option of knowing what my computer is doing. Source code is just the human readable form of the most precise description of exactly what my computer is doing. What Microsoft do as a matter of course is control what your computer is doing and refuse to let you discover what that is. Granted, most of the time I don't check when I do have the option, but with Windows you don't have the option, and neither does anyone else without a vested interest in concealing defects and underhand behaviour.

    How can you trust software like that?

  34. Anonymous Coward
    Anonymous Coward

    source code

    As an software developer (ok, ex) I want to be able to interface to other modules that make my job easier ( code-reuse), I don't want to write a million functions, and I'm not interested in seeing the source code for those modules I link in, I really don't care. What I want is, modules that work, and documentation that accurately reflects what's going on with those modules.

    When I undertook VB work with DAO some years back, I did plenty of head scratching thinking my code wasn't working, when all along it were the objects in DAO supplied by Microsoft...a) they didn't work properly, b) the bugs were not even documented! The documentation appeared to have been developed in parallel to the object development, but that there was no updating of the documenation post object development, to reflect the bugs that had been uncovered.

    Microsoft appeared to forget, the purpose of documentation is not to describe theoretically how things are or how they should be, but to describe how they actually are, to make our jobs as software developers easier.

  35. Ken Hagan Gold badge

    @Andy Turner

    MS have made the code available to various governments and academic or MVP scrutiny for ages. It is naive to think that the major malware authors don't already have a full listing.

    As for "pirate versions" with the malware built-in, how would this be worse than a version with a root-kit built-in? Given root-kit access to the hardware, why would anyone bother to infiltrate the copy of Windows that was used as the "public face" of the OS?

    Lastly, the sort of software developer who reverse engineers Windows to discover the "actual behaviour" typically ends up depending on some aspect of their own personal configuration and the resulting products don't work on customer machines EVER. Such people probably wouldn't look at the source anyway, and if they did they might learn how to solve their problem correctly.

  36. adnim

    Trust.

    I trust closed software as much as I trust m$. Why do I need a firewall to block OUTGOING comms from a windoze box? Maybe I don't. Maybe I don't need to wear a seatbelt whilst driving either.

    The only thing I trust that m$ will ever do is look after its own ass, an fsck everyone else's.

    I trust open source because anything nefarious in an open source OS or app will be spotted pretty quickly.

    I would also imagine that almost 20 years of hacking the same codebase has produced a Frankenstein they are most embarrassed about if not ashamed of.

  37. Anonymous Coward
    Gates Horns

    The advantages of opening... and @ Andy Taylor

    I'll tell you why I'd like it to be opened: because I'm a fairly decent programmer with kernel-mode and device driver experience, and next time some awful bug is giving me trouble I could just *fix* it instead of having to struggle to find some workaround.

    And Andy Taylor: your three arguments aren't very strong, because ...

    "Malware authors being able to find hooks and holes with much more ease."

    That's a fairly limited impact. Most malware these days spreads by idiots clicking on it anyway, it doesn't even need OS exploits or holes.

    "Malware authors being able to create 'pirate' versions of Windows with the malware built right into the OS"

    That one's a total strawman. They can do that right now and it doesn't need access to the source, and access to the source wouldn't make it any easier. If your supposed pirate released a hacked version of windows based on the original sources, it wouldn't have the MS digital signatures on the system files, so they'd have to disable all the checking and system file protection feature in the os anyway... which you can already easily do, in which case you dead easily trojan or wrapper or replace wholesale any windows system file you like anyway. The source is neither necessary nor even useful for this kind of attack.

    "Software developers being able to see how things work will start to use and rely on internal behaviours."

    Dude, that's what MS already do anyway, and that's why their public APIs are no use. MS' use of secret internal APIs to gain commercial advantage for their products was half the issue in the monopoly trial, remember?

  38. boe
    Jobs Horns

    Ballmer is a afraid someone will fix Vista

    I think Ballmer is afraid some overseas 17 year old kid will figure out why Vista is so slow, come out with a patch and make MS look bad because their whole team of developers couldn't make Vista a viable alternative to XP. Frankly, if he wants those bogus sales numbers for copies of Vista sold Ballmer keeps using (even though they were on PC's that MS strongarmed retailers to put on their PCs even though end users wanted XP and Ballmer never calculated all the people who upgraded from Vistat to XP since they were forced to give the XP license for free to dissatisfied Vista users), Ballmer should let someone fix the turd that is Vista.

  39. Law
    Gates Horns

    agreed

    it would be like watching the video in The Ring.... something that cannot be undone!!

  40. DR

    leaked source code

    given that the leaked source code from MS before was full of explitives and dodgy hacks to cover holes I can only say that I feel releasing the source code would be a great idea.

    but for this reason and this reason only.

    to save face before releasing the code engineers would have to spend hours going through it and tidying it up to stop it getting a million and twelve blog posts about how dumb you have to be to work at MS...

    of course this sort of code review should happen anyway. I just think that there would be more preassure to actually do it if it were opened up to the public.

  41. Anonymous Coward
    Pirate

    Knowledgeable people

    Hilf said "most of the knowledgeable people" are actually asking not to be given the source code for Windows

    Perhaps this explains the Vista delays...

    Boss: I'm assigning you to the Vista team.

    Knowledgeable Employee: Please, No! I'm too clever by far. Think of my career....

  42. Shagbag
    Thumb Up

    I totally agree with you Bill.

    "most of the 'knowledgeable people' are actually asking not to be given the source code for Windows"

    Amen to that. Most of the knowledgeable people run Linux, *BSD or Solaris.

  43. tbshmkr

    Documentation?

    OSS == IOTTMCO

    We Don't Need No Stinking Documentation!

    --

  44. JamesH
    Linux

    Open Source Documentation

    Well, as stated above, there is SOME good open source documentation out there, but much more open source stuffstuff has dire or non-existent documentations. (for obvious reasons - who likes writing documentation!!)

    Thank god for the wiki where you can pretend to write some, then get someone else to patch it up for you.

    And as for the comment

    'There is nothing stopping YOU! writing good documentation for the projects you like (if there are any).'

    What bollocks! If you are in a situation where you need decent documentation for something, you are hardly likely to be in a situation where you're a suitable person to write it!!

  45. Anonymous Coward
    Anonymous Coward

    Hard to put right a tarnished reputation...

    Microsoft have come along way in the documentation fronts.

    Take a look at some of their .NET stuff (Not all perfect admitidely),

    but some of it's pretty damn good.

    Lots of code examples, etc, nicely laid out, and now allows for community documentation to be added if stuff is missing, and ratings on pages.

    Suns Java doc stuff comparitevely leaves alot to be desired...

    I've seen good and bad OO projects in this department.

    As with the code It often depends however on how popular the project is with the uber geeks.

  46. Mark
    Unhappy

    Re: source code

    RC, documentation MUST be what it SHOULD be doing. If what it *is* doing is different, then that's either a bug in the program or a gap in the documentation.

    Why?

    Well, how do you decide what is a bug if your documentation merely says that it should do what it does?

    Your reasoning is (I believe) the same that has made MS think that MSOOXML is "open" because it's merely documenting what MS Office *does* not what it *ought* to be doing.

  47. Anonymous Coward
    Anonymous Coward

    Good practice

    Technically, application developers should use programming-by-contract and develop against the API. At least closed source prevents the code from being tightly-coupled (assuming the API was properly designed of course).

  48. A J Stiles
    Paris Hilton

    Funniest Joke In The World

    I have actually heard The Funniest Joke In The World. But I think it suffered a bit in the translation:

    Q. Why is a watch called a watch?

    A. Because it shows the time!

    Paris, because there's a clue in there somewhere.

  49. Mark
    Thumb Down

    @JamesH

    Bull.

    There's a lot of crap documentation on closed source projects. Hell, MSDN sites have incorrect information on it (or lacking all information: remember that people defending MS used to say MS didn't HAVE any hidden API's and all the documentation was there; at least until MS gave out documentation on hidden APIs).

    Samba developers were paid by MS to give them documentation about what MS's code were doing. Isn't that indicative of bad documentation?

    And OSS gets a partial bye on it because nobody is paying enough to cover the cost of documenting all of the code. MS has billions available and still haven't documented their stuff properly.

  50. Charles Manning

    Reuse, reuse, reuse

    The only thing worth reusing here is the disk space. I'd download MS code just for the symbolic gesture of deleting it.

    @ programming by contract: Hah! Unless the contract is something that has been chewed on for decades like POSIX ( and even that has unspecified behaviour) they're just not enough to build an effective system. At the end of the day the customer does not care which side of the contract is broken. All they care about is whether it works on Windows or not. If your program is correct, but the Windows side is not, then don't expect people yo buy your stuff and write nasty letters to MS demanding that they fix Windows so that it runs Foo.exe. When something is big enough (like MS) it makes its own rules. As my dear old Sgt Major used to say: There's the right way, the wrong way and the Army way.

  51. Morely Dotes
    Flame

    @ JamesH

    "If you are in a situation where you need decent documentation for something, you are hardly likely to be in a situation where you're a suitable person to write it!!"

    If you need anything more than "this is how to install it" and "this is how to use it," then having the source code makes it possible to see whatever it is you need to see, with or absent other documentation. And in such a case, you *are* a suitable person to write the extended documentation.

    Your whine is not credible. Go cry at Ballmer about why your Vista apps don't exist.

  52. Anonymous Coward
    Linux

    ...most knowledgeable people...

    Of course they don't want to see it. MS has a habit of using the most odious terms in their agreements. If you look at it, they'll probably own everything you've ever done. The disappointing part is that they try to imply that knowledgeable people don't want to look at it for its own sake. It's slimy, twisted, evil, and... not at all surprising.

    Most knowledgeable people would like to look at this train wreck, if only to laugh. But they won't, because they don't want to be forced to comply with the terms. No wonder they all give it a miss.

    Tux, because the FreeBSD daemon isn't available.

  53. Robert Long
    Paris Hilton

    And, of course

    If it were opened we would NEVER EVER find any stolen code in there. MS would NEVER allow code from a GPLed project to ever find its way into their super-secret source code.

  54. heystoopid
    Joke

    So

    So that explains all as to why it takes upwards of six months plus to close simple loopholes or install security updates in Windoze Servers and require a full reboot power down then backup off line , where as Apache security updates for the security problems are available within days and are extremely easy to install at the same time !

    Go M$ pull the other leg and pull the foot out of the spokes persons mouth, or as they have a saying down under in Oz "You're Dreaming! "

  55. Jean-Luc
    Alert

    How about an investor class action lawsuit?

    News to y'all. M$ has plenty of market capitalization, at least partially built on the assumption that they remain a closed source near-monopoly. Maybe also on the unlikely assumption that they will eventually make money from something else than Windows and Office, but I digress.

    How would you like to have your money invested in them and they turn around and try the pure OSS business model? A model which so far has not resulted in that many big stock market hits besides Red Hat.

    Many investors would not and there are many many lawyers who would be quite ready to pounce on whoever decided to follow the latest trend in geek fashions. Unless, of course, M$ actually made more money after opening up their source code, something I highly doubt.

    Regardless of the technical merit of their products, there are many reasons why M$ does not, and should not, jump willy-nilly into open source. Hopefully they will gradually learn where they can open up. Documenting the APIs, _if_ they actually carry it out, is a good start. Plus, if their code is so bad, whaddya all care?

  56. Anonymous Coward
    IT Angle

    And he said that with a straight face, too?

    I haven't waded through all 55 (at the time of this writing) comments, but it makes perfect sense why it wouldn't be to Microsoft's advantage and not necessarily monetarily either. My opinion is that it would show the world just how lazy their programmers & internal development teams really are.

    I chose the IT? angle because to anybody already in the IT business , this should come as no shocking revelation, let alone something to be taken seriously...

  57. Paul

    Embarrassed?

    There is some code I've written which will never, ever see the light of day, because it's bloody awful and there's nobody I hate enough to make them look at it.

    Wouldn't surprise me to find that some of the Windows source code is just as bad as my worst dirty hack jobs.

    Real reason? They have no compelling reason to open the Windows source code. Properly documented APIs should be enough for application developers to work from.

    Maybe hordes of open-source developers could descend on the source code and make Windows better. But let's face it, if Microsoft, with lots of developers (developers! developers! ........), full access to the code, internal documentation, and people who have worked with it for years, can't seem to fix bugs without breaking other stuff, and struggle to make major updates, what hope does anyone else have of improving it?

  58. Martin Usher

    Probably not a good idea...

    Looking at Microsoft's source code probably won't tell you anything you didn't know about or suspected already but it will make you party to Microsoft's trade secrets. You'll then be screwed if you try to work on a FOSS project -- Microsoft will just claim IP leakage. After all, if they can claim that Linux violates "hundreds" of their patents without actually citing any of them (even though those patents are published) then they're really going to have fun with the vaguer "trade secrets".

    The more I work with FOSS code the more I'm convinced that large parts of the MSFT codebase are obsolete. It reminds me of the later days of vxWorks, something that's had its day but really can't come close to the quality and ease of use of Linux. The only thing MSFT have left is their user interface and media tie-ins (neither of relevance to me -- I do embedded).

    I'm not a Linux fanboy, BTW. Its just they've got the better development model. MSFT should really try emulating FOSS methods.

  59. Roger Heathcote
    Happy

    @By boe

    That kinda happened recently...

    Security Now #133 talks about the new Truecrypt (v5) full disk encryption software which required the authors to create their own low level disk driver for windows so all disk activity is encrypted/decrypted on the fly.

    You'd expect over the course of 20 years most companies would have honed and refined something as significant to performance as this, Moreso you'd expect adding the burden of encryption would therefore negatively impact disk io performance but in this case windows + Truecrypt's driver benches significantly faster!

    Hahahaha, okay there may be some situations/tests that it is slower in but still, hahahahah!

    I think it's be nice if I could create my own XP fork, I almost certainly wouldn't but it'd be nice to know I was allowed to and, as the above shows, some clever 17 year olds might make a good job of it (or get Wine working better)

  60. Scott

    How many competitors will SCO the company if they open up?

    How much has MS stolen from competitors?

    Certainly, the few dozen lines of code MS claims Linux developers stole from them would be rewritten within hours, so MS couldn't hold large customers up for ransom.

    The latest value: $1mil per user:

    http://www.regdeveloper.co.uk/2008/03/06/microsoft_moonlight_patent_protection/

  61. Brett Brennan

    You have three choices

    (1) You provide documentation on ALL the APIs, libraries, applications, etc. that are in your product to allow other developers to create a working interoperability with your product;

    (2) You provide the source code to permit anyone to reverse-engineer the documentation as needed;

    (3) You provide a "closed" product that cannot be interfaced except as you specifically allow.

    The problems with these choices:

    (3) - You severely limit the market for your product. Unless you hold a de-facto monopoly position, this generally results in a competitive product displacing you simply by allowing a larger cadre of symbiotic products to work with it. IBM learned this lesson the hard way when technology let mini and micro computers usurp the applications from mainframes, even with a market monopoly. And Microsoft learned this with the original Windows releases (following Apple's success with the Mac SDK) by - literally - giving away the SDK and documentation for Windows development to end-run the tightly controlled OS/2 development environment.

    (2) - If you make source code available you WILL have branches occurring. However, this is countered by providing the supporting community with leadership and responsiveness that permits extensions, repairs and changes to be incorporated into the main stream product with benefits for all involved. Leadership requires a LOT of truthful communications, and the tolerance of "splinter religions" that continue to depend on your core product, but are just out of sync enough to preclude re-integrating into the main branch. Among other issues...

    (1) - If you are going to document your internals in order to permit access to them, then you have to do it in a covenant with the community that engenders true mutual dependence. Almost identical to (2), you have to ensure a tremendous amount of communication in order to not strand products without warning when changes are introduced, and you absolutely MUST document ALL interfaces ACCURATELY. This means keeping the docs fastidiously up to date, and if errors are uncovered, immediately confess to them and make amends. If you do this, you can provide warnings that certain specifications are not recommended for use, as they may cause problems or be subject to changes or removal without warning - and have the community actually respect the warnings.

    Regardless of which choice (or combination of choices for a multi-faceted product like an OS) are taken, the key to making ANY of these models work long-term is building TRUST with the user and developer community. And trust is ONLY achieved by demonstrating that YOU trust your users and community developers.

    Allowing a development community build a market for your core product with add-on applications, then cutting the community's legs out from under it by creating your own products that use "secret" interfaces and breaking the interfaces that your supporters used is NOT the way to engender trust. Microsoft has done this time and time again to dedicated developers and partners: only their monopoly position has allowed them to continue this practice.

    Redmond has made the bed it is sleeping in through years of abuse. Whatever choice they make, the results will be solely their own making.

  62. Ian Johnston Silver badge
    Stop

    The one and only ...

    So Microsoft release the source code for Windows. And within a few weeks, it's done a Linux - hundreds of different and non-compatible distributions floating around. The single biggest advantage Windows have - uniformity - is lost.

    Now, there are bound to be various views on that, but to MS it can't be other than a Bad Thing.

  63. Mark
    Unhappy

    @Ian Johnston

    "hundreds of different and non-compatible distributions"???

    Please, tell us how they are incompatible. Unless you mean "RH 3.1 is incompatible with Ubuntu 6.06" you're talking a load of toss you know nothing about.

    They all use the linux kernel (compatible with each other), they all use the GNU userspace (except Busybox-based systems that are cmopatible for most common uses but not 100% compatible).

    I installed FireFox (one application) on SuSE (three different versions), Mandrake (two versions) and elive. I've installed Loki's "Rune" on two versions of Suse, one RedHat and one Mandrake.

    Now look at some of your applications: certified only on Windows 2000 (SP3 up), Windows XP(SP2) and Vista. Got 2000 but only SP1? SOL. That is as bad or worse (because you can't install a SP if MS have dropped support because it's closed) than the incompatabilities that you do get in Linux.

    But you just wanted to big up MS and had therefore to knock Linux down.

    You sad, pathetic man.

    You should be able to praise someone without knocking someone else down.

  64. Ally G
    Linux

    clear the board and start again

    What MS really need to do is start again and develop an open source version from scratch and possibly in parralel with windows server products.

    you'd get a rhel/fedora setup, they'd still be in control but with all the benefits of the 'knowledgeable' people that can fix any security holes and make things more compatible.

  65. Edward Rose

    Erm,

    @Mark

    That's a little harsh, I use Debian (a little) and Gentoo (main setup), and they both have slightly different ways of setting things up (different conf locations etc).

    Although you are spot on right with the software itself being compatible across the range, it doesn't mean that a person can go straight from Ubuntu and use RH or Suse or Gentoo easily, some bugger keeps moving the configuration files.

    (That said, it could just be Gentoo which is the odd one out..... I await the rebuke)

    As for documentation, most of the important stuff is documented well. Some of the obscure stuff isn't. Most of that doesn't really last though. So, it is not quite is much of a problem as some suggest.

  66. Andy Turner

    @Yet another Anonymous Coward

    Firstly the name's Turner not Taylor. If you can't even get *that* right... Onto your points:

    Anonymous Coward: "I'll tell you why I'd like it to be opened: because I'm a fairly decent programmer with kernel-mode and device driver experience, and next time some awful bug is giving me trouble I could just *fix* it instead of having to struggle to find some workaround"

    And are you going to make sure that your fix isn't ever overwritten by a patch? What if it turns out you weren't as skilled as you thought and perhaps you didn't know the full picture of why it does what it does and you broke compatibility with something else which you didn't or couldn't test at the time? Perhaps you could get away with this for entirely closed off installations but not much else. And of course if *you* can do it, so can millions of other people write their own 'improved' versions of Windows. As a Windows Developer myself I certainly wouldn't want to be coding for such a potentially moving target and I doubt MS would be chirpy about trying to support homebrew versions of Windows either.

    AT: "Malware authors being able to find hooks and holes with much more ease."

    AC: That's a fairly limited impact. Most malware these days spreads by idiots clicking on it anyway"

    You know this how? Most virus checkers root out EXEs these days, it's opening malformed data files that's the bigger problem - that and visiting websites that are loaded with malformed HTML or images. Thanks to UAC in Vista, even running an EXE can have limited impact (assuming the user hasn't turned it off..), but if the writer of that EXE was able to leaf through the source in order to find a way of buffer overrunning their way to elevated privileges then that would make their life a whole heap easier.

    AC: "it doesn't even need OS exploits or holes"

    Unless you're talking about clicking on .EXEs, yes they do.

    AT: "Malware authors being able to create 'pirate' versions of Windows with the malware built right into the OS"

    AC: "That one's a total strawman. They can do that right now"

    No they can't. Not at the level I'm talking about.

    AC: "and it doesn't need access to the source, and access to the source wouldn't make it any easier. If your supposed pirate released a hacked version of windows based on the original sources, it wouldn't have the MS digital signatures on the system files, so they'd have to disable all the checking and system file protection feature in the os anyway... which you can already easily do, in which case you dead easily trojan or wrapper or replace wholesale any windows system file you like anyway. The source is neither necessary nor even useful for this kind of attack."

    You're somewhat assuming I mean Window Mode binaries. I don't. Sure you might be able to disable System File Protection, but with the source you could make a version of Windows which *pretends* like it's doing it, but actually isn't. You could make a version of Windows which fakes the appearance of MS signatures on binaries that don't actually have them (to the UI level at least). Once you're inside Windows, especially the kernel level and you're able to simply add bits in without having to add new DLLs or wrapper existing ones then you can do a great deal and without much chance of detection.

    AT: "Software developers being able to see how things work will start to use and rely on internal behaviours."

    AC: Dude, that's what MS already do anyway, and that's why their public APIs are no use. MS' use of secret internal APIs to gain commercial advantage for their products was half the issue in the monopoly trial, remember?

    Of course I do and I also recall the trouble it caused, how long ago that was and how much of a totally different issue that was. For a start, it's one thing to use undocumented APIs and another entirely to rely on the internal behaviour or data structures of a documented API. You might check through the code and decide that an API is almost certainly going to be thread-safe even though it's not marked as such. Then you rely on that at your peril when later versions break that. And it's one thing for MS to be able to ask the Word team whether changing some aspect of the undocumented API will cause them a problem since that's still an internal matter which MS can control. Once the source gets out then they can't have any idea how much changing internal data structures will break the code of people who've tried to be 'a bit clever' and have leveraged access to the source to get around the API. Not to mention people copying chunks of Windows into their own DLLs just to change some behaviour and then finding that the chunk they copied isn't always compatible with different OS patches.

    Come on mate, if you blur the line between OS software and application software at the *source code level*, it would lead to an absolute mess as people all over the world leverage knowledge that they shouldn't and couldn't rely on just to try and get an advantage over their competitor. And on top of that, you only have to look at the huge number of Linux distros to see what other problems you may well get.

  67. Andy Turner

    @Mark

    "You sad, pathetic man. You should be able to praise someone without knocking someone else down"

    Hypocrisy in a nutshell!

  68. Mark
    Paris Hilton

    @Andy Turner

    So how do you tell someone off for being too critical of others? Because when you do, you're being critical of others. And, according to your "logic", that means you can't bring it up because that's hypocritical.

    How do you do that.

    Now, when you've had that idea sink in, ask where I bigged myself up in that? I said that Linux *did* have compatibility issues but they were no worse technically than Windows and (since you can roll your own with Linux but when Windows reaches EOL, you're SOL) somewhat better in a pragmatic sense.

  69. Mark
    Stop

    @Edward Rose

    Yup, there are different GUI-ways to configure those applications. But the command line configuration avoiding this is damn consistent.

    Try setting up the firewall and you can crib a script using iptables and put it in /etc/initd/boot.local and it works on ALL distributions with iptables. Which goes back to early 2.4 kernels.

    Then again, the GUI for changing Windows configuration changed radically between 98, NT3.5, 2000, XP and Vista.

    The point being that you can't diss linux for being incompatible because it's incompatabilities don't exist in any worse form than Windows' compatibility problems.

  70. Mark Pipes

    opening

    All M$ *really* needs to do is open, and STRICTLY COMPLY WITH, the BIOS calls, the API calls, and file structures/formats. With that information, any compliant OS would be able to run Windows apps, and any compliant app would run on windows.

  71. Andy Turner

    @Mark!

    "So how do you tell someone off for being too critical of others? Because when you do, you're being critical of others"

    You say "I think you're being too critical" and explain your reasoning. Saying "You sad, pathetic man" doesn't really cut it.

  72. Jean-Luc
    Unhappy

    n00b-friendliness

    I've just spent like 12 hrs trying to get a widely known unnamed FOSS partition backup utility to copy stuff from my XP laptop to my Ubuntu desktop, using a Linux livecd. Countless config and connectivity errors later, I give up. I've had a crash course in Ubuntu compilation, CD-burning, error lookups, network configuration, you name it. I have learned quite a lot.

    What I haven't done though is backing up my partition. I guess if you spend enough time on Linux you get used to this. But, to me at least, this particular program's usability is still a pig, no matter how cute its lipstick. Looking at the source code does not make it a pretty maiden.

    Some other bozo asking for help (unanswered) said he'd been trying to do the same thing for 2 weeks.

    So, Mark, is this the promised land you are so proud of? I guess I am just a sad little man. And dumb to boot. Maybe your granny could do this in her sleep? Is there absolutely nothing wrong with this picture, just because it's not M$?

    There ARE great things about Linux. But lotsa things are nowhere near noob-friendly enough yet, though things have improved hugely in the last 5 yrs. If you are a sysadmin, Linux sure can't be beat. But what about Mr and Mrs. Average?

  73. Mark
    Stop

    Re: noob friendliness

    Windows isn't noob friendly either.

    You have to be careful about what you click on on the internet.

    you need to keep your virus signatures up to date

    you need to keep your firewall up

    When you install Windows, most of your kit doesn't work. If you bought them at the same time as Windows, you'll have a half-dozen CDs for drivers. But if you upgrade, you may find your hardware has no driver any more (big problems for Win98 users migrating to XP and any Windows user upgrading to Vista).

    Windows is not noob friendly.

    Linux isn't noob friendly.

    Maybe *computers* aren't noob friendly.

    If you want a noob-friendly system, get an appliance (and how many people have problems setting the time on their VCR...). Expecting noob friendliness from a powerful, flexible and complex system like a general purpose PC is like expecting flying a commercial jet to be just as simple as a car.

  74. Alex Green

    Virtualization

    Interoperability, anyone?

    http://support.microsoft.com/kb/897615/en-gb

  75. Anonymous Coward
    Linux

    Couple of points

    Apple are far worse than MS when it comes to wanting to shut independent developers out and maintaining the monopoly the have on their stuff

    http://www.regdeveloper.co.uk/2008/03/11/mac_secrets_preferences/

    @Mark

    Windows is a damn sight more noob friendly than any current linux distro (including ubuntu, though that has made a reasonable start)

    http://www.reghardware.co.uk/2008/03/11/wal_mart_stores_drop_gpc/

  76. Mark
    Alien

    Re: Couple of points

    If windows is so easy, why are there so many books on how to use it?

    Then you have the need to administrate a windows machine: update the OS (watch the patches, otherwise silverlight can be installed and bork your system!!), update the firewall and the virus signatures. Watch what you visit, what you open in Outlook and so on.

    Installation is easier on Linux than Windows, but then again, nobody installs windows (some have to reimage their OS because they have no Windows CDs, which is less unfriendly unless you don't know how to back up [a windows admin task again...]).

    What you can't do with Linux is whack in the latest hardware and know it works (but then again, you're buggered if it has no XP drivers or it was bought before Vista) and you can't buy software out of PC world and install it (that's a problem with the developers, though a rational decision somewhat).

    It's only to power users who know *Windows* rather than knows *computers* to whom Windows is much more friendly. For those who don't know either (the eponymous Aunt Tilly), Linux is easier because it's all there and no admin needed. For those who know *computers*, both have their downsides, but neither is better than the other.

    (because you're speaking alien)

  77. Anonymous Coward
    Anonymous Coward

    RE:Mark

    'Linux is easier because it's all there and no admin needed'

    Of course it is, of course it is, you seen any pixies in fairy land?

    Time to wake up, your cornflakes are going soggy

  78. Edward Lilley
    Alert

    @n00b-friendliness

    Just because _you_ had a problem with your installation (or other usage) of GNU/Linux, it doesn't mean that other people's claims of "Ubuntu is working" are not true. The fact holds that GNU/Linux is very user-friendly for most people in most cases (i.e., exactly the same as Microsoft Windows).

    I have to admit, when I find someone who is actually an *expert* in Windows administration, and I watch them fixing a problem/doing a miscellaneous task, I am really quite baffled; it seems that Microsoft couldn't have made Windows power-user/sysadmin configuration for arcane and unnecessarily complex if they tried. Especially the Windows command-line.

    @Mark

    "Windows is not noob friendly.

    "Linux isn't noob friendly.

    "Maybe *computers* aren't noob friendly."

    Exactly - the common doctrine seems to be that computers have to "Just work". But, in an ideal world, the doctrine that should be preached to OS designers would be "The OS should always act in a logical way; if you tell a computer to do something, it should do what you said/interpret what you said sensibly; also the interface to the OS should make sense."

    Of course, this might entail users having to learn the method with which they have to use the computer, but that goes for all human tools. Noone expects that you should be able to pick up a violin and it should "play itself" exactly how you want it to. You have to learn how to play the violin, but the way you use the violin is indeed logical, even if you have to learn how to do it.

    Likewise, users should expect to have to learn about the computers they use. If the OS is well-designed, it should at least seem logical to an end-user. For example, Unix-style abstraction where "everything is a file" may require a bit of learning to be able to use, but it certainly makes sense - and if you're using a sensible Unix-like system, your commands will be interpreted sanely by the OS.

    Basically, saying things do/don't/should "Just work" (or "Should work like Microsoft Windows because I can't conceive of a different OS") belies ignorance.

  79. Mark
    Alien

    @ Idiot AC

    So please tell me what leads you to think there are pixies here? Or is your crack pipe leaking?

    When Linux is installed (and why not do what you do with windows: have someone else install it for you!) there's very little administration needed.

    Use Mandrake and your exposure is limited severely (small target out of a 10% of the entire desktop ecosystem). The mechanism for installing stuff isn't as batshit insane as windows (where to "make it easier", any old shit can cause a program to install) and Linux distributions come with almost ALL programs needed for the eponymous Aunt Tilly: write letters, browse internet, write emails, show pictures of children, play music and Solitaire. No need to administrate ANYTHING.

  80. Dale Harrison
    Flame

    Who cares

    I'm surprised El Reg hasn't put a stop to all this bickering - or are they all just snickering. I guess they are allowing free speech though.

    I use Windows mainly due to work requirements, I have played with Linux (quite some time back) and Mac's long before that. They ALL have good and bad points - deal with it. You're rarely going to convert anyone from one to the other. You've got a choice and you make one. Hell, even run all three, but why waste your time flaming at each other.

    On topic, I don't care if MS release their code or not and yes, there probably are loads of hacks and dodgy comments - I bet most large software projects are like this (except mine of course ;-). The only outcome of them releasing their code (aside from the branching problems) will be more MS bashing.

    On a final note, someone had added a url to wal_mart and I childishly noticed that it's nearly an anagram of "malware". Totally pointless observation I know, but so are a lot of the comments above. (Oops, now I'm flaming - better choose that fiery icon)

  81. Mark
    Alert

    @Dale Harrison

    My attempt is to stop people being put off because they only hear "it's too difficult". If you only hear one side, you're getting a skewed picture.

    That's why.

This topic is closed for new posts.

Other stories you might like