Microsoft Discloses 14,000 Pages of Coding Secrets

OrochimaruVoldemort writes "In an unexpected move, Microsoft has disclosed 14,000 pages of coding secrets. According to The Register: 'This is Microsoft's latest effort to satisfy anti-trust concerns of the European Union, which is possibly a tougher adversary for the company than Google.' The article mentioned that this will be done in three phases. 'Between now and June it will garner feedback from the developer community. Then, at the end of June, Microsoft will publish the final versions of technical documentation — along with definitive patent licensing terms.' Lets just hope those terms are pro open source."

Oh come on now ...

[garett_spencley (193892)]

Who stole the Heart of Gold !?

Re:Oh come on now ...

[Missing_dc (1074809)]

Please,

Improbibility is not required....

Think business. What better source to find your bugs than the many thousands of angry coders who are not M$ fanbois. Let your hatred consume you Luke, find the flaws in the code..... or rather "Your hatred, a tool, it is. Fix that which is broken, and glory you will find" /yoda voice

And you suckers ^h^h^h^h guys will do it for FREE!!

stupid summary

[moderatorrater (1095745)]

Lets just hope those terms are pro open source

Come on, guys. There's no chance in hell that the licensing terms will be pro open source and we all know it. Can we please stop propagating false hope?

Re:stupid summary

[Tpl2000 (1174767)]

Well, on the other hand, we never expected MS to disclose 14k pages of anything but contracts.

Why is parent flamebait?

[WindBourne (631190)]

MS has NEVER done anything yet that is pro open source. They have gone to great lengths to make sure that something has the appearance of such, but that it would not help. The only question should be, how far ahead is MS thinking? They have always been a pretty good chess player.

Re:Why is parent flamebait?

[Anonymous Coward]

MS has NEVER done anything yet that is pro open source.

What about the 700 CSS testcases [msdn.com] they recently contributed to the W3C under the BSD license? Or any of their other releases under OSI-approved licenses, for example WIX? Are you seriously going to argue that releasing things under open-source licenses is not pro-open-source?

Re:

[Jesus_666 (702802)]

Or any of their other releases under OSI-approved licenses, for example WIX?

WIX, however, is completely useless to German developers who try to discuss it with a straight face or pitch it to their boss without getting fired.

("WIX" sounds quite similar to a common German slang word for masturbation. A nice example of how a completely innocent word can have unexpected connotations in different cultures.)

Re:Why is parent flamebait?

[nametaken (610866)]

I'd say releasing 1 project under open source license is a "pro open source step".

But that aside, there are at least hundreds (thousands?) of examples of open source code available from MS. Many MS platform developers know this.

Now, that's not to say MS is what anyone would call an open source supporter, but it often benefits them to release tons of source code under very liberal licenses. You provide me with truly free framework for a particular kind of application, I'm more likely to accept your platform for development. That means anyone who wants to consume it has to use a closed product that makes them gobs of money. It doesn't make the original project any less open, though.

Re:Why is parent flamebait?

[Overkill Nbuta (1035654)]

They have always been a pretty good chess player.

Actually I got bored one day and had Ubuntu chess play against Vista, both on max settings. The Ubuntu Firmly beat vista no matter who started first. So they really cant code good chess players that well.

Re:Why is parent flamebait?

[setagllib (753300)]

You got modded interesting instead of funny. The mods must know something the rest of us don't.

Re:Why is parent flamebait?

[aweraw (557447)]

Only because they were forced to by the EU. They rarely, if ever, do anything pro open source unless they're forced or they see a large benefit to their platforms (e.g. WiX - it's used to create installer packages for Windows.)

Well of course not

[Sycraft-fu (314770)]

Since "Pro open source" seems to mean "Can't cost anything, and can't put any restrictions on it other than requiring the code to be open." That is pretty much going to kill almost anything from being pro open source.

I imagine it'll be similar to MPEG-4 and such as it'll be an open standard with RAND licensing. What that means is anyone can get a copy of the standard and licensing to use it, and the price of that license will be reasonable and standard. However, that does mean you have to pay if you want to use it. I can't see them just wanting to give it away for free.

So if you are willing to adjust your definition of open source to accommodate things that are open standards, where it is open to all, but you do have to pay a license, then I imagine you'll be happy. However if you take the stance that it cannot cost any money, well then you are probably SOL.

Re:Well of course not

[webmaster404 (1148909)]

Since "Pro open source" seems to mean "Can't cost anything, and can't put any restrictions on it other than requiring the code to be open." That is pretty much going to kill almost anything from being pro open source.

No, it just means that the code when you get it has to be open or you can ask for it. Think of Red Hat, RHEL is open source yet they still make money off of it. Open source != freeware, you can make money off of open source as Red Hat and other companies have shown. Had MS not been a monopoly they would have to be much more open then they are now.

The problem is

[Sycraft-fu (314770)]

I think you'll find may who don't agree. I've gotten in to this same argument many times before. Personally, I think open standards are open source friendly. You can get a license for them, distribute your program with full source included, with whatever mods you like, and so on. Only requirement is you have to pay licensing. I see no problem.

However I've found that view is not common in the OSS community. Many seem to think it is only truly open if you can have it for free. They seem to think the GNU/GPL i

Re:The problem is

[BruceCage (882117)]

Only requirement is you have to pay licensing. I see no problem.

First of all, definitions, definitions, definitions. It all depends on what definitions you use for "open standard" and "open source" (and "free software").

For open source one should be using the definition from the Open Source Initiative (OSI) [opensource.org] since it's a term used to indicate software that has been released under a software license compatible with the definition from the OSI. Note the very first criteria from the definition, "The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.".

The same goes for "free sofware" which uses the definition from the Free Software Foundation [gnu.org]. On that page it is explicitly stated that, "Thus, you should be free to redistribute copies, either with or without modifications, either gratis or charging a fee for distribution, to anyone anywhere. Being free to do these things means (among other things) that you do not have to ask or pay for permission."

For "open standard" one could look to the definition by the European Commission (IDABC programme) [eu.int], which most importantly includes: "The standard has been published and the standard specification document is available either freely or at a nominal charge. It must be permissible to all to copy, distribute and use it for no fee or at a nominal fee.".

It should be clear now why the bit about "licensing fees" (or royalties or whatever) is exactly the problem and would prohibit such software from being referred to as either open source or free software. Once I receive software or a specifications document I should be able to distribute it without asking or paying anyone for permission.

Note the difference between paying a one-time fee for receiving and paying fees on distribution. See also the article "Selling Free Software" [gnu.org].

Re:stupid summary

[Jesus_666 (702802)]

Episode IV
A FALSE HOPE
It is a period of civil litigation. European commisioners, striking from a hidden courtroom, have won their first victory against the evil Microsoft Monopoly.

During the battle, European judges managed to steal secret plans to the Monopoly's ultimate weapon, the DEATH SCREEN, a blue error screen with enough power to destroy an entire uptime.

Pursued by the Monopoly's sinister agents, President Barroso races home aboard his starship, custodian of the stolen plans that can save his documents and restore freedom to the internet...

Unexpected?

[Plug (14127)]

Unexpected, as in they told us very loudly that they were going to do it? [microsoft.com]

Damn right!

[Ungrounded Lightning (62228)]

Unexpected, as in they told us very loudly that they were going to do it?

Yep!

They've told us a LOT of nice stuff they're "going to do" that they turned around and either didn't do or poisoned.

Embrace, extend, extinguish.

I'll believe it when/if it's finally done. (And even then I'll wonder what "gotchas" are included.)

You stole our code!

[Auraiken (862386)]

I'm starting to think that this looks a whole lot like the 'we know there is source code from windows in your apps' thing. It might look good for MS to the EU, but it also looks extremely well for MS if they put in some legal clauses into the documents and twist their tongue around making it look friendly.

Could open up a whole new can of worms where they start taking out open source projects based on the fact that those people have SEEN the code.

Re:Unexpected?

[l0ungeb0y (442022)]

Well until now, we assumed it was just an idle treat.

Re:Unexpected?

[Compholio (770966)]

Well until now, we assumed it was just an idle treat.

I assume you meant an "idle threat", but what we got IS a treat. Now whenever someone claims that open source is not viable for business applications we can claim that even Microsoft supports open source.

Re:Unexpected?

[UnknowingFool (672806)]

Unexpected as they actually delivered. They had promised several times in the last several years that they would release the documentation but never did. The EU Commission said as much when MS announced the last time they were going to release the documentation:

The European Commission takes note of today's announcement by Microsoft of its intention to commit to a number of principles in order to promote interoperability with some of its high market share software products. This announcement does not relate to the question of whether or not Microsoft has been complying with EU antitrust rules in this area in the past. The Commission would welcome any move towards genuine interoperability. Nonetheless, the Commission notes that today's announcement follows at least four similar statements by Microsoft in the past on the importance of interoperability.

Re:

[FudRucker (866063)]

RE:["They had promised several times in the last several years that they would release the documentation but never did."]

That is why i never believe anything microsoft says and only watch for what they actually do, the same goes for politicians too...

bring on the virii

[seanadams.com (463190)]

Unlike existing open source projects, these protocols/code/APIs have never been scrutinized by independent security experts. I'll bet this reveals hundreds of new attack vectors.

Ummmm, no

[Sycraft-fu (314770)]

People said this same thing when the Windows 2000 source code leaked. Nothing happened. Multiple problems with that theory but one of the biggest is simply that it is wrong. Lots of people have the Windows source code. MS has a license where universities can get a copy for research. One university I know that does is ASU in Tempe, Arizona. So this idea that only MS has ever seen the code is false, thus the argument is invalid, never mind the other problems with it even if it weren't.

Re:Ummmm, no

[Airconditioning (639167)]

Wasn't the JPEG vulnerability [microsoft.com] discovered after the source code leak?

Re:Ummmm, no

[stavros-59 (1102263)]

People said this same thing when the Windows 2000 source code leaked. Nothing happened. Multiple problems with that theory but one of the biggest is simply that it is wrong. Lots of people have the Windows source code. MS has a license where universities can get a copy for research. One university I know that does is ASU in Tempe, Arizona. So this idea that only MS has ever seen the code is false, thus the argument is invalid, never mind the other problems with it even if it weren't.

I'm not sure that's correct. If you are only talking self-replicating viruses that spread to continue replication, you may be correct. However,the appearance of rootkit anchored malware "in the wild" closely followed that release which made the information widely available outside limited academic and security research circles. The first rootkit was published as far back as 1999 by Greg Hoglund, founder of rootkit.com. There was a lot of academic interest and discussion in rootkit development specifically on Windows NT based systems before that time but almost none had been detected "in the wild". But rootkit anchored, serious malware infections have ballooned are now "professionally" developed for criminal purposes and used as the base for most, if not all, of the botnets. The release of the Windows 2000 source code certainly removed the need for extensive reverse engineering.
The Windows 2000 source code leak dates back to 2004 http://news.zdnet.co.uk/software/0,1000000121,39146176,00.htm [zdnet.co.uk]

Hackerdefender was also coincidently released early in 2004 by holy father

One of the most frequently encountered is Hacker Defender, created by an Eastern European who calls himself Holy Father. The latest free version was published early in 2004 and, more recently, premium and customized versions of this malware became available for a fee.

http://searchwindowssecurity.techtarget.com/news/column/0,294698,sid45_gci1112754,00.html [techtarget.com]

What?

[TubeSteak (669689)]

along with definitive patent licensing terms.' Lets just hope those terms are pro open source.

Anyone care to explain how Microsoft might put these two things together?

Re:What?

[The Ancients (626689)]

along with definitive patent licensing terms.' Lets just hope those terms are pro open source.

Anyone care to explain how Microsoft might put these two things together?

String.

Or a stapler maybe.

NO WAIT!!! - a hot glue gun! It's gotta be better for geeks - it plugs in.

Although if it's on paper, they could rub their feet on nylon carpet then hold them together and static will do it's magic, baby...

Ok, ok. You might think my answers are silly, but then - so is the question. Like it would ever happen.

Re:

[kingcool1432 (993113)]

Or a stapler maybe. NO WAIT!!! - a hot glue gun! It's gotta be better for geeks - it plugs in. Although if it's on paper, they could rub their feet on nylon carpet then hold them together and static will do it's magic, baby...

Clippy to the rescue!!!

Re:What?

[just_another_sean (919159)]

Clippy to the rescue!!!

I see you are trying to draft a patent trap. Would you like some assistance with that?

On MSDN already

[just_another_sean (919159)]

The prelimnary docs are here [microsoft.com].

I have to admit I'm tempted to be interested in the Exchange stuff. The
company I work for uses it. As with most MS products it's not, um, horrible,
when it's working but it's a PITA to troubleshoot problems. The MAPI Tool for
looking at the "innards" is horrible. Maybe this documentation will at least
spawn some better third party management tools that I can convince my employer
to buy.

For now most pages (all?) are prefaced with:

[This topic is preliminary documentation and is subject to change in future documentation releases.]

I haven't had a chance to search out legalese to answer the summary's question on open source friendlyness.

I figure a "hope-for-the-best-expect-the-worst" attitude is the best way to approach this one...

WINE

[Bitter and Cynical (868116)]

Can anyone (intelligently) comment on the implications for projects like WINE? It seems that having so much information released would benefit these efforts in some manner, yes?

Re:WINE

[TheRaven64 (641858)]

Not really. With the exception of a few bits of Microsoft-written software, most Windows software is written against published APIs with the occasional work-around for bugs in the APIs. WINE 'just' needs to implement the already-public APIs (including replicating bugs) and code will work. The WINE team only need access to secret APIs if code has been written using them.

Re:

[Your.Master (1088569)]

Or, maybe they just have some common libraries throughout the company which could hypothetically be implemented by anybody else. Most large software companies I've been in have had one.

You can see that in things like DUI, which is used by people interacting with Windows Live Messenger and is a distinct dll shipping with Windows.

I have seen the Windows source code. I was at such an academic institution. I didn't read the whole thing top to bottom, but I didn't see any secret APIs or undocumented advantage

Re:WINE

[Tatsh (893946)]

I believe Wine, ReactOS, and MingW are using MSDN and "clean room reverse engineering" to develop (meaning a group writes documentation, another group implements). And they are well making sure that no code in the trees are taken from the leak of the Windows 2000 code a few years ago, and no code is written via direct reverse engineering Windows. This information MIGHT be helpful, but Microsoft is unpredictable when it comes to enforcing its patents and loves them. If I were on any of these teams, I would advise to stay away from this documentation until it is cleared with FSF that the licence is compatible with GPL (which I highly doubt it will be).

Re:

[evilviper (135110)]

This information MIGHT be helpful, but Microsoft is unpredictable when it comes to enforcing its patents and loves them.

Whether you copy implementation details from a document or not has no bearing on patent rights.

Re:WINE

[Winckle (870180)]

Your UID suggests you signed up within the last day or so. You don't get to make those jokes yet.

Re:

[Pig Hogger (10379)]

Yup!

Press release in docx? What a joke!

[Anonymous Coward]

The article links to:
http://www.microsoft.com/presspass/presskits/interoperability/default.mspx [microsoft.com]
where several documents in non-standard formats are describing how well ms are complies with standards.
Not to mention you have to buy a licence of M$ Office too read it.

M$ laughs EU in the face with this one.

Admitting They're Lying is Reassuring?

[Doc Ruby (173196)]

So Microsoft finally releases a huge tome of secrets Microsoft uses to compete with other vendors on its closed system. After years of denying that, after years of keeping them secret from even the thousands of paying customers buying what they thought was equal access to the MS platform.

And somehow that admission that MS has been lying about something so central to protecting its anticompetitive abuses of its monopoly is supposed to reassure antitrust investigators?

Re:Admitting They're Lying is Reassuring?

[Macthorpe (960048)]

That's not what they're releasing.

On show for the first time in public are underlying protocols for Office 2007, Office SharePoint Server 2007 and Exchange Server 2007.

This isn't a list of 'secret APIs' for Windows. This is the stuff that glues their Office system together and they were going to keep a hold of as long as possible. It's completely seperate to the anti-trust concerns you're referencing, but they do seem to be using it as a bargaining chip against the EU investigations. It remains to be seen whether that will work or not.

Re:

[Doc Ruby (173196)]

As far as I can tell, those protocols weren't documented for consuption by anyone outside Microsoft. Yet programmers inside Microsoft were able to use them to write software.

That does indeed make them as useful as "secret APIs" to programmers writing for Office/Exchange 2007.

All available as PDF

[just_another_sean (919159)]

The browser interface is broken on Iceweasel for me. I thought at first that all
the pages had for now was a bunch of disclaimers. Turns out this is just the
first page of each document. I, for the life of me, could not see a way to go to
the next page. The side table of contents doesn't work either.

But every doc is available as a PDF and you can grab whole sections in zip files.
I found it interesting that they chose a cross platform format like PDF and
didn't try to shove Word Docs at the world or their MDI(?) format, their supposed
PDF killer.

Anyway the legalese is vague and scary for now...

Intellectual Property Rights Notice for Protocol Documentation

      Copyrights. This protocol documentation is covered by Microsoft copyrights.
      Regardless of any other terms that are contained in the terms of use for the
      Microsoft website that hosts this documentation, you may make copies of it in
      order to develop implementations of the protocols, and may distribute portions
      of it in your implementations of the protocols or your documentation as
      necessary to properly document the implementation. This permission also
      applies to any documents that are referenced in the protocol documentation.

      No Trade Secrets. Microsoft does not claim any trade secret rights in this
      documentation.

      * Patents. Microsoft has patents that may cover your implementations of the
      protocols. Neither this notice nor Microsoft's delivery of the documentation
      grants any licenses under those or any other Microsoft patents. However, the
      protocols may be covered by Microsoftâ(TM)s Open Specification Promise (available
      here: http://www.microsoft.com/interop/osp [microsoft.com]). If you would prefer a written
      license, or if the protocols are not covered by the OSP, patent licenses are
      available by contacting protocol@microsoft.com.

      Trademarks. The names of companies and products contained in this
      documentation may be covered by trademarks or similar intellectual property
      rights. This notice does not grant any licenses under those rights.

      Reservation of Rights. All other rights are reserved, and this notice does not
      grant any rights other than specifically described above, whether by
      implication, estoppel, or otherwise.

* emphaisis mine

And a Pony!

[Bob9113 (14996)]

Lets just hope those [patent licensing] terms are pro open source.

I'm going to hope for a pony too! A flying one!

in case you didn't know...

[BenSchuarmer (922752)]

It's a cook book!!!

...apologies to Rod Serling.

unknowns

[neonsignal (890658)]

As we know, there are public standards. We also know there are some standards that are secrets. That is to say, they are used very publicly but the details are kept secret. And there are also public secrets. These are the secrets that were kept secret for shame and are made public.

But there are also secret secrets. The ones we don't know that are secret and should be kept that way.

(with apologies to Donald)

treasure trove of Microsoft coding secrets?

[Anonymous Coward]

- customizing AUTOEXEC.BAT and CONFIG.SYS for Windows Vista Ultimate?

- Hungarian Notation 2008 from Cosmonaut Charles Simonyi?

- A vastly more powerful set of MFC macros that will now make it possible to maintain different versions of an enterprise project code base from a single source file?

- 3D OLE Automation DCOM interfaces from the Visual Basic team?

- the difference between "Unrecoverable Application Error" (Windows 3.0) and "General Protection Fault" (Windows 3.1)?

- a detailed explanation of what each alternative does in the "Abort, Retry, Fail, Ignore" dialog?

The mind boggles at the possibilities.

Windows secrets..... 3.11 that is...

[rwsilva (217578)]

Everything you wanted to know about Windows 3.11 in 13,999 pages..... WFWG next!

Revealing their coding secrets? The fools!

[brainfsck (1078697)]

The world is not yet ready to learn of the Ballmer Peak [xkcd.com]!