Don't mean to be a moaning Michael but...
.. does no one else see this as a Malware creators wet dream??
In an apparent bid to calm still feisty regulators, Microsoft has agreed to publish application programming interfaces (APIs) for its major software products and provide free access to those interfaces. In addition, Microsoft will free up protocols around its client and server software and has vowed not to sue open source …
.. does no one else see this as a Malware creators wet dream??
Looks like they they finally see the need to respond to a changing world. Ironically, if they do all of this properly it will most likely make their products much more popular. Heck, since I notice they didn't include XP in the list (anyone surprised?) it might become an incentive to switch to Vista...
For all those that seem to see technology as a branch of religion.
Time to don the hardhat and flak jacket as the Java Jihadi and MS Mujahideen flame wars resume.
The temperature in Hades dropped rapidly toward 0 Celsius...
Let's say I'll believe it when I see it.
So, let's get this right....
MS will bend over backwards to let open source people write stuff that will talk to Word and Excel and Exchange etc etc.
....and it WON'T sue anyone (including the open source people) if they develop their own solutions for same.
...and it'll sell you a licence for the APIs covered by its patents at pretty good rates.
...and ....oh, hang on, rewind....
Anyone else see the flaw in this for the average free (ie - we don't charge you a penny) opens source project?
whats the odds that somewhere in every useful protocol and api they have published there will be a patent. so we can fix up samba, and fine tune openoffice, but then nobody could use those products without having to pay microsoft a patent royalty tax. which is what they have been after for years.
That is good news ...... and Great news for Great Gamers/New World Order Players/Non State Actors/Universal Drivers/Psychopathic Megalomaniacs/White Hat Wizards/Horny Angels.
And it would really be quite uncharitable to suggest otherwise, given the amount of vitriol which is spread whenever they man the barricades against invasion and penetration.
<<-- I can't beleive i just did that.
And it's about time.
My, it isn't April 1st, is it?? This is all too much to take in. (Or believe.)
I reckon this will be the only way MS will be able to survive the next 10 to 20 years. Good to see them actually looking at the market around them (even if there was some gentle kicking given).
I' guessing that the next MS OS release will be worth actually paying for. Maybe.
This is good. Being able to interface with the most widely used OS and productivity suites on the planet will really add a lot of potential and creativity to other projects. While I'm not a big open source kind of guy, this is just the kind of traction that open source products need to get into the big leagues.
This does not mean that the leopard will change colours overnight. Although the documentation is available, the "sabotage competitors products" department may not have completely been dismantled. And what about the attitude of the thousands of employees who have been indoctrinated in the 'Siege Mentality', can one really believe that it will change ?
And also, what about all those bugs ? Just because it is documented does not mean it will work as documented. A programmer intimate with the Microsoft APIs once told me that the API documentation should be treated more like a 'Wish List' and that the fingers should always be crossed before implementing products using them.
Their initiative is named OSII? Who else read that as "OS/2"...
..the products that have APIs available?
Methinks they were too ashamed of their shitty pre-SDL source code to open it up.
Well they could in any country that doesnt recognise software patents :)
Most countries are of the opinion that copyright law is sufficent for software. Happily should they publish these APIs they will be unable to pursue anyone for using them under copyright law.
I was going to send in an all caps 'who cares' and then I thought 'Well, if I really don't care, why bother'? and then I thought well it is an opinion and then I thought well, if I truly believe no one cares... and then I thought...
Paris because we might be kindred spirits
Does this sound like the bell tolling for Open Source projects e.g. OpenOffice et all? And with the number of security holes people seem to manage to find without open APIs, just imagine the field day your average hacker is going to have with this information.
"it will publish the APIs for Windows Vista .... "
Putting the source code to Windows XP into the public domain would be several times more useful, ensuring that third parties can support it when Microsoft stops doing it and ensuring that users aren't effectively forced to move to Vista against their will.
Bill offering Linus Torvalds a job?
"The Commission would welcome any move towards genuine interoperability," it said.
"Nonetheless, the Commission notes that today's announcement follows at least four similar statements by Microsoft in the past on the importance of interoperability."
"Open source". Not "free software". Microsoft has drawn this distinction before - allowing certain rights to projects under, say, BSD, but not projects under GPL.
"Non-commercial". i.e., they won't sue Andrew Tridgell, but they reserve the right to sue Red Hat.
This ultimately means nothing has changed much, because everyone always knew they would not sue the non-commercial projects which actually build components like Samba, but the commercial projects which use said components - like Red Hat. This is just common sense. Suing non-commercial projects is all downside (lawyers' bills, terrible press) and no upside (they don't have any money for you to win, and it doesn't take any competitors out of the market). Of course they would go after the commercial entities, not the non-commercial ones.
Somebody tell me I am hallucinating, please!
"30,000 pages of documentation surrounding Windows client and server protocols."
Thirty thousand pages to document the protocols? Am I just ignorant or is this a reasonable volume of documentation? Sounds way out of line to me, pagecount-wise if nothing else.
As others have commented, opening the APIs is probably going to reveal a lot of security holes. Rumor has had it for years that Windows' memory management is so poor that Excel, Word, and other applications have trap doors into the Windows kernel so they can do their own memory management, otherwise performance takes a significant hit. Sounds like institutionalized rootkits to me, just waiting to be exploited by scammers, phishers, and their ilk.
I anticipate that El Reg will feature a long series of articles on Windows APIs and the various incompetencies, stupidities, and inefficiencies they reveal.
When's that other shoe gonna drop?
I hate those guys in Microsoft as much as the next Richard Stallman fan club member; alas this is a good step forward and if/when the api's are made available I will be sure to credit Microsoft's perceptive moral account from "spawn of all evil" to "intolerably evil"
this is good change.
I have a question: Can someone please explain to me the problem with the non-commercial limitation to the patent thingy? In the article, Jerry says it's meaningless, and POPE Mad Mitch says above "nobody could use [OO with the Microsoft APIs] without having to pay microsoft a patent royalty tax."
I think this is incorrect. As I understand the release, if it's non-commercial distribution, no patent license needed, no lawsuit. How is that meaningless?
Correction to my previous post: someone's pointed out that this does apply to GPL software, which is good. However, the commercial / non-commercial issue still applies, which is the larger one.
Now let's have the source, and redistribution rights. Otherwise this is not 'the bell tolling' for OOo or any other Open Source project; this is still a substandard product and I won't be using it just because the documentation is finally being released.
It's nice that MS Office will soon support ODF, but OOo already does that, is cheaper, and runs on my chosen platform.
I have no love for M$... that's fer sure. You couldn't pay me enough to work with thier shi'ite!
If Microsoft is being genuine here... great! More power to ya!
I'd like nothing more than to see M$ open up some of the sucker products they have. Folks may not be able to contribute code/fixes yet... but at least being able to track down the issue... will be dog gone nice.
Go Billy Goats! Go!
"High Volume Product"???
Or are they talking about the volume of hot air spouted about how wonderful it is (not).
Visual Studio says "Defy all challenges". Maybe it is just another challenge?
Sorry, but am I the only one who thinks that the only reason a company carries on paying fines of 1M/day for not agreeing to hand over documentation is because they didn't actually have any to hand over.
Great now they've written some.
Pity the EULA won't let you sue them when their own software fails to implement their own documented protocols.
OK, on one hand we have the conspiracy theorists that believe the yanks cleared a rather large area so that they could land the alien mothership (satelite shooting gallery is almost as far fetched). Then Microsoft makes an announcement like this that lets face it, is completely against what they have ever done or believed in. Anyone else think that our lizard overlords have arrived and setup camp in seattle?
Mines the foil one please ...
Beyond the obvious attempt to pacify the regulators, particularly the EU, I think there's a certain inevitability to this.
Mixed computing environments are not uncommon now, with Windows on the desktop and anything *but* Windows in the server room. By making it unnecessarily hard to interoperate, I'm sure they thought they could make everyone switch to their server OS too.
Turned out that wasn't the case. Now perhaps they have no choice but to throw open their protocols, before too many companies conclude that the best way to avoid these problems is to avoid Microsoft entirely.
"does no one else see this as a Malware creators wet dream??"
Not particularly. The malware problem isn't an API availability thing, it's enabled by poor architecture and design dating back years and years, bad decisions which now mean an average user who runs everything exactly as it came out of the box will be browsing the web with a program that has hooks right into the kernel, all with full admin rights.
Think about it: If closed APIs make it so hard to write malware, why are we awash with the stuff on what until now has been the most closed platform of all?
Overall this has to be a positive thing, but Microsoft have a lot of work to do in order to prove they really *can* be trusted. 3 decades of untrustworthiness doesn't just go away overnight.
What about Microsoft's Developers? I seem to remember Novell taking M$ to court over Published Hooks not being quite the same thing as the internal hooks which MS developers were using (supposedly there should be Chinese Walls between development teams, but this was apparently not the case). The difference incorporated effectively at minimum "Do Nothing" statements which were there for portability reasons, but by MS not using those hooks meant that its' products would run faster (eschewing portability in the process, which explains some things). I believe Novell won that case.
I believe they were getting worried that nobody was writing new software for Vista... They hope that the open source community is going to fill that hole ^^
They aren't doing it out of the goodness of their hearts.
World economy going down the tubes, the last thing they want is wholesale defection to OS products, as part of the squeeze. Better to have people still using their stuff, and if their margins have to go down a bit to maintain market share, then so be it.
".. does no one else see this as a Malware creators wet dream??"
No. Most malware (decent malware at least) relies on reverse engineering of the binary code which provides the implementation of some function. The API (Application Programming Interface) only defines the interfaces to those functions.
In essence, an API document set (and the related header files used by application developers) provides a set of definitions of data structures, function names and return types and parameters which constitute the interface to these functions. Publishing the API does not reveal the details of the implementation of the functions.
It is not equivalent to publishing the source code of the underlying functions, so in order to (for instance) discover a buffer overflow in some function that will allow arbitrary code to be inserted into some handy place and then executed still requires that the malware author work at the binary level.
Even knowing the size of the buffer to be passed into a function (a common piece of info in API documentation) doesn't necessarily help the malicious of intent, since until you're looking at the disassembly, and have fully grokked the location of all the variables on the stack and/or heap, you don't know weather the function does any checks on buffer size, or where your data will end up if you overrun the buffer size the function expects. (Other methods of arbitrary code execution are available of course)
I'm pretty sure I haven't explained that very well, but basically, the answer is no because you still don't actually have the implementation source code. TBH even where the source is available, you're still going to need to be looking at a screen full of assembly and stack frames before you can code a successful exploit.
If MS means what they are saying then they would strip out the data collection software in Vista and reissue the Vista disks. (not disconnecting it - I mean strip it out completely)
Vast squadrons of flying pigs are circling Redmond!
I'm sure that this is totally for real! Everyone will work and play nice together forever more! Starting shortly after GW "wins the war on terror".
Yep. Should be any day now...
I wasn't really following the issue/investigations on the topic, but it was also the thing that immediately struck me: blah 2007, bleh 2008. Maybe they actually have published all their respective 2003 and earlier APIs, then credit to them, but i suspect not.
Only doing it for their latest betas, hrrm nice ploy. Not biting.
This stuff simply doesn't interest me enough. NT5 and the related apps still look satisfying (disclaimer, != perfect, of course). A possible exception might be dot net which could have gotten better since, but that thing can at least be safely ignored on NT5 which i fear is harder on their newer system.
If Microsoft writes such bad code why the hell would you want or care if they open their APIs?
If anything this will prolong Microsoft's dominance of the market. It was inevitable that open source software would start to catch up with Microsoft in terms of software viability. OSS is still nowhere close on the desktop, and the server leaves much to be desired. By opening their APIs Microsoft is allowing developers who would have otherwise had to develop alternatives, to simply use an already existing Microsoft standard. So how is that going to increase competition and create better software? That was the whole point of this EC stuff wasn't it? All I see this creating is more client applications for Microsoft servers which will still require Microsoft licenses.
I just think its hilarious that all the fanbois are all "hurr mikkro$oft's code is shite" and then in the next sentence "i wish Microsoft would open their code so i could use it". If OSS really wanted to compete with Microsoft they would have written better, open standards that would run across all OSes. Since they've failed in doing that, they decided to get the gov to force Microsoft to open their supposedly junk standards. Good work guys.
I don't see any good in this, and nobody here has come up with anything credible on the positive side. What really surprises me is just how many people think the world of IT is now a better place, citing all kinds of imaginary or useless things, and completely ignoring history, especially Microsoft's. I don't see any real MS shills here, so ... Paris, because innocence is the word of the day.
Even the brown noses at Microsoft Watch are sceptical:
"For quick clarification: The principles aren't really new -- the European Union's Competition Commission required the principles' framework, in response to Microsoft's March 2004 adverse antitrust ruling. The timing also is suspicious, given the potential public relations bang Microsoft could get about a week before a key vote will determine whether or not ISO adopts OOXML (Open Office XML) as a standard."
Read the full sobering report...
The full sobering report ..... http://www.microsoft-watch.com/content/corporate/whose_principles_are_they.html .... suggests that Microsoft are more phishing for Great Whites/Grand Wizards in the Virtualised Server Cloud, which even now is stratifying into Maslowian Self Actualisation Hierarchical Control Layers, [creating Wwweb3.0 Controls for Universal Powers], than feeding the Masses with the Seeds of Information that they Need.
Spin the Tale/Spread the Non-Information/Reveal the Recipe of Stale and Mouldy Bread ... "30,000 pages of documentation surrounding Windows client and server protocols." ..... whenever all that is sought are the Ten Commandments for Making Cake and Living in Clover, would be much more the Perceived Third Party Reflection from the Smokey Mirrors of Microsoft.
And it is a Perception, which if not cultivated by MS, at least has taken deep root and hold throughout the Field ...... or is that a false Vista based upon a malicious Premise?
Build any Software upon anything other than the Rock of Truth and IT will riddle it full of holes and fill it with worms and viruses to XXXXtraordinarily Render it as an Enemy Combatant whose Assets can be Sequestered and Used against them. The Good Old American Way, Redmond ...... or just Simply CompleXXXX Natural Universal Justice?
If IT is both, then the Wwworld is on to AI Winner.
The Battle is not Won by any Particular or Peculiar OS and/or Driver or by any Alliance of OSs and/or Drivers, but by what they Choose to Power. And that can be even further refined and defined/concentrated by what Individual Programmers Creating new Intellectual Property Choose to Power with their Network InterNetworking Grid Connection. ......... NET Plug In.
An Alien Power would QuITE Naturally Choose Hearts and Minds for Human Earthed Control .....for the Real Physical Semantic Buzz LightYears ahead of Yesterday's Colourful Climaxes.
Seventh Heaven MadamfM BrothelTerritory for Global Operating Devices ....... with Venus in Control. ...... which is also always Virgin Forest for ManKind ...... and you can Thank your Lucky Stars and GOD for that too. :-)
Parcel that little Lot up and Sell IT/Show IT for Free and what is to stop you Making a Fortune and Leading in an Advanced Artificial Intelligence DirectXXXXion?
The Open Source community doesn't need to write better, open standards that work everywhere. They exist. The Open Source community, by and large, tries to conform to existing standards. If Microsoft can't manage to conform to those same open standards, that's not our fault.
Developers (not Open Source people exclusively) wanted access to Microsoft's APIs so that they could compete on a level playing field on Microsoft's platform. That's how this will open the market up to competition and allow better software to be produced by Microsoft's competitors on Windows - which will mean Microsoft might actually have to get their fingers out and produce some decent software instead of the horrendous bloatware their customers have had to satisfy themselves with so far.
I disagree that "OSS is still nowhere close on the desktop, and the server leaves much to be desired" - could you back that up with any supporting evidence?
What you don't seem to realise is that those who want access to Microsoft's APIs and those who detest their shitty software are two separate, though overlapping, groups. I for one am more a member of the 'their code is shite' crowd and this release of API and protocol documentation makes no real difference to me personally since I don't run their crap anyway and wouldn't recommend it to anyone.
I notice that they only seem to be offering information on new / hideous / unused / unwanted / unloved protocols...
Can anyone clarify whether they've ever released full file specs (word etc) for earlier and far more commonly used products ?
(Paris, because it's the only one with a question mark)
This is nessecary move in strategy wrapped up in marketing for anti-trust. Beware!