finally.... (but only to governments. still, its a start eh?) -> http://dlvr.it/2PL8k

finally.... (but only to governments. still, its a start eh?) -> http://dlvr.it/2PL8k

So they won't give the source code behind Windows and Office to the open source community, but they will give it to the KGB?

Vedy intedesting...

Sam

I can see the headlines now:

Scores of PCs in US government agencies compromised by trojans

Open-source versions of Microsoft Windows 7 are available for download

etc, etc.

In Soviet Russia, source code opens you up!

In Soviet Russia, source code opens you up!

:D ha ha

Wow. I hope that isn't true.

I guess the DoD had good reason to switch to Linux.

If they don't put a good spin on this, it's going to get ugly.

Really?

Wow. I hope that isn't true.

I guess the DoD had good reason to switch to Linux.

If they don't put a good spin on this, it's going to get ugly.


How's that ?

finally.... (but only to governments. still, its a start eh?)

you act as if you think this is a step towards Windows going open source ?!

Windows source was available for years to companies with more then a 1000 deployed machines.

How's that ?

From a PR perspective for Microsoft. I should have been more clear.

A large "KGB" spy ring was just in the news as they were all arrested. Being seen as assisting the entity responsible would not be a good thing. Bad timing at best.

Whether or not it proves to be a misstep by MS on a technical level, it could prove to be huge PR problem.

Windows source was available for years to companies with more then a 1000 deployed machines.

Really??

More on the story:

http://rt.com/prime-time/2010-07-07/microsoft-russia-security-service.html?fullstory

Really??


Don't know about the 'for years' and 'over 10.000 employees', but otherwise :
http://www.microsoft.com/resources/sharedsource/eslp.mspx

it's part of the 'shared source initiative'.

note that this is is sourced 'for reference' or 'for inspection', i.e. not for modifying, recompiling, redistribution, ... and is subject to a NDA.
So it's got absolutely nothing to do with open source, although some people, inclusing MS marketing, sometimes present it that way.

http://www.microsoft.com/resources/sharedsource/referencesource.mspx

In Soviet Russia, source code opens you up!

Or Open Source code you up?

Really??

Yes. It's in the middle of the list. I was wrong on the number of desktop machines. It's 1500+ not 1000+.

In Soviet Russia, you Cannot Haz Cheezburger (http://sporkforge.com/sporkapps/app.php?n=10066977d90600118d).

I foresee another big code leak soon. (The Russians can't even keep track of their fissile materials, let alone digitized source code.)

I foresee another big code leak soon. (The Russians can't even keep track of their fissile materials, let alone digitized source code.)
Indeed.
This could pave the way for a huge wave of new viruses, being 'open' source but without the usual thousands of eyes inspecting the source code. Or rather thousands of eyes will be inspecting the source code, they just won't be doing it for the good of the windows community. *Prepares to receive 2.5 X 10^6 computers*

Wow. I hope that isn't true.

I guess the DoD had good reason to switch to Linux.

If they don't put a good spin on this, it's going to get ugly.

Do you have a reference regarding their switch to Linux? I would like to read it.

Do you have a reference regarding their switch to Linux? I would like to read it.

http://blogs.techrepublic.com.com/opensource/?p=347

http://www.forbes.com/2003/06/20/cz_eb_0620linux.html - 2003

It's pretty cool that the KGB will run Windows and the CIA will run Linux. It's always good to stay one step ahead of the Russians. :D

Actually I doubt they get off the Windows platform entirely...

Let's get 4chan on getting the source code then, if it's available somewhere, 4chan can find it.

How about Russia turn it over to the ReactOS developers? ReactOS originated in Russia.

How about Russia turn it over to the ReactOS developers? ReactOS originated in Russia.

I wonder how much that would also help Wine development.

How about Russia turn it over to the ReactOS developers? ReactOS originated in Russia.

...and KolibriOS (http://www.kolibrios.org/) too.

I wonder how much that would also help Wine development.

It would help significantly, as some code is relayed back to wine.

...and KolibriOS (http://www.kolibrios.org/) too.

ReactOS is meant to be binary compatible with Windows though.

If you like Microsoft, read this:

http://www.zdnet.co.uk/news/security/2010/07/08/microsoft-opens-source-code-to-russian-secret-service-40089481/

Thank God for Ubuntu-GNU/Linux!

How very ambiguous...

this is why the chinese don't use windows. that goes without discussing the shady encryptions and possible backdoors the nsa has been slapping on windows since the 98 OS.

for most of us
we should be worried
the ability to protect ones self
where others have not been advised of a problem
creates a situation where
the info could leak to the state-less [terrorists]
who have motive to use the knowledge

like having the vaccine for the next plague

I don't see why this is such a concern. I mean, on one hand the montra of the Linux community has always been "access to source code to make changes and customize it", but if one has access MS source code it's now suddenly an evil thing? Make up your minds.

Should i be afraid?

Pretty sure we had a thread about this before.

Searching russia, windows or techdirt (the old link) doesn't bring up any results.

So? Linux source code is open anyway.

@Kamaboko, the source code itself is fine. It's what information they can extract from it that's dangerous.
Russia hasn't got a good reputation for data protection (keep in mind that loads of the first "dvdrips" of films and cartoons come in Russian) plus they have skilled hackers and crackers.
Add this to the fact of windows having at least 5 separate built-in backdoors and you get the doomsday scenario with all the windows computers sending out military documents, bank details, etc and wiping themselves clean afterwards to get rid of evidence.
Also, I don't trust neither Russia nor MS, and those two working together can cause real mayhem.

Windows is also open source for certain people, and has been for quite some time.

(Not just the MSFT devs.)

Windows is also open source for certain people, and has been for quite some time.

(Not just the MSFT devs.)

It's open for companies that sign a deal with MS and have more then 1500+ desktops running Windows. They can't modify it though.

Add this to the fact of windows having at least 5 separate built-in backdoors

Fact, really? Where's the link to prove this so called fact?

Should i be afraid?

Nope.

http://ubuntuforums.org/showthread.php?t=1526003

Fact, really? Where's the link to prove this so called fact?

Clearly he's right.

http://ubuntuforums.org/showthread.php?t=1526003

See, this is why people need to use real words...

not src (cannot search three letter words or less on this board.)

but it still be closed for the normal population right??
happy i use ubuntu... :D

Microsoft said it had opened up code to the FSB as part of its ongoing Government Security Agreement with the Russian state.

](*,)

And all those talks about Russia intending to promote Linux and developing a Linux-based operating system for government purposes! Clearly, with Microsoft's lobby and general lack of political will nothing serious will ever be done in this country :(

maybe it's just me but isn't showing your source code basically asking to be hacked? I know linux is open source too but with linux you can patch things, with MS it's basically if you see an error it might be closed eventually if you even bother to inform them about it.

See, this is why people need to use real words...

not src (cannot search three letter words or less on this board.)Use Google. Type in "ubuntuforums.org: search term" and you circumvent that limitation.

Ok. Correction. What I stated may not be fact but I'm 99% certain about it. Also, the topic title is misleading. The article linked to only mentions 2008 server + office 2010.

maybe it's just me but isn't showing your source code basically asking to be hacked? I know linux is open source too but with linux you can patch things, with MS it's basically if you see an error it might be closed eventually if you even bother to inform them about it.

The MS-hate in these forums is hilarious sometimes

Use Linux! It's open source which means it's great, and very secure!
Everyone should use it!

*Microsoft releases source code*
Oh no! Now Windows is vulnerable to attack!!

I don't see why this is such a concern. I mean, on one hand the montra of the Linux community has always been "access to source code to make changes and customize it", but if one has access MS source code it's now suddenly an evil thing? Make up your minds.

if anyone using the software seeing can see the source code, that is a good thing.

limiting it to a select few groups is a bad thing.

except it wont be limited to a select few groups, will it?

obviously, the entire source code will get out at some point.

however, companies/individuals in the United States (and UK, Germany, and a few others) will not be able to view it or use it without being in violation of US/UK/DE Law. Even if they are only using it to audit it and shore up security vulnerabilities, possession of the source code will still be possession of stolen intellectual property.

meanwhile, every bad guy on the planet will be scouring the source code for vulnerabilities.

...however, companies/individuals in the United States (and UK, Germany, and a few others) will not be able to view it or use it without being in violation of US/UK/DE Law...
As was said earlier

It's open for companies that sign a deal with MS and have more then 1500+ desktops running Windows. They can't modify it though.

As was said earlier


It's open for companies that sign a deal with MS and have more then 1500+ desktops running Windows. They can't modify it though.

then we can be even more certain that it will get out.

then we can be even more certain that it will get out.
Why does that make it even more certain it will get out

That what will get out?

the source code. some of it, or all of it.

and only the following will be able to audit it:

1) governments
2) corporations with over 1500 employees that choose to do so
3) bad guys
4) folks in nations that do not care about US Copyright law

Regarding number 4. They could sell patches and shore up vulnerabilities on Windows installs in the third world, but they won't be able to do business legally in many of the wealthier nations of the world. Meaning, they will have more to gain by becoming bad guys than they do from submitting patches to Microsoft.

If I ran an espionage dept, I'd take the source code, put a (another) backdoor in it, recompile, then release it into the wild via pirate software channels.

If I ran an espionage dept, I'd take the source code, put a (another) backdoor in it, recompile, then release it into the wild via pirate software channels.

im glad im not the only one here with the ability to put myself in someone elses shoes.

i applaud you for coming up with that idea, and sharing it instead of using it.

i wonder how corruptible the guy with 'edit' privileges on the "Windows Repo" thread are?

(im going to assume im not the first person to come across that first google result while looking into what package management options exists for windows users, and thus that it isn't some magical google term that is any form of secret insider knowledge)

*Microsoft releases source code*
Oh no! Now Windows is vulnerable to attack!!

Released to view, not to change. Which means that patches and changes will still have to go through MS to occur (and would be thereby delayed). If anyone who has malicious intentions gets their hands on that source, they could perform as stated and even look for current holes/flaws to exploit.

It's certainly not a new idea, nor does it require source code to poison a legit app and release it.

But with the source, you can do it a WHOLE bunch better.

They have previously given access to the source to universities, certain corporations and government agencies. It is no big surprise that they share with security agencies in other countries.

The publicity is new but the code sharing on the part of Microsoft isn't new. One does wonder though if they could ever go the full monty, I believe they are going in that direction. The question in my mind is more timing and pace of such a move, I believe they will see the business sense in doing so like they have in working with Open Source these days.

then it shouldn't be our worries... a lot of people here (in this forum) running linux, isn't it?
i only see this as a latest attempt (from M$) to get money because nobody wants to buy it anymore. afterall, i guess they will release their code as an open source someday...

If I ran an espionage dept, I'd take the source code, put a (another) backdoor in it, recompile, then release it into the wild via pirate software channels.

People have been doing that for years without the source code.

Released to view, not to change. Which means that patches and changes will still have to go through MS to occur (and would be thereby delayed). If anyone who has malicious intentions gets their hands on that source, they could perform as stated and even look for current holes/flaws to exploit.

So?
Contact Microsoft telling them of the exploit. Yes you yourself can't fix it, but you could tell them how to fix it and they'd do it.

How is the hypothetical situation of their not fixing any different from the number of Linux bugs marked WONTFIX?

i only see this as a latest attempt (from M$) to get money because nobody wants to buy it anymore. afterall...
Hahaha what? Yea no one wants to buy Windows anymore, it's just the dominate OS and Windows 7 alone surpassed Linux's share in a week and OS X's in a month.


I have to remember to stop posting in Microsoft related threads here. So many people out there think no matter what Microsoft does, it's bad.

Why Russian and not China, North Korea, Vietnam, Africa etc..... Better still release the source code and let anybody to patch up their security and make it more secure. Only if???

Better still release the source code and let anybody to patch up their security and make it more secure. Only if???
Can this third party patch be guaranteed work on all versions, all editions and all languages of Windows? Will it be tested to find regressions and compatibility problems?

There's no reason why third party patches are preferable over Microsoft's. If you can convince me that you are familiar with the Windows codebase (to avoid accidentally introducing another bug elsewhere), have a comprehensive test matrix and can provide support for said patches, then I might just consider it.

Linux is doing it why not Microsoft. I am sure there is a way if they want to do. They have a lot of third party security software in the market. So I believe any issue can be solve easily.

Linux is doing it why not Microsoft.
Just because someone can look at the source code and make a patch doesn't mean people should apply it. It's better to have the patch submitted to the developers, have them look over it, wait for a stable release and then get it from your distribution.

It's almost the same with Microsoft. You report a bug, have them look over it and produce a patch, wait for them to undergo testing and then get it from Windows Update.


They have a lot of third party security software in the market.
If a security software screws up your computer, then you can hold the vendors accountable. If you start applying security patches from some random guy on the Internet, there is no guarantee that it won't cause incompatibilities. Furthermore, your configuration will not be supported by the vendor, so you are on your own until you decide to reinstall everything.

Use Google. Type in "ubuntuforums.org: search term" and you circumvent that limitation.
OR you can add ubuntu forms (http://ubuntuforums.org/showpost.php?p=9576080&postcount=4) to FireFox's search box.

If a security software screws up your computer, then you can hold the vendors accountable.

Not in the EULA's I've seen...

Well, when I mean accountable, I'm thinking of someone who will take responsibility for a certain software or patch and help those who are affected.

I guess accountable wasn't exactly the right word to use.

So?
Contact Microsoft telling them of the exploit. Yes you yourself can't fix it, but you could tell them how to fix it and they'd do it.

How is the hypothetical situation of their not fixing any different from the number of Linux bugs marked WONTFIX?

Other than the sheer numbers of people with a vested interest in not reporting it and exploiting it? It does only take one to report it but that one does have a higher percent chance of not reporting it. I know what you are saying, what's the difference between MS and the specific dev teams. My point is that while OS of Windows might result in 4 exploits (which wouldn't have been found) being reported, that 5th one could be seen and not (and abused instead).

Big lawsuit anyone?

Thankfully I don't own a system with windows, and I've never programmed anything that exclusively ran on windows. So if this puts Microsoft under, I won't have to reinstall and learn a new OS, and I won't have to port any code.

People have been doing that for years without the source code.

Yeah, but you're kinda limited, and it takes FOREVER to reverse-engineer binaries.

(...) Also, I don't trust neither Russia nor MS, and those two working together can cause real mayhem.
I don't trust Russia either, nor USA, Iran, China, Italy, Guatemala, Israel, United Kingdom, Egypt, Spain, Tanzania ...
Every single country in the world has proven to be perfectly capable of doing terrible things in their own interest, or in the interest of a dominant minority (also, sometimes, capable of doing great things, but it's not that matters here). We're talking about human nature here.

So, I find potentially ofensive a reference to a particular country. If one has to be objective about the probability of a particular government having "back doors" for his own use in the aforementioned OS, ... well, simply think about your bet.

... just me, or all you mostly snobs? You hear "Russia," and think "Evil." Well, releasing source code is releasing source code. I really see no cause for concern.

I don't trust Russia either, nor USA, Iran, China, Italy, Guatemala, Israel, United Kingdom, Egypt, Spain, Tanzania ...
Every single country in the world has proven to be perfectly capable of doing terrible things in their own interest, or in the interest of a dominant minority (also, sometimes, capable of doing great things, but it's not that matters here). We're talking about human nature here.

So, I find potentially ofensive a reference to a particular country. If one has to be objective about the probability of a particular government having "back doors" for his own use in the aforementioned OS, ... well, simply think about your bet.

amen

... just me, or all you mostly snobs? You hear "Russia," and think "Evil." Well, releasing source code is releasing source code. I really see no cause for concern.

I hear Russia and think "no more secrets"

How is the hypothetical situation of their not fixing any different from the number of Linux bugs marked WONTFIX?

Linus' dictatorial powers are limited. If he became a dictator that folks disagree with, they are welcome to fork. Interested parties can just pull the 2.6.32-n kernel from the tree and go from there, taking the developer community (including paid Intel and IBM devs) with them. Where "n" is one revision before Linus' poor decisions became overwhelming.

What incentive does Microsoft have to correct bugs it deems uneconomical to fix? Thousands of nerds screaming "Windows is buggy and insecure!"...?? We already have that, it does nothing.

3rd parties could offer patches, of course... Just not in the United States, UK, Germany, or any other nation that respects US and US-like Copyright Laws. Unlike Linux, where anyone can offer patches to whomever they wish from wherever they wish under any GPL-compatible terms they wish.

Exploits that take advantage of the 'WONTFIX' Windows bugs, of course, can come from anywhere.

Enough of Microsoft whether they release their source code or not. The security is still buggy and I don't see them or any third party security software vendors could solve it. We are fortunate to have Linux.

Enough of Microsoft whether they release their source code or not. The security is still buggy and I don't see them or any third party security software vendors could solve it. We are fortunate to have Linux.

Sorry but the focus of MS for the past 6-7 years has been only security. They are pretty good at it now. This "Linux is the most secure OS" really needs to die. OS security depends almost entirely on the person(s) that administers it. A crappy Linux admin will have an insecure Linux install just as a crappy Windows admin will have an insecure Windows install.

Linus' dictatorial powers are limited. If he became a dictator that folks disagree with, they are welcome to fork. Interested parties can just pull the 2.6.32-n kernel from the tree and go from there, taking the developer community (including paid Intel and IBM devs) with them. Where "n" is one revision before Linus' poor decisions became overwhelming.

What incentive does Microsoft have to correct bugs it deems uneconomical to fix? Thousands of nerds screaming "Windows is buggy and insecure!"...?? We already have that, it does nothing.

3rd parties could offer patches, of course... Just not in the United States, UK, Germany, or any other nation that respects US and US-like Copyright Laws. Unlike Linux, where anyone can offer patches to whomever they wish from wherever they wish under any GPL-compatible terms they wish.

Exploits that take advantage of the 'WONTFIX' Windows bugs, of course, can come from anywhere.

Most security bugs today come from 3rd party software.

one issue here is simply running an executable of malicious code virus worm etc...which takes advantage of a 'hidden door' in windows. I have my extreme doubts that even an open source code would expose these doors to those who look thru code. API can itself be the door, and it does not have to be hidden all that well, just exposing part of its designed functionality. There can be paths and ways thru with one process unlocking another.

Big lawsuit anyone?

Thankfully I don't own a system with windows, and I've never programmed anything that exclusively ran on windows. So if this puts Microsoft under, I won't have to reinstall and learn a new OS, and I won't have to port any code.

I always laugh at these "M$ iz goin bankrupt!!!!11" posts. People seem to think that because they, and maybe a few other people they know use Linux, the whole world is revolting against the dark evil forces of Microsoft.

Really, what's this supposad lawsuit going to be about?


... just me, or all you mostly snobs? You hear "Russia," and think "Evil." Well, releasing source code is releasing source code. I really see no cause for concern.

I was thinking the same thing.

Because Microsoft stealing unix code is the most evil thing in the world ... but if YOU could steal MS's code to improve your stuff (wine) ... now THAT'S perfectly fine.

:-k

Protip: Microsoft also shares the source code with various companies. My company has access to the Win 7 source code under the Shared Source initiative (http://www.microsoft.com/resources/sharedsource/default.mspx).


Through the Shared Source Initiative, Microsoft is sharing source code with customers, partners, developers, academics, and governments worldwide. The program encompasses a wide spectrum of technologies, programs, and licenses.

The Shared Source Initiative fosters technical innovation and brings value to businesses and developers. Through this program Microsoft advances several important objectives:


Bolster the freedom and success of customers, partners, researchers, and developers by affording them expanded access to source code.
Enable Windows users to ensure the integrity and security of their computing environments.
Enrich the development community by providing the tools to produce outstanding software.
Enhance educational opportunities and to cultivate a vigorous software industry of the future by placing technology in the hands of universities throughout the world.
Preserve the intellectual property rights that historically have fostered unparalleled innovation and growth in the global software industry.


Also, those who are saying "Oh, well thank goodness I have Linux!": The source code of Linux is open source, the Russian government does commit to the Linux source, and finally, you've never seen the source code to any of Microsoft's core OS technologies, quit talking as if you've audited it. You haven't, and cannot, see it, stop acting like you've just found the worst security holes imaginable. Trust me, the NSA has audited the source code plenty of times, it's safe.

Oh my gosh! Guess what else the Russians have the source code for: Ubuntu! \\:D/



Also, those who are saying "Oh, well thank goodness I have Linux!": The source code of Linux is open source, the Russian government does commit to the Linux source
Oh you!

Because Microsoft stealing unix code is the most evil thing in the world ... but if YOU could steal MS's code to improve your stuff (wine) ... now THAT'S perfectly fine.

:-k

*ENGAGE FOOTBALL COMMENTARY MODE - In Scottish Accent*

Well Gary, you see the young lad has tried to be a bit too clever on the ball and has ended up falling over his own feet! I can see what the lad was intending, but was woahfully short on execution. To my mind, he really needs to re-think his approach to the game!!

Mr Bond close it down before all this stupidity leaks out.