[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linux-aus] [Fwd: Microsoft "Shared Source" Seminar details]
On Mon, Sep 22, 2003 at 11:01:10AM +0800, Leon Brooks wrote:
> On Mon, 22 Sep 2003 10:23, Stewart Smith wrote:
> > i'll be skipping an (incredibly boring) lecture to catch this talk,
> > although is only for people at monash, I'd be welcome to raise any
> > questions or points anybody here has.
>
> Ask Jason why Microsoft ships SFU if GPLed software causes problems.
> That one question if no others.
OK, Leon's got a few going. Let me add to it. Are you taking any friends
along? If so, get them to share the question load.
- - -
1) Microsoft does not give out the source code in full for users to
compile and confirm that the resulting binaries are the same as the ones
that Microsoft ships out. (Without this availability of this action,
shared source is merely a marketing trick, not a functionally useful
security vetting scheme.)
Comment from Microsoft?
2) Just as importantly, Microsoft does not release the source code to its
compilers which are used to build Windows, to allow 3rd parties to vet
the compilers to ensure that no 'hanky-panky' is compiled into binaries
which was not present in the source code
Comment from Microsoft?
3) Microsoft states that it makes the source code for (the not very
popular) products like WinCE available generally, but there are few
takers. Could this have anything to do with the onerous contractual
agreements which Microsoft needs a developer to sign prior to gaining
access?
(Microsoft uses this minimal interest in WinCE shared-source to poo-poo
the advantages that enfettered source code access via an Open Source
method provides to developers)
4) Governments generally do not have the resources nor the skills to
audit a codebase such as Windows. Most probably don't have the resources
or skills to audit Linux either, but then they don't have to, as hundreds
of security experts, researchers and coders do it for them.
Some backgrounder:
When looking at all these questions, we find that little is gained in
from governments gaining access to the shared source programme. In fact,
some countries that have such signed agreements with Microsoft (China,
Japan) have recently launched a united project to develop an alternative
platform to Windows. China was also given a $1.5 billion dollar gift
from Microsoft in the past year, yet still decided to eschew that firm.
These acts are, in many ways, a serious slap in the face.
con
--
_____________________________________________________________________________
Con Zymaris <conz@cyber.com.au> Level 4, 10 Queen St, Melbourne 03 9621 2377
Cybersource: Unix/Linux, TCP/IP and Web App. Development www.cyber.com.au