Feeds

Bill Gates' letter to hobbyists (en Français, 2006)

Plus ça change

3 Big data security analytics techniques

The mere fact that a free software project has rejected source code might surprise some, but only until you see the strings attached. And they're more shackles than strings.

"The license proposal forbids you to run any binary that's based on the source code," Samba developer Volker Lendecke says.

As the Samba submission to the commission pointed out, code that was potentially encumbered with patents would have required the Samba team to set up a clean room.

"So having the ability to run source code, the complications rise tenfold. Really a bunch of new different problems," Lendecke says.

So there's the issue of practicality. In 50m lines of source code, it's hard enough tell what's going on, let alone what patents might be lurking. Back in 2001 the dissenting states suggested forcing Microsoft to disclose its Windows source code to rivals - and we can understand why that idea found no interest.

There's also another reason why a source code offer isn't all that it seems.

In his 1984 paper "Reflections On Trusting Trust", the co-author of Unix Ken Thompson described a theoretical Trojan which could be salted away inside the compiler. It's a work of subtle beauty that deals with the transmission of knowledge without the transmitter being aware of the payload. That's something we're all experts on, whether we think very much about it or not.

"No amount of source-level verification or scrutiny will protect you from using untrusted code," concludes Thompson. The relevance of "Reflections..." to this week's hearings is not to suggest that Microsoft has been so fiendishly clever that it may have rigged its compilers with an unknown payload - a feat which would require a level of foresight unknown at Redmond. But its to reinforce the general point that disclosure of the source code isn't the full story. Source code is not a holy grail of authenticity, but merely a set of instructions for other mechanisms to obey. The map is not the territory.

In fact, all the Samba team want, according to Andrew Tridgell's testimony this week, is a floppy disk's worth of Interface Definition Language descriptions.

Another comment of Cooke's met with astonishment during calls to parties with an interest in the outcome of the case on Thursday afternoon. Cooke expressed skepticism that Microsoft's buy out of AT&T's AS/U, its Windows services for Unix, represented a "disruption of supply". AT&T had licensed the code to 11 vendors, including HP and Sun, to permit them to build Windows interoperability into their server offerings. (We can't stress enough that the European anti-trust case specifies a server-to-server remedy beyond the client-server remedy the US settlement outlined).

The proof is surely in the consequences of this action. After Microsoft's cash settlement with AT&T, derivatives of AS/U such as Sun's PC NetLink withered on the vine. The only Windows interoperability project to gain any widespread industry momentum since its demise has been Samba, which is handicapped on several fronts. Did AS/U licensees - some of the biggest names in the industry - rationally decide that what their customers really wanted was worse Windows interoperability? Cooke seems to invite us to draw this conclusion. One must hope the other judges find this far-fetched.

Asked what Samba really wants, the team told us

"A fully specified protocol to the level of detail of an internet RFC, much like Sun's NFS v4 - that would be perfect."

There you have it. Not such an intellectual property giveaway after all, is it? ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.