Re: value of open-source in the driver community (was "how to execute a process...")

>>Microsoft’s

>competitive advantage is that they can string 10,000 good algorithms
>together in such a coherent way that a competitor can’t hope to match
>the effort without 30,000 smart programmers of its own.
>

Absolutely right. Making the source code, especially of the O/S itself,
available should really be no big thing when you think about it. Those of
us who just want to know all the places where IoXxxx returns
STATUS_ACCESS_DENIED (or whatever) would be able to find out relatively
easily. And, anything that’s a security risk, ah, shouldn’t be there in the
first place and is just waiting to be “discovered” by someone who DOESN’T
have the source code (is it David Craig who regularly reminds us that
security through obscurity is no security at all?).

Now, I could possibly see reasons why Microsoft might not want to release
the source code for the Win32 subsystems (user and kernel mode) – No sense
helping the penguinites build a really good Win32 emulator, right? And
maybe there are certain other kernel modules that fall into this category
too.

But you’re absolutely right… When you think about it, there’s no risk is
letting the vast majority of this stuff out.

As much as I think Gates and Ballmer, being techies at heart, could be
convinced personally that doing this would be the right thing, I don’t
see Microsoft Legal or Microsoft the Corporation being able to
understand that making the source code visible != giving away the source
code.

–
Nick Ryan (MVP for DDK)

This is crucial distinction that I wish was more understood in the
software community. Making source code visible is NOT the same as making
it free or putting it under any sort of FSF license that allows re-use
or re-sale. In fact, speaking as a programmer who wrote a significant
portion of the PGP 7.0/8.0 encryption product in years past (the source
code of which is freely visible at www.pgp.com), I am proud of having my
work at there in the open for others to see. The code is up there to
prove to others that it’s secure, well-written, and not backdoored. And
by making the installer project unavailable, PGP has made it impossible
to pirate the product merely by downloading and recompiling it.

As far as Windows goes, Microsoft is both providing us with a product
and a platform on which others can build their own products. When
developers and customers purchase a copy of Windows they are buying into
an ECOSYSTEM, not a single point in time. The value that comes out of
Windows comes not out of the OS itself but from the organisms that
survive on top of the OS - Office suites, games, utilities, future
upgrades. This is why the source code to Windows would be as useless to
potential competitors as it would be useful to Windows developers - the
platform needs a guiding hand in the form of Microsoft to make it
continually viable.

And say what you want about the Linux/GNU community, at least their work
is animated by a motivation that comes just as much from a passion for
the craft as it does from a want of money. And from what I know I’ll say
this passion is also what makes Microsoft employees stick around long
after the potential for becoming a stock-option gazillionaire has gone
away (no matter that some in the Linux community say otherwise). All
this war between the Microsoft camp and the open-source camp is
completely misguided in my opinion. Bill and Linus should really sit
down to a nice dinner in Reykjavik together and shake hands for the
press (with Eric Raymond along as Linus’s bodyguard and Steve Ballmer as
Gates’s).

Bill Casey wrote:

Peter:
Like Mt. Vesuvius I have been keeping the lid on my own pontification
regarding the “Open Sore” community. But your posting and the recent “Open
Source” front-cover headline by C/C++ Journal has caused the following
venting:
By the sweat of my brow and force of my intellect (no sniggering!) I have
managed to stay in business for myself for almost 30 years. So why should I
be forced either directly or through reverse engineering to make both past
AND future intellectual work product not only FREE but FREELY available?
How the hell am I and thousands like me supposed to make money? Are we
supposed to DONATE our time and thoughts.
It isn’t often I come to the defense of Microsoft but I will in this
instance. Let’s all quit whining about having the Windows source available.
Maybe we should all stare at our OWN code a little longer for the sake of
improving it rather than dump responsibility onto MS for our perceived
difficulties. Buck up and take it like a man. It is THEIR code paid for
with THEIR money. We can complain but it isn’t our RIGHT to look at, touch
it or feel it.
If only I had a small chance of speaking to the head of Red Hat, I’d let
him know my opinion of his recent comment that “one should be able to look
at source code without fear of being arrested”. Well, he can look at MY
source code but he should fear getting the crap beat out of him.
Bottom line is that these “penguinites” as you so politely call them are
nothing more than lazy, thieving, stupid, fascist, bottom-dwelling
scavengers. They want to impose their socialist world-view (that software
should be free) on all of us. They want it free because in the final
analysis they are cheap assholes cloaked in the mantle of world saviors.

Bill Casey

== SCSI Adapters & VirtualSCSI™ Target Mode Libs ==
Advanced Storage Concepts, Inc. (409) 744-2129
2720 Terminal Drive xxxxx@virtualscsi.com
Galveston, TX 77554 USA www.virtualscsi.com

>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com]On Behalf Of Peter Viscarola
>Sent: Thursday, August 28, 2003 8:44 AM
>To: Windows System Software Developers Interest List
>Subject: [ntdev] Re: value of open-source in the driver community (was
>“how to execute a process…”)
>
>
>Nick,
>
>As usual, you make several well thought-out points.
>
>I just wanted to “discuss” a few:
>
>“Nick Ryan” wrote in message news:xxxxx@ntdev…
>>
>>>Microsoft can write the best VPN and AV utilities both because
>>>it has smart people and because those people can see the source code.
>>>Any other group of equally smart people are at an automatic
>>>disadvantage.
>>>
>>
>>This is absolutely true. The entire world of Windows system software
>>developers would heartily benefit from having the Windows sources for
>>reference.
>>
>>However, there another problem at work here that make writing
>>things like AV
>>filters in the file system stack harder than it should be – even WITH
>>source code. And this is true generically for drivers of all types in
>>Windows.
>>
>>That problem is the complexity of the driver interface. Or, one
>>might say,
>>the lack of a really well defined interface without side effeects
>>for driver
>>development. This problem is rampant in the file system stack… there are
>>subtleties of the interfaces that change with each release of
>>Windows. Even
>>WITH the source code, you’d have a rough time building a robust component
>>for the file system stack that works across multiple versions of the O/S.
>>
>>
>>>Microsoft’s
>>>competitive advantage is that they can string 10,000 good algorithms
>>>together in such a coherent way that a competitor can’t hope to match
>>>the effort without 30,000 smart programmers of its own.
>>>
>>
>>Absolutely right. Making the source code, especially of the O/S itself,
>>available should really be no big thing when you think about it. Those of
>>us who just want to know all the places where IoXxxx returns
>>STATUS_ACCESS_DENIED (or whatever) would be able to find out relatively
>>easily. And, anything that’s a security risk, ah, shouldn’t be
>>there in the
>>first place and is just waiting to be “discovered” by someone who DOESN’T
>>have the source code (is it David Craig who regularly reminds us that
>>security through obscurity is no security at all?).
>>
>>Now, I could possibly see reasons why Microsoft might not want to release
>>the source code for the Win32 subsystems (user and kernel mode)
>>– No sense
>>helping the penguinites build a really good Win32 emulator, right? And
>>maybe there are certain other kernel modules that fall into this category
>>too.
>>
>>But you’re absolutely right… When you think about it, there’s no risk is
>>letting the vast majority of this stuff out.
>>
>>I feel a pontification coming on,
>>
>>Peter
>>
>>
>>
>>—
>>Questions? First check the Kernel Driver FAQ at
>
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@virtualscsi.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>

–
Nick Ryan (MVP for DDK)

First I’d like to say that I am grateful to Microsoft for the developer
community outreach efforts they ARE making. Events like the filesystem
filter plugfest are great, and I realize that rand-and-file Microsoft
employees do as much as they can for the community; they of course do
NOT have the authority to make decisions on their own on such an issue
as revealing source code.

Myself - I would be very glad to consider Open Source as soon as someone
answers this question from the perspective of a small company:

How does a (very small) software development house make money under Open
Source licenses?"

(I am serious about needing an answer to that question)

I think we may need to develop some new terminology here (if this hasn’t
already been done and I haven’t heard about it). What I’ll call ‘Visible
Source’ is what companies like PGP do - they’ll let you see and download
the source and maybe compile some of it, but you can’t use it or
redistribute it in any way. ‘Open Source’ is widely taken to refer to
source distributed under licenses advocated by the Free Software
Foundation that typically allow modification and redistribution of the
source (often termed ‘copyleft’).

I will therefore say that making source code Visible probably poses
little danger to software companies both large and small, provided a bit
of effort is taken to reduce the ease of piracy (such as PGP’s decision
not to publish the quite complex but mostly irrelevant installer project
source code with PGP 8.0). If you want to develop Open Source, however,
I’d say at this should be done more as a hobby and as a community social
effort than as a way to make money.

–
Nick Ryan (MVP for DDK)

This is definitely an argument on the side of not going Visible Source,
but one that I believe is still outweighed by the practical benefits.
Ideally, an interface would be complete and reliable enough that it
should just work without having the need to deal with leaks from the
abstraction. Practically, this has never been accomplished on a major
software platform as far as I know. Hardware firms like Intel do it all
the time, however. When’s the last you needed to see the microcode for
an x86 instruction in order to ship a driver (I’m sure it’s happened for
SOME of us, but very rarely)?

Don Burn wrote:

The one problem I see is with Visible source code is the old question
flagged in Brook’s Mythical Man Month, if you use the source as a reference
how do you tell architecture from implementation. It is very easy for the
user community to start relying on something that you do not want them to.
I believe there was reference at some talk I was at the Call Usage Verifier
was hampered by usage inside of Microsoft that was not exactly as defined by
the docs. I have experienced the pain of this first hand at a mini-computer
firm where some OS extensions got canceled because customers who had read
the source, knew that is was safe to fiddle with fields we told them not to
touch.

I’d still like the source, but this is one reason I can see Microsoft for
not going there.

Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting

“Nick Ryan” wrote in message
>
>>I will therefore say that making source code Visible probably poses
>>little danger to software companies both large and small, provided a bit
>>of effort is taken to reduce the ease of piracy (such as PGP’s decision
>>not to publish the quite complex but mostly irrelevant installer project
>>source code with PGP 8.0). If you want to develop Open Source, however,
>>I’d say at this should be done more as a hobby and as a community social
>>effort than as a way to make money.
>>
>
>
>
>
>
>

–
Nick Ryan (MVP for DDK)

Thomas F. Divine wrote:

How does a (very small) software development house make money under Open
Source licenses?"

(I am serious about needing an answer to that question)

As far as I can tell, open source doesn't preclude one from making
money by writing software for someone else. It only precludes then
turning around and selling it to a bunch of other people.

Depending on what kind of small software house you run, I'm not sure
what difference open-sourcing the results of contracts would have on
your revenues. Perhaps it would scare off some clients, but perhaps it
would attract others that want to see/maintain the code themselves
after the project is done.

In fact, you might (possibly... don't hold your breath) get a bunch of
free work done on your code, which you could then reuse to develop the
next contract project for the next customer. FWIW, my company hasn't
yet needed to expend resources developing a Linux driver for our
products because it's already been done for us by 3rd parties.

I'm pretty neutral about the free software community (which is
different from open source, but that's a different flamewar). If you
don't want to reuse their code, or you aren't able to because you need
to be able to use a more restrictive license, then don't.

The only harm I can possibly see is that they are competing with
people trying to do it for a living. Frankly, I'm not too worried
about that at this point... Most of the stuff they have produced isn't
stuff that anyone could develop and then charge for anyway.

../ray..