Reading Microsoft's 'Open' Window
March 26, 2001
In fact, this could mark the beginning of Microsoft's move towards a new model, between proprietary code and full open source: something I will call "read-only source."
Read-only source is what it sounds like. Anyone can view the source code, but nobody can modify it, and no copyright or intellectual property rights are granted.
Microsoft is allowing 1,000 companies to participate in its read-only source program (as it has done in the past for much smaller numbers of customers).
But there is no reason that it could not open up the program to everyone.
When it was revealed last October that someone had broken into Microsoft's corporate network and viewed the source code for an unspecified product, much twittering was heard in the press about how source code is Microsoft's crown jewel and having someone see it would be terrible.
In fact, as the open-source movement has demonstrated, having your source code visible to external eyes is not necessarily a disadvantage, and, in some cases, can be a definite advantage.
I would be surprised if this was the first time that source code to a Microsoft product leaked out. There are many people inside Microsoft who have access to at least view source code, and who can say if any of these people has had the urge to burn a CD with some source files on it?
Note to any Microsoft lawyers who might be snooping around: I have NO knowledge of this ever happening, it's just pure speculation on my part.
Plus, there will soon be 1,000 more companies with the source floating around their corporate networks.
So what would happen if Microsoft decided to open up all its source code for read-only viewing by the entire world?
Well, probably not much at first. Personally I find reading other people's source code to be tedious work, but the existence of books with titles like "Linux Core Kernel Commentary" means that someone finds some value in pawing through long stretches of code.
So one can assume that the code would eventually be looked over in some detail by the assembled masses.
Many of the advantages of full open source would occur with read-only source. Opponents would no longer be able to claim that Microsoft was hiding anything (or conversely, if Microsoft was hiding anything, it would be found quickly).
Some security holes might be found early on, but this would lead to a more secure system.
Users might be able to debug problems without having to notify Microsoft, and Microsoft would be free to accept their changes. The company could allow a user to recompile code, on the condition that the result not be distributed. Someone writing a book about Microsoft's APIs would no longer need to get all their information from the company. All details and side effects would be visible from the code.
If Microsoft ever went out of business, its code would still be available for others who wanted to maintain it. This may not be an issue with Microsoft, but it could be very helpful for someone buying a software package from a smaller company and not wanting to be left in the lurch if they went out of business, or simply stopped supporting a product.
Anybody care to revive Bob?
The nightmare scenario for Microsoft would be someone who hacks up his or her own private version of an operating system, then poses as a consultant to go install that on all the machines at a company. Leaving aside the question of who would support the result, the malicious installer could easily add a security backdoor.
Microsoft should be able to avoid this now that it signs and verifies all critical binaries that are loaded. Anyway the above situation could also happen with an open source operating system.
Microsoft would worry about its intellectual property leaking out. But this can happen with published patents, and would be just as illegal. If releasing read-only source became a standard in the industry, then the culprits of any such theft -- including Microsoft -- would be plainly visible.
People would still complain, of course. Open source advocates would point out, correctly, that this is not "real" open source. Being able to view the source code to a new feature in a Microsoft operating system would not help a company frustrated because it was not invited to help design that feature.
There would be minor issues, such as third-party code included in the operating system to which Microsoft itself does not have the source.
Still, when you weigh the pros and cons, my advice to Microsoft is: Just Do It!
Adam Barr worked at Microsoft for over 10 years before leaving in April of 2000. He spent the majority of that time working on Windows NT/2000 and reports that the source code was pretty unexciting. His book about his time at Microsoft, "Proudly Serving My Corporate Masters," has just been published by iUniverse. He lives in Redmond, Washington..