Less than a week after it discovered that parts of its Windows 2000 and
NT source code were leaked
to the Internet, Microsoft officials are now finding
that a kind of grassroots peer review of its code is sprouting among
programmers and the merely curious from all points of the globe.
The Redmond, Wash., creator of the Windows operating system is legendary
for the tight rein it has held over source code to the operating system that
runs on 9 out of 10 computers in the world. Only in recent years, goaded in
part by an anti-trust
settlement with the U.S. Department of Justice in 2001, has the company
extended some of its code outside academia and made it available for use by
independent software vendors (ISVs). The program, called Shared Source
Initiative (SSI), has garnered more than 3,000 development partners in the
past three years, according to Microsoft officials.
Some programmers contacted by internetnews.com say many in their
community are wary of even looking at the code in order to avoid inflaming
intellectual property issues over software copyrights — in a software
industry already inflamed over copyright amid the SCO Group’s intellectual
property challenge of parts of the Linux kernel.
But for those who do, including plenty of people in peer-to-peer networks
and in Internet
Relay Chat (IRC) rooms worldwide, the 660 MB file containing the code is
essentially open source material.
Chris Wysopal, vice president of research and development at security
firm @Stake, said Microsoft should expect to field a lot of calls in the
coming months as developers chime in with their ideas for improving the
code.
Indeed, experts say the leak of Microsoft’s proprietary code to the
public might just result in code benefits to the Windows platform overall.
Expect comments from the developer community to outpace any discussion about
active open source projects such as Linux, Wysopal said, because of
Microsoft’s dominant presence throughout the world.
“It’s Microsoft. Everyone wants to scrutinize what they’re doing,” he told
internetnews.com. “This is the first glimpse for most people to the
way Microsoft actually builds their applications and what kind of quality
they have in their coding. People are definitely going to say, ‘Microsoft,
you made a mistake here,’ or ‘Why did you do it this way?'” he added.
One of the latest online parlor games involving the leaked code is the
glimpse it provides into comments in the code from Microsoft programmers
charged with updating and patching the code over the years.
One technology enthusiast at Web site kuro5shin
noted many of the hacks (additions) to the code base included some colorful
comments and creative use of adjectives in noting programming changes.
In this case, the reviewer concluded the code was generally “excellent.”
But he also noted the
many additions to the Windows code to be almost universally compatible with
previous Windows versions. And third-party software has “clearly come at a
cost, both in developer-sweat and the elegance (and hence stability and
maintainability) of the code.”
Microsoft, which does not comment on specific questions about its code,
on Wednesday said it has begun sending
notifications to people who may have downloaded the company’s source
code warning them that such actions are in violation of copyright law.
The code leak last week doesn’t mean code snippets will find their way
into
future applications by competitors or the open source community, predict
developers in the community.
Most developers who have peeked at the code have found that, while
providing a glimpse to some of Windows’ inner workings, the code mostly
references other areas of source code that were not leaked, said Adnan
Masood, a U.K.- based software engineer.
“Programmers may learn bits and pieces about how Microsoft’s kernel,
input/output optimization, multi-threading, spooling and hardware
abstraction layer actually work and what’s behind the Windows, but I’m not
sure it will become public or get used in any other projects,” he said.
Chris Spann, a systems architect, agreed. “Microsoft’s only real
concern is that someone may be able to use their code in a commercial
product,” he told internetnews.com. “This really isn’t too much of a
concern either, as there are open source products in the Linux/Unix world
that can already mimic much of what Microsoft has to offer.”
Even more of a reason, added Wysopal, is that the code is between three to
four years old, a time that pre-dates Microsoft’s security
initiatives.
“We’re sort of looking back in time at what Microsoft was doing in the year
2000 or 1999,” he said. “We still don’t really know, looking at that code,
what today’s code looks like.