Can Microsoft 'do' open source by 2015?

Consistency and commitment needed


The recently appointed head of Microsoft's global Linux and open source team hopes the company will have a clear and comprehensible open source strategy by 2015.

Sam Ramji wants people to clearly understand what projects the company is contributing to, and what code Microsoft is making available - along with the terms - on a routine basis.

It seems Ramji is talking about people both inside and outside Microsoft knowing what’s going on.

"We don't have hard rules... right now, it's still careful judgment case by case. By 2015, I think it would be set up," he told Reg Dev, just before his promotion.

"It'll be understood, woven in to the fabric and in product-development cycles, so it's well understood: 'Here is the parts of our product that will be open source.”

Sam Ramji

Ramji: no hard rules

That would be a major improvement on today. To the outside observer, Microsoft is operating in its support of open source on a case-by-case basis. It sponsors a show here but not there - in March it sponsored the Open Source Business Conference, for example, but not EclipseCon.

It is working selectively with open source projects. At EclipseCon, Ramji announced Microsoft will offer the Eclipse Standard Widget Toolkit project "direct" support from its engineering teams and open source software lab. But it's not actually joining anything at Eclipse.

The company has taken to publishing huge tracts of technical information in an apparent rush of "openness". Six hundred thousand pages of documentation for its implementation of Extensible Application Markup Language were released this spring under its Open Specification Promise, and the company also released 30,000 pages on its Windows APIs and protocols.

The documentation, though, sits out there like a rights and royalties landmine waiting to go off. It is unclear what royalties accompany the documents. Developers we’ve spoken to - Zend Technologies’ co-founder and chief technology officer Andi Gutmans and MuleSource chief exec Dave Rosenberg to name two - are concerned that individuals might be forced into paying Microsoft for inadvertently using techniques that happen to be already “owned” by Microsoft and are listed in these documents.

Clearly, much refinement is needed here.

Will Microsoft release more code? Will it stop flirting with open source projects, and actually commit full-time? And what about the big two: open sourcing Windows and Office, and actually releasing its code under independent licensing rather than licenses devised by Microsoft?

Ramji said Microsoft is looking at whether the AJAX SDK and the sample kit should be opened. He's "not closing off" possibilities when it comes to Eclipse. And Microsoft is in "on-going dialog" with community members over making it easier to find the royalties in its documents.

These are hardly commitments of the solid or major variety.

Similar topics

Broader topics


Other stories you might like

  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading
  • Microsoft gives its partners power to change AD privileges on customer systems – without permission
    Somewhat counterintuitively, this is being done to improve security

    Microsoft has created a window of time in which its partners can – without permission – create new roles for themselves in customers' Active Directory implementations.

    Which sounds bonkers, so let's explain why Microsoft has even entertained the prospect.

    To begin, remember that criminals have figured out that attacking IT service providers offers a great way to find many other targets. Evidence of that approach can be found in attacks on ConnectWise, SolarWinds, Kaseya and other vendors that provide software to IT service providers.

    Continue reading
  • FabricScape: Microsoft warns of vuln in Service Fabric
    Not trying to spin this as a Linux security hole, surely?

    Microsoft is flagging up a security hole in its Service Fabric technology when using containerized Linux workloads, and urged customers to upgrade their clusters to the most recent release.

    The flaw is tracked as CVE-2022-30137, an elevation-of-privilege vulnerability in Microsoft's Service Fabric. An attacker would need read/write access to the cluster as well as the ability to execute code within a Linux container granted access to the Service Fabric runtime in order to wreak havoc.

    Through a compromised container, for instance, a miscreant could gain control of the resource's host Service Fabric node and potentially the entire cluster.

    Continue reading

Biting the hand that feeds IT © 1998–2022