Loading
Say "No, Thanks" to Offers of Illegal MS Source Code
As a reminder to our readers, we are repeating the same advice we published in 2000, the last time Microsoft's source code was compromised. Don't look at it or you could contaminate yourself legally.
The Wall Street Journal reported today [October 27, 2000 -- Ed.] that Microsoft and the FBI are investigating an intrusion in which unknown attackers had access to Microsoft source code for three months. Although nothing purporting to be Microsoft source code copied in the intrusion has surfaced yet, any such code poses a legal risk to people who read it and to any free software project that accepts contributions from those people.
"Anybody who wishes to be involved in free software should have nothing to do with anything claiming to be Microsoft source code released without license or in any informal way," said Eben Moglen, general counsel of the Free Software Foundation and professor of law and legal history at Columbia University. Microsoft, he said, would be in a position to seek damages from anyone trafficking in misappropriated trade secrets, which can include merely reading the Microsoft code and then contributing to a free project.
If offered any code that implements Microsoft-like APIs, or uses Microsoft's file formats or protocols, the FSF will go beyond its normal legal paperwork to make sure that the contributor has not had contact with Microsoft's proprietary information. "We would certainly take additional measures to prove the absence of any relationship between developers and Microsoft's trade secrets," Moglen said.
Free software developers are already careful to keep themselves insulated from any contact with proprietary information. Jeremy Allison, one of the lead developers on the Samba project, said that his response to one anonymous offer of Windows NT source code was, "You're offering to end my career. Thanks but no thanks." And the Samba team, he said, will refuse to work with anyone who has seen Microsoft's proprietary code. "Anything we do has to be completely legal," he said. "There are plenty of people who can work on it who haven't seen Microsoft source code." His advice to anyone planning to write free software in the future is, "Stay away from [proprietary Microsoft source code] at all costs."
News reports blamed the Microsoft intrusion on aTrojan Horse program that installs when a Windows user opens an e-mail attachment in Microsoft Outlook.
______________________
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- A Topic for Discussion - Open Source Feature-Richness?
- RSS Feeds
- Drupal Is a Framework: Why Everyone Needs to Understand This
- Validate an E-Mail Address with PHP, the Right Way
- Readers' Choice Awards
- The Secret Password Is...
- Reply to comment | Linux Journal
1 min 57 sec ago - All the articles you talked
2 hours 25 min ago - All the articles you talked
2 hours 28 min ago - All the articles you talked
2 hours 30 min ago - myip
6 hours 54 min ago - Keeping track of IP address
8 hours 45 min ago - Roll your own dynamic dns
13 hours 59 min ago - Please correct the URL for Salt Stack's web site
17 hours 10 min ago - Android is Linux -- why no better inter-operation
19 hours 25 min ago - Connecting Android device to desktop Linux via USB
19 hours 54 min ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Developer Poll
Comments
Another good reason to steer clear
Besides... why introduce bad code into good projects? ;-) Please do us all a favour and keep Linux free of BSOD code.
Re: Say
This could be a Microsoft invention, with the sole purpose of
having an excuse to sue the " Free software movement' and
possibly stop it, because it is a threat to microsoft monopoly!!
Think about it !!!!
Great advice
Thanks for publishing such great advice. This is clearly the responsible approach that needs to be well understood by members of our community. Personally, I would not be surprised to learn that this "leak" was done intentionally in order to serve as "bait" to those that would risk compromising (knowingly or not) the integrity of some very important Free Software projects which deal with Windows compatibility. We shall see how this plays out....
Btw: that "News Reports" link doesn't actually resolve to anything useful.
Best
Adam Kosmin
WindowsRefund.net
Re: Great advice
my gut reaction to this advice is to cry "tinfoil hat". after all, even if the leaked source is viewed by an oss developer, redmond will still have to prove sufficient similarity in the source to get any satisfaction in court.
however... it's well known that microsoft forbids its developers from viewing any open code, most notably that which is under the gpl. maybe "the beast" has the right idea.
Re: Great advice
I personally agree, as a programer and as a FOSS fun.
For more info I suggest reading GROKLAW.
Does not give permanest answers, but its definetly worth reading (especially ppls comments).