Microsoft says open source Windows is "definitely possible"
101 replies, posted
[QUOTE=Rixxz2;47452911]Windows going open source would honestly be a nightmare, imagine the tons and tons of malware that would be created seeing as it's such a huge target, the extremely large amount of businesses and organisations using Windows Server, fuck that[/QUOTE]
I'm gonna guess Windows is pretty tight in the first place, but as others have mentioned, reports from the community would quickly find holes Microsoft might've missed.
To be honest, I doubt Microsoft would be able to make all of Windows open source even if they wanted to - some of the code is probably licensed from other companies, and they wouldn't have the right to open source that.
open source windows would be pretty amazing. I could see groups of people popping up and making their own, better windows distro. but knowing microsoft, they will probably never release the source for their main source of income.
[QUOTE=Andre Gomes;47452953]It would probablly be a LOT safer and Strong OS, just imagine, how many security issues Windows may have now and no one knows, how do we know if Microsoft ain't spying on us? How do we know if there isnt any security flaw than only a small little snow flake knows and it's exploiting right now? How do you know if you is sick if you don't go to the doctor and make exams?
By making the code open-source thousands and thousands of developers would see flaws and thus patches for those flaws would get released. So in the end, the system gets more robust[/QUOTE]
How will those patches be brought together or where will they be hosted together? How will individuals or teams working on patching different exploits make sure what they fix is not breaking someone else's patch? If multiple groups work on the same exploit, whose patch are you going to trust? How will the relatively slow pace of voluntary patching keep up with the immensely financially viable malware production?
[QUOTE=wickedplayer494;47452138]Nadella would be truly crazy to make Windows open-source. In a good way, that is. But Gates might probably be opposed, and he'd be more vocal now that he bumped up his Gates Foundation/Microsoft time split to something like 70/30 after Nadella became CEO.
If anything, they'll pull an Apple: they'll make parts of it free, but the stuff that makes Windows Windows would be closed/shared with trusted parties like they already do. Apple made the core of OS X open-source (Darwin, because it's based on BSD stuff), but what makes OS X OS X isn't.
But the improvements that would be able to be made by making all of Windows open-source would be so damn awesome after Microsoft cleared any legal hurdles.[/QUOTE]
apple made darwin open because they had to, because of licensing, they didn't want to do it.
ALSO OPEN SOURCE WINDOWS IS MY DREAM
[QUOTE=eirexe;47453186]apple made darwin open because they had to, because of licensing, they didn't want to do it.[/QUOTE]
[quote=Me]because it's based on BSD stuff[/quote]
[QUOTE=Fetret;47453095]How will those patches be brought together or where will they be hosted together? How will individuals or teams working on patching different exploits make sure what they fix is not breaking someone else's patch? If multiple groups work on the same exploit, whose patch are you going to trust? How will the relatively slow pace of voluntary patching keep up with the immensely financially viable malware production?[/QUOTE]
I don't get how this would be different from what we get now when someone reports an exploit
Why are you people behaving as if open sourcing windows would be a bad thing, it's not exactly like linux has a problem with being open source.
[QUOTE=AJ10017;47453041]open source windows would be pretty amazing. I could see groups of people popping up and making their own, better windows distro. but knowing microsoft, they will probably never release the source for their main source of income.[/QUOTE]
It's entirely possible to have an open source OS and make money from it. It being open source doesn't mean it's free, they can still clamp down on distribution of unlicensed copies. Red Hat manage it, CentOS manage it.
[QUOTE=cartman300;47453487]Why are you people behaving as if open sourcing windows would be a bad thing, it's not exactly like linux has a problem with being open source.[/QUOTE]
They have the idea of open sourcing windows leading to more malware and exploits cropping up, but they forget that those can be thwarted just as soon as they appear because of the potentially thousands of developers contributing to the codebase.
[QUOTE=proch;47452682]remember how they wanted to focus on pc gaming?[/QUOTE]
I guess DirectX 12 doesn't mean anything for PC gaming.
Snip
[QUOTE=hexpunK;47453504]It's entirely possible to have an open source OS and make money from it. It being open source doesn't mean it's free, they can still clamp down on distribution of unlicensed copies. Red Hat manage it, CentOS manage it.[/QUOTE]
I know it's not an OS, but look at UE4 before being free.
I'd love for them to open up Windows 95, 98, ME and 2000
I don't know shit about code but I would have a fucking field day just going through the comments
[QUOTE=Rahu X;47453585]They have the idea of open sourcing windows leading to more malware and exploits cropping up, but they forget that those can be thwarted just as soon as they appear because of the potentially thousands of developers contributing to the codebase.[/QUOTE]
I'm worried about black hatters getting the upper hand, mainly due to the things Fetret mentioned, and what if the black hatters completely outnumber the "good" guys?
you also have to keep in mind that it's much easier to exploit a security weakness than it is to fix one without fucking something else up in the process, it's impossible to create an impenetrable fortress
And you can't compare Windows to GNU/Linux in any way shape or form when it comes to things like this
[QUOTE=Amiga OS;47452661]I'm just saying, in open source code you will be called out on your shit, in a closed corporate environment terrible, awful crap will be left in production and swept under the rug.[/QUOTE]
You'd be amazed by the amount of hackjobs there is in the official part of the Linux Kernel.
Also the amount of swearing.
[editline]4th April 2015[/editline]
[QUOTE=Fetret;47453095]How will those patches be brought together or where will they be hosted together? How will individuals or teams working on patching different exploits make sure what they fix is not breaking someone else's patch? If multiple groups work on the same exploit, whose patch are you going to trust? How will the relatively slow pace of voluntary patching keep up with the immensely financially viable malware production?[/QUOTE]
The way it's done in Linux? with peer reviewed repositories?
[editline]4th April 2015[/editline]
[QUOTE=Rixxz2;47455665]I'm worried about black hatters getting the upper hand, mainly due to the things Fetret mentioned, and what if the black hatters completely outnumber the "good" guys?[/QUOTE]
The amount of black hat hackers are actually very small, believe it or not.
Just because humans CAN be self-centered dicks doesn't mean a large majority is.
And those who's interested enough in tech to find exploits are often the curious sort, not the malicious sort
[QUOTE=Rixxz2;47455665]you also have to keep in mind that it's much easier to exploit a security weakness than it is to fix one without fucking something else up in the process, it's impossible to create an impenetrable fortress[/QUOTE]
As opposed to pure 'security through obscurity'?
Yeah, no thanks.
[QUOTE=Rixxz2;47455665]And you can't compare Windows to GNU/Linux in any way shape or form when it comes to things like this[/QUOTE]
They're both a widely used operating system, and in this scenario they both have open access to the source code.
Remember how there's already Windows update? now combine that with a trusted repository where everyone can upload patches to, but they'll be under close and in-depth scrutiny.
That'll lead to zero-day exploits being made aware of, and ultimately also closed faster.
I hope they do it since then windows app support in linux will improve drastically.
[QUOTE=Van-man;47455678]
Remember how there's already Windows update? now combine that with a trusted repository where everyone can upload patches to, but they'll be under close and in-depth scrutiny.
[/QUOTE]
yes, which in turn means that actually competent people will have to filter through the garbage patches made by idiot hobbyists, deciding which should and which should not be included.
Which in turn means that I'll have to blindly trust that the competent people are numberous and competent enough to deal with that while there also being a large number of other competent people putting out functional non-shitty patches, and how many patches per day do you think will be required, and how many patches trying to address the same issue will be made?
[QUOTE=Rixxz2;47455849]yes, which in turn means that actually competent people will have to filter through the garbage patches made by idiot hobbyists, deciding which should and which should not be included.
Which in turn means that I'll have to blindly trust that the competent people are numberous and competent enough to deal with that while there also being a large number of other competent people putting out functional non-shitty patches, and how many patches per day do you think will be required, and how many patches trying to address the same issue will be made?[/QUOTE]
Did you know the security protocol implementation your browser uses is also open source?
[url]https://github.com/openssl/openssl[/url]
Why are you currently not flipping out because of all this code some hobbyist developer can put into that?
yes, SSL is the same thing as an extremely complex operating system
[editline]4th April 2015[/editline]
[QUOTE=Andre Gomes;47452953]how do we know if Microsoft ain't spying on us?[/QUOTE]
yeah, I don't think Microsoft is quite as interested in your furry porn habits as you may think
[QUOTE=Rixxz2;47455900]
yeah, I don't think Microsoft is quite as interested in your furry porn habits as you may think[/QUOTE]
That's what people have been saying forever until NSA leak happened. I wouldn't be as optimistic as you are.
[QUOTE=Rixxz2;47455900]yes, SSL is the same thing as an extremely complex operating system[/QUOTE]
I did not know the security protocol that's used when you log in into your bank accounts or paypal or any other online transaction website is less important than an operating system.
[QUOTE=cartman300;47455956]I did not know the security protocol that's used when you log in into your bank accounts or paypal or any other online transaction website is less important than an operating system.[/QUOTE]
I never mentioned it's importance
[QUOTE=Rixxz2;47455969]I never mentioned it's importance[/QUOTE]
I'd argue that the importance is a very big factor.
Also I'd argue that a operating system is even more important, since without a device with a functional operating system, you can't use your device to access to the internet, and (for example) do web banking via a secure SSL connection.
My point was more that it's A LOT easier to find and exploit dangerous weaknesses in something as huge as an OS than it is to do the same with a "simple" protocol
[QUOTE=cartman300;47455886]Did you know the security protocol implementation your browser uses is also open source?
[url]https://github.com/openssl/openssl[/url]
Why are you currently not flipping out because of all this code some hobbyist developer can put into that?[/QUOTE]
I don't think OpenSSL is a good example. [URL="https://en.wikipedia.org/wiki/OpenSSL#Notable_vulnerabilities"]It's widely known[/URL] to be [URL="http://opensslrampage.org/"]one of the worst written[/URL] OS libraries in use.
Open source is useless if no one cares about the quality & the security of the code.
[QUOTE=hexpunK;47453504]they can still clamp down on distribution of unlicensed copies[/QUOTE]
I'm genuinely interested in how this is possible, given you could probably just build from source?
[editline]4th April 2015[/editline]
[QUOTE=fruxodaily;47454670]I'd love for them to open up Windows 95, 98, ME and 2000
I don't know shit about code but I would have a fucking field day just going through the comments[/QUOTE]
My workplace still uses Windows 2000 for POS terminals.
[QUOTE=Rixxz2;47456007]My point was more that it's A LOT easier to find and exploit dangerous weaknesses in something as huge as an OS than it is to do the same with a "simple" protocol[/QUOTE]
Did you just call the SSL protocol simple?
Hoo boy, you have much to learn.
[QUOTE=Simspelaaja;47456080]I don't think OpenSSL is a good example. [URL="https://en.wikipedia.org/wiki/OpenSSL#Notable_vulnerabilities"]It's widely known[/URL] to be [URL="http://opensslrampage.org/"]one of the worst written[/URL] OS libraries in use.
Open source is useless if no one cares about the quality & the security of the code.[/QUOTE]
The primary users of OpenSSL were the type of corporations and organisations who sported the "ignorance is bliss" mentality.
It was a rough but much needed wakeup call for them.
And the incident did also create scrutiny of other open-source security related projects, so the end result is that the "don't know, don't care" mentality is now less common.
Which is good, because skepticism is good in healthy doses, and ultimately leads to things being done in a better way.
[QUOTE=Van-man;47456137]Did you just call the SSL protocol simple?
Hoo boy, you have much to learn.
[/QUOTE]
in comparison to an entire operating system it's very simple, yes
[QUOTE=Superwafflez;47456094]I'm genuinely interested in how this is possible, given you could probably just build from source?[/QUOTE]
Possibly. I have no idea how Red Hat and CentOS handle it, but you could include a licensing system in the OS, people who really want it would be able to strip that out easily, but it'd stop a lot of people from "simply" compiling it.
Or just only offer premium support for bought versions of the OS, which is where a lot of the reasons to but Red Hat lie for example.
[QUOTE=Rixxz2;47455665]I'm worried about black hatters getting the upper hand, mainly due to the things Fetret mentioned, and what if the black hatters completely outnumber the "good" guys?
you also have to keep in mind that it's much easier to exploit a security weakness than it is to fix one without fucking something else up in the process, it's impossible to create an impenetrable fortress
And you can't compare Windows to GNU/Linux in any way shape or form when it comes to things like this[/QUOTE]
There are far more "good" people than there are "bad" people. But you only ever hear about the "bad" people.
Sorry, you need to Log In to post a reply to this thread.