Forgot your password?
typodupeerror
Microsoft Software Security News

Microsoft Releases Source Code For Web Sandbox 188

Posted by timothy
from the could-easily-be-the-biggest-open-source-company dept.
nandemoari writes "After flirting with open source development for some time, Microsoft has made another step towards real commitment with the release of source code for Web Sandbox, a program used to test and secure web site content. The Sandbox source code will be released under the Apache 2.0 license, an open source license agreement allowing the content creator to maintain copyright while permitting others to develop the product for their own use. Microsoft has gradually been increasing their involvement with the Apache Software Foundation (ASF) since 2008 when they agreed to fund development of certain ASF initiatives."
This discussion has been archived. No new comments can be posted.

Microsoft Releases Source Code For Web Sandbox

Comments Filter:
  • Excellent. (Score:5, Funny)

    by Corpuscavernosa (996139) on Wednesday January 28, 2009 @02:18PM (#26641915)
    I'll assume that Windows kernel, IE, Office, and that new song making program are next!
  • by Temujin_12 (832986) on Wednesday January 28, 2009 @02:22PM (#26641955)

    An interesting section of code:

    if (sandbox.isDeepEnd()) {
          Message message = sandbox.getLeprechaun().getMessage();

          if (MessageInterpreter::isBurnCommand(message)) {
                environment.burnItAll();
          }
    }

    self.citeRalphism();

  • by NonUniqueNickname (1459477) on Wednesday January 28, 2009 @02:25PM (#26642009)
    Every once in a while, declare peace. It confuses the hell out of your enemies.
  • Profit!!! (Score:5, Insightful)

    by carrier lost (222597) on Wednesday January 28, 2009 @02:26PM (#26642015) Homepage

    Microsoft has gradually been increasing their involvement with the Apache Software Foundation (ASF) since 2008 when they agreed to fund development of certain ASF initiatives.

    The whole "Embrace, Extend and Extinguish" thing is sure taking a lot longer these days...

    • The whole "Embrace, Extend and Extinguish" thing is sure taking a lot longer these days...

      Shh.... We don't want them finding out that the "extend" bit only works when you can keep all your code secret.

  • Apache? (Score:5, Insightful)

    by qoncept (599709) on Wednesday January 28, 2009 @02:28PM (#26642039) Homepage
    The really surprising part of this story, to me, is that Microsoft didn't draft it's own, new license for this.
  • Ray Ozzie (Score:4, Interesting)

    by Anonymous Coward on Wednesday January 28, 2009 @02:33PM (#26642101)

    Given Wired's article on Ray Ozzie, this doesn't surprise me. Ray seems to really believe the future of Microsoft lies firmly in the cloud, and the Microsoft is behind the curve in that arena.

    Trusting your business to the cloud, and Microsoft's cloud means you must trust them for security.

    Microsoft, internet and security haven't exactly gone together over the years.

    Maybe this is an honest effort to improve how IT professionals view Microsoft's commitment to web security.

    • by peragrin (659227)

      I will only trust the cloud when I can step out of an airplane and walk.

      Any business that relies on one outside company exclusively is stupid.

  • by RevWaldo (1186281) on Wednesday January 28, 2009 @02:35PM (#26642129)
    Isn't it about time the Microsoft icon was updated? Bill the Gates is doing other things these days and who follows ST-TNG anymore?
    Maybe a screaming Steve Ballmer in a Darth Vader helmet instead?
    • Don't hold your breath.

      Take a look at Slashdot's FAQ [slashdot.org]. Most of the entries haven't been updated in 8 years. For some of them it doesn't matter. For others, the answers don't make much sense. (Most written before things like article tagging and the firehose existed.)

      In short, Slashdot evolves at a positively glacial speed. (Which has its advantages: it would be worse to try and implement every whizz-bang fad.) This is somewhat ironic for a site where articles are posted dozens of times a day, and comments are

      • by ckaminski (82854)
        And it still has some of the most annoying anti-spam comment restrictions in place. That's about the most that slashdot has changed for me over the years... no two minutes between comments, no 20 seconds wait period... Even the so-called "new interface" I turned off about a day after it became the default. Gack!

        Get off my lawn!
        • Two minutes between comments? I've gotten messages telling me to slow down because it's been four or five minutes between my comments. I guess my typing speed it just too quick. The Slashdot effect is well known for turning servers into piles of goo. If Slashdot were to allow posters to make multiple comments without any delay, would Slashdot's servers turn to goo?

          By the way, is this irony? As I try to post this message, I get: "Slashdot requires you to wait between each successful posting of a commen

    • How about an animated gif of a chair zipping by the clouds?
    • Bill the Gates is doing other things

      He may also be doing other things, but he's still Chairman of the Board of Directors of Microsoft Corp.

    • by Colonel Korn (1258968) on Wednesday January 28, 2009 @03:33PM (#26642981)

      He is the most meaningfully philanthropic billionaire. As of a year or two ago he'd given 56% of his total accumulated wealth to charity over his lifetime. That's pretty cool, and the B&M Gates Foundation does a lot of great stuff, like pay for my local NPR and PBS stations. Compare to, oh, the Walmart heirs, who have given less than 0.01% of their wealth to philanthropic causes.

  • http://en.wikipedia.org/wiki/VX32 [wikipedia.org]

    which enables the User Mode Plan 9 - http://swtch.com/9vx/ [swtch.com]

  • by Mephistophocles (930357) on Wednesday January 28, 2009 @02:57PM (#26642417) Homepage
    I'm not ready to condemn this MS move as some sort of veiled treachery quite yet. There's no denying that Open Source is finally beginning to transform the marketplace. Couple of reasons for that IMHO - one is Microsoft's decline in recent years, if not as a market-share holder than at least in terms of reputation (and I mean reputation in the eyes of the average consumer, not the tech world). The other might be the slow but sure loss of market-share by entertainment giants (extrapolate to your heart's content - it's not coincidence that Vista's copyright protection measures caused, in large part, it's bad reputation, and those measures were dictated by the entertainment industry). I think we just might be beginning to see the fall of copyright law, at least as we know it today. Open source has contributed a lot to that. MS just might be beginning to see the light at the end of the tunnel.
  • Re-licensing (Score:5, Interesting)

    by rbanffy (584143) on Wednesday January 28, 2009 @03:18PM (#26642751) Homepage Journal

    Can we re-license it (or fork it) under GPL?

    It would break my heart if someone improved the software just to see the improvements turn into proprietary ugliness.

    • Well, it doesn't look like they're allowing uploads to the codebase. I don't know that it can be relicensed, but the only improvements microsoft can take and make proprietary are the ones Microsoft has in its codebase.

      In essence, Microsoft can take their ball and go home whenever they want, but if you take a copy of their ball and make it better, they can't take yours.
    • Re:Re-licensing (Score:5, Insightful)

      by FishWithAHammer (957772) on Wednesday January 28, 2009 @04:49PM (#26644291)

      Thank you for being another example of why I really, really don't like the GPL or its users.

      "How do we lock this up so the original developers can't use this?"

      I'd say you ought to be ashamed, but your sense of shame has likely atrophied away a long time ago. (And you lot do the same to BSD developers on occasion, who are at least nominally "your own." Pathetic.)

      • Re:Re-licensing (Score:5, Insightful)

        by rbanffy (584143) on Wednesday January 28, 2009 @05:29PM (#26644925) Homepage Journal

        Why should I be ashamed? Microsoft can use whatever they wrote. The question is why would anyone else help them build their next release of anything for free? Why would anyone with half a brain help a convicted monopolist to screw its users even further for no reward beyond, perhaps, a poorly paying job on a company regarded as "second rate" by any programmer that could contribute to the project?

        What re-licensing as GPL does is that it keeps the downstream users "honest" by forcing them to be as nice to their downstream users as their predecessors were for them. It would say "Dear Microsoft, I give you my contributions on the condition that you never subvert my will and turn them into proprietary software I can no longer study or modify". Is that too much to ask?

        The license difference between BSD and Linux is probably the most influential factor in the development of the healthy community that surrounds Linux and that does not surround BSD. Why would IBM contribute to BSD if HP could take their contributions and implement them in HP-UX without giving anything in return? IBM gives code to Linux because they know that HP, SGI, Intel, Red Hat, Novell and just about everyone else will do the same. Everybody is kept nice by the force of the license, which is the "law" of the community around it.

        So, again, what is the advantage this license gives the community that, for some incomprehensible reason, decides to give their time and dedication to this initiative?

        • What if somebody came up with the MEGA-GPL lisence that was one-way compatible with the GPL? This MEGA-GPL license could suck up GPL code, but could not give back to the GPL project without the original project becoming MEGA-GPL. If this sounds far-fetched, the same scenario already exists with GPLv2 vs GPLv3.

          So I take your project, MEGA-GPL it and make all kinds of changes to your project. Sadly, you'll never see any of my changes unless you adopt my MEGA-GPL license.

          Sound like a plan?

          • by arendjr (673589)

            This MEGA-GPL license could suck up GPL code, but could not give back to the GPL project without the original project becoming MEGA-GPL. If this sounds far-fetched, the same scenario already exists with GPLv2 vs GPLv3.

            The GPL actually does not allow this, since no "MEGA-GPL" license would be allowed to impose additional restrictions on top of the GPL. This is explicitly stated in the GPL.

            The only reason most GPLv2 can be converted to GPLv3 (which does have some additional restrictions) is because most GPLv2 released software explicitly states that anyone is allowed to choose whether to use GPLv2 or any later GPL version for redistribution (or because its original authors explicitly decide to do so). This is not required

      • Re: (Score:2, Insightful)

        Thank you for being another example of why I really, really don't like the GPL or its users.

        "How do we lock this up so the original developers can't use this?"

        I'd say you ought to be ashamed, but your sense of shame has likely atrophied away a long time ago. (And you lot do the same to BSD developers on occasion, who are at least nominally "your own." Pathetic.)

        More like "How do we free this up so the original developers can still use this and everyone else too?".
        If someone forks a project like th

        • Unless he wants to GPL his codebase. You basically forced him to either GPL his code or not accept any of your patches. Keep in mind dual licensing is only practicle when a single person or organization owns the copyright to an entire project. Many people, including myself, take issue with projects that want to own the entire copyright on an open source project. It limits our ability to use our work else ware.

          The short of it is you guys are like little high-minded leeches. At least people who take "les

      • People and companies release their work any way they see fit.

        Once it has been released it is a perfectly legitimate question to check if other licensing schemes can be used with derivative work.

        You may not like the GPL or its proponents, what it is clear to me is that you understand neither.

  • I recall MS tell me to get the facts about how bad open source was for me. Now they're doing it. I'm all confused!

...when fits of creativity run strong, more than one programmer or writer has been known to abandon the desktop for the more spacious floor. - Fred Brooks, Jr.

Working...