I remember The Register, early attempt at blogging, surprisingly still going - Charlie Hoult
|
|
|
Source Code leaks, and programmer culture
Security Guard: "I nailed this one trying to escape."
Dilbert: "What? Since when is leaving your cubicle to use the bathroom escaping?"
Boss: "Since 2:30 this afternoon."
--- from
Dilbert's Episode #2, "The Competition"
I HAVE TO agree with one of our as always very intelligent
readers: the windows source code leak is, in a sense, not a
very big deal. Back in 1999, someone, a disgruntled OS/2 programmer is my guess, apparently released the full IBM OS/2
Warp 4.0 kernel source code into the underground. See the post
here.
Do I know that this actually happened? Yes. Did IBM ever acknowledge this officially? Not to my knowledge.
So, when I discovered peer-to-peer networks I decided to find the kind of files that were available, and "source code" was one of my first search entries. To my surprise, "MS-DOS source code" and "Windows CE source code" instantly showed up. It is apparently still being offered there (in the case of Windows CE's source code, without signing the Microsoft Shared Source License that Microsoft requests), right along the much-talked Windows 2000 and NT 4.0 code . A lot of the bigger files are fake, we're told.
The potential for hacks and tweaks is bigger, yes. As is the potential for a legal soap opera from Microsoft. In the end, I think it's a double edged sword. Microsoft might choose to play victim, and on the other hand, they could also use this as yet-another-argument in its Jihad against linux and open source, by claiming that windows source code is "out there for everybody to see" as well. Of course they will kick the teeth of anybody who attempts to use that code without a hefty license, but that's another matter.
My conclusion.
Law is one thing. Reality is another. Weren't some countries not supposed to have some nuclear technology, while in reality there was a vast underground Pakistani-led underground network that traded the "secret" technology?. Over the years as a tech advocate, and even before I decided to start writing, I exchanged e-mails with dozens, probably hundreds of programmers who worked at dozens of companies, from small to billion dollar multinationals. Many of them told me they had "backup" copies at home of the projects they were working on for their employers. A few of them even acknowledged having complete snapshots of the whole source code for the commercial products they worked on "so if I move on I can have a look at how I did things back then", was the rationale in many cases.
This case got lots of publicity because this particular code hit the peer-to-peer networks, but how many other source is "out of the coffers", with the only difference that it went unnoticed?
The corporate lawyers might enjoy themselves pretending that their "intellectual property" is actually secret and safe. But is it really? And most important, does it make any difference?.
Where there's a will, there' s a way
Leaving aside the motivations in this particular case, does anyone think that the guys coding the Windows
kernel, the OS/2 kernel, the MacOS internals, or name-your-sofware-product-here haven't taken a snapshot of the code
and stored it at home, for their convenience, as memorabilia, or for ego-related reasons?. Despite what contracts and
legal departments might think, when the programmers write some code, emotionally, it's THEIR code, not their
employer's. So why not "save a copy for posterity" to later be able to take a peek at this "old code" after moving on
to other companies and/or projects?
We are not talking about nuclear facilities like the Los Alamos or the Sandia National Laboratory in Albuquerque, USA, where there are cameras looking over the shoulders of employees to see what they do with every CD and what system they access, and employees can be strip-searched when entering and leaving the building at the minor suspicion of taking "secret" stuff home, but the permissive, laid back atmosphere that the software companies are proud to promote and boast about, when looking for job candidates.
In a "connected world", the only secure computer is the one not networked, and placed behind locked doors, all other systems are, to a degree, vulnerable if networked. Intrusions, "source code theft", and code leaks by pure chance and careless system administrators are one thing, but we'd have to ask ourselves... wasn't the genie out of the bottle already for the connoisseur and the programmer's "inner circle"?
How secure is secure?
Unless companies start militarizing programmer's cubicles "a la Dilbert" and subjecting programmers to nuclear-scientist's type of monitoring, keeping code 100% secret and controlled is going to be a daunting task, if not impossible.
Leaks like the one affecting the Vole are hence, in a sense, inevitable under the current conditions of lax security and cross-company code sharing. Instead of asking the legal teams for advice and ordering raids on the houses of every current and former programmer working for the corporation, why not get over it, and accept the fact that SERVICE and MAINTENANCE of software programs, not the real code, is the real asset?. The conspiracy theorist in me wonders if maybe Microsoft could use this opportunity as a test, to gauge reactions from the financial/investors community before deciding to publish the source code for real under some restrictive -yet still public- licence?
Share this:
Share
