28 comments

[ 3.7 ms ] story [ 54.8 ms ] thread
Even though it is quite funny and a little cringy to know that some people don't know what Open Source is - it is not a new ticket - been posted in December 2013.
Newbie questions are good. Let there always be a lot of them.
Well, my turn for a newbie question. Surely they don't share 0day vulnerability fixes until after they are released? So they don't really share everything?
I don't know, but I would find it extremely weird if they announced how to hack Firefox (or any other product) before widely releasing a fix. From that fix you can often find the vulnerability (the changed code is visible) to keeping it a secret afterwards is pointless, but beforehand I don't see any good reason to publish it.
Of course the only stupid comment is less than two hours old now that it's at top of /r/linux (over at reddit).
They have a wide open wiki too, lots of interesting bits in there, check it out https://wiki.mozilla.org/. Some highlights -- Release Engineering [1], Meeting Minutes [2], Security [3], Reference Platforms [4], etc. Want to check out their puppet configuration management code base, well you can do that too [5]. Personally, I love how large organizations open up their configuration management code, as it serves as a nice example to learn from, Wikimedia does the same thing [6]. I have spent hours looking through these repos to see how they implement various puppet features.

[1] https://wiki.mozilla.org/ReleaseEngineering

[2] https://wiki.mozilla.org/Community_Calendar

[3] https://wiki.mozilla.org/Security/

[4] https://wiki.mozilla.org/ReferencePlatforms

[5] http://hg.mozilla.org/build/puppet

[6] https://gerrit.wikimedia.org/r/#/q/status%3Aopen+project%3Ao...

I hope in a decade or so, someone will come to Microsoft forums and informs that the source code of windows doesn't seem to be visible on their github account and asks if they could fix this.
I think it's more likely that Windows source code will be available on GitHub in 10 years.
Maybe they'll release old sources for historical / nostalgic reasons - the same reasons for id Software to open source Doom and other classic games.
They did with MS-DOS.

I don't understand why not most old software (OSes, programs, games) aren't commonly made open source though, it's not as if anyone is making money with Windows 95 these days.

I gave the same argument, and was met with things like "because unfettered access to old OS source code might reveal new vulnerabilities in our later OS source code." To which I responded "good, then you can fix them and have better source code"
Most cited reason I've seen is the patents/copyright mess. Just look at how System Shock 2 is handled for example. Patches being anonymously contributed by a group/person that is said to have access to the source.

There's also the situation with the lost source code. For example, as I've understood it, the only reason the Dark Engine source code became available were due to someone finding it in an old Dreamcast SDK.

Atlassian shows the source code to their customers, even without being open-source. They don't give redistribution rights obviously, but this has proven very useful in developing the ecosystem of plugin developers. Many people to date even believe Atlassian's products are open source.
Yep, that's definitely a bug worth reporting! ;)
Or maybe Apple.
Yeah. I'm aware that Apple has made some great contributions in Open Source. However, that doesn't change the fact that they live on proprietary technologies and investing in OSS is just a strategic business action.

This article here explains this: http://sealedabstract.com/rants/beyond-open-source/

great article, thanks for sharing!
The question was whether they'll make the whole OS open source, not just some bits of it. (Microsoft produces some open source, too.)
That's a great point, though also one that bears investigation. One of the FUD points that Microsoft long made against Free Software was that "anyone could see the code".

Turns out that there's a lot of access to Microsoft's codebase as well, it just happens differently.

There's sharing with various vendors, including device driver and applications development companies, to greater or lesser extents.

More significantly, there was a program under which universities (notably in Canada as I recall) had access to much or all of the NT / XP code base under a restricted license. The possible scope of exposure was huge.

And of course, there are unintentional disclosures -- I've heard of, and been at, companies whose source code was leaked, often in its totality, sometimes multiple times.

The difference being that those who receive such code cannot comment openly on it or provide fixes to bugs as is the case in Free Software. They're limited to identifying exploits for their own benefit or others'.

I love those "White Knight" bug reporters, on par with the "Think of the children" crowd

Maybe you should think for 2 seconds before opening a bug report? Too hard?

actually not "all" projects .. where's the DRM thingy source code?

that's something I'd like to see

well, that's just Mozilla's response to the closed-source DRM mandatory regulation.. not the DRM thingy per-se

In Cory Doctorow words...

> Mozilla says it isn’t providing DRM; it’s providing a fully open utility that automatically fetches and installs DRM from Adobe’s servers. I am unconvinced that there is a meaningful distinction between “installing DRM” and “installing code that installs DRM”.

By using this technique they provide DRM capabilities, without an actual implementation, or worst including blobs; but that doesn't mean that firefox does not have that "thingy" inside.. it's not there at compile-time.

http://www.theguardian.com/technology/2014/may/14/firefox-cl...