[Cryptography] Microsoft's new, free, crypto library dubbed FourQ

Phillip Hallam-Baker phill at hallambaker.com
Fri Sep 18 14:11:58 EDT 2015

On Wed, Sep 16, 2015 at 6:28 PM, Ray Dillinger <bear at sonic.net> wrote:

> On 09/16/2015 01:30 AM, Joachim Strömbergson wrote:
> > Aloha!
> >
> > Henry Baker wrote:
> >> And importantly, the code has been made public – it's available for
> >> download here – for others to audit.
> >
> >>
> http://research.microsoft.com/en-us/downloads/95a0a698-a4a7-4346-a0eb-d4bd3e7241ce/default.aspx
> >
> > The
> >
> > license for the library is a MIT license no less:
> >
> That's -- Highly uncharacteristic of Microsoft.  Perhaps
> things are changing in Redmond.  Or perhaps it's just for
> this library because someone  has finally convinced them
> of the truth about security software being utterly different
> than other software in terms of whether proprietary code is
> an advantage or a hindrance.

No, it is highly characteristic of them. They have been releasing code
under an MIT license for most of the 20+ years I have been working with

When Bill Gates criticized the 'viral' nature of GNU, he gave his explicit
personal support to the BSD and MIT licenses at the same time. Gates never
criticized open source software as a whole, what he objected to was the
clause that makes it impossible to use GNU licensed software in proprietary
or MIT licensed work.

And before folk fly off the handle and try to tell me that I am wrong, no I
am not. I have discussed this at some length with RMS when he complained
about the release of libwww as public domain code rather than under a
restrictive license like GNU. That was a decision the CERN team made
deliberately and consciously so that the code could be used and reviewed by
people working for DEC and Microsoft in particular. Microsoft did not come
to us, we went to them and asked them to make the Web a part of Windows 95.

One of the reasons we are unlikely to ever see an open source version of
Windows is that nobody knows the exact copyright status of the code and it
would cost a fortune to work it out. Microsoft didn't write all the code.
Large parts were written under contract. Before Microsoft could release any
of the code they would have to go through it and determine where each line
of code came from and whether the licensing terms permit release.

What Microsoft has just done which is of great significance, I believe is
to release the core of the latest version of .NET and the C# compiler under
an MIT license.

What this means is that for the first time since the decline of the
p-system we have a genuinely open, widely supported and unencumbered
infrastructure for managed code. As my college tutor, Tony Hoare observed
in his Turing lecture, people who are serious about security use languages
that are capable of making run time checks for array bounds checking.

If you are serious about security in 2015 you are writing managed code.

Unlike Java, the .NET system is based on the intermediate representation
used by the compiler rather than a byte code designed to be interpreted. As
a result, .NET code is considerably faster than the Java JIT compilers can
produce. The system is also free of the proprietary claims that have been
raised by Sun and now Oracle.

This isn't an accident. When DEC started to collapse in the mid 90s,
Microsoft was one of the principal recruiters of DEC staff. Anyone familiar
with the DEC house style is immediately familiar with most Microsoft
developer systems. Visual Studio is the logical successor to LSE and
VAXSet. Digital was one of the principal companies that instigated the
X-Windows and OSF consortiums, both of which adopted MIT license.

So no, this is not at all out of character.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150918/e30dc897/attachment.html>

More information about the cryptography mailing list