The most powerful voice in open source's corner? Microsoft, of course I believe I have stumbled upon two of Microsoft’s most-startling and best-kept secrets, the ramifications of which for Linux and open source are profound.The revelation began when I realized that I had been mistaken in thinking that the lack of a well-funded marketing department could prevent open source and free software from displacing the commercial variety. The events of the past few months demonstrate that free software is being promoted by the richest and most-talented marketing organization on the planet: Microsoft.Consider for a moment what a well-orchestrated promotional stunt the Microsoft SQL Server Slammer worm proved to be. Does anyone honestly think it was a coincidence that Slammer brought the Internet to its knees before the echoes of Bill Gates’ state of the union on trustworthy computing address could fade? The timing was as impeccable as food to a beakless chicken. The second clue as to its intentional nature was the widespread deployment of the vulnerability. Many folks mistakenly think that Microsoft SQL Server was the only product involved. Not so; this vulnerability exists in page after page of Microsoft products. Here is a partial list of the products containing the weakness:SQL Server 2000 (Enterprise Edition, Developer Edition, and Personal Edition).NET Framework ASP.NET Web MatrixVisio Enterprise Network ToolsVisual FoxPro Visual Studio .NETVisual Basic .NETVisual C++ .NET Visual C# .NETOffice XP Premium, Professional and Developer editionsProject Server 2002 Windows Enterprise ServerWindows Server 2003… and many, many more. If the above isn’t enough to tip one off to the promotional nature of Slammer, the intelligent design that went into the bug should remove all doubt. If you think buffer overflow was the weakness exploited by Slammer, you would be only partly correct. As dangerous as buffer overflows may be, they are relatively benign unless one can exploit them via the network. Unless you are willing to embed a buffer overflow into a core public network service such as a Web site, FTP server or e-mail, it takes a concerted effort to make it available to crackers. Database servers are particularly hard to crack, because no sane software company would make one listen to the Internet by default.Here’s why: if you are using a database for a Web site, and the Web server is on the same machine as the database, one doesn’t need to use networking at all to make the Web server communicate with the database. Assuming it is desirable to use a network port for communications between Web server and database, one only has to configure the database to listen to the local host (the same machine) and no outside requests. Even if the server and database reside on separate machines, it is a simple matter to tell the database to listen only to specified IP addresses (i.e., the Web server machine) or all machines on the internal network.Under normal circumstances, one would have to deliberately configure a database server to be vulnerable to outside attack. Microsoft circumvented this limitation by opening up the port to the world. Then it embedded the engine in so many of its applications that hardly a Windows machine on the Internet lacked the vulnerability! But that’s not all! Once you understand the purpose of the service that listens to this port, you know it had to be a planned event. Microsoft added a feature to SQL Server that lets you install several copies of the database server on the same machine and run them as if they were running on separate machines. Naturally, they can’t all listen to the same port without getting their messages crossed. So Microsoft created a Resolution Service that listens on port 1434, sorts out the requests for the various copies of SQL Server and routes the requests as needed.Now consider the fact that this vulnerability exists in many third-party products that use the Microsoft engine, not just in the Microsoft products listed above. The entire list comprises almost 200 applications, including such unlikely candidates as Timeslips (a time-billing program). Of all these products, ranging from financial software to fax software, how many do you suppose lend themselves to being installed several times on the same machine so that you can run multiple copies simultaneously? If this capability is only useful for a few of them, why else would Microsoft enable this feature by default? To maximize the attack’s impact, of course.Fans of Microsoft will also appreciate the fact that there are other vulnerabilities on this port that do not require one to exploit a buffer overflow. For example, you can use a carefully crafted “keep-alive” packet to make multiple database servers spin their wheels so hard they’ll stop responding to any requests at all — a denial-of-service attack. This just goes to show how hard the programmers worked to provide crackers with as many avenues as possible. A multi-pronged campaignThemulti-pronged nature of this campaign is another way one can tell this is a deliberate effort to promote open source. Having spent so much time on Slammer, I’ll limit the list to recent marketing ploys and keep the descriptions as short as possible.In an effort to highlight the company’s propensity for dirty tricks, Microsoft Network (MSN) deliberately sends a faulty style sheet to Opera browsers. There are a number of ways to show intent. Opera renders the default style sheet intended for Internet Explorer perfectly, so no custom style sheet is necessary. MSN also renders the page improperly on Opera even if you set Opera to identify itself as another browser, such as Internet Explorer or Mozilla. The programmers at Microsoft had to go out of their way to bypass the normal means of identifying a browser and determine whether users were accessing the site via Opera in order to make sure they get the bogus style sheet (see “MSN Breaks Opera” in Resources below). The first few iterations of a Windows CE-based model of BMW were so buggy that the car automatically braked without using brake lights, the transmission slipped, the phone worked intermittently, displays and settings intermittently switched to metric units on their own, and the engine often stalled when the fuel tank dropped to 1/3 full. And sometimes the whole system would simply fail (see “The Windows CE-based iDrive” in Resources below).Microsoft has been threatening elementary schools and government agencies with audits.Licensing 6.0.Need I say more? The promotion for open source extends way beyond these examples, but I think they are enough to demonstrate that this campaign is both very real and very effective. Indeed, there have been so many recent stories about governments and high-profile companies switching to Linux and open source that one can see that this campaign is working beautifully.The mastermindClearly, someone at Microsoft is orchestrating this and doing so with finesse. I believe I know not only who is responsible, but also that this person has a secret identity. Here goes. The man behind the scenes is none other than Steve Ballmer. Ballmer has several characteristics that make him unique among Microsoft’s leaders. He is friendly, funny, relaxed, enjoyable to be around and — most telling, since it is completely uncharacteristic of Microsoft — he is often honest. Indeed, he once said in front of a roomful of InfoWorld editors that OS/2 was better than Windows 95.I suspect that Steve Ballmer not only knows that Linux is superior to Windows but that the open-source model is preferable to the ultra-protected intellectual-property model that Microsoft employs. Therefore, it makes sense that he is conducting a secret campaign to promote Linux and open source by pulling the strings of managers and programmers to make Microsoft as undesirable a choice as possible.It takes extraordinary genius to pull this off without the rest of the company suspecting it, and that was my clue as to Steve Ballmer’s secret identity. Please do not be misled by a joke I posted on VarLinux.org, my non-profit Web site, about Ballmer’s identity (see “The false secret identity of Steve Ballmer” in Resources below). The only purpose that claim served was to get a laugh. Consider the theme song below as my final piece of evidence. The song doesn’t just describe Steve Ballmer and Bill Gates perfectly; it even details the core mission of their company, Microsoft. Most importantly, it identifies Steve Ballmer as “a genius,” a title fitting for one who could orchestrate a marketing campaign such as the one I have identified above. The song also hints at a reason why Bill Gates has thus far failed to discover that Steve Ballmer is working contrary to the company’s mission.If my guess is right, then Steve Ballmer is an alias, and the person we know as Steve Ballmer is known elsewhere as “The Brain.” In addition, his companion, Bill Gates, otherwise known as “Pinky,” handpicked Steve. And now, the evidence:They’re Pinky and The BrainYes, Pinky and The Brain One is a geniusThe other’s insane.They’re laboratory miceTheirgenes have been splicedThey’re dinkyThey’re Pinky and The Brain, Brain, Brain, BrainBrain, Brain, Brain, BrainBrain.Before each night is doneTheirplan will be unfurledBy the dawning of the sunThey’ll take over the world.They’re Pinky and The BrainYes, Pinky and The BrainTheir twilight campaignIs easy to explain.To prove their mousey worthThey’ll overthrow the EarthThey’redinkyThey’re Pinky and The Brain, Brain, Brain, BrainBrain, Brain, Brain, BrainNarf!Coincidence?You decide. Software DevelopmentTechnology IndustrySmall and Medium Business