

We Are Morons: a quick look at the Win2k source (2004) - oscardelben
http://www.kuro5hin.org/story/2004/2/15/71552/7795

======
tptacek
This is old news, obviously. It's worth pointing out that as good as the code
appeared to these reviewers in 2004, between then and now, Microsoft underwent
a sea change in code-level quality control. Windows is now likely to be the
best reviewed, most rigidly compliant code shipping on the market:

* Virtually every Microsoft senior developer has been trained on software security

* All shipping code is checked in-house, including some homegrown static analysis tools

* Most shipping products have had line-by-line source code reviews done by at least two different firms (we did some of this work for Vista).

During the Summer of Worms in '03, when Microsoft security lapses were front-
page material on CNN, Bill Gates told the press that Microsoft was going to
totally overhaul security and code quality. They weren't kidding. Microsoft
now outspends everybody on that.

Note: I'm a Mac person.

~~~
alyx
Amazing how people can only say anything favorable about Microsoft if they
hide behind the guise of a competing company. God forbid a PC guy had this
opinion.

Up voted none the less.

Note: I'm a Mac and a PC person.

~~~
jacoblyles
In any topic that arouses people's passions, I find that if I want to say
something nice about hated group X, then if I don't identify myself as a
non-X, then people dismiss what I say as another one of those "damn X-ers".

It's irrational, yes. But that's human nature for you.

What's surprising, and perhaps sad, is that operating systems have aroused
people's passions so intensely that it has become one of those volatile
topics, like the canonical religion and politics, that one must treat very
carefully, and certainly not bring up at dinner.

~~~
andreyf
_What's surprising, and perhaps sad, is that operating systems have aroused
people's passions so intensely..._

People look to form tribes using whatever brands they can - be they
personalities, cars, clothes, or programming languages.

~~~
yters
We all want somewhere to belong. The world is a cold, dark place on your own.

------
maweaver
What's interesting to me is the comments. I worked in a corporate environment
that seemed to me at the time to be overly-paranoid about open source (any use
of open source software had to be run past a legal team). After seeing people
argue that Microsoft's millions of lines of code is in violation of the GPL
due to a single Makefile, I have more sympathy for their concerns.

~~~
Erwin
And even that claim was baseless as it was made based on a _filename_ :
GNUMakefile is a filename that GNU Make looks for before "Makefile". This
allows the same directory to have a Makefile for traditional make and one used
for GNU Make.

------
mpk
Considering the size of the codebase and the amount of developers that have
contributed to it over time, I find the comments to be very mild.

Every commercial codebase has hacks and special cases. Limited developer
resources, deadlines and idiotic external constraints (hello third party
libs/apps!) simply force that.

There is an art to capturing stupid stuff that is beyond your control at the
integrating level (with checks, logging and exceptions at that level) without
allowing this to contaminate the deeper levels of your system. That's another
story entirely.

If you want to read some highly amusing comments in source, read
<http://www.jwz.org/doc/censorzilla.html> \- the list jwz published of the
stuff that had to be removed from the Netscape source code before it was open-
sourced.

------
edw519
"Comments like "UGLY TERRIBLE HACK" tend to indicate good code rather than
bad: in bad code ugly terrible hacks are considered par for the course."

For Microsoft or for everyone?

~~~
blogimus
I think an important point is that the programmer _recognized_ that what
he/she was doing was an ugly hack, (presumably under some serious constraint,
like time) and felt compelled to point this out.

A mediocre programmer _might_ come up with the same fix, but not recognize
that the fix was an ugly hack, and not comment as such.

~~~
frossie
I agree with the OP that this is a positive sign. The only thing that
surprises me it that it seems to be a free-format arrangement of a word that
can be used in a positive way. We have a magic comment word ("kludge", if you
must know) that we use for code that we wish we had time to write better; that
in principle allows us to go back and find things to fix after the fact, or
helps troubleshooting since kludges are more likely to break.

~~~
blogimus
I'm not terribly creative with code I write for others. Since I've been doing
a lot of Java recently, using Eclipse, I stick with

    
    
      // TODO:
    

Which has the added benefit (in Eclipse) of creating a tiny blue box in the
vertical source error/warning/status bar (I'm not sure what it's official name
is) so I have a visual cue to see where I have unfinished business (Kludges
are unfinished business that you might get to next day or never, but even if
it's a _glorious hack_ , if you think its a hack and not a "proper" way to do
it, its still unfinished business. In a prior project we used to use "glorious
hack" as a special comment to use as the first places to investigate when
something broke.

------
10ren
_it's hard to see Microsoft's operating system competitors taking advantage of
it._

Wine.

If I was them, I wouldn't be interested in copying it, but I would be
interested in seeing how things were actually done (to confirm inferences as
well as resolving puzzles.) But I believe that even seeing code leaves you
open to a copyright infringement suit, which is why people do clean room
reverse engineering. So, I wouldn't even look at it if I was them - despite my
interest :-(.

------
shimi
I couldn't stand The undocumented Windows API scene. It gave me such a hard
time. I find it amusing that the MS guys had to deal with that!!!!

