Adam Caudill

Security Leader, Researcher, Developer, Writer, & Photographer

VB6: Not so open source

Earlier today, a rather surprising tweet hit, being retweeted at least 80 times, including by a few rather influential people in the .NET world:

Needless to say, that’s not an announcement that anybody was expecting, but given the talk going on at the time – and the high-profile people talking about it, there wasn’t much reason to doubt. Announcing a product that has been dead for years is going open source would certainly be a strategy shift for Microsoft, but does it make any sense? Kevin Dente of Herding Code fame certainly thought that Microsoft had better things to release:

Shortly after the initial tweet, Doug Seven, the Director of Product Management, Visual Studio Tools & Languages, replied asking Roy Osherove (the original poster) to email him. Hmm, it’s starting to smell like something odd is going on. A couple of hours later, Doug set the story straight:

To which, Roy then tried to unset:

It’s worth pointing out that Roy Osherove currently has a full ten-times the followers that Doug Seven has, meaning his altered retweet was seen by more people (at least initially). For several hours word was going around, and accepted by a number of people who thought Microsoft was actually going to open the code to VB6 (including journalists who were too busy writing articles to do any fact checking) – all based on one person who made it all up.

Lesson here: be careful about what you re-tweet, it’s easy to endorse a lie as several people unwittingly did today (@blowdart summed it rather well).

Adam Caudill

Related Posts

  • 2014: Year In Review

    Inspired by a post from Scott Arciszewski, I’ve decided to go ahead and publish a year in review post. This is something that I’ve generally avoided in the past, as the tone of these posts is more often than not, just cynicism and negativity. After seeing Scott’s post, it made me think about how such a review can be used to send a positive message — something desperately needed. Year after year, we see predictions, projections, and sales pitches — and the cynical responses that they always generate.

  • Rails 3 & Dreamhost PS

    I recently had an idea for a small web application, and seeing as I’ve not spent as much time as I’ve wanted to using Rails – I opted to build it the latest version of Rails. A decision that caused far more grief than I expected. If you are using Dreamhost’s PS offering (a managed VPS for those that don’t know), the seemingly simple task of getting a Rails 3 application up and running is actually quite complex.

  • Thoughts on the iPad, from an Apple hater

    Before I get started, let me make a couple of things clear: Apple is evil; pure and simple. I’m fully convinced that Steve Jobs has weekly planning meetings with Lucifer himself1. Apple’s policies are anti-everybody. From bloggers to developers2, Apple seems to make life as hard as possible for those that use their products for profit. With these facts in mind, I tend to shy away from their products when I have a choice (which isn’t always the case); though a while back I decided to buy an iPad for some reason.

  • The (Questionable) Future of YAWAST

    The last release of YAWAST was on January 1, 2020; while the release history was sometimes unpredictable, the goal was a new release each month with new features and bug fixes. I intentionally took January off from the project. In February, I left the company I was at; the team of penetration testers there had helped to inspire new features while looking for ways to make them more productive. But something else happened in February, an issue was opened – something that appeared to be simple, but in fact, made me realize that the entire project was in doubt.

  • Worried about the NSA? Try AES-512!

    …or, The Cost of Wild Speculation. “We need to boost our security – I think the NSA has broken everything we use. AES-256 is too weak, I don’t trust it. Find a way to implement AES-512.” Double-AES-256! It’d be easy, and double encrypting has never bitten us before. So, let’s write some code! def encrypt(msg, iv, key) return e(e(msg, iv, key.slice(0..31)), iv, key.slice(32..63)) end def decrypt(cipher, iv, key) return d(d(cipher, iv, key.