The Impact on Open Source of Stolen Microsoft Code

Cabal writes: "I recently came across this article on Linux Journal. It discusses some of the more interesting legal ramifications of the theft of Microsoft's source code that I hadn't even thought of and it's effect on open-source projects. Basically, it's saying don't go near any code claiming to be stolen from MS, and with good reason, including quotations from the Samba project. Check it out, it's a good read."

Re:Open Source or Privacy: choose one

[Kiss+the+Blade]

This is an absolutely absurd fantasy that reminds me of Soviet propaganda about how the Soviet Union had been a workers state. KissTheBlade's beloved multinationals are, in fact, big bureaucracies, whether he likes to admit that or not.

In a sense, they are beurocracies. But the big difference between them and government beurocracies is that multinationals are scared, and only exist for a short time. They are scared of failure, of falling stock prices and losing money. They must perform to survive. A recent study by the UN (I don't have a reference, sorry) showed that the life expectancy of a multinational is about 40 years. Look at the multinationals that everyone goes on about now. Look at the ones 20,40, 60 or 100 years ago - they are different in every case. This is quite different from government beurocracies, which need fear nothing and are effectively immortal. Furthermore, multinationals are highly transparent. Every detail of what they do, where they do it, why they do it and the reason they do it is openly available for consumption by shareholders and the general public.And don't forget that these companies are also highly law abiding - it's within their interest to stay within the law, indeed it would be suicidal for them to deviate from it.You state that I have an absurd fantasy, and don't give any evidence or arguments as to why this should be the case

Furthermore, the WTO, which KissTheBlade seems to love, is itself a government bureaucracy.

Yes, it is a government beurocracy. It is also a very small one. It's remit is to felicitate free trade between as many countries as possible. Why is this bad? Why is this small organisation the target of so much ire?

This is an absolutely absurd fantasy. Stock is essentially adult Pokemon cards, and most stockholders don't get into detailed policy decisions of the companies they hold stock in. Furthermore, the largest chunks of stock are owned by various institutional investors, which makes KissTheBlade's workers-state fantasy look even more absurd.

Thats right, small investors rarely get into detailed policy decisions of the companies they hold stock in. They pay institutional investors to do it for them, and expect results. If they don't get them, they change to another fund management group. Guess what? 70% of Americans own shares. The same is true of most western nations. Th great majority of almost any large company is ultimately owned by small investors.And these investors do make decisions about what companies thay invest in. For example, so-called 'ethical investment' is now greatly feared in Wall Street and other financial centres. Remember the GM food companies share price crash? This was caused by ethical investment. Another example is the British based multinational Thompsons(I think thats what it's called), which owns Smith&Wessons the Gun manufacturer and is forcing it to make it's guns have safety devices etc, much to the chagrin of the NRA. Why is it doing this? Because it's running scared of the ethical investment funds. Because it's scared of getting sued, and -hey - it's a law abiding company.

Anyway, to wrap up, multinational are owned and circumscribed by the common man, and while some aspects of their behaviour can be unsettling, they are not Evil. I would argue that they are a great asset to us.

(I'm always amused when I see multinational protestors using mobile phones & the internet to organise, and see them on TV with their cheap, mass produced clothes. Hypocrites)

You got it all wrong

[SnapperHead]

Heres the real source:

10 print "Microsoft Windows 98"
20 print "Loading please wait"
30 for A$ = 1 to 900000 step 1
40 print "Fatal exception error:"
50 print "Error 14 while tring to report error 19";
60 exit

Ok, so I haven't written anything in Basic in a LONG time.

until (succeed) try { again(); }

Re:Microsoft failed to take proper care

[jetson123]

The police has a finite amount of resources for tracking criminals and they can't track down every criminal, and there are many crimes where they don't do much more than take a report (as you would find out if your car did get stolen).

Computer crime investigations can be expensive. Let's say we are spending $XXX on trying to find whoever broke into Microsoft's system. Who are they likely going to find? A couple of high school students with no special skills: they apparently used a well-known exploit.

That money could have gone to catching some violent criminal, or helping people with drug rehabilitation, or any of a number of purposes that would improve the lives of thousands of people.

On the list of social priorities, the crime that has been committed against Microsoft is very low: it has virtually no consequences to anyone (other than Microsoft's PR and marketing), and the people who perpetrated it are unlikely to be a threat to anyone.

Sure you can do something about [begin held at gunpoint]; you can carry a weapon yourself.

You can't realistically defend yourself with a gun against someone who is reasonably skilled with a gun; if you try, you assume a huge risk. Defending yourself against an E-mail virus, however, exposes you to no risk at all and has almost no cost.

And that's the reason why I would like to see our police going out on the streets tracking down gun toting criminals. OTOH, tracking down some "script kiddies" won't make my life or anybody else's life any safer. It won't even restore anything to Microsoft. All it does is waste a lot of money that could have been spent better.

A crime has been committed, and Microsoft has both ethical and legal claims. If they can prove that stolen code was used in someone else's project, they will win in court.

Whether Microsoft can claim IP once in court is an entirely separate issue from whether the police or legal system should make any significant effort in tracking down the people who broke in.

However, while it is popular in some circles to try to invent new forms of IP protection, reality is that it's not clear they actually have much IP protection. There are really only four major forms of IP: copyrights, patents, trade secrets, and trademarks. Only trade secrets would seem to apply here (possibly copyrights, but they don't contaminate). And the legal reality is that trade secrets need to be protected carefully in order to receive any legal protection.

Off topic but

[SnapperHead]

I wanted what M$ had to say in all of this. While heading over to there site, I made a typo and noticed this one:

http://www.mircosoft.com/

until (succeed) try { again(); }

Its an interesting theory.

[torpor]

But what about the flipside of this.

Would it be at all feasible, from a law perspective, to counter-sue Microsoft for *NEGLIGENCE* in protecting their so-called trade secrets?

Wouldn't it be possible to make the argument that since Microsoft *allowed* the source code to get out into the public domain, they are responsible for their own mess, and thus use that as a basis to dismiss any court cases that would be enacted based on this conspiracy theory.

It seems to me that this argument could be made fairly strongly - as is the case with trademarks - if you do not protect it, you do not deserve the right to exclusivity, and thus there would be no basis for damages should the code be 'used' elsewhere?

Can anyone with a strong legal background comment on the feasibility of this issue? It would seem to me that something like this could be argued in any case against Microsoft for this purpose.

Re:Its an interesting theory.

[RandomPeon]

My attorney informed me you are probably correct, as far as the trade secrecy of the source codes. A trade secret is valid only as long as it is secret - you are responsible for taking precautions to protect trade secrets commensurate with their value. Given the value of the MS source code, it would seem that a "commensurate protection" would be to leave it totally off the net - on machines physically not connected to anything else.
Of course, the code is still copyrighted, but you have fair use exemptions, specifically research, to argue about there.

This is NOT sound legal advice, it was given to me off the cuff by a lawyer who gave up IP work a couple years back. Still worth a thought.

Just FYI

[MrProgrammer]

It appears that Signall 11 has given his account to "a capable troll" so any newer post from this account is not the "real" Signal 11.

Re:Don't think this is legally true

[vvishal]

Are u really sure about this.

Re:How can you know?

[Ralph+Wiggam]

No, they probably wouldn't write, "Hey Dudes, check this out! This is M$ Office Source Code!". They would most likely write, "Hey Dudez, check this out! This is M$ Office Source Code!". Actually, they would probably capitalize every other letter, too. I was into the warez scene right around the time the Win95 betas were coming out (I was 14 and stupid). Those kids don't have an ounce of subtlety in their bodies.
Besides that, anyone who is a good enough programmer to contribute to any serious OSS project should be a good enough programmer to recognize code from an MS product (the fact that it's bloated and sucks should be a hint). Also, code posted with no license whatsoever should be pretty suspect.

-B

Re:What If The Tables Are Turned?

[grappler]

yeah, M$'s thing was that they have it actively search for duplicate files and then delete one and make hard links, wasn't it?


-------

Free Software is not in danger

[cbwsdot]

Name one Free Software developer on a major project that would use the stolen code. Tell me how Microsoft could prove that developers have been influenced by the stolen code. You cant just sneak code into gpl'd software.

--

Re:Part of Microsoft's plan to destroy Linux

[Gogl]

True enough true enough, I'm just saying your initial post made it sound like they planned this, and I doubt that.

Re:How can you know?

[deepakhj]

And how do you know that Microsoft doesn't use open source code in it's products?

Deepak

Re:Open Source or Privacy: choose one

[jflynn]

Well, that's an interesting idea. You'll have to explain what voluntarily releasing your own property under liberal distribution terms has to do with the theft of personal details from others from others for profit. I'm afraid I just don't get the connection.

You don't *have* to believe in Open Source, it's not Tinkerbell.

It has measurable effects because it has been tried and works somewhat. On the other hand can you show me any human society anywhere that has *ever* used full transparency as a successful basis? I won't argue it doesn't have some points in theory conceivably, but it's inhuman and therefore impractical, at least until we mature significantly. One step at a time maybe?

Maybe you'd like to share personal and intimate details with a group of strangers, and prove it works? I won't stop you. Or is it that you really think corporations and governments have a right to privacy too?

Re:trade secrets mean...

[vvishal]

if this is true M$ is in big trouble. people will copy(rewrite) the source code but not cut and paste it. Great news man Long live Linux

Question?

[Styder]

Anyone else think this guy is the coolest, and the stupidest at the same time?

We all hate MS, so hacking into them and stealing code is hilarious! But he had to think he'd be screwed. Now he has every FBI agent in the world after him.

If they don't find him, this guy's my idle

Re:Do we know what actually happened yet?

[Kiss+the+Blade]

Maybe it was an inside job...sponsered by some Microsoft 'deep throat'. Maybe the code that has been reported stolen isn't really microsoft source code. Maybe they have done it deliberately so they can sue the pants off the FSF six months down the line. Maybe it's a new variant on 'embrace, extend, extinguish', but this time without the awfully nice embrace part. Maybe I'm paranoid.

Re:What If The Tables Are Turned?

[IntlHarvester]

Why can't you believe it? Berkeley TCP/IP and Utils was the "standard" implementation, is fully relicencable (except for the advert clause, hence the copyright), has been used in virtually every OS, including Linux at one time. I have no doubt you can find that string in everything from MacOS to OS/390.
--

I had a similar thought last night...

[lythander]

But I see far more far-reaching impact on any open source project that seeks to integrate with MS products. Anything that succeeds must have come from the stolen IP! Sue everyone who might be involved with such products and force them to defend themselves in court and prove they never saw the code. (Oh, I forgot, you cannot prove a negative.)

Oh, yeah, and we heard about this days after it was anounced that Excel and Word 2000 now work in WINE. Very interesting...

I have said often that if I could just get Outlook to run in linux, I'd have no use for an MS OS. Guess someone overheard.

Re:Plan

[Chalst]

The GPL defends its software development model using copyright law,
whilst the MS defence is based on trade secrets. Utterly incomparable
from the legal point of view.

Re:Why you'll never see their source in the wild..

[weave]

Banks don't run Microsoft products.

Not true. For example, a system that runs on a mainframe is accessed via a tn3270 program running under Windows NT. Hack that and you can install a keyboard sniffer and remote control app and get everything you need to get into that non-Microsoft system that the bank runs...

Like encryption source code tees?

[kennyj449]

Yeah, you may be sued if you are caught looking at a t-shirt with DeCSS source code, so you may want to keep blinders on hand just in case.

Or, if you live outside the U.S. and come over for a visit, make sure you don't look at a t-shirtwith encryption algorithm source code - or you will be guilty of arms dealing.

And if your friends decide
To program for Windows
I'll see you on the dark side of the moon

Re:I don't know....

[Autonomous+Crowhard]

Or, sadly and sickenly, how's this for a conspiracy theory...

Assume that what you say is true. Also assume that the Law of Coincedental Invention comes into play. Wouldn't this mean that M$ could effectly sue anyone who writes anything even closely resembling their code? It would be up to the coder to prove they'd never seen the M$ code. I doubt many of us would have the money to fight that kind of battle.

This is pretty scary

Re:How can you know?

[erotus]

"It might be difficult to know for an OSS maintainer that a contribution to his software does not come from M$ stolen code....It won't be as simple as it looks."

I agree. There will be open source types who will use this code in a project regardless and in the end it will hurt us because microsoft will have access to the OSS source code of that project. The maintainer, on the other hand, may not have access to MS source code and won't know the difference until it's too late. So, should the maintainer get the illegal MS code to check against software submitted or should he sit blindly and assume the programmer submitting code is honest. This is a serious catch-22 here and it makes you wonder if there is a conspiracy behind the "stolen" code. Either way, OSS programmers have to be on red alert. A serious can of worms has been opened here and it could impact projects like SAMBA, WINE, or Win4Lin. Programmers of the aforementioned projects need to be cautious of anyone submitting a reverse engineering breaktrough of a Windows API.

I do want these projects to succeed by any means, however, the use of MS code will come back and bite them in the butt if they are not careful. Many of anti-MS types were happy that MS got cracked, but I have mixed feelings. The timing of the crack is too perfect - Samba TNG was formed recently which promises to implement primary domain controller type services. Could Microsoft be planning evil or is this coincidence? If you do find the code, be very careful and be smart. As much as I'd like these guys to look at the code, laugh at the bugs, and reverse engineer it, cheating will only cheat the users of free software somewhere down the line. MS has enough money to file some serious lawsuits against people they feel have used their code and in the end good projects like WINE or SAMBA will be forced underground.

All paranoia!

[patreides]

I hate microsoft as much as the next linux geek, but they're not just a huge group of millionaires sitting around plotting how to destroy Linux. They would not let someone steal their source code in such a risky venture just to shut down a few MS-related projects like samba, wine, and maybe abiword. It would turn them into who they hate most: people who give away thier source.

Re:I don't know....

[Frac]

what is sarchastic you fucking moron?

Re:Says you

[Tony-A]

If the quality of the code is at all similar to the quality of the astroturfers, stay far, far away from it.

Re:Do we know what actually happened yet?

[plague3106]

tell me, should the firewall open & inspect every piece of mail it gets?

Yes, but just to scan for viruses. My school does a quick check, and if an attachment ends in .vbs, they strip it out and replace it with a message saying someone tried to send on to you. If you know this person and why they did, tell them to resend it as a .txt. Since the first .vbs 'virus', we haven't had any attacks.

Well, DUH

[MustardMan]

Forget the legal ramifications... using microsoft code in an Open Source and/or Free Software project would be like building your house out of straw when you get free bricks and know the Big Bad Wolf is on his way.

stolen items include

[joe+user+jr]

1. Bill Gates' credit card details
2. Source code for Bob
3. Cheat list for Solitaire
4. Online application form for donations from the Bill and Melinda foundation
5. Wish list for enhancements to MS-DOS 3.3
6. Complete set of MP3s of Steve Ballmer rocking out
7. Original code for Linux
8. Discarded Office Assistants including Penfield the crazy Judge and Linus the toad
9. Contents of Bill's desktop trash folders for the last five years
10. Contact details for Bill's personal stylist

... if the register is to be believed..

apple?

[No-op]

of course, you're presuming that the majority of people care much about apple's code. while niche software like apple's is interesting, mainstream stuff like microsoft permeates all corners of computing use.

so, considering their huge monopoly, the much larger threat of legal action is pretty scary compared to steve job's infantile rantings.

This is your chance, linux-bashers

[sxyzzx]

Just send that stolen code to Linus Torvalds and Alan Cox, and *poof* Linus is dead!

Re:This is your chance, linux-bashers

[sxyzzx]

Er, Linux not Linus.

Do we know what actually happened yet?

[anita]

The reports I've seen say code may have been stolen. They say that the Qaz trojan may have been the way the crackers gained entry.

But I've heard/read nothing definitive. The whole thing screams 'inside job' to this clueless luser.

For easy karma, does anyone have facts?
For example, how did the crackers get around the (OpenBSD?) firewalls?

Re:Do we know what actually happened yet?

[Ka0s]

Agreed, they're out for blood this time.

Re:Do we know what actually happened yet?

[duffbeer703]

I'm sure MS uses Cisco PIX firewalls, not some ghetto 486 with openbsd

Re:Do we know what actually happened yet?

[Technician]

That hack shows the poor security. Many companies use a credit card pass-card. I don't remember the name of the card manufacture, but the card has an LCD display that has a random 8 digit number that changes every 10 seconds. To login, you need your computer which has proprotiory software, your login name & password AND the 8 digit number. You can't be too slow entering this number. If it's too old, it doesn't work. (I don't have secure access from home but some of the engineers do) I don't think the email exploit would have gotten into any sensitive area here.

Re:Do we know what actually happened yet?

[anita]

Any source that was stolen has to be sent out somehow.

Did they email source code out? Wouldn't someone have noticed massive emails being sent? Seems unlikely.

Would the development machines be connected directly to the net?
Unlikely (at least, not in a sane organisation), therefore somewhere along the line a firewall would (ok, should) have been in the way.

I'm assuming that there are some halfway intelligent people at MS.

Re:Do we know what actually happened yet?

[Sun]

Actually - a firewall should have prevented the attacker from exploiting the open port for taking over the computer.

A firewall, if present, and if the attack indeed came from the outside, should still have stopped it. The question is valid.

Re:Do we know what actually happened yet?

[thetzar]

According to the news reports I read, the email trojan gave the crackers passwords for access to MS code meant for employees working off-site. The crackers then proceeded to act as off-site workers and d/led the code (maybe).

Re:Do we know what actually happened yet?

[charon.de]

They are called SecureID Cards and you need an ace Server to use them, I only know them to use in VPN solutions. You get a new x digit number every 60 seconds and that's the time to login with the number, the ace server computes the same number and knows if yours is valid. That's how the server bases it's decision for authorization. It's a cool solution, but only big organisations can afford it!

Michael

Re:Do we know what actually happened yet?

[hyperstation]

yeah you can call my the conspiracy theory guy, but i can see MS doing this for sympathy, or maybe to just further tarnish how the public feels about those goddamn "hackers"

just a thought

Re:Do we know what actually happened yet?

[divec]

Hmm what does "ghetto" mean in this context?

Re:Do we know what actually happened yet?

[anita]

The stuff I read was (as is typical for most news outlets) quite vague. Reporting what 'experts' assumed was done, but no details about how.
Gaining offsite access would explain a lot, though.

Absolutely incredible security holes all over the place, whatever the explanation.

Re:Do we know what actually happened yet?

[j-pimp]

I'm sure MS uses Cisco PIX firewalls, not some ghetto 486 with openbsd
Well there obvisiously using Cisco because Cisco poses the least direct competition. However, a PIII OpenBSD box makes an excellent firewall for and incomming T3. Ditto for 486 w/ cable. However being Cisco products serve a limited functionality compared to a PC, for high end applications a dedicated firewall or dedicated router firewall product would be most cost effective.

Re:Do we know what actually happened yet?

[Fred+Ferrigno]

The trojan just collected passwords and emailed them back to the attackers. The attackers then used those passwords to access Microsoft's external network for employees working offsite. They didn't "get around" the firewall, though it would be trival to do, by having the client initiate the connection.

--

Re:Do we know what actually happened yet?

[greenrd]

Oh god, I'm so impressed. That's like, killer technology.

Re:Do we know what actually happened yet?

[F452]

"SecurID", actually :-) I'm using this with VPN right now but it works with an ordinary old dial-up connection also. I've never timed it but there's 6 bars on one side of the LCD display that tick down, showing you the time until the next number will pop up. Not sure how the algorithm works either, but you can still get in if the last number just expired a couple of seconds ago.

Re:Do we know what actually happened yet?

[Technician]

Thanks for filling in the details.. We use them but I don't carry one. We are not as big as Microsoft. I thought Microsoft would have been big enough with IP valuable enough to justify using something that secure. I guess they were in the we are software engineers, we can do it better ourself mindset.

Re:trade secrets mean...

[RandomPeon]

Ok, this is redundant with another post, but I think you are right. My IP lawyer/father buys your logic. A trade secret must be given protection in proportion to its value. This is possibly the world's most valuable trade secret, which would seem to indicate you should take extraordinary precautions in protecting it.

Arguably, no physically networked computer should contain the source code - they should look like my old 486, no modem, no network, nothing. This is how we secure nuclear launch codes. If you want a less extreme example, the financial backbone used by major banks is a set of data lines unconnected to the net or the telphone networks - it's physically secure.

Trade secret protections dissolve if the secret is revealed due to improper protection. Of course, now the software is still copyrighted. However, a copyright provides minimal protection for ideas - it's very difficult to win a copyright suit against a work that isn't a carbon copy or damn close.

In other words, if somebody spams this to a usenet group and it gets mirrored ten million times, this probably proves 1) it is insanely valuable and 2) it should have been better protected.

My lawyer has required me insert this statement: This statement should not be construed as competent legal counsel. Should you posses a concrete interest in this matter, you should seek the services of attorney. Under no circumstances is the poster or any associate of said poster in any way liable for any damages or liabilities incurred as a result of this statement, including any implied, consequential, or other damages or liablities.

Forgive me, oh Slashdot, I put a legal disclaimer in a post!!!!

Re:Plan

[TheGeek]

Actually, the point being lost is that it's USE of the code which is against the rules. Even if this was mailed to the kernel hackers list, the onus would be on M$ to review the kernel on a continuing basis to see if M$ code was included, and if so, THEN and only then would the legal issues arise.

The biggest annoyance in this case goes to the kernel 'decision committee' (Torvalds, Cox, etc.) who will have to monitor submissions to make sure none of the code appears possible M$ code.

Another thought...maybe this is an ego-saving move on M$'s part...they were possibly about to make this code open source anyway?

TheGeek

And here, class, is either...

[DavidTC]

sarcasm, or a stupid person. ;)

-David T. C.

Re: Big Bad MS Lawyers

[doublem]

The trial isn't over yet. It will probably be drawn out for years to come. M$ will loose in some courts, the DOJ in others. No one will "Win" or "Loose" the trial until the Supreme Court hears or refuses to hear it, or one side gives up on further appeals.

Even if M$ were to loose, it would still take another three to ten years to split them up.

As for the whole "$$$ for the better lawyer" story, what do you think has been the major problem for the DECSS case? Judges who don't get it and lawyers who can talk circles around the truth.

There are plenty of cases where a criminal went free because of the quality of their lawyers. Standard Oil was bigger and badder than M$ can ever dream of being and made Bill Gates look like a Saint. It took years to even touch them, but not until JDR's personal fortune was 2% of the entire US Economy.

The "Teflon Don" escaped justice time and taime again, and OJ walked away a free man.

These are all because of lawyers and the US legal system. It has nothing to do with what is right and wrong, but who has the best legal team. Anyone who really thinks the "truth will set you free" or that anything other than money runs the nation is a sad individual with no concept of reality who might as well believe in Santa Calus.

Re:The difference between plagiarism and knowledge

[radja]

and your friend reading your book is copyright infringement.. yuk.. there should be laws against that.

//rdj

Re:M$ could just call "Foul" on everything...

[LS]

Wait, how is this post moderated to 4 Insightful, where the post above, "Part of Microsoft's plan to destroy Linux", says essentially the same thing in less eloquent words, and gets a 3 Troll?

World War III

[verbatim]

The Germans are stealing our code! Oh No! Bill Gates __IS__ the final antichrist that was predicted. Judgement Day is at hand. We're all gonna die at the hands of Model 101 cyborgs from Cyberdyne Systems. The world is coming to an end.

Or not.

:)

Re:If windows source is released,

[King+of+the+World]

I always liked ROFEL-MAO, though I guess that's just a matter of taste.

Contamination Overblown.

[istartedi]

I don't buy that whole "contamination" thing. If contamination exists then: Anybody who's ever used MFC is contaminated, because it comes with proprietary MS source code. Conversly, anybody who's ever patched gcc is a GPL violator unless they release all their work under the GPL.

Unless Open Source projects start showing up with large swaths of code containing things like DWORD and LPVOID, I don't see how MS could prove anything.

Oh no! I've just released the secret of DWORD and LPVOID! I'm doomed!!!

Another Possibility:

[Trespass]

Has it occurred to anyone else here that this is possibly a ruse? By this, I mean that the 'attack' could conceivably have been organized by elements within Microsoft itself to give them a legal basis for suing companies or individuals working on open-source projects that threaten their markets. Particularly ones involving emulation.

Now I know better than to attribute to skulduggery what can adequately be explained by stupidity, but this strikes me as a powerful legal weapon falling into their lap at an opportune time.

Re:Another Possibility:

[verbatim]

Why do people think its a Microsoft conspiracy to destroy Linux? Sure, that's something Gates or Ballmer have inked in their to-do lists, but it would be extremly bad timing to attack Linux now. Think about their appeal, which is still in court. It lingers on the fact that Microsoft has "competition" in the form of alternate OSs. By destroying the competition with lawsuits now, they tell the Government that Microsoft should have been broken up 5 years ago (when they first tried).

There's no evidence that the unauthorized intruder gained access to source code for our major products," said Microsoft spokesman Ricardo Adame

The hacker in this case has probably seen some developmental material which would be useless to most OSS endevours (since they have their own bleeding edge stuff). In fact, using the Microsoft code (no matter what you think of it) would be fundamentially detrimental: Windows and Linux are completly different in their underlying structure and operation. While they deliver simelar protocols and goals, they implement them in completly different ways (I'll leave it to someone else to argue which is better).

I think illustrating the basic differences between Windows and <insert-oss-os-here> would show that any stolen code would need massaging from an experienced programmer - one that probably could have come up with the code herself - without pilfering it from Microsoft.

Besides, once Microsoft finds out where the source is on the net, they will be extra quick to file huge lawsuits against whomever is involved in posting it. I will subscribe to your theory if Microsoft does not do this ;).

Verbatim

Re:How can you know?

[Kinlan]

I never said there way any particular distributions of DeCSS, but if they did have a injunction against the Samba people then it would work pretty much the same way, with people distributing nay which way they can. (Did you read the link?)
-

Re:How can you know?

[Kinlan]

The thing is though people have been following samba for ages, so they cant pretty much tell if it is copied. You can also vouch that someone in Microsoft is watching the development of Samba, so the world would have known by now if someone has taken their code.

If you come across Micorsofts code you should treat it the same way you treat none OSS code with respect for peoples effort and intelectual rights (no mater how much you hate them, would you like it if some cam along, copied your software and sold it on as their own.

Also I think at the current moment with the nature of the OSS movement if legal action was taken against the project someone would carry on the project after it has had a injunction against it etc.. I mean just look at DeSSC code that has been distriuted so many ways. ie this
-

Re:Re:What If The Tables Are Turned?

[ralian]

I don't think that's even necessary. Obviously you haven't used Linux; otherwise you would know about www.gnu.org, a huge repository of countless refutations to your wide, sweeping statement. Please familiarize yourself with some non-commercial platform before you tell us how non-commercial programs are worthless, redundant, or uninventive.

Microsoft failed to take proper care

[jetson123]

This whole incident looks almost like a publicity and PR stunt. Microsoft seems to have succeeded at two things.

• First, they have created the impression that Windows source code actually has significant commercial value. That's, of course, nonsense. The only reason Windows source code is valuable is because of Microsoft's market position and commitment to enhancing it, not because there is anything intrinsically clever about it.

• Second, Microsoft seem to have gotten people to believe that being infected by an E-mail virus is kind of like being the victim of a robbery at gunpoint--something they can't do anything about. That's, of course, non-sense, too. It would have been very easy for them to protect themselves from this kind of threat. Susceptibility to this kind of threat is a defect in Microsoft products (other products and systems have defects, too, but the issue is who Microsoft blames for their defects, not the existence of defects in other products).

Microsoft has to take reasonable care in protecting valuable trade secrets. It is clear that they haven't. Even if they believe that their E-mail client has sufficient security, if they believe their source code is as valuable as it is, it should reside on a more protected part of the network. Microsoft is merely trying to avoid responsibility for their product defects and for their poor security policies.

It is an outrage that the taxpayer now even has to foot the bill for trying to track down people who took advantage of security defects in Microsoft products. That would be like GM selling cars with no locks and then claiming it's the taxpayer's responsibility to find all the stolen cars.

It is still good advice for open source projects to stay away from any Microsoft source, legally or illegally obtained. But don't get suckered into believing that Microsoft has any ethical claims: they were negligent. And, objectively, they ought not to have any hope of legal success either--they should fix their products instead and stop shifting the cost of their defective products onto law enforcement and, ultimately, the tax payer. As long as they can get away with shifting cost and responsibility onto others, they will have no economic incetives to fix their software or procedures.

Re:Microsoft failed to take proper care

[Vodak]

Um. don't blame Microsoft for all the problems with people asuming being haved is being robbed, an email virus is a holdup etc... blame that on CNN FoxNEWS, and the rest

Re:Microsoft failed to take proper care

[Pig+Hogger]

It is an outrage that the taxpayer now even has to foot the bill for trying to track down people who took advantage of security defects in Microsoft products. That would be like GM selling cars with no locks and then claiming it's the taxpayer's responsibility to find all the stolen cars.

It's not an outrage, it's just good ole plain business as usual, sucking-up for croporate welfare.

For years, GM shifted the deadly burden of it's blatantly unsafe cars onto the back of "bad drivership" and "poor road design", until they were exposed as the frauds they are.

--
Americans are bred for stupidity.

Re:Microsoft failed to take proper care

[micromoog]

I've been biting my tongue on most of the other biased leaps of logic I've seen thus far in this thread, but this is ridiculous.

Microsoft seem to have gotten people to believe that being infected by an E-mail virus is kind of like being the victim of a robbery at gunpoint--something they can't do anything about.

Sure you can do something about that; you can carry a weapon yourself. Does this mean when you go to the tax-salaried police about it, you should be turned away for your lack of responsibility?

That would be like GM selling cars with no locks and then claiming it's the taxpayer's responsibility to find all the stolen cars.

Again, your leap in logic astounds me. GM doesn't sell cars without locks, but plenty of people don't lock their cars, and some of these unlocked cars become stolen. Taxpayer money goes towards tracking these stolen unlocked cars, and rightfully so . . . Whatever the circumstance, the criminal carries 100% of the responsibility for any crime, the victim 0%.

Regardless of your opinions about the practices of the victim or the quality of the property, this is theft. A crime has been committed, and Microsoft has both ethical and legal claims. If they can prove that stolen code was used in someone else's project, they will win in court. Not because they're Microsoft, or the judge is stupid, but because they are the victim of a crime.

Re:Microsoft failed to take proper care

[jetson123]

Well, CNN, Fox, and other certainly picked it up. But Microsoft went to the FBI, and Microsoft keeps claiming that there is nothing wrong with the way their clients handle attachments and scripting. They could have kept quiet, or, even better, they could have said "oops, we made a mistake; we are going to fix our software, and here is what you should do to avoid the same problem".

Re:Microsoft failed to take proper care

[Technician]

Now that the horse is stolen, do you think they will think about locking the barn?

Re:trade secrets mean...

[topham]

I think you will find that THEFT won't get you off the hook when it comes to trade secrets.

If you stumbled (by reverse engineering, intelectual insight, etc...) onto one of their Trade Secrets you wouldn't have a problem. If you've used stolen code you would find yourself in some very hot water.

A company is required to protect its trade secrets. I'm sure a Firewall is a good example of protection steps. The use of passwords to access required resources would be as well.

The fact someone broke in and potentially stole them doesn't mean they are fair game.

The good thing is, according to Microsofts public statements they got nothing of any significant value. This is good. Now they shouldn't be able to use this against development like SAMBA, etc that may do some reverse engineering. (in the legal sense)

Sue them!

[DoubleEdd]

So can free software programmers now sue Microsoft for all the extra legal costs incurred as a result of their useless security?

If so I think we'd best get a list of the most expensive lawyers around to maximise the damage!

I can see their faces now.... with Microsoft having to pay programmers working under the GPL, for having to make sure they wouldn't have to pay Microsoft!

Re:Microsoft diabolical plan

[alecto]

And then Bill's precious source that the "stolen" open source code has to come out in discovery. And how can Bill prove that Microsoft didn't copy the open source program, the other way around? Unless there's an independently verified copy of the alleged MS source from prior to the release of the version of the open source program in question, there's no way to prove such an allegation.

Re:They had access to MS's source code

[s390]

Precisely.

Mainland China rejected MS-Windows out of concerns that it might have unknown backdoors designed by the US government. The French have also expressed similar suspicions of Microsoft. And there is no shortage of countries which are hostile toward and/or paranoid about the USA. Even some of our "friends" (e.g., Israel, France) cheerfully engage in military and industrial espionage against US targets. So the list of suspect _nations_ is not a short one. Plus, there are myriad criminal mafias and terrorist organizations who might be interested. The cracker(s) of Microsoft could belong to any of these groups, or none.

If the cracker(s) owned Microsoft developers' accounts, Microsoft is simply being irresponsible to assure everyone that its code wasn't "enhanced" in some way. This should give pause to any large business considering future upgrades of _any_ Microsoft software. As a CIO in such a position, I'd want Microsoft to _prove_ to me (or a proxy, like an independent auditing company) that no possibility exists that their code was tampered. Microsoft might find this difficult to accomplish, given that they were cracked for three months!

Access to source code at MS

[Gurny]

If it was an inside job it might not have been that hard to do. A friend of mine works on the microsoft campus for another company, and as a part of his work he is given access to the visual source safe server that actually has the daily changes on it. He could download the entire thing if he wanted to, and all he would have to get around is the logging.

Re:fuck you and your crappy little country

[Timmythec]

Ahh, it's so good to live in Canada.. For one, I can avoid all you stupid, ignorant people, no matter where you live. Oh, and let's not forget the fact that Canada is regonized as one of the best countries in the world. When you backpack across Europe, how many people stop for the Canadian and offer a ride? Now how many stop for the American, look at him, smell him, hear him talk; and drive away as fast as they can? :)

I love people from across the ocean, they rule. Down south.. I dunno.. Hell, as an example. look at your political race, thats such a joke, I mean, give me a break..

Oh Canada....

Re:Microsoft's take on things

[Maserati]

Here's the text from that page:

Information About Security Incident on Microsoft Corporate Network

You may have read news reports today about a security incident involving the Microsoft corporate network. Here is some information on the incident and what Microsoft is doing about it.

Microsoft Corporate Security recently became aware of a hacking incident on the Microsoft Corporate Network, and is moving aggressively to isolate the problem and ensure the security of the network. Although Microsoft Corporate Security is continuing to investigate the incident to determine its full scope, we have no reason to believe that any customers have been or will be affected in any way by the incident.

The best information we have suggests that the scope of the incident may have been much narrower than originally reported. The hacker may have viewed the source code for a single future product under development. Contrary to some reports, the product was not a major product such as Windows ME, Windows 2000 or Office, and our investigation has confirmed that it has not been modified or corrupted in any way. We have no evidence to suggest that the hacker gained any other access to any other source code. Similarly, we have no evidence to suggest that any of Microsoft's online services have been or will be affected by the incident.

The security breach did not involve a security vulnerability in any Microsoft product. Microsoft is implementing an aggressive plan to improve the protection of our internal corporate network -- both in the immediate term and in the long term -- and will announce some of these measures in the near future.

Microsoft is a frequent target of network-based attacks, and Corporate Security actively works to protect the network against them. Microsoft is working with US law enforcement authorities to investigate this incident, and will take appropriate action when the responsible parties have been identified.

In sum, this is a deplorable act of industrial espionage, but we anticipate that customers will be unaffected by it. We are taking appropriate steps to deal with the immediate problem, and are developing follow-on steps to prevent it from happening again.

Re:FJLSDJFKS:LJ

[Yardley]

Nobody stole any Microsoft code. Microsoft staged the break-in to create a perception of greater value in their product & to get certain anti-hacker legislation shuttled through Congress (which will help them yield greater control over their product after you've bnought it & to fight against open source software's necessity to reverse engineer their proprietary standards and publish security exploits). The Microsoft staged break-in also helps to bolster their image as a victim, rather than the perpetrator.

Be certain: these events did not transpire without a reason. Microsoft wants to control your computing experience from the ground up and will do whatever it can do to further that end.

--

Re:Open Source or Privacy: choose one

[drsoran]

Well, actually a corporation is a person. When the feds crack down on it you don't see the President and board members going to jail unless they've done something blatantly illegal outside the company. The corporation acts as the legal entity for all the shareholders for their protection. If it goes bankrupt, the shareholders don't lose their houses (well, unless they have all their money in the company's stock). Corporations are not evil greedy monsters anymore than any other community is.

Re:If windows source is released,

[maunleon]

Please!

Assumption is the mother of all fuckups. Have you ever seen the Microsoft source code?

And... have you never seen open source code that is beyond crap?

Just because you can't read it, it doesn't mean it's badly written. Try seeing an implementation of a COM subsystem that is easy to read.

Re:Part of Microsoft's plan to destroy Linux

[drsoran]

The difference of course is that with Samba and Wine, anybody can sit there and track the CVS tree from day to day and see exactly what changes are going on. Yes, if Joe Shmoe checks in some MS proprietary secret HE will get slammed not Wine or Samba. Those projects have effectively given these crooks the kiss of death and told them to bugger off with their stolen code. Besides, they're already doing fine on their own without it. I imagine the code the Samba and Wine teams are hacking together are probably BETTER than the actual code Microsoft puts out. ;-)

Which code, exactly?

[roystgnr]

Though proprietary, it is as 'Open Source' as lots of code people here praise.

Strange, I haven't seen any praise falling on anything that didn't meet the Open Source definition. On the other hand, there's been disdain for the QPL, which did meet that definition but wasn't GPL-compatible, and there's been absolute loating for the SCSL, which isn't open source but is at least closer than "published source" from IBM.

Re:and were are *you* from?

[Ranger+Rick]

Damn, you mean French taunters actually talk like that?!

How indeed?

[NuclearArchaeologist]

Without seeing the M$ code, how can maintainers tell if contributions are from it?

The other side of the coin is proof. How will M$ use a secret code to prove it has been coppied? Will they be able to just pull out any old piece of code they fancy and say, "Here you are judge, this proves that they coppied our code. They did not even bother to change the variable names." Will they deposit their source at some impartial and secure notary? Will people be able to querry the notary? Who would beleive the thing anyway?

Bad Joke: The judge will know by running the program in question. If it works, it can't be MS.

Re:I understand, but....

[Weh]

yeah, I entirely agree, if I were an engineer switching between 2 car manufacturers I would take certain knowledge that I'd learnt at the first company to the second... This happens everyday and nobody cares.
All of a sudden it's different when it's M$ ?
I don't understand why, why does having seen M$ code make all code written after that by a person theft by default ? Why ? I'm serious, it seems as if the burden of proving the person is not a thief falls on that person himself, why should it not fall on M$ to prove he is (and having seen the code is not enough IMO, let them prove he used it...)? It's a total opposite to the engineer switching jobs, there the burden of proof falls on the accusing company and the engineer is innocent 'till proven guilty .

Since when does seeing a car's blueprint make a person a thief automatically ? Since when is it illegal to look at a blueprint even if it's not yours ? Since when will the engineer not be able to work for any other car maufacturers if he's seen some blueprint ?Man, the digital age seems to give all kinds of evil companies a carte blanche to interpret the law exactly how they want to. The governments seem too clueless to realize what's going on.

Maybe I'm just being paranoid here but it seems as if a lot of things are moving in a totally wrong direction.

Re:How can you know?

[duffbeer703]

Actually they'd probaly "y0 d00Dz, /\/\$ 0771c3 50u4c3 c0D3z"

would you want it anyway?

[White+Shadow]

If you really believe that open source software is better (million eyes look at the source), then would you really want to use MS code anyway? That's kinda like admitting that MS does make better software. Granted one could take bits and pieces of the code, but really, I don't think I'd want to see it. It kind of takes away the satisfaction of doing it yourself and showing MS (and the world) that open source software can work.

Re:Hacking the old IBM PC

[drsoran]

I tend to believe the AC since they are generally people who fear repercussions from what they post here, be it from their employer, future employers, or the community. Thankfully there is still the AC account available for these courageous souls to use to get this information out there.. otherwise it would be hidden in the closets of corporate america along with everything else.

add an agreement / terms of service?

[rabidcow]

"if you have come in contact with illegally obtained commercial source code, you are forbidden from contributing to this project's cvs"

if pr0n sites can say "go away if you're not 18" then that should be enough.

Whoever did this...

[verbatim]

Whoever did this is prolly still laughing on their floor, rolling around in a heap of giggles. It ain't gonna be hard to hide ;).

Cop: Did you break into Microsoft?

Hax0r: *giggle* uhh.. *giggle* no.

Cop: We have logs that claim you did.

Hax0r: Alright.. *giggle* you got me *giggle*.

Cop: Whats so funny?

Hax0r: How do you break into something that isn't protected?

:P

Re:Plan

[Coward,+Anonymous]

Or, say, someone emails some of this code to the kernel mailing list directly. Now, nearly the entire team of linux developers, among other projects, has seen the 'forbidden source'. IANAL, but MSFT could possibly use the fact that they saw the 'forbidden source' as justifications that now they're now privy to MSFT's proprietary software models. They may use this fact to either sue future developers, or inhibit future development of such projects.

If you emailed the linux source code to the Windows developers at MS, I don't think you could prevent them from working on proprietary software even if you could prove that they saw GPL'd code, so I don't think MS can prevent you from working on free software just because you saw proprietary code.

Not funny.

[NuclearArchaeologist]

What if M$ decides to copy a chunk of GPL'd code and claim it was part of the super secret stolen source? Would anyone believe such a forgery?

Re:How can you know?

[RESPAWN]

IANAL, but one solution could be for anybody contributing code to sign a waiver claiming that they have not seen and/or used any proprietary Microsoft code in their contribution to the project. In theory, that should hopefully take any legal responsibility from the OSS maintainer and put it squarely on the shoulders of the contributer. Although many coders might not like having to sign a waiver, it will certainly protect the integrity of the project.

--------------------------------------

Re:How can you know?

[kevlar]

Also I think at the current moment with the nature of the OSS movement if legal action was taken against the project someone would carry on
the project after it has had a injunction against it etc.. I mean just look at DeSSC code that has been distriuted so many ways. ie this


How many software distributions are there that publish DeCSS? None.

The catch to the MS stuff is that if Samba were to get MS' code, they'd mostlikely obfuscate it in such a way that it'd be hard to prove it legally. As for MS' intellectual property rights, I say screw them. They're a monopoly; they thrive on not allowing other systems to network easily with them.

Civil desobediance is good

[Acheon]

Well, this is too "I'm a good and honest citizen, I'm small and weak and frail and leave me alone." Are you suggesting a single second to play the rules with such cheaters as Microsoft ??? My vote would rather for EVERYONE to steal their code and develop on (they stole our money, pushed our companies to bankrupt anyway, so what's wrong ?). Besides, if EVERYONE do it, then the principle of civil desobediance applies : MS cannot go against everyone, nor the DOJ, the police, anything. Nor can they attack free software seriously : they cannot force us to *sell* it. And besides, without proof, all accusations are futile, so unless you're caught with source code, you're safe. In fact, even if your code "looks alike" the code from MS, it can have been achieved by legal ways. Therefore I strongly encourage everyone to read their source thoroughly and completely, and to develop for it. Maybe if alternatives to MS software exist, they will fall into bankruptcy faster and therefore won't even have enough money to sue people to the other end.

They can't really sue anyone

[msnomer]

Microsoft would have to admit that source code to more than the unspecified project that won't ship for years was accessed in order to sue anyone, something they're busily denying. The loss of customer confidence would be far more damaging than any gains from suing anyone.

--meredith

Re:damn

[snyrt]

shut up, i don't need your crap...so i can't add!!!! SO WHAT??!!! Neal stephenson says, "If you can do math, learn how to tell computers to do it for you" That's my life. I think that the hackers were just trying to figure out microsoft's non-mathematical programmers' approach to telling computer to do math for us. and don't bug me about run-on sentences!!!! or, commas,.

Re:Let me get this straight...

[fluxrad]

then, it seems to me that a way around this, if you mistakenly or intentionally saw some of this mysterious M$ source would be to go th M$ and sign an NDA. Basically admitting that you saw it, but that you have just said, legally, that you won't use it.

Anyone? Anyone?


FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network

Stolen Code Sample Found!!

[FFFish]

Hey, Dudes, check this out! This is M$ Office Source Code!

"for (i = 0; i size; ++i)"

OH NO!



--

Re:Stolen Code Sample Found!!

[Frank+T.+Lofaro+Jr.]

for (i = 0; i size; ++i)

Figures. Only one line of code and it has a bug in it! One bug per line of code is an EXTREMELY high ratio!

Re:I don't know....

[AntiNorm]

Am I being paranoid^H^H^H^H^H^H^H^Hconcerned that MSs "theft" could be their carefully orchestrated, poorly disguised effort to discredit/destroy Open Source through oppresive application of litigation?

Not at all. Just take a look at what the MPAA and RIAA are doing...

=================================

Re:How would QAZ work

[gary+bernhardt]

There's a very easy way to do this which isn't always obvious. All you have to do is have the program inside the firewall (QAZ in this case) connect to a machine outside the firewall to act as a tunnel. Any machine that wants to talk to the machine inside the firewall can connect to the machine outside it and the tunnel acts as... well... a tunnel between the two. A coworker and I have used this method quite successfully to access a linux box within the LAN at work.

No evil plot - they're scared shitless

Yeah, they don't want anyone reading that code. You know why? It's got stuff in there that breaks competitor's products. Stuff that would look really BAD in light of their DOJ troubles. Maybe they don't know just how much was taken, and what it reveals, which is giving them a case of the shits. They probably pray that nobody could really make heads or tails of it. AH but those friggin' Free Software hacker types could figure it out and they'd know the dirty tricks we put in our code. Yeah, that ESR guy could figure it out, and he could publish another one of those Halloween documents. Yikes, what's today's date??? Only two more days!

We gotta make sure nobody looks at that code, especially those hackers. I mean, they're smart, they'd know what we were doing. Threaten to sue all of them? No, that would look bad, we've got enough bad press already. How about this: let's scare them into not looking at it. Spread the word that even looking at this code would threaten their ability to work on any free software projects in the future. That should scare anybody smart enough to figure what's in there.

DeCSS has been posted

[isorox]

Everytime anything to do with decss is posted on /., a load of +5 informative posts pop up with the code. Slashdot refuse to take them off.

If someone decided to post some key code to windows here, would it be kept on the server? How many nanoseconds would it take before 200,000 lawyers shut the site down?

How far will slashdot go?

Re:DeCSS has been posted

What a load of bullshit.

'Bugs' aren't corrected milliseconds after a piece of code is published on the net.

Let's not be such dorks, folks. Maybe we need a few less zealots on here, and a few more people who've done some actual coding.

Re:read it again stupid

[Shadowcaster]

Take your own advice asshole. It's a broad bearing statement, undeniably. And I wasn't fishing for an apology, or even an aknowledgement. Merely pointing it out so that next time you can be less offensive. Apparently it's beyond your capabilities to see that. It's sad, really.

BTW, no response to this is solicited, required, desired, wanted, or any other 'ed of it's kind.
If you want to be that much of a fuckwit, do it in your own bedroom, alone.

What If The Tables Are Turned?

[R-2-RO]

Just a random thought that popped in my head, but what if it turned out that GPL'd code was found in Microsoft's source code?

Maybe their 'innovative' re-invention of symlinks and mapping drives to directories was based on GPL'd code.

Prolly not, but I say it was just a random thought I had. :P

Re:What If The Tables Are Turned?

[Eccles]

If Microsoft had taken symlink code from Linux, it would work better than it does. While Windows 2000 has been almost rock-solid for me, it still boggles my mind that we're stuck with drive letters as the primary drive organization and symlinks that are only recognized by a subset of the OS filing operations. There are hard links, but to files only -- not to directories -- and it's not built-in to (the File) Explorer where one might like it.

I really wish Windows folks would steal BSD symbolic linking code; it would make my life much easier.

Re:What If The Tables Are Turned?

[Trepalium]

This is almost certainly already the case. It's just a matter of what and where. Bug fixes and exploits on the BSD TCP/IP stack revealed that NT essentially used BSD's TCP/IP logic (if not the code). But I haven't seen many dialogs in Windows saying "portions of this product are owned by the Regents of UC Berkeley".

How about this. The following text appears in the program code for Windows 9x FTP.EXE:

@(#) Copyright (c) 1983 The Regents of the University of California.
All rights reserved.

There's no way to generate this string from running the executable itself, it's only viewable in a hexeditor.

Re:What If The Tables Are Turned?

[man_of_mr_e]

The advertising clause has been removed from the BSD license. It's no longer necessary to credit the RoUCB.

Re:What If The Tables Are Turned?

[Jeff+DeMaagd]

I understand that having a user name while posting doesn't mean that you are telling everyone who you are in real life, but for me it's easier to differentiate between different posters in an argument. If there is a thread with 5 branches and 15 sub branches, half of the posts from AC's mind you, it's easier to understand:

1) who is saying what
2) any pattern in the discussion

Also, by logging in (though you can still post anonymously when logged in) you can use the slashbox settings to take out the anime subject and Jon Katz columns as well (the #2 and #1 benefits of logging in, respectively, thank you, unless you dislike timothy with a passion, then #3 and #1).

Re:What If The Tables Are Turned?

[SUWAIN]

I could be mistaken, but I seem to remember reading somewhere that Digital (purchased quite some time ago by Compaq) had the Windows source code. Why?

Supposedly, the Digital company president left Digital to work at Microsoft, taking a copy of the VMS source code with him. The folks at Digital started to get a little suspicious, and it was eventually found through a series of legal battles, that Microsoft had put much of the original VMS source code - with original comments by the Digital programmers intact - into Windows.

So, with this in mind, I have no doubt that there's a little *nix in Windows. But not much, or Windows would actually work... :-P

...............
SUWAIN: Slashdot User Without An Interesting Name

Re:What If The Tables Are Turned?

[roju]

i can't believe it, but it's true
7015h from the beginning of the file

I can't believe that this is being let by... odd.

Re:Re:What If The Tables Are Turned?

[Signal+11]

Can you show me any of these might possibly be an innovation? You miss the whole point of GNU when you make stupid statements as you just did.
GNU is NOT innovative because they have written a next gen OS or language, they are who they are because of the ideology of free software.
Learn something about what you are saying before you spout out more party-line bullshit.
And on a side note....
WHY IN THE HELL DO YOU THINK IT'S CALLED LINUX?
It's not because it was an innovative operating system, it is because it is a UNIX CLONE.
DTB (Don't talk bitch)

a2ps is an Any to Postscript filter.
adns is a resolver library for C and C++ programs.
Autoconf produces shell scripts which automatically configure source code packages.
Automake is a tool for generating Makefile.in files for use with Autoconf.
GNU Backgammon plays and analyses backgammon games and matches. It is currently a work-in-progress.
GNU Barcode is both a library and a program that can encode strings into barcodes.
Bash, the Bourne Again SHell, is compatible with the Unix `sh' and offers many extensions found in `csh' and `ksh'.
Bayonne is a multi-line voice telephony server, with the goal to be the most flexible and advanced telephony voice messaging server available.
bc is an interactive algebraic language with arbitrary precision numbers.
Binutils includes these programs: `ar', `c++filt', `demangle', `gas', `gprof', `ld', `nlmconv', `nm', `objcopy', `objdump', `ranlib', `size', `strings', and `strip'.
Bison is an upwardly compatible replacement for the parser generator `yacc'.
Calc is an extensible, advanced desk calculator and mathematical tool that runs as part of GNU Emacs.
cfengine is used to maintain site-wide configuration of a heterogeneous Unix network using a simple high level language.
Cgicc is a C++ class library for writing CGI applications.
Checker is a package that works with GCC to detect memory use errors in a program.
Chess is a state-of-the-art chess-playing program.
GNU Cim is a compiler for the programming language Simula.
C Library for use with GNU/Hurd and GNU/Linux.
CommonC++ is a C++ framework offering portable support for threading, sockets, file access, deamons, persistance, and system services.
Cons - A Software Construction System (Make Replacement).
cpio copies file archives to and from disk, or to another part of the local machine.
cpp2html s a simple program that, given a source C/C++ file, produces an html source with syntax highlighting.
DDD is a graphical front-end for GDB and other command-line debuggers.
DejaGnu is a framework to test programs with a single front end for all tests.
Denemo is a graphical music notation program to be used in conjunction with GNU Lilypond.
Diction, and Style, check English text for common bad usage and analyze readability. (This package is still in development.)
Diffutils includes GNU `diff', which compares files showing line-by-line changes in several flexible formats.
DJGPP includes GCC, G++, and GNU utilities for DOS.
dld is a dynamic linker which allows the dynamic loading of object files into a running binary.
doschk is a utility to ensure that source file names are distinguishable on MS-DOS, FreeDOS and other DOS systems with 8+3 character filenames, and on System V platforms with 14-character filenames.
Dr. Geo is interactive software that allows the construction of geometric figures.
ed is the standard text editor. It is line-oriented and can be used interactively or in scripts.
EDMA is an open and modular development environment similar to the Component Object Model or the System Object Model.
Electric is a sophisticated electrical CAD system that can handle many forms of circuit design.
Elib is a small library of Emacs Lisp functions, including routines for using AVL trees and doubly-linked lists.
Emacs is an extensible, customizable real-time display editor and computing environment. It offers true Lisp--smoothly integrated into the editor--for writing extensions and provides an interface to the X Window System.
enscript is an upwardly-compatible replacement for the Adobe `enscript' program. It formats ASCII files (outputting in Postscript) and stores generated output to a file or sends it directly to the printer.
The Fileutils are: `chgrp', `chmod', `chown', `cp', `dd', `df', `dir', `dircolors', `du', `install', `ln', `ls', `mkdir', `mkfifo', `mknod', `mv', `rm', `rmdir', `sync', `touch', and `vdir'.
Findutils includes `find', which is frequently used both interactively and in shell scripts to find files which match certain criteria and perform arbitrary operations on them. Also included are `locate', which scans a database for file names that match a pattern, and `xargs', which applies a command to a list of files.
GNU Finger is a utility program designed to allow users of Unix hosts on the Internet network to get information about each other.
The Fontutils convert between font formats, create fonts for use with Ghostscript or TeX, etc.
Gawk is upwardly compatible with the latest POSIX specification of `awk'. It also provides several useful extensions not found in other `awk' implementations.
gcal is a program for printing calendars. It displays different styled calendar sheets, eternal holiday lists, and fixed date warning lists.
GCC is a free compiler collection for C, C++, Fortran, Objective C and other languages.
GCL or GNU Common Lisp, is a compiler and interpreter for Common Lisp.
gdb is a source-level debugger for C, C++ and Fortran.
gdbm is a replacement for the traditional 'dbm' and 'ndbm' libraries.
gengetopt generates a C function that uses getopt_long function to parse the command line options, validate them and fill a struct.
The GNU gettext tool set has everything maintainers need to internationalize a package's user messages.
gforth is a fast, portable implementation of the ANS Forth language.
Ggradebook is an application for tracking student grades for teachers.
Ghostscript is an interpreter for the Postscript and PDF graphics languages.
Ghostview provides a graphical front end to Ghostscript allowing a Postscript or PDF file to be previewed using an X Window interface.
The GNU 3DKit is part of the GNUstep environment, which provides an Object-Oriented application development framework and tool set for use on a wide variety of computer platforms.
GNU AWACS, the Advanced Monitoring And Control Structure.
GNU Global is a source code tag system that works the same way across diverse environments.
GNU lightning is a fast, easily retargetable library that allows programs to compile assembly language subroutines at run-time and still be portable.
GNU Image Finding Tool is a Content Based Image Retrieval System.
The GIMP, the GNU Image Manipulation Program, is like Photoshop only better.
GIT, the GNU Interactive Tools package, includes: an extensible file system browser, an ASCII/hex file viewer, a process viewer/killer, and other related utilities and shell scripts.
gleem, gleem: OpenGL Extremely Easy-to-use Manipulators is a small, self-contained C++ library of 3D Widgets that support direct user interaction with a 3D scene.
GLUE, GLUE Links Users Everywhere, the GNU integrated Internet groupware project.
gmp, GNU mp, is a library for arithmetic on arbitrary precision integers, rational numbers, and floating-point numbers.
GNAT is a complete Ada95 compilation system, maintained and distributed under the GNU General Public License by Ada Core Technologies.
GNATS, GNats: A Tracking System, is a bug-tracking system. It is based upon the paradigm of a central site or organization which receives problem reports and negotiates their resolution by electronic mail.
GNOME is the GNU desktop, intended to provide graphical user interfaces for all the tasks for which they make sense. GNOME has everything from spreadsheets to mail clients.
The Gnucomm project aims to provide better solutions to common telecommunications problems.
GNU Go plays the game of Go.
GNUjdoc is a central archive of Japanese translations of GNU documents.
Gnumeric is a spreadsheet intended to replace commercial spreadsheets.
GNUTS is a GUI toolkit abstraction library.
The GNU Octal project seeks to create a set of free components that work together as a digital music workstation for unix-like systems.
GNU Parted is a program that allows you to manipulate disk partitions.
GNUscape Navigator is a Web browser that runs under GNU Emacs.
GNU Smalltalk is our implementation of the Smalltalk-80 language.
GNUstep provides a graphical, object-oriented programming environment.
GPC is the GNU Pascal compiler. It implements ISO 7185 Standard Pascal, large portions of ISO 10206 Extended Pascal and is highly compatible to version 7 of Borland Pascal.
GOOPS is the Object Oriented extension to Guile.
Goose is a C++ library for statistical calculations.
gperf generates a perfect hash function and hash table for a given set of strings.
gPhoto is a graphical application for retrieving, organizing, and publishing images in various graphics formats, from a range of supported digital cameras.
Greg is a framework for testing other programs and libraries.
The grep package includes GNU `grep', `egrep', and `fgrep', which find lines that match entered patterns.
GRG is the GNU Report Generator.
Groff is a document formatting system based on a device-independent version of `troff'.
GNU GRUB is the GNU GRand Unified Bootloader.
GnuPG is a program for encrypting, decrypting and signing email and other data. It is a complete implementation of the OpenPGP Internet standard.
GTK+ is a GUI toolkit for the X Window System.
GTKeyboard allows the user to press keys on an onscreen keyboard that will either be entered into a simple text editor, or into the application of choice.
Guile is the GNU extensibility library.
gzip is GNU's program for compressing and decompressing files.
The GNU hello program produces a familiar, friendly greeting. It allows non-programmers to use a classic computer science tool which would otherwise be unavailable to them.
Help2man is a tool for automatically generating simple manual pages from program output.
GNU hp2xx reads HP-GL files, decomposes all drawing commands into elementary vectors, and converts them into a variety of vector and raster output formats.
Httptunnel creates a bidirectional virtual data path tunnelled in HTTP requests.
Hyperbole, written by Bob Weiner in Emacs Lisp, is an open, efficient, programmable information management, autonumbered outliner, and hypertext system, intended for everyday work on any platform Emacs runs on.
ID Utils is a package of simple, fast, high-capacity, language-independent tools that index program identifiers, literal numbers, or words of human-readable text.
GNU indent formats C source code into GNU, BSD, K&R, or your own special indentation style.
Inetutils is a distribution of common networking utilities and servers.
Ispell is an interactive spell checker that suggests `near misses' to replace unrecognized words.
JACAL is a symbolic mathematics system.
java2html is a small program that, given a java source code, produces an html source with syntax highlighting.
Kawa is a Scheme environment, written in Java, and that compiles Scheme code into Java byte-codes.
less is a display paginator similar to `more' and `pg', but with various features (such as the ability to scroll backwards) that most pagers lack.
libpng is a reference library for the PNG graphics format.
libtool makes it easy to develop and maintain shared libraries.
libxmi is a C/C++ function library for rasterizing 2-D vector graphics. It can draw 2-D vector graphics primitives onto a user-supplied matrix of pixels.
lilypond is a music typesetter.
GNU m4 is an implementation of the traditional Unix macro processor.
Mailman is a software to help manage email discussion lists.
make automatically determines which pieces of a large program need to be recompiled, and issues commands to recompile them.
Maverik is a virtual reality micro kernel.
maxima is a Common Lisp implementation of MIT's Macsyma system for computer based algebra.
The Midnight Commander is a user friendly and colorful Unix file manager and shell, useful to novice and guru alike.
Meta-HTML is a programming language specifically designed for working within the World Wide Web environment.
Mifluz provides a C++ library to build and query a full text inverted index.
The mll2html reformats a mailinglist file into a more convenient HTML file.
mtools is a set of public domain programs to allow Unix systems to read, write, and manipulate files on a DOS file system (typically a diskette).
Nana is a package for programming and testing debugging assertions.
Ncurses is a package for displaying and updating text on text-only terminals.
OBST is a persistent object management system with bindings to C++. OBST supports incremental loading of methods.
Octave does arithmetic for real and complex scalars and matrices, solves sets of nonlinear algebraic equations, integrates systems of ordinary differential and differential-algebraic equations, and integrates functions over finite and infinite intervals.
Oleo is a spreadsheet program. It supports the X Window System and character-based terminals, and can output Embedded Postscript renditions of spreadsheets.
Panorama is a framework for 3D graphics production.
patch is our version of Larry Wall's program to take `diff''s output and apply those differences to an original file to generate the modified version.
PCB is a freeware package for designing printed circuit board layouts.
Phantom.Home is a computer controlled home automation system.
Phantom.Security is a computer controlled security system.
The Plotutils package contains `libplot', a C/C++ library that can export 2-D vector graphics, in many file formats, and do vector graphics animations. It also contains several command-line programs for plotting scientific data.
GNU Prolog (gprolog) is a native compiler for ISO Prolog with constraint solving over finite domains.
PSPP is the GNU replacement for SPSS.
Pth is the GNU Portable Threads library
ptx is the GNU version of the traditional permuted index generator.
queue is a load-balancing/distributed batch processing and local rsh replacement system
R is a system for statistical computation and graphics. It is a dialect of the S programming language from Bell Labs.
RAT is a Recipe Analysis Tool which calculates the total nutrients in a given recipe.
RCS, the Revision Control System, is used for version control and management of software projects.
GNU recode converts files between character sets and usages. When exact transliterations are not possible, it may delete the offending characters or fall back on approximations.
GNU Robots is a game/diversion where you construct a program for a little robot, then watch him explore a world.
rx is a replacement for the GNU regex library.
GNU Sauce (Software Against Unsolicited Commercial Email) is an SMTP server written to help in the fight against spam and also helps encourage good configuration and system administration in general.
Sather is an object oriented language designed to be simple, efficient, safe, flexible and non-proprietary.
screen is a terminal multiplexer that runs several separate `screens' (ttys) on a single character-based terminal.
sed is a stream-oriented version of `ed'.
shtool is a portable shell tool for use inside source trees of free software packages.
Sharutils includes `shar',which makes so-called shell archives out of many files, preparing them for transmission by electronic mail services; `unshar' helps unpack these shell archives after reception.
The Shellutils are: `basename', `chroot', `date', `dirname', `echo', `env', `expr', `factor', `false', `groups', `hostname', `id', `logname', `nice', `nohup', `pathchk', `printenv', `printf', `pwd', `seq', `sleep', `stty', `su', `tee', `test', `true', `tty', `uname', `uptime', `users', `who', `whoami', and `yes'.
smail is a mail transport system, designed as a compatible drop-in replacement for `sendmail'. It uses a much simpler configuration format than `sendmail' and is designed to be setup with minimal effort.
GNU SQL is a free, portable multiuser relational database management system.
stow manages the installation of software packages, keeping them separate while making them appear to be installed in the same place.
Sweater is a generic database front end tool.
SXML is a tool to define and implement a markup language.
GNU tar includes multi-volume support, the ability to archive sparse files, compression/decompression, remote archives, and special features that allow `tar' to be used for incremental and full backups.
The Termutils package contains programs for controlling terminals. `tput' is a portable way for shell scripts to use special terminal capabilities. `tabs' is a program to set hardware terminal tab settings.
texinfo is a set of utilities which generate printed manuals, plain ASCII text, and online hypertext documentation (called `Info'), and can read online Info documents.
textutils is a set of utilities for manipulating text.
time reports (usually from a shell) the user, system, and real time used by a process. On some systems it also reports memory usage, page faults, etc.
GNU Trueprint is a program for printing source files and other text files to a postscript printer.
units is a program for units conversion and units calculation.
userv is a system facility to allow one program to invoke another when only limited trust exists between them.
wdiff is a front-end to GNU `diff'. It compares two files, finding the words deleted or added to the first to make the second.
wget non-interactively retrieves files from the WWW using HTTP and FTP. It is suitable for use in shell scripts.
Window Maker is a window manager for X.
XaoS is a real-time fractal zoomer.
xhippo is a generic playlist manager program for a variety of sound players.
xinfo is an X-windows program for reading Info files.
Xlogmaster is an X11 program that does comfortable and fast monitoring of all logfiles and every device that allows its status being read by cat (like the /proc devices).
xshogi is a graphical Shogi (Japanese Chess) board for the X Window System.
Zebra is an implementation of many popular routing protocols.
zlib is a free lossless compression library.

--

Re:What If The Tables Are Turned?

[iankerickson]

This is almost certainly already the case. It's just a matter of what and where. Bug fixes and exploits on the BSD TCP/IP stack revealed that NT essentially used BSD's TCP/IP logic (if not the code). But I haven't seen many dialogs in Windows saying "portions of this product are owned by the Regents of UC Berkeley".

That doesn't mean you'll find the code from BSD lifted wholesale in there, but a search of the Windows or NT source would probably turn up a little intellectual property theft.

Besides the network code, I'd look at the "Compress" attribute for files, the PostScript drivers, the POSIX "compatibility" sub-system, IIS, Internet Explorer (since it's based on the Spyglass browser), ftp client, telnet, and some of the networking services (DHCP, RCP). You all could probably name other likely candidates for GNU/BSD code lifts.

Of course Windows Me has its particular code tree, so who knows what's there. There was also the mass exodus of Apple programmer to Microsoft in the 90s. So if you developed at Apple in the last 15 years, you might be able to find some of your own work in the source for various Microsoft products. Remember "Video for Windows"?

Not that other companies don't do this too. Apple's Disk Copy utility makes disk images which are basically tar balls. Probably a little borrowing there, but it's convenient if you run Linux on your Macintosh.

Re:What If The Tables Are Turned?

[bobwyman]

symlinks are ancient technology, first implemented in Multix I believe. Mapping drives to directories was also common and supported in a variety of old DEC operating systems as well as OS's other than Unix. Many of the NT developers (i.e. Cutler and Co.) came from DEC and had implemented both features there or had experience with them. bob wyman

Re:What If The Tables Are Turned?

[otuz]

>Just a random thought that popped in my head, but
>what if it turned out that GPL'd code was found in
>Microsoft's source code?

Good point... and how all the code in windows that damages 3:rd party software.. like when i installed win2k, it somehow conflicted with my mobo and flashed random values to the cmos every time i launched netscape..

Re:What If The Tables Are Turned?

[AndrewHowe]

VMS is not Unix.

Re:What If The Tables Are Turned?

[gTsiros]

I like the "1983" part best.

Re:What If The Tables Are Turned?

[dodobh]

Mount the windows drive under a unix system (or copy the file to a unix system, or get strings ported to windows), and then run strings on it.

Re:What If The Tables Are Turned?

[otuz]

Yeah, sure. If you'd read my user info you'd know I don't use ext2 nor fat.

..and you cant do any damage to my l33t powerbook by yanking the powercord :)

Re:What If The Tables Are Turned?

[Eccles]

Thank you! I'd web-searched for Windows linking, but everything I found said files only.

Re:What If The Tables Are Turned?

[chrr]

You can create arbitrary hard links for directories with the free tool junction ( www.sysinternals.com/misc.htm). I never had any problems with this tool (the only restriction is you that can not create hard links on a network drive and the permissionstables are not displayed properly). If just want to mount partitions you can also use the disk manager.

Re:What If The Tables Are Turned?

[ddstreet]

%mount /c
%cd /c/winnt/system32/dllcache
%strings -a -f * | grep "Copyright " | grep -v Microsoft

asycfilt.dll: Copyright (C) 1995, Thomas G. Lane
avicap.dll: Copyright
avifile.dll: Copyright
commdlg.dll: Copyright
compobj.dll: Copyright
ctl3dv2.dll: Copyright
ddeml.dll: Copyright
dmadmin.exe: 2.70 Copyright (C) NEC Corporation 1985,1995
dmio.sys: Copyright (C) 1996 VERITAS Software Corporation. ALL RIGHTS RESERVED.
dosapp.fon: Copyright
drwatson.exe: Copyright
dxmasf.dll: Copyright (C) 1996, Thomas G. Lane
dxtmsft3.dll: Copyright (C) 1996, Thomas G. Lane
finger.exe: @(#) Copyright (c) 1980 The Regents of the University of California.
fontext.dll: Copyright 1988-1991 Adobe Systems Inc.
ftp.exe: @(#) Copyright (c) 1983 The Regents of the University of California.
gdi.exe: Copyright
gpkrsrc.dll: Copyright (c)1996 VeriSign, Inc. All Rights
gpkrsrc.dll: This certificate incorporates by reference, and its use is strictly subject to, the VeriSign Certification Practice Statement (CPS), available at: https://www.verisign.com/CPS-1.0; by E-mail at CPS-requests@verisign.com; or by mail at VeriSign, Inc., 2593 Coast Ave., Mountain View, CA 94043 USA Tel. +1 (415) 961-8830 Copyright (c) 1996 VeriSign, Inc. All Rights Reserved. CERTAIN WARRANTIES DISCLAIMED and LIABILITY LIMITED
gpkrsrc.dll: This certificate incorporates by reference, and its use is strictly subject to, the VeriSign Certification Practice Statement (CPS), available at: https://www.verisign.com/CPS; by E-mail at CPS-requests@verisign.com; or by mail at VeriSign, Inc., 2593 Coast Ave., Mountain View, CA 94043 USA Tel. +1 (415) 961-8830 Copyright (c) 1996 VeriSign, Inc. All Rights Reserved. CERTAIN WARRANTIES DISCLAIMED and LIABILITY LIMITED.S
h261_32.ax: Copyright
h263_32.ax: Copyright
infosoft.dll: Copyright [c] 1995 INSO Corporation
keyboard.drv: Copyright
krnl386.exe: Copyright
lzexpand.dll: Copyright
mciavi.drv: Copyright
mciole16.dll: Copyright
mciseq.drv: Copyright
mciwave.drv: Copyright
mei32api.dll: (C) Copyright IBM Corp. 1992, 1995
mei32api.dll: (C) Copyright IBM Corp. 1993
micross.ttf: Copyright
micross.ttf: USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN
mmsystem.dll: Copyright
mmtask.tsk: Copyright
modern.fon: Copyright
mouse.drv: Copyright
msacm.dll: Copyright
msawt.dll: Copyright (C) 1995, Thomas G. Lane
msihnd.dll: Copyright (C) 1996, Thomas G. Lane
msttssyn.dll: (c) Copyright 1993-1997
msvideo.dll: Copyright
mwblw32.dll: (C) Copyright IBM Corp. 1997 all rights reserved. US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
mwcnam32.dll: Mwave Software. (c) Copyright IBM Corp. 1994-1997. All Rights Reserved. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Licensed Material - Property of IBM.
mwcpyrt.exe: IBM Copyright Notice
mwrcov16.exe: Borland C++ - Copyright 1994 Borland Intl.
mwwtt32.dll: (C) Copyright IBM Corp. 1994 to 1997 all rights reserved. US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
netapi.dll: Copyright
nslookup.exe: @(#) Copyright (c) 1985,1989 Regents of the University of California.
ntvdm.exe: (C)Copyright Insignia Solutions Inc. 1987-1992
ntvdm.exe: 1.2 5/24/91 Copyright Insignia Solutions Ltd.
offfilt.dll: inflate 1.0.4 Copyright 1995-1996 Mark Adler
ole2.dll: Copyright
ole2disp.dll: Copyright
ole2nls.dll: Copyright
olecli.dll: Copyright
olesvr.dll: Copyright
os2.exe: Copyright (C) Rational Systems, Inc.
pax.exe: Copyright (c) 1989 Mark H. Colburn.
pax.exe: Copyright (c) 1989 Mark H. Colburn.
pmspl.dll: Copyright
pngfilt.dll: i inflate 1.0.4 Copyright 1995-1996 Mark Adler
rcp.exe: @(#) Copyright (c) 1983 The Regents of the University of California.
rsh.exe: @(#) Copyright (c) 1983 The Regents of the University of California.
script.fon: Copyright
shdoclc.dll: Unix version contains software licensed from Mainsoft Corporation. Copyright (c) 1998-1999 Mainsoft Corporation. All rights reserved. Mainsoft is a trademark of Mainsoft Corporation.
shell.dll: Copyright
sound.drv: Copyright
spcmdcon.sys: 2.70 Copyright (C) NEC Corporation 1985,1995
storage.dll: Copyright
sysedit.exe: Copyright
sysedit.exe: Copyright
system.drv: Copyright
tahoma.ttf: USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN
tahomabd.ttf: USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN
tapi.dll: Copyright
tcarc.sys: Thomas-Conrad ARCNET/TCNS Miniport Driver for NDIS 3.0, (C) Copyright 1990-94 Thomas-Conrad, Inc., All Rights Reserved, 1.10.0.0(950620)
thumbvw.dll: Copyright (C) 1996, Thomas G. Lane
timer.drv: Copyright
toolhelp.dll: Copyright
typelib.dll: Copyright
user.exe: Copyright
ver.dll: Copyright
vga.drv: Copyright
vgaoem.fon: (c) Copyright Bitstream Inc. 1984. All rights reserved.
vgaoem.fon: (c) Copyright Bitstream Inc. 1984. All rights reserved.
vgaoem.fon: Copyright
vgx.dll: 4,f deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
vgx.dll: f,f inflate 1.1.3 Copyright 1995-1998 Mark Adler
webvw.dll: Copyright (c) 1998 Hewlett-Packard Company
webvw.dll: Copyright (c) 1998 Hewlett-Packard Company
wfwnet.drv: Copyright
wifeman.dll: Copyright
winhelp.exe: Copyright
winhelp.exe: Copyright
winnls.dll: Copyright
winsock.dll: Copyright
winspool.exe: Copyright
wow32.dll: RQuickBooks for Windows Version 2. Copyright 1993 Intuit Inc. All rights reserved.
wowdeb.exe: Copyright
wowexec.exe: Copyright
xenroll.dll: USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN
xiffr3_0.dll: Copyright (C) 1995, Thomas G. Lane

Re:What If The Tables Are Turned?

[durstann]

Yeah, and if you play it backwards through an mp3 decoder you can hear Bill laughing.

Re:What If The Tables Are Turned?

[yuri+benjamin]

Just a random thought that popped in my head, but what if it turned out that GPL'd code was found in Microsoft's source code?

If M$ used GPL code, then by law the resulting program has to be released as GPL code. If this could ever be proved M$ would lose heaps, unless they bought the judge or something. (They could probably afford that).

I'm sure every OSS advocate has dreamed about such a scenario. I know I have.

Re:What If The Tables Are Turned?

[otuz]

> I understand what he is saying, but I fail to <BR>
> comprehend how what he is saying can possibly <BR>
> be true. Hence, erm...? <BR>
<BR>
Well, it was like this:<BR>
1: shiny new peecee, unformatted harddrive, win2k cd.<BR>
2: install win2k <BR>
3: reboot <BR>
4: everything works for some week or so (a lot of software is used).. until..<BR>
5: the user installs netscape communicator <BR>
6: user launches netscape communicator <BR>
7: machine freezes <BR>
8: machine gets rebooted, bios reports very funny values (cpu speed, date/time, everything is screwed up) and the values are different on every boot-up
9: machine gets replaced, the retailer makes sure all bios settings are ok on the new machine... windows is installed and so on.. everything works and then we try to launch a fresh new download netscape.. kaboom! the same thing happens.. machine gets replaced (warranty is a good thing).. win98 is
installed and everything works...<BR><BR>
strange, huh? :) <BR><BR>
i never got an explanation of what happened..

Re:Re:What If The Tables Are Turned?

[greenrd]

Siggy, you have no life.

I should have known you were lying when you promised to quit Slashdot forever.

Re:I understand, but....

[theoriginalturtle]

Not in and of itself, but this isn't about crime, it's about liability (or the potential) which is a completely different thing. Turtle

Re:An interesting reversal of fortunes.

[Wellspring]

To be honest, I had this smug feeling about the whole deal until I read the article. This is really an unfortunate situation. More importantly, it touches all of us, since anyone who tries to reverse engineer an API from MS is going to get painted with the haxor brush. The MS code isn't even that good. I only hope that they don't use this as an excuse to begin a litigious assault on the Open Source movement. Sustained lawsuits attacking key applications will slow development, and could influence virtually everything we do.

One thing this means for us is this: concentrate in your source trees, now more than ever, on modularity. Any time a chunk of code becomes suspect, we should be able to isolate and replace it until the dispute is resolved.

On another note, it would probably be a good idea for people in the Open Source community to alert the FBI to anything we might hear about who may be responsible for this. While I don't like MS, the courts will punish them for their monopoly, and the marketplace will punish them for their close source methodology. To not assist whereever appropriate will leave us open to accusations that our community is filled with criminals and warez d00dz.

Besides, the sooner this is put to rest, the sooner we can dispel the myth that MS source code is actually valuable in the first place...

Re:Bob goes legit

[Yardley]

It was kind of funny, but not really.

--

speculation

[defunc]

it's just amazing to see all the writing that have been derived since the news was made public. it's all conditional and nobody except for microsoft really knows what was seen and what was stolen. all these authors ought to get some technical training before trying to write an technical article. all i read is buzz words: trojan horse, back door, email, russia. none can definitely give a really good explanation of how exactly that happened. why?

Re:Plan

[segmentation+fault]

I thought about the same thing. It's paranoia, but each time I've thought "Nah, I'm being too paranoid. Microsoft wouldn't do such an (evil|stupid|incompetent|bad) thing", I've been wrong.

What if the code wasn't stolen. They could claim it was stolen, then sue anyone working with their file formats or API's, and claim that they couldn't have accomplished what they did without seing the actual source.

Without any proof of the source actually floating around on the net they would probably loose, but just the threat and execution of law suits would scare a lot of people from working in that area.

BTW: If someone bought one of the collections of 68.000.000 mail addresses, and mailed pieces of the source personally to each with a misleading subject, would then everyone have to prove that they didn't read that mail to be able to continue working as developers at all? I mean, if open source developers could be sued if they had seen the source, so could all the other developers.

I don't know....

[ToddN]

Warnings that even viewing MS source could damage the Open Source movement.

Am I being paranoid^H^H^H^H^H^H^H^Hconcerned that MSs "theft" could be their carefully orchestrated, poorly disguised effort to discredit/destroy Open Source through oppresive application of litigation?

Re:I don't know....

[WindowsTroll]

I don't see the benefit to Microsoft for orchestrating this theft.

Since the theft has occured and is in public, it brings to light a lot of questions regarding the security of NT (I'm assuming that their servers are NT). A MS loss.

If Microsoft says that they are using *nix servers to discredit *nix hackers, then it is basically an open admission that *nix is a better server solution than NT. Again, a MS loss.

Opressive application of litigation? They would only be able to go against the perpetrators of the crime and anyone using the stolen code. The rule of thumb for /.ers and anyone else is to stay away from the code.

Discredit Open Source? MS surely sees Open Source as a threat to their business model, but to pull a stunt to discredit open source is a bad PR campaign. A few years ago, Open Source did not have respect or legitimacy from the "corporate" community, but with IBM throwing some muscle behind Open Source, it now has legitimacy from the business community. Forget the arguments regarding Open Source code being rock solid and around for a long time, the historical perception of Open Souce - from the perspective of the "corporate" community - is that it was just a bunch of software hacked out by every Tom, Dick and Harry. Now that some big corporate plays are getting behind Open Source, it is only beginning to see widespread respectibility from the suits.

Re:I don't know....

[Denis+Lemire]

Actually for your information KDE 2's (final) crash dialogue is the prettiest crash dialogue I've ever seen! Much nicer looking then the GPF. Has this really nice looking graphic of a gear with a bomb in the center of it... Looks very nice... I'll take that over the GPF anyday!

Re:I don't know....

[Frac]

Am I being paranoid^H^H^H^H^H^H^H^Hconcerned that MSs "theft" could be their carefully orchestrated, poorly disguised effort to discredit/destroy Open Source through oppresive application of litigation?

ssshhhh. What was that sound?

Re:I don't know....

[Andrew+Dvorak]

Exactly, the benefits of implementing gpf-like functionality (better crash-dialog functionality) into kde or, for the gnome folk, gnome.

Seriously, though, I know not what the true story is, but I'm sure there are many reasons Microsoft might execute such and infinately many reasons why they would not have. And, by the way, we don't even know what, if, or exactly how much code was stolen.

Maybe this is another case of a hard drive being misplaced behind a copy machine, anyways.

Microsoft has invested MANY millions of dollars into their software -- something they obviously don't want to lose -- against your theory. With all the funky legal stuff going on in recent years, I must say if Microsoft hasn't used this vehicle, you are first, in my book, to give ideas to those who will ;-)

Re:I don't know....

[Jburkholder]

Oh, you got me! Damn you (fscking troll)

Re:I don't know....

Maybe its just another toy to help destroy the Elder Race of Man. :-)

Re:I don't know....

[iankerickson]

It is convenient for Microsoft to have a new excuse to unlease the hounds on samba and wine, just when they need to. It doesn't even have to be that bad - they may have a contigency plan for "What if our code gets stolen?" - a lemonade recipe, if you will.

But this kind of thing has been a long time in coming. Kevin Mitnick did this to Sun, and they weren't merciful in kind. Microsoft has been 2600's holy grail of sites to hack for the longest time. It was just a matter of time, talent, and working up the courage to hack the scariest, meanest software company in the US. There's this irrational fear of Microsoft in the US, but in the last two years they've lost a lot of their intimidation value, thanks to their stupidity at the trial.

Re:I don't know....

[hanway]

Apple's source code was stolen years ago, and somehow free software managed to flourish, untainted. A few months from now, this will be completely forgotten. So, yes, you're being paranoid.

Re:I don't know....

[mkachan]

If they really have done that and someone gets to know it, I'm afraid that will be one of the worst mistakes of their life. And that would certainly appear to be the move of a dying elephant.

Re:I don't know....

[roryi]

I don't... My keyboard fell off my desk last week, and, of course, all the keys went flying.

I managed to find 'em all, apart from PgDn and Pause/Break, which appear to have rolled under a desk which, unfortunately, has been bolted to the floor :/

Still, I managed to theive a couple of Windows keys from the nearest 105-key abominations, and, with judicious use of a little bit of sandpaper and a black marker pen, things are as good as new. Well, they would be if I could find a way of removing all the crud that mysteriously coats the "j" and "[" keys....

ObTopicalComment: Um, yes, this *does* appear to be um, "convenient" for Microsoft - but not *too* convenient. No, for it to be too convenient, we'd have to see brown paper packages filled with annotated print-outs of the source landing on the Samba developers' doorsteps...

Re:I don't know....

[wass]

You're not the only one being paranoid. Read my comment about this issue. It's posted below, on this same /. thread.

Re:I don't know....

[Frac]

I was being sarcastic, you genius you.

Re:I don't know....

[QuoteMstr]

Actually, Gnome apps *do* have a crash dialog.

Re:I don't know....

[z)bandito(_X]

That was before the DMCA..

Re:I don't know....

[Anonymous+Bullard]

The possibility of litigation as a deterrant?

Many big businesses have important applications built in-house that they'd like to be able to run stably under WIN32 environment such as WINE not only because W2K et al are very expensive to deploy but to get off the forced upgrade merry-go-round altogether. Now, having paying customers moving away from the influence of MS-Windows is a scary no-revenue no-control no-win proposal for Microsoft.

It may only take some serious questioning by MS about the purity of the WIN32 alternatives' clean-room implementation to scare off large potential customers from investing in the alternative to MS-Windows.

Perhaps such fears would end up making Borland's Delphi -> Kylix approach more attractive since Borland, IIRC, has settled their IP issues with MS, and the resulting binaries would be native on multiple platforms (Linux and WindowsXX initially).

WINE is a very useful project, but perhaps they'd ought to draw a line somewhere, stop chasing the ever-changing WIN32 APIs-of-the-day ad nauseum and concentrate on perfecting the most common legacy WINxx environments while creating a mature and non-changing Winelib target for those WINxx ISVs who want to target Linux customers the easy but supportable way.

MS can still win small battles with their FUD, but the momentum in the war has turned to our advantage.

Re:Can you imagine....

[amanb]

No.

OK to look at code -- MS has screwed itself

[ahaile]

It's been interesting to watch MS change the story about the hack. Every day, it becomes less severe:

• first, it lasted three months, and there was talk that not only was source downloaded, but it might have been modified
• then, it was for six weeks, and MS was sure that no source was modified
• now, it was only one week, and source was only "viewed", not downloaded, and to a minor "future product" at that.

What's going on? Well, it seems like MS's PR department has been working hard to downplay the attack. Notice how the informant shifts over time from an unnamed "Microsoft engineer" to Balmer to MS's "corporate security officer." I assume that what happened went like this: 1) a mid-level MS engineer leaked the real story to the press, 2) PR (Balmer) steped in for damage control, and finally 3) PR propped up a puppet with a written script to try and kill the issue.

The thing is, the strategy may backfire on MS. Now, they can't claim that open source developers are pirating their code. They've already gone on record saying no MS code exists in the wild. Which means that if you happen upon the source to Office, you are free to look at it, since MS has already declared that that code does not exist.

Heh.

Re:OK to look at code -- MS has screwed itself

[Johnny+Starrock]

Mmm hmmm... You can trust companies not to lie!

Mad cow disease isn't linked to CJD!

The US forced an invasion of Yugoslavia for humanitarian reasons!

There's not link between health problems and smoking!

dot-com super start-up *whatever*.com is going to file an honest 10-K without any "voodoo" figures!

It's all BS. Whoever yells loudest and has the most money is right.
(and yes, I consider most "western" governments companies. think about it for a spell...)

I understand, but....

[r0r0]

While I understand the legal issues involved... it still irks me that reading something can get you into trouble. I mean - is it a crime to read? I'll be sure to bring a pair of blinders with me everywhere I go now... I wouldn't want to accidently read something I shouldn't.

feh!

Re:I understand, but....

[MR.Gates]

If you had permission to view the prints then yes it's ok but if not then you probably stole them, or have snuk into a place where you shouldn't be. Although I do agree with you in just because you have seen it doesn't make you a theif. I have seen engineering shops where they take on interns and such, and have wonderd if those people where using some of the designs aquired from one shop to another, but then agin I just work for the IT dept. so I really don't care.

Re:I understand, but....

[nugatory]

I don't see this.

It's microsoft's code, and they have as much right to release it under their EULA or not at all as RMS has to release his code under the GPL or not at all, or you have to release your code under any license that you please. You may choose to put your code in the public domain, but no one else should be able to compel you to do so.

There's a fairly basic principle that stolen property still belongs to the original owner. If A owns a car, and B steals it and then sells it to C, what's C's position? If C knew the car was stolen, then he's committed the crime of receiving stolen goods. If he didn't, then he paid B for a car that wasn't B's to sell, so he's out the money and angry at B - but he has no more claim to the car than if it had never been stolen.

Re:I understand, but....

[Digitalia]

Not at all. Regardless of the location of sale, Subject C would be forced to relinquish the car to the Victim. The only way they get any reimbursement is by going after the Thief in court.

Re:I understand, but....

[floop]

This is how the law of trade secrets would work in this instance.

If B aquires A's tradesecret through improper means and turns it over to C, C has a duty not to disclose or use it if he/she has notice that it's a trade secret and was obtained through improper means.

• Notice: Cwill be deemed to have notice if a reasonalble person under the same circumstances would know or would be led to inquire further and a reasonable investigation would uncover these facts.

In other words If you were to obtaine a copy of some source that had been stolen from MS that a reasonable person would realize was MS source code, it could be found actionable if you were to use this code in whole, part or as reference in another project.

The "as reference" part is where it get a little more tricky. MS would have to prove that the resulting project had been substantially derived . So just having looked at code from MS or even having better understood a problem, doesn't necessarily mean that you're in trouble. All of this is dificult to prove

Just remember that MS only has a burden of proof in a preponderance of the evidence, Not "beyond a reasonable doubt" or "clear and convincing".

Re:I understand, but....

[Gorgonzola]

Well, the principle you are referring to is not as basic as you think. There are quite a few jurisdictions where C would become the legitimate owner of the car if he could be expected that B was not the owner of the car. For example, if he bought the car at an auction for a price which is within a reasonable range of the car's market value.

Re:I understand, but....

[Gorgonzola]

Has it ever occured to you that there are jurisdictions outside the US?

Re:trade secrets mean...

[mwa]

I'm sure a Firewall is a good example of protection steps.

Usually, but if you're using Outlook's read-and-execute mail reader, you've pretty much blown a hole from the inside out. I think you might make a good case that, with it's history of exploits, maintaining trade secrets on any box that runs it is negligent.

Re:Who's afraid of Big Bad Bill?

[nasty_penguin]

I quite agree, MS, or anyone else for that matter does not have the resources, man power etc. to track down every developer or potential developer on projects such as samba, or wine. Besides the above constraints, MS would also be constrained by the fear of bad press, consumer/governmental reaction ... However powerfull microsoft is, they do indeed have finite power. The resources to shutdown any open source project are enormous (developers around the world, source code already in the hands of future potential developers). I think it is the very nature of open source that makes it impossible to eradicate. We should all be aware of posibility of such legal tactics against open source software in the future. There seems to be a lot of paranoid conspiracy theorists amongst ourselves :-)

How correct is this?

[KillBot]

The article seems to make sense, and I applaud the samba guys for their cleanliness. But is it really that serious? Is it the same thing as seeing a circle and using that idea to create a sphere? I think in a perfect reality without software patents and everything, it should be fair game to incorporate ANY found source code and give credit with the source distribution. I'm curious as to what could happen if someone read MS source code, and then worked on a related OSS project. Aren't there documented cases of Microsoft incorporating someone else's (Apple, Xerox) "trade secrets" into their products?

Re:How correct is this?

[nugatory]

Aren't there documented cases of Microsoft incorporating someone else's (Apple, Xerox) "trade secrets" into their products?

If such a thing could be "documented", then microsoft would be liable for damages for stealing trade secrets.

And if someone with access to microsoft trade secrets uses them in an OSS product, then they would be liable for stealing trade secrets too, if it could be "documented".

There's nothing really complicated here. Just because they are evil swine doesn't make it OK to steal from them.

Re:How correct is this?

[Johnny+Mnemonic]

Apple initially sued MSFT for duplicating the "look and feel" of their GUI interface. The judge said no dice, for a number of reasons. It was only later discovered that MSFT went farther than using the "look and feel", and actually reused Apple's source code. However, by that time Apple had lost enough market share to be the underdog in an expensive courtroom litigation, and so settled with MSFT--that settlement arrangement being part of the 150M that MSFT purchased of Apple's (non-voting) stock. They are rumored to have actuallly paid Apple several hundred million more, with no stock compensation.

Incidentally, a promise from MSFT to produce Office for the Mac, until 2003, was part of that arrangement, and was a wise move--not only did it make MSFT lots of money, but also provides important compatibility with Windows machines, that Macs wouldn't have otherwise have had.

Re:fuck you and your crappy little country

[Ranger+Rick]

Thank god for EuroDisney!

It's not because it's a trade secret,

[Trevor+Crosse]

It is because Microsoft holds the copyright to this code. They have not licenced these (hypothetical) developers to use it. It would be the same legal argument that would be made if someone tried to incorporate GPL'd code into a proprietary poduct.

The source being stolen is BAD

Think about it. A lot of people use windows. they have the source, and exploits we don't. M$ is not...shall we say...on the ball about bugs, and with crackers having the source and exploits that windows users have no way of knowing and no way of stopping, look out for that bad worm/trojan that everyone's been talking about.

Re:More like a thought for the dumb.

[segmentation+fault]

So what if they can't get anyone convicted. The open source developer would have to pay a loyar to demand proof that the code was actually stolen, and I bet a lot of developer would think "Nah, it's just a minor side project anyhow. It's not worth that much effort".

Re:Legality of Reading the Code

[vvishal]

I totally aggree with u that even if u get access to the code, deny that u ever saw it and dont discuss that u saw the code with any one. Keep it secret. otherwise the whole open source might land in trouble.

Open Source or Privacy: choose one

[Anonymous+Squonk]

I am sick of hearing all of the hypocrites who can actually advocate Open Source and Privacy in the same breath.

If you believe in Open Source, wouldn't you believe that this world would be a whole lot better if everybody had access to every piece of information about everyone? Full disclosure to everybody would solve poverty, hunger, war, and almost every other major problem plaguing us!

If you are firm on maintaining your privacy, wouldn't you respect a company's rights to protect their own property? If your hernia or sexual adventures are important enough to protect with military-grade encryption, shouldn't those same benefits be given to the products that make companies like Microsoft billions of dollars a year?

Choose one, and shut up about the other!

Lawyers: a question about "tainting"

[ajs]

So, what happens if someone posts a review of the way MS did, say, real-time prioritization. Clearly the person who wrote this is treading thin ice, and MS will likely go after them.

On the other hand, does the person who reads this review have any obligation not to use the info? It seems to me that there's no copyright OR trade secret protection for a method that you came across this way. Unless MS has patented the particular method, you SHOULD be free and clear.

Lawyers? Thoughts?

I, however, am most interested in just how bad the code is. I'd love to look at it, not because I think they have any good ideas, but because I want some humor in my life ;-)

Re:Open Source or Privacy: choose one

[Hairy1]

Whats the problem? Open Source is a decision of the developer. Until a developer decides to release code it belongs to them. The principle of privacy is that the individual has control over the use of their information. Take an issue with privacy - companies installing spy applications on your PC without your knowlege or permission. I don't agree with this because you havn't given your permission for them to access your computers information.

When you dstribute some Software as Open Source you are explicitly giving people permission to use and distribute it, so those people are complying with your privacy wishes.

I don't think its a corporate/individual thing - its a permission thing. If you give information away thats one thing, having information stolen from you is another.

Re:Let me get this straight...

[Drath]

Wait... so that would make working for Microsoft the equivalent of an Actor's inability to get legit roles after working in Stag films... I knew it all along...

oh, gee, well that's too bad

[tomme]

i'm so tired of self-loathing moaning yanks (on slashdot, particularly) always complaining about what someone else "says" like it broke their bones or something. The idea of free speech, that many americans claim to value so highly, is that people can make unsolicited comments that others may not like. The world doesn't owe you polite conversation. Meanwhile, the logic of my initial statement is incontrovertible, and if you read it again a few times (slowly, or get a grown-up to help)maybe you'll see that

Re:oh, gee, well that's too bad

[Shadowcaster]

You know, you'd better be careful. Someone might mistake you for a human being.

As for polite conversation, I don't know about you, but I like to give people the benefit of the doubt first off, and not make statements like that. Granted, it CAN be taken your way, but only an anal retentive would defend insults like that. I only hope that you are unique to your country, and never EVER reproduce.

I'm not sure what your story is, but get bent. I don't care much. I might have had you come off as even subintelligent, but you went far below that one..

I'll leave you with a saying I picked up, from outside of the US even (bonus!)
Go burn yourself.

Re:Here I am being paranoid...

[daevt]

I'm sure that the people who are working on the wine project can show tarballs of source code going farther back than microsoft could. it doesn't matter anyways, if they can show the source from four months ago (one month before MS got cracked) than they can prove beyond any doubt that they aren't receiving stolen code in any way shape or form and then also that MS is trying to sabbotage them, thats not only an unfair bussiness practice, but i doubt that the FBI likes it when big brother cries wolf...

Re:Microsoft's take on things

[MattBaggins]

Yes and I believe that that page was written by Officer Barbrady

Legal Ramifications of reading GPL'd code?

[Jabbaloo]

If I read MS code, then I can't participate in any Open-Source projects, because I've been influenced by MS proprietary code and trade secrets.

OK. Fine.

So, if I read GPL'd code, does that mean I can't participate in Closed-Source projects? Must every project I'm involved with be GPL'd and released to the public, because I've been influenced by GPL'd code?

How far do we take this?

Re:Dont read this, it contains Microsoft source co

[dstone]

i++;

The MS coding standard requires use of the unary pre- (rather than post-) increment operator. The quoted line does not conform. ;-P

An interesting reversal of fortunes.

[electricmonk]

It is hard to imagine that something that could look so good on the surface (Microsoft getting totally 0wned) could be so bad for the Free Software Movement. Now potentially any open source project that has anything to do with Microsoft interoperability is open to a law suit. At the very least, it will make accepting contributed code into the CVS tree more difficult.

It has been said that one of the fundamental damages that security breaches cause is not only the loss of data, but the loss of the integrity of data. It is unfortunate that this loss of integrity has to spread to other victims that have basically nothing to do with Microsoft.

Re:An interesting reversal of fortunes.

[alexburke]

More importantly, it touches all of us, since anyone who tries to reverse engineer an API from MS is going to get painted with the haxor brush. The MS code isn't even that good. I only hope that they don't use this as an excuse to begin a litigious assault on the Open Source movement. Sustained lawsuits attacking key applications will slow development, and could influence virtually everything we do.

Who says that this isn't Microsoft's plan? They've certainly stooped lower than this. Who's side was that 1337 h4x0r on, anyway?

What a perfect foundation to sue the shit out of anything OSS... and Samba might well be the first thing their crosshairs fall on...

--

Re:An interesting reversal of fortunes.

[elgonzzo]

In theory (read, before the lawyers get to it) the impetus is on Microsoft to prove the code is their's, in the case of comtributed code, or that the programmer knew it was propritary code when he looked at it. But, then most open source programmers don't have the cash to defend against a swarming horde of corporate lawyers.

Re:An interesting reversal of fortunes.

[The+Man]

While I don't like MS, the courts will punish them for their monopoly

No. It is your job to punish them for their monopoly. The courts have no authority to do so. It's this kind of attitude - expanding and extending the reach of government - that allows Microsoft and others to file spurious and anticompetitive lawsuits against (theoretically) any Free Software project because of this incident. You can't have it both ways.

Re:An interesting reversal of fortunes.

[pronovic]

Exactly! This article on CNN talks about how MS might use the left as an excuse for future bugs. I think it's a lot more likely they'll use it as an excuse to attack particularly annoying open-source projects.

Re:Using the same reasoning...

[daevt]

except for reading the stolen code (which i personally recommend against, keeping the high ground means not violating the law, no matter what the gains could be), there would be no way to find stolen code in microsoft products.

Re: Big Bad MS Lawyers

[Frank+T.+Lofaro+Jr.]

As for the whole "$$$ for the better lawyer" story, what do you think has been the major problem for the DECSS case? Judges who don't get it and lawyers who can talk circles around the truth.

A lot of the DeCSS defeat has to do with Judge Kraplan. That decision only holds in the Southern District of New York by the way. Some judges actually have half a brain. :)

Re:How would QAZ work

True, they probably won't keep it in a directory that is named "W2k source code -- STAY OUT YOU BAD HACKERS!",
but something as much code as that..
Its hard to hide 1000 *.c files ;)

When did the rules on trade secret change?

[Ungrounded+Lightning]

While I understand the legal issues involved... it still irks me that reading something can get you into trouble.

Well, I DON'T understand something about this, and the flap surrounding it:

As I understood it, a trade secret is GONE once the secret is out of the bag. The holder of the secret has an action ONLY aginst the person who improperly exposed it - either after stealing it, or in violation of a valid confidentiality agreement - and perhaps anyone in collusion with that person. (Collusion would be things like hiring him to steal it, or giving him some benefit in return for a copy you knew to be stolen. Downloading it from an open internet site would not be collusion.)

Since when is there an action against anyone found using part of a FORMER secret that is now widely distributed? Since when is there NOT a big-time countersuit and other legal grief for anyone who brings such a bogus suit?

Yes, you can sue anyone for anything. Yes, if you have enough lawyers you can cause anybody a lot of trouble. But you can't just use your money and the court system to make life hell on any random person or company you don't like. You have to have a palusible case. If you knowingly bring a bogus suit you're on the hook big-time - both civilly and (if you're blatant and unpopular enough) criminally.

Has the deCSS case broken the legal system THAT badly?

More @ Salon

[HerrNewton]

Salon also is asking the question

http://www.s alo n.com/tech/log/2000/10/27/microsoft_crack/index.ht ml

----

Re:More @ Salon

[Goonie]

Yeah, I emailed Andrew Leonard about his article. One point that his article really didn't get across is the number of projects that would directly benefit much from the Microsoft source code being available - there's not that many. Samba, Samba/TNG, Wine, perhaps plex86. It would be mildly interesting to many other projects, but there wouldn't be much code that could be used directly.

Using the same reasoning...

[jmv]

Using the same reasoning, any MS employee who has seen the SAMBA code shouldn't be allowed to work for MS anymore?

I'm serious. The fact that the source was stolen should not matter. Maybe accessing the MS source code would prevent you from claiming a "clean room implementation", but not from working on OSS at all.

Just another idea... what if GPL'd code is found in Windows. I'd like MS being sued (by FSF?) over copyright infringement. ...plus it would look bad for them trying to fight OSS developers working on wine/samba/...

A thought for the paranoid.

[VaguelyBarming]

I wonder if we'll soon be seeing lots of angry press-releases from Redmond, claiming that (insert your favourite open-source project here) has 'obviously' used code 'stolen' from Microsoft? Makes you wonder if this 'hack' actually happened at all....

(Note: I don't believe this for a second, but even so, it's a nice conspiracy theory. Give me a couple of days and I'll work the Illuminati and the Knights Templar in as well...)

Re:A thought for the paranoid.

[atheos]

Ok, I see a common topic here. Some people are claiming conspiracy from Microsoft, to make Opensource look bad. Others are worried about Microsoft blaming Samba,ect for using their code. Well, if it is a Microsoft conspiracy, then they wouldn't be able to push too much litigation at Open Source projects, unless the source code really comes to light! Just think. [Microsoft Attorney "Judge, It's possible that our source code was released by a nasty e-mail trojan, so said company A must be guilty!"] Let's see some of that code before we get too worried!

Re:A thought for the paranoid.

[__aasmho4525]

i understand your line of thought, BUT, it would appear to me that the danger is that frequently, totally independent people reverse engineering the same product via black box inspection (but knowing some part of the publicly released api's) come to almost the same conclusions when implementing. sometimes the source code can be shockingly similar. i've seen this at least once some years back.

given that, it is possible that this similarity is enough for microsoft to litigate to the point of financial starvation, arguing that the source code didn't strictly make it into the product, but the intellectual property conveyed in the sourcecode is too similar to be a mere coincidence (given their history for innovation (eek)).

they simply need to cast reasonable doubt on the claims of the open source project, and the money will start pouring out the doors to lawyers...

i personally find this improbable, but not beyond the realm of possibility. were someone *really* evil, they could squelch competitors this way...

i hope nothing like this every comes about...

Peter

Re:fuck you and your crappy little country

The only problem being, we Americans who are tired of the stupid majority are rapidly migrating North... and because there's no large body of water between Canada and the US, and no real need to operate mechanical equipment to get there, the stupid people will follow as soon as they discover that they can't run things... along about Wednesday, I should imagine.

How can you know?

[mkachan]

If Microsoft's source code appears in public, downloadable from somewhere or in some other way, most likely they will not write on the page "Hey Dudes, check this out! This is M$ Office Source Code!". Maybe after the water calms down, something will appear in some anonymous way in some projects, in some webpages... It might be difficult to know for an OSS maintainer that a contribution to his software does not come from M$ stolen code. How should a maintainer behave? Should he be paranoid? Should he act "in good faith"? It won't be as simple as it looks.

Re:How can you know?

[JdV!!]

Also, code posted with no license whatsoever should be pretty suspect.

I've never seen any MS code, but have generated a lot of proprietary source code in my times. All of it (for various companies) had something along the lines of

Copyright (c) 1932 Frobozz Widgets. All rights reserved

in it, regardless the fact that the code is not supposed to be seen by anybody without an NDA (Non-Disclosure Agreement) in place. Having no license info at all in your source probably means you forfeit al your rights when someone as much as sees it.

But then again, IANAL

JdV!!

Re:How can you know?

[31:]

or imagine this... microsoft takes code from Samba TNG, patches it into their smb source, then goes crying to the FBI...

If microsoft really is trying to do some big bad conspiracy thing.. .well, it'd be easy... but hey, why? They could shut down an OSS project now with a huge lawsuit... why couldn't they do that before? File an entirely unjustified claim, but be willing to spend all the money they needed to before a project foldeded... how much is it worth to MS to make linux unable to replace NT file/print sharing...

---
I'm not ashamed. It's the computer age, nerds are in.
They're still in, aren't they?

Re:How can you know?

[kevlar]

Well I think the problem is that a pretty good argument could be made that an OSS project like Samba, could be using the Windows source code to network perfectly with windows boxes.

They could accuse them of obtaining the stolen source and using the knowledge they learned from it to advance the project.

As far as I can tell, one lawsuit against a project like this could have the thing shut down. OSS projects don't have too many financial resources to fund a legal battle.

Re:How can you know?

[BeanThere]

"It might be difficult to know for an OSS maintainer that a contribution to his software does not come from M$ stolen code"

For that matter, there is no reason why MS themselves wouldn't submit some of their own code to be used in OS projects (under false pretences naturally) - then wait a little while, and "discover", to their horror, that (say) some of their own code is in (say) the Wine source code - and the lawyers pounce ..

What really happened...(maybe)

[rakjr]

Either a hacker took the code so that it will be easier to find the weaknesses of MS and exploit them with very targetted viruses and such

or

M$ faked it so they can mess with the OSS community. Anything could be pirated code unless M$ puts out for public record the code that was stolen so that everyone knows what not to accept. The truth is this could be done without M$ compromising their code. A federal agency could be the middle man who does code comparisions for OSS projects. If something smells fishy, the OSS can be notified of the possible problem. Then it is up to the OSS to monitor the specific source for futher tainted code. Admittedly, it would be a bit of a pain to decide on the criteria for comparisions, but that is a different issue.

Does this mean...

[faeryman]

..I can't program an open source GORILLA.BAS for Gnulix?

*cries*

Re:Does this mean...

[divec]

I think it's the only one thing with NIBBLE.BAS that was open source from Microsoft ;)

Yeah, but they both have to go in Debian's contrib section until someone writes a free QB replacement.

Masturbation Scare Tactics Applied to Stolen Sourc

[R-2-RO]

If you read it you'll go blind!!!


Prolly should of been AC for this one. :P

Isn't this a clear enough reason?

[Hitokage_Nishino]

You'd think after this Microsoft would actually INSIST Outlook be secure, and other such things as removing scripting support...

...but alas, they probably won't, as they'd think it easier to just sue instead of rewrite.

Re:Open Source or Privacy: choose one

[Anonymous+Squonk]

Whats the problem? Open Source is a decision of the developer.

I don't object to the decision of the developer. I do object to people complaining when a developer/company makes the decision not to Open Source their code. The staunchest advocates of Open Source believe that all code should be that way. And then those who also defend privacy issues say they have the right to their secrets. It's those people with this hypocritical viewpoint that I'm attacking.

Re:Let me get this straight...

I don't know about MS, but I work for Intel, and part of the condition of my employment is that ALL code I write, even on my own time, is owned by them unless I get prior written approval from a company lawyer. (The reasoning is that they don't want their trade secrets going into outside code, or to risk "contaminating" (their word) company IP with the GPL. To be fair to them, they readily grant waivers for open source projects.) Friends at other tech companies say they work under similar constraints.

I doubt that any company can constrain your coding significantly beyond the standard one year period the courts allow for non-compete agreements. That being said, can you afford to hire enough attorneys to defend your rights? That's one reason we have laws explicitly delineating rights instead of relying on the vague promises of the 10th Amendment.

MS == C++, usually

[Angst+Badger]

Considering that most MS code is written in C++, I think it's safe to say that OSS projects written in C and especially other, less common languages probably have less to worry about than OSS projects based primarily on C++. Granted, some MS code is written in C, but not very much these days, and certainly none is written in Perl, Python, Scheme, PHP, Eiffel, ML, Haskell, etc.

In view of the possibility of OSS being contaminated with closed-source code, the use of a diversity of languages being used in OSS development is not just a good policy, it may end up affording some legal protection. Not being subject to the same forces of mindless conformity that prevail along the corporate C++/Java/VB axis, we ought to take advantage of it.

--

Re:MS == C++, usually

[mill]

MS is employing the authors of GHC (http://www.haskell.org/ghc/) so I would say that MS have produced a substantial amount of Haskell code.

/mill

No wonder windows sucks so bad...

[HobophobE]

..it was being written by a bunch of hackers all along, of course they'd throw as many backdoors and exploitable "bugs" that they could fit in.. and of course the more code there is, the more bugs... Hobo

-HobophobE

Re:How would QAZ work

[motardo]

> Its hard to hide 1000 *.c files ;)

you mean it's hard to hide 1000 *.vb files
heh

Is Big Brother REALLY this big?

[Gogl]

Really now.... I can see how, well, extreme Microsoft will be in beating down people who have anything that even claims to be Microsoft code. But we knew that before this whole event anyway, it's not as if anything has changed.

That, and how are they going to know who has it? It's almost like being as naive as those who think hackers are watching them all the time. Chances are they aren't, and if you take appropriate precautions you know they aren't (or can't)... that and the whole hackers vs. crackers thing, blah blah blah...

Point being, how would they KNOW if 5,000 people manage to download it from some anonymous FTP before that FTP is beaten down? Would they be able to track down all of them? Remember... I believe it's FreeNet, that British thing that is the uncentralized thing where every participant is a server..... the theory being that there's no way to take it down, unlike Napster where you just have to hit the center server.

In fact, that's the same thing as the inspiration for the internet (as opposed to Al Gore... sorry for the pres hit, hehe, I actually like Gore, more then Bush at least).... the internet was originally made as protection from the Cold War. No Such Agency and Big Brother have had computers for many many years, and they did have a communication network even back in 50s/60s... trouble was, it had one centralized server and a bunch of dummies... in a nuclear war, if the big server is hit the dummies are useless, military communication is crippled and the USA is dogmeat to those dirty communists. Anwyay, to defend from this the internet was created, thinking that since everything hooked up is basically a server, if one participant is fried the rest are still up, okay, and can communicate.

Now I'm not saying to go out and get MS source code. I'm not saying I would either. I'm just asking, will they really be able to tell about all the people who did, and get them so royally legally fried? I'm not asking about whether they have the legal rights, but if it's computer-ly possible.... as thinking about it off the top of my head I don't think it really would be.... if a couple thousand + people download it (and they will if it's ever released), it'll be a pain to get them ALL in trouble. I sure hope Big Brother isn't THAT big, yet at least...

Does the reverse engineering two-step work here?

[Jeremi]

Have someone (say, in Russia) read through the code for 'interesting' insights (such as how their undocumented protocols work, how they break competitor's products, how to work around some horrible bug, etc). That person (who you never talk to directly) then posts this info to a web page. You come along and read the web page. You've never looked at the Microsoft source code, but now you know the things you wanted/needed to know. Can you be held liable for that? I hope not?

I wonder if the MS source contains this...

[MathJMendl]

.seineew era sremmargorp xuniL

Re:Open Source or Privacy: choose one

[GMontag451]

If you believe in Open Source, wouldn't you believe that this world would be a whole lot better if everybody had access to every piece of information about everyone? Full disclosure to everybody would solve poverty, hunger, war, and almost every other major problem plaguing us!

Actually, most of the Open Source/Privacy advocates I've met and talked to want privacy from corporate agents mostly. Essentially its individuals should have the right to all knowledge about corporations and (possibly, depends on who you talk to) individuals, and corporations shouldn't have access to any information about individuals. Kind of a double standard thing.

Personally, I agree with this stance. Corporations shouldn't have as many rights as individuals because of their greater ability and tendency to abuse those rights harming individuals and society in general. Unfortunately, the current trend in law is to give corporations more rights instead of taking away ones that they are abusing.

Clarification

I either don't understand the article, or I don't understand the law. (or both)

It would appear that once you have seen the source code, you can not work on anything else, for any one, ever. This would include MS employees who quit and go to work for another company. They might write MS influenced code for their new employer. Is the article saying that this is illegal????

Aside from that, as much as I dislike the Corporate ___, I still think their private stuff should be respected. But what if you stumble upon the code and don't realize it unitl it's too late. I don't know any P-12 telepaths to do a mind wipe. Am I forever forbidden to write any code for any body, for any reason????

Could a Lawyer please clearify???

Thanks,
Anonymous Coward

AC's need .sigs too.

Re:How would QAZ work

[swinge]

Never attibute to competence that which can be explained by ... what do you mean you doubt they keep the code to W2000 in a folder called W2000? why not? Sure, they've probably got a code name, but once you identify it, it's probably called that on every machine. MS is not some magical kingdom which breaks all the rules. They pull their code on one JLE at a time like everybody else. Do you ROT13 all your folder names? Neither do they.

Let me get this straight...

[SmileyBen]

So they're seriously suggesting that anyone who's ever worked for Microsoft or a licencee is not allowed to work on an Open Source project attempting to mimic functionality ever in their life? That can't be right, and if it is, isn't that a huge threat to individual freedom?

Re:Let me get this straight...

[Blitherakt!]

Most software development and consulting companies have such language included in their NDA's. I've found that a 6 month to 1 year limit is about standard in the industry. The thought behind this, as I've been told by Corporate Suit-types, is to limit the company's vulnerability to competitors coming in and offering a huge salary increase, bonus or other such compensation to get a developer to leave a similar project and take their work with them.

Where is the legal justification?

I want to know, with all sincerity, how Microsoft could prosecute someone who has read their code. I was under the impression that trade secrets were only secrets. Right now I work at Panera Bread and to work there I had to sign a paper stating that I would not divulge their trade secrets. Why would they have to go through so much trouble if their super-secret secret sauce (assuming we had one) was already so vigorously defended?

This recommendation should be extended

In addition to not reading MS code, I strongly suggest that none of you execute any MS code. While reading it may have negative legal ramifications to your open source cause, executing it will DEFINITELY have negative effects on the operation of your computer.

Re:This recommendation should be extended

[The+Dev]

Actually, execution is exactly what comes to mind when I run M$ code.

Re:How would QAZ work

[big_groo]

"Frankly, I'll be surprised if they got anything more sensitive than a newer build of Whistler." I couldn't agree more. Chances are the hackers got the code to Minesweeper or Wordpad. I highly doubt that M$ would keep code to the kernel in a folder named "Kernel to W2000" or something of the sort. If M$ thinks there is a lot at stake here **(and they're probably the only ones that REALLY know what was stolen)...keep in mind that Mr. Bill himself has 60 Billion dollars to waste on lawyers. M$ really could afford to go after every person that they even *thought* might have looked at their code. Look at what they potentially have to lose.

Re: Big Bad MS Lawyers

[Drestin]

I get SO tired of hearing this same crap over and over: "M$ will win because... M$ money can buy the best lawyers." and the closely related but not yet spotted (give it time): "M$ bought the judge!"

Look idiots - IF that were so, then why did MS lose the recent federal trial? Hmmm? IF they bought off the judge and have the best lawyers why is their entire existance dependent on surviving an appeal? Why didn't those best lawyers with the paid off judge just find MS innocent and have it end there?

Been seeing any black helicopters lately?

Re:grammar nazi... (bad term, but it works)

[R-2-RO]

Being the Anglo-looking 'Spanic-Hick that I am. I usually type the way I talk. (ie, prolly, u, ur, ur's etc.)

Very bad, but like u said. It works. But lets take a look at your reply Mr. Nazi.

>in increasing order of correctness
^^^

s/^in/In/
There should be some sort of punctuation after correctness.

Then again, I also could have said "Prolly should have been _AN_ AC for this one. No? :)

:wq

Re:Microsoft's take on things

[SUWAIN]

The security breach did not involve a security vulnerability in any Microsoft product.

What> I thought that they wrote a virus that exploited a hole in Outlook, right? Am I wrong, or is Microsoft lying? Of course, I trust Microsoft to always tell the truth... Yeah, right.

...............
SUWAIN: Slashdot User Without An Interesting Name

Re:If windows source is released,

[man_of_mr_e]

You've clearly never used CORBA either. CORBA objects can't throw exceptions (because not all languages support exceptions, and even if they did, the broker would somehow have to figure out a translation between a common exception and the specific one used in the language)

Again, not all languages support strings the same way, thus conversions are necessary.

COM has no macros whatsoever. Macros are language dependant things. VB doesn't even support Macros, yet it has COM.

You're confusing specific language implemenations with the technology itself.

Re:Source was only "viewed", not "downloaded"

[aldheorte]

Any incoming stream can be manipulated into an actual file and a proper bot could send the necessary commands to continue paging if required. Any time you can view something, you can download it with a few software hacks. This is, in part, why virtually every attempt to make "secure" steams of music, news, whatever is doomed to fail.

More Likely an Open-Source Exit Strategy

[esme]

While I have no doubt that MS is capable of something as underhanded as stealing the code from themselves to create bogus grounds for lawsuits against the samba and wine folks, my guess is that they probably did this for a much more mundane reason: PR.

Remember how MS (including Ballmer) was making rumblings about open-sourcing Windows, or at least loosening their existing source-licensing program? And then nothing happened and the press occasionally runs pithy pieces about MS just saying that to gain some open-source cachet, or because they are idiots.

But now they can say that they don't want to open up the windoze source because they don't want to give the hax0r5 cover to profit from the ill-gotten source by claiming they actually got it under the hypothetical legit open-source licensing. Not only does this give them a good reason to now not be open-sourcing windoze when they were considering it before, it also lets them switch the focus to how they are victimized by by the h4xors (who probably use open-source software, right). And while admitting that they've been 0wn3d isn't good PR, being the victim of open-source hax0rs makes it a lot easier for them to claim that they're just this innocent, hard-working, innovative company who couldn't possibly have a monopoly because there are all these threats that could take them down at any moment.

-Esme

Re:Who's afraid of Big Bad Bill?

[kennylives]

I quite agree, MS, or anyone else for that matter does not have the resources, man power etc. to track down every developer or potential developer on projects such as samba, or wine.

But they don't have to. Just pick one or two high-profile members of the group, and target them. As soon as everyone else in the project finds out what's happening, the project is dead. It may not be possible to eradicate all OSS projects, but a few well-delivered blows could seriously cripple most of the useful stuff out there. Besides, MS would likely only target those things that pose a threat to them. I doubt that they'd go after anyone working on vi, for instance.

Besides the above constraints, MS would also be constrained by the fear of bad press, consumer/governmental reaction ...

Question: When has Microsoft ever shown fear of any entity??? This is part of the reason they're perpetually in trouble with DOJ/FTC/etc...

Re:If windows source is released,

[TheLionMan]

But think, there goes the advantage of using Linux. Now if someone encounters a bug in windows, they can get the source now and fix it. :)

wow those are some pretty scary words

[The+Akond+of+Swat]

aren't you afraid you might offend someone?

Re:If windows source is released,

[rico23]

That's funny, I'm working in Corba as we speak and I'm throwing exceptions all over the place. Corba provides mapping of some kind non-exception languages (how I don't know, I've only used C++).

Re:trade secrets mean...

[Andrew+Cady]

So when Microsoft carelessly allowed spies to copy their secrets, they lost the trade secret protection, didn't they?

From the Trademark FAQ, whose authors (unlike me) actually are lawyers:

A trade secret owner can prevent the following groups of people from copying, using and benefiting from its trade secrets or disclosing them to others without permission:

[...]

• people who knowingly obtain trade secrets from people who have no right to disclose them
  
• people who learn about a trade secret by accident or mistake, but had reason to know that the information was a protected trade secret,

[...]

There is one group of people that cannot be stopped from using information protected under trade secret law. These are people who discover the secret independently, that is, without using illegal means or violating agreements or state laws. [...]

The question becomes, does an individual who stumbles upon MSFT code have reason to know the information is protected trade secret? In most cases, probably. But then, an anonymous contribution in the form of a diff emailed to the SAMBA project is fair game -- without having seen the MSFT code themselves, SAMBA has no reason to believe it's a trade secret, and thus does not fall under the restrictions of trade secret law. Of course, it may also be protected by copyright, in which case (AFAIK) ignorance is not a valid defense.

__

Re:M$ could just call "Foul" on everything...

[mauryisland]

Now, there's none of M$'s code in GNUFoo, but the FSF and the GNUFoo programmers now have to prove that, because in the Real World you are presumed guilty until proven innocent, and even then you're still guilty of looking guilty.

Wouldn't Microsoft have to provide source code for the trial record to prove where they believe to be the stolen source resides? I doubt they'd be willing to do that.

How would you prove use of it?

[graystar]

Firstly, I would imagine that you would need someone in the project to have been proved beyond reasonable doubt as having access to the stolen source code. MS can't just point and scream at every OSS project claiming poor. Secondly, if that did happen, wouldnt you then need to prove the person who had looked at the source code, used it in the OSS project. Which begs the question, how do u do that??? What constitutes using code from another source. Often people use code, but will rewrite it for there situation, more the idea behind the code is used.

Plan

[wass]

I was just reading about this article on LinuxToday , so this scenario of paranoia isn't one I've crafted myself, but it presents some interesting ideas. A few people posted some comments there suggesting that perhaps MSFT itself either stole their own code, or maybe hired someone to steal it for them.

Sounds strange? Think about the following reasons. We've seen many times previously that MSFT avoids admitting their own mistakes for as long as they possibly can. It takes them awhile to warn the public about known bugs or exploits in their various software products. Yet, in this case of the stolen source, they were seemingly very willing to let the press know about the break-in and apparent theft of the source code.

Now that it is public knowledge that some MSFT source code has been stolen, imagine what it does for free/open-source development. Because of this, the FSF and other maintainers of free/OSS software now have to take extra measures to ensure that the code is free of any potential influence of the supposed 'stolen code'. This takes time, effort, and will generally serve to slow-down the development open-source software projects. A big 'plus' for MSFT.

Also, suppose someone posts snippets of the 'Forbidden Source' to various newsgroups, like the public postings of DeCSS and MSFT's kerberos additions to slashdot. Or, say, someone emails some of this code to the kernel mailing list directly. Now, nearly the entire team of linux developers, among other projects, has seen the 'forbidden source'. IANAL, but MSFT could possibly use the fact that they saw the 'forbidden source' as justifications that now they're now privy to MSFT's proprietary software models. They may use this fact to either sue future developers, or inhibit future development of such projects. Both of these things are bad for OSS/free software, and are good for MSFT.

This may sound like some grand paranoid conspiracy theory and doomsday scenario, but as someone posted to LinuxToday, "Just because you're paranoid doesn't mean they're NOT out to get you."

Re:Plan

[gotan]

I'm sorry, but no court could even consider to give MS that big of a lever because of some potentially leaked code:

I think the old "in dubio pro reo" applies here, so MS would have to prove:
1) the code(fragment) was really developped by MS before the break in.
2) the code was stolen from their website during the break in (according to latter MS statements it took them only a few minutes to discover the intruder)
3) the code has been read by a developper
4) the code could not have been created independly of MS code and is worthy of protection as a trade secret.

If any court choose to make it to easy for MS anyone could cite this case as a reference and sue MS because some of their developpers surely looked at open-source code and choose not to honour the GPL when adapting some functionality to their OS.

Also this would set an ideal precedent where any software-firm could sue the whole competition by claiming that some of their source code leaked. I think any decent judge would consider these facts before coming to a hasty decision. And even MS lawyers should hesitate to give the competition that big of a weapon if the case is used as a precedence against MS.

Imagine, just set up a little software business, claim to be hacked and that part of your ingeneous solutions crept up in MS programs. If it even permits to temporarily halt MS shipping out products (imagine delaying Windows ME by half a year with such a scheme) the damage would be more than anything MS could gain using this scheme against others.

Re:Plan

[wass]

That's a really good point, I thought of the same thing too. If all GPL'd software is publicly available to view, do MSFT and other proprietary software coders have to justify that they have not seen said code?

Re:Plan

[ralphclark]

The difference between those two scenarios isn't hard to figure out. If they think they can show that you've seen their code, they can stop you writing code. If you think you can show that they've seen your code, you can't do shit.

It pains me to have to spell it out to you, but Microsoft are powerful and can afford as many lawyers as it takes to get their own way. Because that *is* all it takes, and it's the only thing that will do. Justice has nothing to do with it.

In the US, corporations own the law. The small guy exists at their sufferance.

Consciousness is not what it thinks it is
Thought exists only as an abstraction

Oops, that's trade *SECRET* faq, not trade *MARK*

[Andrew+Cady]

The link is correct, just labelled incorrectly. Sorry!

__

Re:and were are *you* from?

[The_Messenger]

I know, seriously... maybe Monty Python and the Holy Grail was a documentary after all.

---------///----------
All generalizations are false.

are you serious? the issue is choice.

[websensei]

Full disclosure to everybody would solve poverty, hunger, war, and almost every other major problem plaguing us!

Can you give even one example, or even a reasonable analogy to support this claim? This is patently absurd.

Open source software works because people _choose_ to sacrifice some small amount of potential individual gain for the sake of a larger net gain - and they directly reap the rewards of participating in and contributing to this development and distribution model. Emphasis on choose.

These same people wish to choose who has access to their personal information, for valid and obvious reasons. Again, the concept of choice is key.

Many or most oss projects begin because those using the particular technology available at a given time/place/price want a better choice, be it an os, a web server, a browser, you name it.

See a pattern here? CHOICE.
There is no conflict.
There is no hypocrisy.

The issue is always WHO CHOOSES combined with WHO PROFITS. When anonymous companies profit by trading on my personal and private information, my anger is not hypocritical just because I advocate free software. Not many people think the way to promote oss is cracking proprietary code and making it public. THAT would be hypocritical, to support breaking into private networks with the intent to profit from stealing contents therein. BUT NOBODY SUPPORTS THIS. Which is why your dichotomous view is misguided and silly.

Re:are you serious? the issue is choice.

[elflord]

I can see where he's coming from. There has been an unfortunate tendency for some (including slashdot!) to talk about movements like the napster "movement" as if they were related to open source. Personally, I'm unhappy that people do this, because it's an insult to open source.

Unfortunately, the rise of the open source user community has led to a group of people who mistakenly believe that open source is about taking, or getting something for nothing, and some of these people have even grown to believe that they are entitled to get everything for nothing. To these people, anything that gives them more for nothing is considered "good for open source".

BTW, I hope the leeches from napster inc go down really hard.

Re:are you serious? the issue is choice.

[elflord]

lternately, intellectual property is also about getting something for nothing. This comes out of the marginal production cost of "intellectual property" tending towards zero.

This is a lie. You are confusing "production" with "copying". Copying a piece of work does not produce any "intellectual property". It merely facilitates distribution. So each piece of software costs a lot to write.

The fact that the marginal cost of distribution is irrelevant. What's important is the question as to how to compensate authors who do their work prior to distribution. The consumers do not want to buy vapourware. What is needed is an effect way for buyers to share the cost of the package, and copyrights provide a good model for this. I haven't seen anyone come up with a better model than copyright ( and a short sighted grab at the resources of software companies is *not* a solution )

warning

[Darth_brooks]

Warning, this post contains code stolen directly from Microsoft.

include ifstream.h


please act accordingly.

--

Conspiracy? NOT!

If you think MS would allow propietary source to be 'stolen', why would they state to the media that the code accessed was unrelated to the current offerings? If they wanted to screw with the OSS community they would claim the entire Win9x/NT/2000 codebase was snatched up. The .NET stuff was possibly involved in this 'theft' and is currently not, afaik, in beta-testing even. We're talking years down the road for OSS scrutiny on an unreleased product which MS will severly alter because of this.

Very True

[rabtech]

It is very true. Those who wish to be involved with Free Source movements must be sure to steer clear of any stolen source code, Microsoft or not.

You must ask yourself this: If the code were stolen from some guy who is struggling to support his family on some shareware app he sells for $10, are you going to go ahead and accept that code, distribute it, or use it in your projects? I think not. If you think that somehow the rules don't scale, then you are mistaken. If something is true on an individual level, it should be true on all levels.
You shouldn't try to "bend" the rules just to suite your goals, no matter how noble they may seem.

-----

How much of gcc is in msc?

[thogard]

When msc 5.x came out it was a much better compiler than any other that MS had ever developed before. At that point its optimiers actualy worked but like most it had a few flaws. Funny thing is that most of the flaws were the same that gcc had.

Now if someone just had time to prove that some of the code was lifted it could be quite interesting.

Legality of Reading the Code

[Blitherakt!]

Standard IANAL disclaimers apply, but here's the way I understand it:

Reading the code wouldn't necessarily land you in legal trouble; nor would contributing to a Free software project IF you could prove that you did not use the knowledge gained by reading the source code in that project. There lies the problem. It's much easier to document that people have had no access to such knowledge and, therefore couldn't use it than it is to document that people had the knowledge but selectively "forgot" the knowledge when working on a similar project.

A good legal example of such a case was the Compaq black-box reverse-engineering of, if I remember correctly, an IBM PC BIOS for their "portable" (read: a thirty five pound plastic, hernia-inducing box).

I might have one or more of the companies confused, but I do remember the loss of the lawsuit because of the levels of documentation kept on the project.

FRB's Conspiracy Theory:

[Fat+Rat+Bastard]

FRB's Conspiracy Theory:

MS and the DOJ/FBI/NSA have staged this "hack" so that

1. MS can now hinder the Free Software Movement by suing (or at least threatening to sue) the pants off of the developer / maintainers / packagers of said software because they used stolen code.

2. The gvm't can use this to push harder for legislation that erodes your civil liberties in the name of "law enforcement"

I now return you to peering at your window at the black helicopters.....

And here I thought ....

[taniwha]

that they'd 'stolen' the source code so that people could laugh at it .... (of course it wasn't stolen like a car is stolen - it was copied - information works differently than physical things ...)

If what this article says is correct

[tomme]

Then it would obviously be in Microsoft's interests to have the code stolen and published widely, because then they'd have the legal right to sue almost anyone they wanted for copyright infringement. I mean, what is this "don't download, don't read" shit? Like it's gonna burn your eyeballs or something? What say you saw it by "accident" - honest, your Honour, someone stuck it in front of my face.. I'm just glad your fucked-up US legal system is basically meaningless outside your borders. Despite what you may think to the contrary.

Re:If what this article says is correct

[Shadowcaster]

I kinda resent that one.. what "I" think to the contrary?
Nah, I agree that the US government is fucked up. And I am just as glad as you that they don't have jurisdiction outside of the borders..

Don't make statements like that, please. One might think that you dislike every American citizen as an individual, as opposed to the people who I know who just dislike/distrust the government.

Re:Who's afraid of Big Bad Bill?

[G+Neric]

MS would have a very hard time grinding all international free software devleopment to a halt

Not only that, but even in high profile cases, just seeing source code or even signing an NDA does not disqualify you from working in the same area. Many consultants work for many companies in the same domain. Heck, Microsoft themselves hires engineers away from competitors.

The opensource/freesoftware worlds are currently dominated by fussy little hairsplitters who have spent far too much time working on their licenses. The licenses are important, don't get me wrong, and somebody needed to work on them. But usually, when your lawyer is done you send him home, because lawyerthink is not the best for running things.

Also, one should take the caution against knowingly passing illegal copies of anything around, not because the ideas would taint you, but the crime might.

Err - the Windows source code wasn't stolen

[atomice]

It was a minor project. Probably the IPv6 stack. Now Microsoft can claim other implementations are based on their code. Then they truly will 0wn 7h3 1Nt3rn37.

Re:Who's afraid of Big Bad Bill?

[aldheorte]

Question of curiosity: Unless this was an inside job, the intrusion took place over the Net. That is, a public network. Let's say, as in the above post, that it becomes very widespread and that someone develops a competing product with similar functionality (but, obviously, not cut and pasted source).

If MS sues the company for copyright infringement on the basis of similar functionality, couldn't the company in question turn around and sue MS corporate security to recover legal fees and damages for gross negligence in connecting the repositories to a public network without adequate safeguards?

If that seems clear cut, imagine this scenario: MS security is provided by a third party; the incident above happens.

mea culpa!

[Trespass]

Ye gods, I had no idea that two dozen people had already suggested this! That's what I get for browsing at too high a threshhold. I'm just bitter and paranoid, really. ;^)

Get sued by Apple too

[Fr05t]

Sheesh say way from that code you could get sued by Apple too.

Re:Enough inane conspiracy theories, already!

[finial]

There's at least one other possibility.

It was someone who isn't really after Microsoft code just to get the Microsoft code. It could be someone after Microsoft code to find security flaws in older, installed products. Products that Microsoft is no longer updating yet are still installed on many, many machines (like Windows 95 or NT3.5). If, by reading (not downloading, not uploading, but just looking at) the code, they can find a hole, 85% (or whatever number they use today) of the desktop machines in the world are vulnerable to attack. Why risk going after Microsoft when you've got the rest of the world ripe for the picking and they probably don't even realize it?

If it were me, I wouldn't waste time on "upcoming" or beta products. I'd go after the older stuff that's already installed, and therefore unlikely to be updated. Stuff that no one is paying attention to any more except to run things like, oh, Quicken or MS Money.

Who benefits from a Stolen Source Code?

[(hu(k_0]

Do the actuall consumers benefit from this? Will they ever get a enhanced "stable" code? Nah, Microsoft will probably set up up a huge publicity stunt to drive fear of anyone using an altered Windoze, threating with plenty of years in prison. Will The developers benefit from this? Actually how many developers could benefit from this? only the ones who want to emulate or something like that windoze code (which are very few compared to all the software projects), which would be under strict survailence by Microsoft. So at the end Who benefits? No one if you ask me. Homo Homo Sapiens - Man that knows that knows, how egocentric can humanity get

Oh shit, people, get a grip!

If Microsoft code is stolen it's no longer a trade secret. You can look at it all you want. If you didn't sign a contract that says you'll never develop a competing product, you're in the clear!

If the code is copyrighted, that means you can't cut and paste it into your own code. Don't worry about that, the code will be so bloated and poorly written that no project maintainer with half a clue will just paste it into their project anyway.

Not only that, but similar to the GPL violations that were fixed by removing the offending code, the same will hold true for an Open Source project (if, for some odd reason, they do accept copyrighted Microsoft source code into their project). Simply rewrite the part that violates Microsoft's copyright.

If they've patented the code, then you can't even write a compatible algorithm, so this source code theft means nothing anyway.

On all fronts, Open Source project authors are in the clear. Calm down.

AC -- I will not sign up for a user account until the karma cap is revoked!

I have (non-MS) sources, am I disqualified?

[caveman]

I have a huge pile of DEC Sources, everything needed to build from scratch a VAX/VMS system (versions 2.0 up to 4.4). I also have piles of technical information and design information for buckets of DEC PDP/11 and VAX hardware. All of the above has been acquired lawfully over the past 20 years.

Am I therefore prohibited in using my personal knowledge to benefit open source software? Do I have to seek Compaq's permission to release open source software?

On a wider note, as I work with closed source software all day as part of my normal job, does this also disqualify me participating in OSS projects? I don't think so, because if it did, a lot of people on the linux kernel credits list would be in trouble for a start.

What if any Microsoft programmers, who have presumably legally seen sources, joined an OSS project? Would Microsoft be able to stop them? The possibility for nasty legal precendents is rather alarming.

Re:M$ could just call "Foul" on everything...

[Bullfrog]

Yes, and I have considered the possibility that this "leak" may well have been a carefully staged event that would give M$ leverage to go after OSS projects. As you say, they could tie up certain key OSS projects in mindless legal wrangling, and effectively destroy the projects--all this on the (unproven) suspiscion that there is M$ code in the projects.

I believe this is potentially a carefully contrived plot to "release" M$ source covertly, claiming it was "stolen", in the hopes of destroying the OSS threat to M$ domination.

As support for this view, does anyone really imagine that M$ develop their nearest and dearest on Winboxen? Nah, for sure they use some *NIX, because they know their cash cows are full of holes and they want to _protect_ their crown jewels at all costs. Therefore, anything of value is safely locked away from every wannabe haxor in the world. No way could anyone get the code.

Ergo, M$ are responsible for the leak and OSS needs to be very careful.

Frogboy

Re:Another American only problem

[talks_to_birds]

US law does not apply and ouside the US and M$ would not be able to put such a ridiculous interpretations on the law anywhere else.

Tell that to that kid from -- where was it? -- Sweden? Norway?

Jon something... Jan something...

He's 16.. deCSS..

aww.. I forget.

t_t_b
--
I think not; therefore I ain't®

More like a thought for the dumb.

[totenkopf]

I wonder if we'll soon be seeing lots of angry press-releases from Redmond, claiming that (insert your favourite open-source project here) has 'obviously' used code 'stolen' from Microsoft?

See, its not so simple for Microsoft to CLAIM that your favorite open source project has 'obviously' used code 'stolen' from Microsoft. Rather, they have to PROVE it. In Court. Where Exhibit A becomes Microsoft's source code, and Exhibit B becomes OSP Source code. IE, a matter of public record. I'm pretty sure Microsoft wants this one to quietly go away.

The difference between plagiarism and knowledge...

[Palisade]

Reading source code is like reading a book. The author/publisher of the book are not going to accuse you of making illegal copies of the book because you read words from it. Yet, proprietary software makers think this is entirely reasonable.

Similarly, copying sentences word for word from a book or even paraphrasing those words is considered plagiarism. Instead of just reading their ideas, you are copying their original work and claiming it is your own. However, it is not wrong to use the book for reference and write your own book using similar or opposing ideas but all written originally by you. Any quotes you make you provide as a source and give proper credit to the author in your bibliography.

Writing proprietary software is a lot like writing proprietary books. How many proprietary books have you signed an NDA to read? How many of those have been stolen by evil pirates and released over the internet for authors to "steal" ideas from or plagiarize.

I rest my case, court adjourned.

How would QAZ work

[austad]

I haven't looked at how QAZ works, but wouldn't it get installed and then listen on some port?

Doesn't microsoft keep all of their users behind a firewall? If so, QAZ would just be opening a port on the users computer behind the firewall, no one should be able to get in and actually connect to it, there would have to be a hole poked in the firewall for that to happen.

Re:How would QAZ work

[Basilius]

What a typical MS employee has access to is entirely dependant on what they work on. Most developers would only have access to other source trees if one tree was dependant on the other for some reason.

If they're some plebe slogging away on Whistler, then they'll likely have (or have access to a server that has) the Whistler source code. Or maybe Excel. Or maybe they're someone in the R&D department, in which case who knows what they have access to.

In any case, if the hackers were using just one password, then they've only got access to one or two program's worth of source code. If they had two or three or more different users, then they could have quite a bit of source available to them.

MS is entirely behind a firewall. Lots of employees log in from home, and some are permanently logged in on broadband connections. Most of these people are pretty bright, and protect their home machines. Not all do. There's an obvious chain there for anyone that cares enough to try. Looks like our news item is from someone that tried.

Or it's an inside job, in which case the conspiracy theorists just might be right...

(also, for whoever it was that said IE is based on the Spyglass browser, they used to be right. IE 4.0 is the first version developed entirely in house. Previous versions were modifications to the Spyglass code base.)

Basilius

No .sig yet

Re:How would QAZ work

[Fred+Ferrigno]

I believe what happened was that the trojan was pre-programmed to scamper about looking for passwords, then emailed them to an account somewhere. Then the attackers could have used the passwords to log in in the same manner as regular employees for whom there was a hole in the firewall.

Frankly, I'll be surprised if they got anything more sensitive than a newer build of Whistler.

--

Re:How would QAZ work

[Evil_Way]

you mean it's hard to hide 1000

• *.bas
  
• *.frm
  
• *.vbp
  
• *.cls
  
• *.frx
  
• *.vbw

. . . and so on

Re:How would QAZ work

[LiENUS]

I double ROT13 all my folders

Re:wow those are some pretty scary words

[Shadowcaster]

Only that one person, and not unsolicited at that. :)

Read from the beginning, I'm sure you'll agree that he/she/it indeed is a moron.

Re:Open Source or Privacy: choose one

[Gogl]

Pretty cool idea, almost blow-my-mind insightful, although not quite...

I'm hoping that the problem isn't quite is grim as you portray it. You show it as a very computer "If A, then must not have B" thing going on here..... I'm thinking that it might be possible to balance the two if you add in a third element, something that sooo many people seem to be lacking these days... just a touch of common sense.

Really, take it on a case-by-case issue. Yes it sometimes sounds good to make huge generalizations and sweeping "always" and "never" statements, but it's often better to look at specific occasions. Examples:

• Big Brother wants to install telescreens in all rooms of all households, all cars, and all public places (read 1984, but the quickest summary I could give is telescreen=two way television, effectively, or radio at least)... my personal stance on this issue would be on the side of Privacy.
• Big Brother wants to collect info to accurately be able to tax us in a manner that is fair. I'd side on the side of "Open Source", so to speak.... although "Open Information" might be a better name for it at the level we're talking about it...
• Company wants to keep source code private.... I'd side on "Privacy", as the company has that right, but also push big time "Open Source/Information" as much as I can for myself and any like-minded people elsewhere in the world, in hopes of making products that are cooler, better, and free-er then those of company (i.e. Microsoft vs. Linux, duh duh duh).

Well, enough said. Yes, you can't clamor for both privacy and open source at the same time, fair enough. However, a balance can be maintained where you say "Yes, MS has rights to privacy if they want, but I have the right to say I like open source and want to go out and make Linux, but I myself have the right for privacy when it comes to certain aspects of my personal life".... i.e. I believe in free source code, but not necessarily big brother and telescreens and every bit of info being "free".

Enough inane conspiracy theories, already!

[OnanTheBarbarian]

I think that a lot of Slashdotters went off their meds simultaneously, today. There's no other possible way to explain the weird paranoia that crops up every time this source code theft is mentioned.

Conspiracy theory #1 - Microsoft faked it

Come on. Microsoft does not possess an oracle that tells them things like "if you fake being hacked, your stock will stay high, people will not abandon your products (quite the possibility at the server end), and you'll get lots of clout in drafting new anti-hax0r legislation". And if you don't have that kind of oracle, you're not going to go out and pretend that you got hacked so that you can score some political points against the free software movement.

They stand to lose far more business from 10% of their potential server market shifting to Sun/IBM/whoever (or deciding to stay with Sun) than they stand to gain from slightly helping the cause of some vague, unenforcable laws directed at reverse engineering.

Yes, Microsoft will try to get as much advantage as they can from this. That's no suprise.

Conspiracy theory #2 - Free software people did it

If free software types (or supporters of same) were behind it, don't you think that someone would have seen the sources on freenet or some random ftp site by now? Or at least heard a couple of well-substantiated stories to that effect? ("I saw a huge tarball called microsoft-sources.tar.Z on ftp://....").

Far more likely, it's either some script kiddiez, who probably didn't even get it together to the point where they could get the source in any useful form, or some low-level industrial espionage people who are discreetly shopping around their product to various shady firms.

Incidentally, if it's the latter case, I wouldn't anticipate seeing the source showing up anywhere for free; why would the people who stole the source for profit give it away for free?

The Real Issue

[jjr]

Even though we may agree with the ideas of microsoft we have to respect thier right to "thier creations".
I do believe open source can make a better product if done right. But that does not give any one else the right

to demand that other people also follow that same principle. If Microsoft does not wish for me to have

access to the thier code I have to respect thier wishes. If I do come accross thier code I would tempted
but I do not think I would get it because I know it is wrong.

Re:Send bug fixes to MS...

[verbatim]

Simple.. whomever you send your fixes to would probably take credit. "Look sir.. I fixed that BSOD problem... we should have checked that string for a termination BEFORE sending it into the function."

;)

whatever.

VB Microkernel!

[sg_oneill]

Overheard at Seattle

Goldenboy: Um, Bill, ever since you made us code the new Kernel in Visual basic, Windows has run like a dog. Who's ever heard of a OS kernel running on a buggy interpreter?

BillG: Perhaps kid, but the plan is that we'll make the thing into a self replicating Outlook attachment, and windows will TAKE OVER THE WORLD!

Goldenboy: But wouldn't that only work on Outlook on machines running on Windows already?

BillG: Why do you think we are porting office to linux!

Goldenboy: You are a evil clever man boss![Goldenboy Hi-5's BillG]

BillG: Spank me!

Interesting parallel in music world

[ch-chuck]

I've heard that big time, really famous song writers are instructed (by their legal eagles) to NOT LISTEN to compositions by amateur songwriters (for legal reasons) because they may accidentally unconsciously plagarize part of it and get hit with a lawsuit.

Re:and were are *you* from?

[dbrutus]

I was told by a fella who hosted some exchange students from France the secret of the french 'aroma'. Apparently, they can't run their economy well enough to have cheap hot water so they economize on the showers. After a week of smeling french toes he had enough and flat out told them to bathe more frequently. They did and he had no problems on the subject thereafter.

Just one more proof that socialism stinks!

DB

Alternative explanation

[XNormal]

While your explanation of damage control is quite plausible I can see an alternative explanation:

1. Breach is first detected, everyone is in a panic and assumes the worst.
2. After a little checking it turns out not to be as bad as they thought at first.
3. After careful analysis of logs, including the version control management logs it turns out that no modification took place and only a minor future product has been downloaded.

----

Re:Alternative explanation

[SurfsUp]

3. After careful analysis of logs, including the version control management logs it turns out that no modification took place and only a minor future product has been downloaded.

Give me a break. A guy goes undetected on MS's network for 3 months and he can't modify a versioning log?
--

Re:Alternative explanation

[cefek]

Free the chix! It wasn't a guy. It was a semaphore.

You people are kidding, right?

[update()]

With 521 comments already, probably no one will ever read this but -- I have to say that in the 3+ years I've been reading Slashdot, this is the single most idiotic, clueless, divorced-from-reality discussion I have ever seen. I haven't been this embarassed to be part of the free software world since Eric Raymond marched on Microsoft dressed as Obi-Wan.

Re:M$ could just call "Foul" on everything...

[Tarnar]

So why don't we call the same 'Foul' against MS every time they release a product? I mean, if they can make up some BS about us stealing their code, why can't we do the same to them? After all, ours is there for anyone to look at.

Once you turn it around it becomes obvious that MS has very little solid ground to stand on with this issue. Not only are they saying 'Oh, actually, noone got anything, we were wrong,' but they have the balls to still levy litigation at any little OSS project they desire.

Does this exempt everyone then?!?

[scsirob]

#include "stdio.h"

void vGenCrash(void);

int iWinMain(int argc, char **argv)
{
vGenCrash();
return 0;
}

void vGenCrash(void)
{
vPaintBlueScreen();
vGenerateRandomSetOfWeirdLookingRegDumps();
return;
}

Apache beware

[curious.corn]

WINE isn't in danger. I doubt it will ever put a dent on windows installation base. The Apache devels are those that should watch out for M$ lawyers. Next release of the http server will be greeted by M$'s flabbergasted PRs muttering how shocked they all were when they saw IIS's core features & algorithms glowing in Apache's src...

Re:Open Source or Privacy: choose one

[LDT]

[Quote from KissTheBlade:]
In many ways, modern multinationals are excellent institutions. They are highly transparent, for example, especially when compared to the government buerocracies that the WTO protestors and the like adore so.

[Me:]
This is an absolutely absurd fantasy that reminds me of Soviet propaganda about how the Soviet Union had been a workers state. KissTheBlade's beloved multinationals are, in fact, big bureaucracies, whether he likes to admit that or not.

Furthermore, the WTO, which KissTheBlade seems to love, is itself a government bureaucracy.

[Quote from KissTheBlade:]
The fact is that these companies are owned by Mr&Mrs Average, and the shareholders put an incredible amount of pressure on them to perform and demand information on their performance & intentions. They are the ones controlling the multinationals.

[Me:]
This is an absolutely absurd fantasy. Stock is essentially adult Pokemon cards, and most stockholders don't get into detailed policy decisions of the companies they hold stock in. Furthermore, the largest chunks of stock are owned by various institutional investors, which makes KissTheBlade's workers-state fantasy look even more absurd.

don't forget....

[Barbarian]

(Note: I don't believe this for a second, but even so, it's a nice conspiracy theory. Give me a couple of days and I'll work the Illuminati and the Knights Templar in as well...)

Don't forget the freemasons, NSA, WTO, NATO, the G-8, and for good measure the EU. ;)

--

Developers already knew it

[gawi]

Frankly, I don't think this story brings anything new. It was obvious that conspiracy theories would start flowing after the announcement of the Microsoft stolen source-code. I believe that no serious open-source developer would ever derive something from illegally acquired code. It seems obvious to me that they would think about it for 5 seconds before NOT doing it. In a closed-source environment, some might do it because it's easier to hide. Going back to k5...

Re:The reason?

[Sun]

Actually - the TradeSecret law states (and IANAL) that you are not allowed to use or redistribute any trade secret that you have obtained illegally, or that you know or should have know that were obtained illegally.

For exactly the same reason we keep pushing the opinion that the CSS "trade secret" was not obtained illegally, and therefor is not prohibited from being distributed, we must not look at the Windows source code, should it be made available.

Any piece of information there can be regarded as a trade secret. It was not reverse engineered. It was not released by MS. It was stolen!! This means - read that, and you are bound by trade secret laws not to redistribute the information. If this information is, in any way, useful for a project you are working on, you are screwed. Noone, not even you, can now claim that you have not taken any idea from the MS sources.

In short - leave it be. Don't touch it.

How's this different than MFC source?

[jyeger]

Both are copyrighted. If the assertion that a developer cannot look at the stolen source are true (without exposing a product to jeopardy), then wouldn't someone who's done MFC development and looked at the MFC source be at risk in the same way? In both cases, MS could alledge that its copyrighted code has been copied. Anyone care to explain this?

Just wait a while

[valentyn]

Open Source programmers should stay away from the Windows sourcecode, and wait until the intruders find parts of GPL'ed code.

Re:anyone remember "The Truth Machine"

[UnknownSoldier]

Yeah, that was pretty good book.

Who was the author? (I read it online, but I want to buy it in dead tree form)

Re:The difference between plagiarism and knowledge

[Technician]

I know offtopic, but revelant to this thread. E books are coming that are in a locked NDA bound format that can not be copied and read on another machine.

Part of Microsoft's plan to destroy Linux

[doublem]

It's very simple. Have some code "Stolen," then use the whole "intellectual Property" issue to destroy the Linux Vendors a few upgrades from now. Don't you remember the Halloween documents? The proposal that Trade Secret Laws could be used to destroy open source???

Six months from you you'll see the SAMBA and WINE teams being sued. M$ will win because the judges know nothing about computers and M$ money can buy the best lawyers.

Oh well. I've been meaning to look at BEos for a while now anyway.

Re:Part of Microsoft's plan to destroy Linux

[doublem]

They may not be able to stop you and me from running Linux at home, but they could shut down Red Hat, VA Linux and kill corporate use of the OS.

Re:Part of Microsoft's plan to destroy Linux

[Gogl]

That's a little bit of a negative/conspiracy theory view. Don't get me wrong, I'm all for pessimism/big brother/conspiracy theories, but only when truly applicable, and in this case only pessimism is applicable.

I highly doubt this was Microsoft's "plan".... I don't think they "planned" to get "hacked" to take down Linux... for one thing, taking down Linux is a ridiculous thing to say, as so many people around the world use it, and the source code is free, so it will never really die short of a 1984-ish world. As for this "plan", while it may have the positive side of Msft by allowing them to legally beat down various open source groups, it has the negative side affect of unbelieavably bad press.

Hopefully Slashdot readers understand computers okay at least, okay enough to know that CBS/ABC/CNN coverage of this story was a joke at best. You know how they say that the media aims at a 3rd/4th grade level? I thinkt his time they outdid themselves, got it all the way down to 1st grade.... it's sooo sad....... anyway, if you're average Joe Bloggs here, uses a windows computer for email and MS word and surfing, doesn't know a bit from a byte.... and you see "Microsoft Hacked" as a headline, chances are you're gonna go "Ugh, I thought they were smart computer people? But somebody hacked them, that means they aren't so smart".... and while Joe Bloggs will still buy windows unless a more viable alternative then Linux comes out (don't get me wrong, Linux is fully viable for people like you and me, just not for Joe Bloggs, unless he has a friend like you or me), this particular Joe Bloggs will now likely look at any other "tertiary" software that has an MS label with a slightly less favorable look.

Essentially it hurts their brand name a bit. And after all, in this capitalist paradise it's brand names like Coca-Cola, McDonalds, and even Microsoft that are really worth money... I'm too lazy to hunt it down, but a little bit ago I saw something on CNN about a british museum of brand names or something, apparently the "big" ones (Coke, Microsoft, ec.) are worth $50-80 billion or something like that. And Microsoft's brand name just lost a little bit of value to the Joe Bloggs of the world....

Re:Part of Microsoft's plan to destroy Linux

[cyber-vandal]

It all sounds plausible, but there is an implementation of Samba for OS/390, IBM's OS for their big-iron mainframes. IBM have pretty deep pockets too, and they're no friend to MS.

Re:Part of Microsoft's plan to destroy Linux

[Gogl]

Don't get me wrong, I'm not saying that this isn't going to be a Bad Thing for Linux/Open Source/GNU/SAMBA/Wine/etc., the list goes on and on. What I am saying is that I am highly skeptical that MS planned this whole event simply to take down Open Source....

Re:Part of Microsoft's plan to destroy Linux

[doublem]

Perhaps not Open Source in particular, but other projects as well. ANYONE who writes M$ compatible software could be attacked with this. While Linux, SAMBA, WINE and so on are the first examples that springs to my mind, this could also be used to attack BEos, MAC, Applix and any other software house that M$ doesn't want around. In the end it could be a HUGE boon to M$ by allowing then to use lawyers to destroy anyone who is a competitor, and since the destruction of each and every one of them would be legal, the Dept of Justice would be hard pressed to cry foul. "It's not my fault I'm the only game in town, everyone else was crooked and broke the law."

Aha!

[QuoteMstr]

So MS deliberately staged this 'theft' to kill open-source software? After all, how can anyone *prove* that they didn't look at the Windows or Office source code?

Re:Aha!

[QuoteMstr]

Don't you *love* when you think you have an original thought but 10e6 other people also have it and post it?

Here I am being paranoid...

[velcro]

(apologies if someone's already said this)

OK, everyone. I'm getting scared, and here's why:

What happens if M$ had planted chunks of code from another project (Wine for example) into one of their source trees (Windows in this case), a year or so ago, and claims now that that code was their own? They could use this kind of accusation to shut down competitive software projects (if those projects can't defend themselves).

Whose burden would it be to prove who actually wrote the code? I'm guessing that with all of their bureaucracy, M$ would have their project history better documented (even if falsified).

Or is there a reliable way to even prove that one person or another wrote it first?

I wouldn't consider M$'s corporate espionage ninjas to be above stealing code in order to persecute independent hackers...

If anyone finds matching code, don't assume that means Microsoft will be in trouble.

But what if?

[terpia]

Suppose I used to work for the Evil Empire, saw the light, and became born again in the warm fuzzy glow of free software and open-source. Should/Does this preclude my contributions to an Open Source project? Am I endangering the project by contributing? (one swift lawsuit could quash many a small project that has no backing)

This almost seems like I have to register myself as a lethal weapon, like Im some Kung-Fu master.
??

Re:Sympathy for Goliath

[TexasCowboy23]

I don't typically respond to articles posted by Anonymous Coward, but you raise some good points about my original response. I wrote my original response on about two hours of sleep, so now as I reread it, I know I wasn't clear on a lot of things, so I apologize on that. And I promise not to flame; I don't believe in it (which is why I'm so good at discussing politics and religion with people). Everyone is entitled to their own opinion, even if mine is always the correct one. (*laugh* I'm just kidding.) I'll get to your Whistler comment in a second...

My issue is not with the Service Packs; I used them as an example only. When there is a bug in a Linux product, there is faster turnaround time than with a Microsoft product. That's all I meant. I don't know who you've been talking to, but I always hear the typical "Wait for the service pack" response. Sometimes, yes, to its credit, Microsoft may release a Hot Fix, but that's usually for severe bugs that influence the operating system itself -- not the actual products they release. To me, Linux is better than Windows all around because of the kernel stability. Linux is a solid OS on the base level; the applications that sit on the kernel may not be developed as solidly as the kernel, but I don't see the kernel crashing just because an application goes ballistic. Micrsoft built Windows 2000 with more inherent stability than NT; I'll admit that I have seen the Blue Screen of Death only once since April. But that doesn't mean that I don't still have to reboot if an application does go south on Windows. So don't think I'm picking on Windows; Goliath got his head smacked with a rock, so I'm not about to stand here and laugh.

Now to your Whistler comment. I don't think Linux will ever be in any danger -- unless Microsoft decides to either A) assimiliate Linux into Windows (which is probably likely to happen at some point, but I believe that for my own reasons), or B) decides to make their own distribution of Linux. I have a close friend here in Austin that I've known for two years; he works here at Dell and is on the Whistler project -- though I don't really know all what he does. And he still uses Linux primarily -- he has a Windows ME station that he plays games on, but that's about the extent of it. No matter how good Whistler is, Linux will always be around.

What about a Chinese Wall approach?

[hey!]

Would you turn down specifications that were engineered from tainted sources?

Not *quite* the same thing

[devphil]

But I never claimed that MS did this on purpose.

I'm just presenting one possible way in which they can recover their "losses" (real or perceived).

Source was only "viewed", not "downloaded"

[divec]

now, it was only one week, and source was only "viewed", not downloaded

Anyone understand what that statement is supposed to mean at all? How can they know that the source was ``only'' viewed? If the cracker was viewing the code, then copied-and-pasted out of his xterm/browser/whatever, then he has a permanent, downloaded copy! I suspect the use of these words is an attempt to fool non-technical people.

Re:Source was only "viewed", not "downloaded"

[p0six]

I'd like to see someone copy/paste tens of millions of lines of code from an x-term.

Oh, come on...

[devphil]

Good lord you're paranoid!!! Seek professional help!

You've never heard of just throwing out an idea to see what discussion it generates? I don't believe I ever stated that "this is what I firmly believe."

It's just an idea, people. If you can't handle the thought of discussing strange and wacky concepts, you need to read some other website.

Imagine ...

[ignavus]

..if someone starting sending MS diffs with improvements to the code!

read it again stupid

[tomme]

i said what you "may" feel to the contrary. If you don't feel that, then the statement doesn't apply, numbnuts

Another American only problem

[Zemran]

The answer to this is obviously to base code outside the US. US law does not apply and ouside the US and M$ would not be able to put such a ridiculous interpretations on the law anywhere else. In Europe they would have to show that the source WAS the stolen code, it would not be relevant that the coder had seen the stolen code. The burden of proof would require that M$ show that the coder DID use the stolen code, not simply MAY have.

Mod up!!!!

[yuriwho]

This is a very doable project provided we have acess to windows source code. I'm not sure of the legalities but I'm pretty sure of one thing...MS uses GPL'd code in their products. Lets prove it and force them to make Office public domain. I could care less about the rest of their embrace and extend crap. If Office was free, we could be rid of them.

This is a wonderful idea

[crazney]

mod it up people.. if we found GPL'd code in M$ software, itd mean that M$ would have to GPL all there software, thus making it legel for us to use there stuff in samba/wine :-) MOD IT UP!

"Who is General Failure and why is he reading my hard disk ?"

now, i don't want to be chicken little ...

[laxrox]

...and say the sky is falling or that i even think anarchy is the way to go...and without going into any of my own personal theories too deep, isn't that the way we are heading? isn't it? i mean, i have never seen any fire/explosion diminished by adding fuel to it? have you? especially one where both sides are defending something of value (to them - money/power/freedom) basically with their lives. is this a little extreme or catastrophic? maybe. very far off the mark? maybe not. think about it, don't just flame it.

What does Microsoft run on its network?

[Ace905]

"The security breach did not involve a security vulnerability in any Microsoft product."

It's good to know Microsoft isn't even running there own software for there network.

Or perhaps what they mean is, "The security breach was due to our inability to setup a secure network using our own software".

Whatever the case, if they run microsoft software for there network - the security was breached because of that software. Whether it be a hole in the software itself, or due to Microsoft having such horrible standard installations which are loaded with security flaws - it is a result of that software or it's installer.

Why you'll never see their source in the wild...

[weave]

Forget it folks. If this was your typical leet h4k0r attack, they wouldn't be able to resist announcing it to the world or sneaking their little "greets and shouts" lines into their source code.

No, it sounds like these puppies were real pros. If I was running a master criminal organization, stealing source to Microsoft code would be the best way to evaluate weaknesses in their code and use that quietly to hack into the world's biggest companies and banks undetected and run off with billions. Or how about hacking into foreign government intranets to get their secrets? Remember that this code has not received a critical eye looking at it with the intent to covertly break into it.

There are real risks to the world going to 100% Microsoft solutions. It's like royal families inbreeding in medieval times. It ain't good and it's getting worse.

Just think, your entire company may be Microsoft on the desktop, but at least the back ends are still something else. But soon no more. To leverage those nifty Active Directory benefits you need to move your DNS, LDAP, and Kerberos services to Windows 2000. Then you'll start to see the real benefits of moving that web server to IIS and e-mail to Exchange 2000.

The real thing to fear here is what's going to happen behind closed doors outside of Redmond...

I just don't understand the logic in trusting corporate and often national security interests running software you are unable to audit written by a private company whose only concern is maximizing their revenue and market share.

M$ could just call "Foul" on everything...

[devphil]

...just to be on the "safe" side.

Consider. Free project GNUFoo comes out which competes with Microsoft Active FUBAR 2000. If it looks popular, M$ can just state that "there's a possibility that our proprietary source code influenced this design," and instantly GNUFoo is dropped like a hot potato.

Now, there's none of M$'s code in GNUFoo, but the FSF and the GNUFoo programmers now have to prove that, because in the Real World you are presumed guilty until proven innocent, and even then you're still guilty of looking guilty.

And in the years that it takes to satisfy the courts that GNUFoo is guilty of nothing but competing against The Man, the project will slowly grind to a halt. By the time GNUFoo is cleared of wrongdoing, M$ will have released their next project, and GNUFoo will be useless because it's so outdated.

Re:M$ could just call "Foul" on everything...

[spyro]

Burden of proof would be with M$.

Re:The difference between plagiarism and knowledge

[Palisade]

God forgive us.

Re:Hacking the old IBM PC

[doublem]

I stand (Or sit to be more accurate) corrected.

I remembered the story from a PBS documentary years ago. (Circa 1995) and must have messed up on the company name.

Of course, the point wasn't about the company, but the whole idea of having one team hack the product and the other design a new one based on what they learned.

Who's afraid of Big Bad Bill?

[mattbee]

Obviously MS have an excuse to sue if one person looks, but where's the harm in everybody looking? After all, the Windows programmers have had access to every piece of code ever relased under the GNU Public License since 1984! What I'm saying is based on the hypothetical that Windows source is / will be generally available, but then that's what all the don't-look-don't-touch hysteria is based on too.

On the offchance this is the case, why should one free software programmer fear litigation for implementing something that MS also implemented? What's to stop the programmer of some major open source software taking the opportunity to scrutinise Windows for appropriated ideas from GPL code? Obviously no free software programmer would be idiot enough to cut and paste Windows code, so if we're arguing on the stealing of `ideas' from code, and code from both sides is available for scrutiny, surely lawsuits could fly both ways?

I can see why the Samba / Wine people might be more wary than most but MS would have a very hard time grinding all international free software devleopment to a halt just because windows_src.zip turned up on a few FTP sites.

maybe it was microsoft

[josepha48]

It may have been microsoft, maybe they staged an attack against themself. After all who has more to gain by hurting the open source movement than them? If you think about this for a minute it was only last week if not this week that wine was running word and excel 2000. If M$ says that someone stole there code and the FBI believes them then this could directly hurt the wine project. This and the fact that they bought into Corel so they could undermine the linux wine movement.

I know maybe this sounds a little parynoid, but with the past history of this company I think that anything is possible with them. They are a moralless company that sees nothing but there profits. They say that they listen to there users and that there users want more features and don't care about security. That is a load and they know it.

On another hand, if Microsoft cannot secure there OWN software system and there network security is that crapy, do you really wnt ot be runnign that software? I mean really who leaves the source code to the OS connected to a system that is connected to the internet. Oh that's right they created that pptp crap and forgot to put security in in.

Microsoft gives new meaning to VPN, Very Public Network!

I don't want a lot, I just want it all!
Flame away, I have a hose!

Searching for GPL'ed code in MS software

[Jimmy_B]

Searching for GPL'ed code in MS's software, even with the source code, could be an interesting project. The best approach would probably be first to write a program that compares only commented sections and looks for complete comments which A)match exactly, B)are over a certain length, and C)do not pass a spellcheck (nothing is more damning than comment typos which match up). Then, get together all the GPL'ed source code you can find (this is difficult, there's a massive amount of it and it'd take a long time to download and be difficult to store). Then, systematically compare all of MS's code to GPL'ed code. This would be a very slow task, and would have to be run over several nights. Then a human looks over the results, throws out the (probably numerous) false matches, and mails what's left to the EFF.

------------------
A picture is worth 500 DWORDS.

I understant M$ will be getting its revenge

[Markar]

by stealing the source to Linux, BSD, and FSF software!

Amused

[PingXao]

I am really amused about how this company claims to offer "security" in their products. LOL. Not that anyone worth their salt actually gives any credence to their claims; we know their stuff is shit. On the one hand they offer a public facade of competence in the arena of "security" and then on the other hand they cannot say it enough how they have called in the FBI to investigate. Does this strike anybody else as absurd? If they're so good why can't they figure it out by themselves? The answer is clearly obvious even to the most casual observer.

In another vein, what's to prevent either (a) MS claiming their proprietary stolen code was used in ANY product they see that they don't like or (b) other people, for whatever reason, sprinkling their code with BS comments to make it "look like" it came from the purloined source code even if it didn't? Me, I'm immediately hamming up all my comment headers in my code to say "This Code Stolen From Microsoft".

The little guy is once again going to get the shaft when all this plays out in one way or another. Watch and see. You'll have to prove you didn't get your source code from MS the same way you have to prove you're not a drug abuser by pissing in a cup, even though there's no reason to suspect otherwise.

OK, but what about code M$ *has* released?

One thing occured to me with regard to the Samba team and all; if looking at M$' code is such a problem what about code they have publically disclosed. Some bits of genuine Windows code have been included with their (not third party) development products and publications if I recall correctly. So, to use the Samba example, suppose one of those code snippets documented a key aspect of M$' SMB implementation could a Samba developer use that code?

Somebody needs to look at the code if it turns up!

If any of the stolen code shows up, i think it would be negligent if someone didn't review it and make sure that it didn't have any gpl code in it. If one line of gpl code is found, the whole works would become gpl, this is the rule. Has anybody considered this aspect?

Help Us!

[rhino777]

Maybe that just want their code fixed so leaked it out and hope to get their hands on the fixed version after a bit...
rhino

Stolen Source Code Found!

[Immoral+Majority]

int Junk_Code = 1; So nobody use that, or the FBI might pay you a visit.

Re:Conspiracy Theory

[Fist+Prost]

I'd say more than that. If you're a developer you can no longer open any email from anyone other than those you already know, maybe even having to have someone screen them for you. Imagine this scenario;

To:Linus Torvaldes[Torvaldes@transmeta.com]
From:Billy Bob [bill-b@notmicrosoft.com]
Subject: Kernel Patch.
blah blah blah (insert MS code here).

Or worse yet sending it to the kernel mailing list, tainting all the relevent people in one fell swoop? Even if MS doesn't do it, there are plenty of people out there with nothing better to do than try to fuck up other people's day.

Fist Prost

"We're talking about a planet of helpdesks."

The REAL story

[DFDumont]

As soon as I heard the initial story, my immediate thought was that it was phony. It still doesn't make sense to me why M$ would publicly admit to being violated.

I think this is one step in a short proc, to put WINE and other Windows emulators completely out of business. I find the proximaty to recent announcements in /. concerning WINE's ability to run Office and 2000 to be just the kind of incitement that M$ would feel the need to react.

Normally I don't go for the whole black-helicopter theory, but this is just TOOOOOoooo close, and way too wrong to be real.

Did M$ know of, aid or abet it? Dunno...

[crovira]

The problems with M$, with understanding anything they do, what, when or why, is of course, the secrecy.

Do I think that this will slow down the OpenSource community in the least... No!

Secrecy is a double-edged sword. Any Linux distro could be entered into public record without a ripple. In fact that might be a good idea to do so now in preparation for any potential eventuality.

But I don't see M$ dragging their APIs and source code into court for the public record anytime soon. That's what they would have to do to even allege with intent to procecute against anyone for supposedly stealing any of their code.

They would have to identify the code and prove it came from them and the only way to do that is by bringing their own code to court and doing so in such a way as to prove the code repository had not been tampered with since the discovery of the break in.

Then M$ would have to argue that it could not possibly have come from any other source but their code. All a developer has to do is keep a clear paper trail of what ideas come, as they come, and the very plausibility of the defense would dispell any allegation M$ might make.

Making those allegations is a great deal more difficult than you think... Basically, M$ has a choice that I doubt they'd ever make even when their backs were against the wall.

If you live in secrecy, you can't step into the sunlight too quickly. I think we're safe from an open source M$ for a long time to come.

Re:Did M$ know of, aid or abet it? Dunno...

[Goldhammer]

>Then M$ would have to argue that it could not
>possibly have come from any other source but
>their code. All a developer has to do is keep
>a clear paper trail of what ideas come, as they
>come, and the very plausibility of the defense
>would dispell any allegation M$ might make.

There could be a different side-effect to
this code-stealing event, something other
than attacks on OSS etc. MS may be able
to use this situation to continue pushing
pre-installed OSs with aggressive campaigns.
They could argue, for example, that they
can no longer guarantee the integrity of any OS
obtained on distribution media. Any and all
such copies could have been tampered with, etc
etc. So the only way to get this guarantee
of integrity is to have your OS preinstalled
by the OEM, who must now have an even stronger,
tightly controlled software auditing bond to MS.

MS has already suggested that anyone who doesn't
want pre-installed Windows is probably planning
to pirate it. It's quite possible that they
can milk this code-stealing event for all its
worth in their "no naked PC" strategy.

I've said this before...

[Fist+Prost]

--begin signed conspiracy theory block--

That's pretty much what they did with the Kerberos specs, after putting them out with the click-wrap license. We probably even gave them the idea for something like this by publishing their paper without consent.

Fist Prost

"We're talking about a planet of helpdesks."

Re: Big Bad MS Lawyers

[doublem]

So, the only think you can find wrong with my argument is the spelling of one word.

Thank you. You defeat in this debate has been noted.

"If you can not attack his logic and reasoning, attack his spelling. Loudly"

How many sourceforges?

[nuggz]

Actually they would probaly DCMA all the providers and web hosters.
Get one or two monkeys to put up MS code on Sourceforge and that will cause them trouble.
They just need a case or two of bad publicity to hurt 'evil' free software people, who just steal and destroy from hardworking innovative companies.

Maybe...

[clyons]

Microsoft has invested MANY millions of dollars into their software -- something they obviously don't want to lose -- against your theory. With all the funky legal stuff going on in recent years, I must say if Microsoft hasn't used this vehicle, you are first, in my book, to give ideas to those who will ;-)

Maybe he should patent that as a business process. Hmmm... One-Click Acquisition?

Killing open source

[TheGeek]

So...

If, in some devious backroom meeting, MS decided once and for all to kill open source all they would have to do is allow is allow some non-vital, but interesting code to be available for a hack, have some blackops MS crony post it to Slashdot, ask all coders if they read Slashdot regularly, then fight every open source code release on licensing issues until the point becomes moot.

Not that I'm saying they'd DO that, but it's possible.


TheGeek

Apple - BSD ... MS - BSD ???

Apple are changing their OS to OS X, based on BSD Unix, thats cool, no loss of face, they are developing their OS further - its still going to be way cool and very technicaly competent.

MS couldn't make such a leap without big loss of face - unless they were forced to make such a change because their proprietary OS had been copied and compromised.

Its a good excuse that saves them from having to answer questions about what was wrong with the old OS.

Microsoft is an excellent marketing company - not a software developer.

Re:fuck you and your crappy little country

[Dreven+Capac]

in fact that's now "Disneyland Paris"

Says you

[ststrat]

Clearly the previous respondent cannot tell a stack crawl from a core dump.

Sympathy for Goliath

[TexasCowboy23]

To start, I'll admit that I'm no major fan of Microsoft these days; yes, I even find it hysterical they've been hacked on this scale; yes, admittedly (regrettably?), I have sympathy for them. No matter how much I dislike the ethics (or lack thereof) of Bill Gates, he has been wronged: theft is theft (if indeed source code was stolen, which has yet to be proven, by the way). Of course, I'm wondering something of my own (away from all the flying conspiracy theories, rest assured). According to MSNBC, Microsoft has figured out that the passwords were being sent to an account somewhere in Russia. So what's taking so long? What's taking Microsoft so long to actually come up with something definitive? Enough "may have" and "could have" -- where is the "did" and "done"?

Now, here's another thought. If the Linux community were behind this, we'd be unimaginable idiots every last one of us. Linux is so much more than Windows could ever hope to be. If you look at the track record of Microsoft and bugs, it don't look pretty. They have 7 service packs for Windows NT 4 (1,2,3,4,5,6,6a) ... They have 3 or 4 service packs for Visual Studio 6. Two service packs for SQL Server 7. Even their beloved Windows 2000 (not a few months after being released) now has its own Service Pack 1. I could keep going, but I'd be typing forever. No, nothing will be truly bug free upon release. Yes, bugs will always be one of the inherent problems behind code. But consider the overall amount of time between finding a bug and releasing a fix for it. Linux does it better and faster; Microsoft tries to mimic that behaviour and often times fails. Microsoft cannot keep up with the drive of Linux, and that's in out favour. If Microsoft source code ever became a part of Linux, I'd probably scream "Borg!" and run off to my own little planet somewhere in Andromeda. Assimilation of the illegal or the unwilling needs to be where the line is drawn.

Though, I wouldn't mind someone stealing the source code for DirectX 7.0 and developing it over to Linux. *drool* I'd love to play Final Fantasy VIII under Linux. (And, for my legal sake, that is not a serious statement, though it would be a dream to play games of that magnitude under Linux. Of course I could just hope that Linux and Sony somehow combine forces and make a new distribution called Sony Linux or something...)

This breakin at Microsoft also says something for off-site workers. As a consultant, at times I do work off-site, and I see some interesting effects in the worst case. Since the intruders appeared to the security logs as employees simply working off-site, security overlooked them for three months. For three months the intruders worked, doing only God knows what. (Like I said, there's been no real definitive proof to surface yet except for allegations about what "might have" and "could have" and "appears to have happened"...) But I still think this might produce some chilling and overly restrictive corporate policy changes on working off-site.

I'm betting that nothing really serious did happen; I'd bet that the intruders only want to sit down and see how long it would be before someone noticed. In three months, you could cause all sorts of chaos for Goliath in his own camp. Blow out a few torches, bring down the mainframes, format a few servers, knock out corporate E-Mail, shut down all the domain controllers. (That latter one would be VERY interesting, believe me.) Maybe I'm wrong; maybe something serious did happen (not that a break in of this size isn't already something serious in and of itself)... I just want proof before I start my panic run. (Which, for me, consists of about 2 minutes of hyperventilating. *grin*)

Enough rambling...

Send bug fixes to MS...

[isaac_akira]

If stolen MS code DOES get widely distributed, it would be pretty amusing for the OSS community to start anonymously sending them diff's to fix up the bugs in the stolen code. I'd like to see the face of the tech support droid who gets that email...

- Isaac =)

Hacking the old IBM PC

[doublem]

Compaq was very worried about this when they cloned the IBM PC. They had one group pf hackers chip away at an IBM PC to build the specs for what it needed to do, and a separate "Clean Room" team to use the specs and create the cloned BIOS. The "Clean room" designers had to be able to prove they had never worked with an IBM PC to get the job.

And thus the IMB clone of the PC architecture was born.

If they hadn't taken these precautions they would have been sued into oblivion by IBM and all PCs would be IBM PCs to this very day.

Re:Hacking the old IBM PC

[ststrat]

Close but no cigar.
The original credit for reverse engineering the PC BIOS goes to Phoenix.
But it's good to know that people are still herd animals and prefer to believe advertisements over history. Makes it easier for the DNC and RNC to control you ;)

Re:and were are *you* from?

[FreRange]

You really need to review your history your ingnorant "pig-dog". Genreal La Fiate was leaching off the US purse while "Fighting the British" Wait, I know, what about the "French-Indian war"?? WW2; the south conspiring with Hitler, Can you tell me what that was all about? Why do we pay for 75% of the French Defence? Why do you all smell? Had you discovered deorderant yet? I hate stupid people....

Take the high road, guys...

[BluedemonX]

Yes, they've basically stolen tons of stuff from everyone else... one MIGHT be tempted to say "fight fire with fire"... BUT...

Here's the chance to publicly say "even if it was offered to us, we wouldn't take it." That kind of corporate-espionage B.S. belongs to a totally different world. Open Source is a philosophy, let it live and or die on its own two feet and by its merits.

Showing the world the kind of class that Microsoft never had and never will should ratchet the public image of slashdot types way up, and counteract those stupid and offensive "hi! I'm the fat black hacker guy who has your credit card!" commercials...

Well, actually...

[ralian]

...they could probably call for a "closed-court" case, where nobody who was in the room would be able to speak of what they saw for like 25 years (or something of the sort(since it IS a trade secret). I, of course, am no lawyer, however.

M$ Need not have orchestrated the Theft

[gnarly]

All Microsoft needed to do was to put a chunk of code for some unimportant future project in an internet-accessable area, and let the script kiddies + Outlook do the work. Then they can honestly say to the FBI "Our Vital source code was stolen"

They need not have orchestrated the theft, nor hired the thieves, simply relied on their own "security". Much less "conspiracy" is required than some theorists have suggested.

What would you do with Billions of dollars in cash assets, a floundering business model, and a bevy of lawyers depressed at loosing to Janet Reno every step of the way? Get ready for sue-a-thon!(tm)

They had access to MS's source code

[yebb]

for three months!

Thats probably enough time to design and implement a pretty well hidden bit of malicious code that would soon be on most of the computers around the world!

If they were smart, they could sneak a little bit of trickery into IIS, or some other MS service.

This, my friends, is the real danger, I'm sure that the source code wouldn't do too many people good, but the possiblity of writing your own personal backdoor into Windows is pretty Frickin huge.

Re:They had access to MS's source code

[treke]

I'm guessing that Microsoft is gonna have to revert back to their last know "safe" code, and then try and merge changes back into the code. Carefully auditing each one. At least that what I think a respobsible company should do. Now microsoft on the other hand....

This could easily set development back on whatever products the hackers got access to the code on. At least assuming that they we able to get write access.
treke

NSA

[naen]

I seem to remember that there was a rumor that the NSA had backdoors planted in Microsoft code. Could be just conspiracy theorists paranoia.. Guess we'll find out.

Don't think this is legally true

[cameldrv]

IANAL, But if you get the source code from someone else (as opposed to stealing it yourself), I don't think that trade secret protection applies. Now you have probably violated Microsoft's copyrights, but that doesn't prevent you from writing open-source software. I believe that law is that if a trade secret is stolen or misappropriated, the person who steals it or discloses it improperly is liable for damages, but anyone he gives it to is in the clear as it is no longer a secret. Legally I don't think that copying a win98 CD is any different than copying win98 source code.

Re:How QAZ works

[Global-Lightning]

From the Symatantec Antivirus Research Center:

[...] W32.HLLW.Qaz.A was first discovered in China in July of 2000. W32.HLLW.Qaz.A is a companion virus that can spread over the network and also has a backdoor that lets a remote hacker connect to and control the computer via port 7597. Since the virus does not have the ability to spread to computers outside the network, the virus might have originally been spammed out by email.

Maybe the sharks at the FSF

[Markar]

should contact M$ sharks and get signed affidavits from M$ suits and programers swearing that no GPLed source code was used in any Windows product. Afterall the source for GPL programs has always been available. Time to go on the offensive.

Qaz Trojan opens port 7597

[alienmole]

Who said anything about an open port?

The reports of the Microsoft incident mentioned the Qaz Trojan, which according to this article opens port 7597 to support remote control. Which, needless to say, would easily be stopped by a firewall/packet filter/proxy/etc.

While you're correct that the most determined attackers might be able to create a trojan which might even be able to operate through a protocol-sensitive filter or proxy, the fact is that no-one seems to have actually developed such a trojan, have they? Which means that for most businesses with a decently configured firewall, you're far more likely to have a disgruntled techie or salesperson abscond with or sabotage sensitive information than you are to experience an external attack from the Internet.

you people are so damn arrogant

[xsteinberger]

---------please read----------
ive just spent the last 10 mins reading up on this whole conspiricy, and microsoft wanted their source code to become public, and death to the open source community via legals.

use your fucking heads.

the microsoft operating system, and office suite, appeals to the less computer literate users, which seems to be the majority of the market--how many first time users would go out and buy a system running FreeBSD or slackware7.1. the kind of things these users take into account are the ease of use, internet functionality and compatibility, possibly gameplay, and security.

security, especially due to the media. im sure wed all agree the media portrays images way off to the public. as a man with a computer related occupation, you can only imagine how many calls ive got from friends telling me theyve been hacked--when somebody stumbled across netbus at some l33t hax0r website or bbs. so security will have a major impact on the consumers decision when choosing an operating system.

SO, why on EARTH would microsoft 'hack' into their own systems, or hire somebody to do so. thats ridiculous. they arent worried enough about open source software to scar their reputation as much as that. i quote a man, whos name i shall not reveal, in microsoft senior management, "we aren't worried about linux. linux is a fad, itll die out. we are, on the other hand, worried about sun/solaris. their o/s is much more expensive than ours.".

for you paranoid oss'ers out there, if ms wanted their code to become public, so they could destroy open source software, why not just RELEASE their damn source code? that wouldn't harm them security wise, and they could still sue the assess off you little private developers, and even the larger developers would become extinct. and microsoft releasing their code would get you stubborn unix users to see them in a new light.

im not going to lie, i'm an ms employee, and a regular slashdot reader. lost of ms employees are. maybe rob/co should check their logs for *.microsoft.com requests. im running 2 boxes at home, one, the one with more powerful hardware, running win2k, the other running slackware 7.1. linux fascinates me, and id much rather use it than windows, likely because of the anti-ms hate in the air. and i'm an ms employee.

Re:I don't know.... (offtopic)

[Jburkholder]

Yeah, I'm usually wary of clicking links from AC's without looking in the status bar to see what the actual URL is. I notice that my karma went up a point as well after that... Taco is a sick dude if slash has something that says

if (URL == goatse.cx) {
++user.karma
}

But I guess I wouldn't put it past him.

Re:Conspiracy Theory

[FirstEdition]

Or lets say that it was posted to ummm... slashdot.org by an AC.

I suppose most people involved in open source read slashdot now and again...

lose your right to work on free software?

[dalinian]

Is this article saying in its first sentence that any people that have worked on any proprietary software cannot work on free software? I mean, who hasn't? Or is this "illegally copied" part somehow relevant?

Re:Conspiracy Theory

[Fist+Prost]

That's already happened once, and I for one would beg Rob and crew to seriously considerjust deleting any posts outright if it happens again (this is assuming there actually is MS code inthe wild of course...)

Fist Prost

"We're talking about a planet of helpdesks."

The best game in town

[MeanGene]

Gov't used to plant narcotics or weapons onto people - now all they need is a printout of some win32UselessFunc.c!

Sorry, no.

[schon]

a firewall should have prevented the attacker from exploiting the open port

Who said anything about an open port?

I'm sorry, but to a determined hacker, no firewall in the world will be able to stop a properly-written trojan.

First, you're assuming that the trojan simply opened a telnet port and waited for connections (al-la backorifice) - a firewall (or more correctly packet filter) would solve this, but there are LOTS of other ways a trojan could have operated.

Let's look at some of the other ways to get in from the outside (Just off the top of my head):

• Outbound sessions - have the victim initiate the TCP session. So instead of Attacker->Victim, you have Victim->Attacker. Set the destination port to something that the client may be likely to do (Such as port 80, or perhaps 22 or 25) to enhance the likelyhood that any packet filter would allow it.
  
• Use UDP to do the transfer - again have the victim initiate the session, and send control packets via the UDP-return mechanism. This is harder to implement than TCP (you have to handle dropped packets and retransmits yourself,) but probably the best way to do it, considering the way that the MS Netmeeting protocol works. (If the victim is allowed to use Netmeeting to anywhere on the 'net, then you can't block unknown UDP packets.
  
• Use another protocol, such as ICMP, or maybe a combination of UDP and ICMP - the victim sends data/ack/heartbeat packets to to the attacker, and the attacker sends commands embedded in ICMP destination-unreachable packets (IIRC, this is how the TRINOO trojans work - this is what was used in last year's DDOS attacks.)
  

The bottom line is that packet filters aren't the final solution to security - they are certainly a part of any good security plan, but relying solely on them won't protect you from someone who really wants into your network.

Re:I don't know.... (offtopic)

[netpixie]

Same here. After I stoppped wretching, I noticed that my karma had gone up. Does slashcode give you more karma for looking at pages like that? (Mind you, it would explain a lot of things...) Is *this* the origin of the mysterious "mostly" at the beginning of "mostly the sum of ..."? Is this proof that your crazy persidential candidates were right about the corrupting influence of everything? We deserve to be told.

-------------------------------------------

I could be wrong but...

[Gogl]

... I was under the understanding that they didn't tamper with anything, just copied it. I don't think they edited MS source code at all, just "stole" it per se, and sent it off to Russia or wherever it was...

Re:Open Source or Privacy: choose one

[Kiss+the+Blade]

An individuals rights are different from those of a company, IMO.Besides, of course Microsoft and anyone else has the right to protect their property. It just seems to me to be about freedom of choice - I hate not having the option in any field, whether that be using free software or maintaining my privacy.

The concept of property is fundamental to any society, and I don't agree with the 'property is theft' idea, but when they can unfairly use this to their advantage, they should ,and are, slapped down. When companies use their power to reduce freedom of choice, that is something to be resisted, for it is negative competition. Freedom of choice seems to me to be what the free software movement is all about.

In many ways, modern multinationals are excellent institutions.They are highly transparent,for example, especially when compared to the government buerocracies that the WTO protestors and the like adore so. The fact is that these companies are owned by Mr&Mrs Average, and the shareholders put an incredible amount of pressure on them to perform and demand information on their performance & intentions. They are the ones controlling the multinationals.

Anyway, getting a bit OT&OTT there, so to get back on-topic, I'll say that ultimately, Microsoft is free to do whatever the hell it wants with it's property and information, as long as it does not try and reduce my or anybody elses freedom to choose, whether it be software or my privacy.

Microsoft's take on things

[ralian]

Actually, look at this: www.microsoft.com/technet/security/001027.asp . In it, M$ denies that there was any source stolen and that basically anything happened at all. ;P

Re:Microsoft's take on things

[wass]

I get a blank page on that link. Netscape on Solaris must not like it, I guess.

SETI@home was getting boring anyway

[Bob+Blick]

So we can all burn our excess CPU cycles searching for GPL'ed code in Windows now?

*sigh*

[jallen02]

You guys make like this is some evil dark thing that someone other than MS has the source to windows.

it is *NOT* a big deal

You can go lic the windows source code for yourself, maybe not whistler but its not a big deal.. AT ALL.

WIndows source code is available for a price, and windows source code *IS* out there, and if you want to see the source code for a MS platform go grab the source to windows CE, it comes with the MSDN developer network subscription.

So.. in short you guys get over it, all these same jokes and asanine things floating around are irksome.

Jeremy

And the other way round?

[Charles+Dodgeson]

If merely reading MS source code could make it difficult to prove that you didn't use what you learned in some GPL'ed thing later, then shouldn't this work the other way around? That is, even if code snippets themselves don't make it from Open Source code to proprietory, maybe ideas do.

Should someone investigate whether anybody employed by Microsoft has read GPL'ed code? Could that bring all of MS source under the GPL? Am I just talking nonsense?

I suspect that it would be very very difficult to make a case either way, but one side has more money to throw at lawyers than others.

c'mon

[child_of_mercy]

you can tunnel data down any old port.

Of course the user should notice an interruption of the regular use of the port.

I guess the trick would be to have the trojan play nicely with the porggies that are meant to be using the port?

Doesn't sound TOO hard...

Great !

[ModelX]

So now there's a perfect chance someone trims those sources of excessive baggage and releases an optimized uncrippled version of WinME on 1 floppy disk.

Umm, "clean-room reverse engineering" analogy ?

[antv]

Could I legally get the description of source code from, say, some anonymous person in Russia, and then make clean-room implementation ?
i.e.

h@x0r:then it opens "win.ini" for write ...
antv:C-x win.c
if((fi=fopen("win.ini","a"))!=NULL)
C-x *zenirc*
Checkski
h@x0r:.. and writes "shell=command.com" in there
antv:C-x win.c
fprintf(fi,"shell=command.com\n");
C-x *zenirc*
Checkski

Legally speaking I never seen the code, so is this legit ?

Re:So what? BSD code is free -not restricted ala G

[Trepalium]

Yes, but unless I'm mistaken, the BSD copyright requires acknowledgement. And to my knowledge, they have not done so. I personally don't really care which license you 'prefer', and indeed Microsoft is completely permitted to use any or all of the code that's under the BSD-style licenses, however credit should be given if for no other reason than the morality of using someone else's code and claiming it's entirely yours. Either way, I don't see UC going after Microsoft for such a trivial matter, and the version of FTP that they used is quite ancient and could've probably have been reimplemented from scratch quite easily given it's limited feature set.

Re:Good Lord

[alexburke]

Aww, are you jealous you didn't make it to VA's party in San Jose? Poor you!

--

No it's not all paranoia

[NuclearArchaeologist]

Email from within M$ asked questions like, "How will this kill Unix?" Way back in 1995 or so. They really are out to get everyone else and force their crappy code on everyone.

Conspiracy theory of the day ;)

[bero-rh]

For the paranoid among us:
There was no breakin. Microsoft just claims there was so they can sue open source projects that incidentally/through legal reverse engineering have come up with code similar to theirs.

Who's really behind this?

[rjsquire]

What about the (admittedly paranoid) consideration that this crack is a fake. What if you were Microsoft and wanted to have grounds to challenge the rights of distribution of open-source products that can be substituted for your products? Releasing your own code (in a way that makes you appear to be a victim) into the wild would provide the grounds to establish such challenges. Samba, Wine, Koffice, Open Office, and many others could be accused of using Microsoft proprietary methods to achieve their stated goals.
I know it sounds like a plot dreamed up by Chris Carter but you must admit that it's an interesting possibility. After all, Microsoft initially decided to investigate the breakin themselves. Maybe they needed to establish a more realistic appearance of a crack. And It's difficult for me to believe that a company whose products are so easily back-doored would have anything but the latest virus detection and prevention measures in place or that they would leave any sensitive materials on a network that wasn't very carefully administered by their absolute best IT personell.
Then again, I'm a little tired and the upcoming election has me on edge so...

Microsoft's programmers

[Vej]

Does this mean that programmers that had previously worked on Microsoft's OSs are permanently banned from free development? Both current and old versions?! -Corey

Perhaps law suits aren't as easy as people seem to

[fosh]

Think...

I think we are all overlooking one extrodinarily important factoid, All open source software is open source. That is, the code, and change logs, and CVS logs, etc... are completely and totally open to the public. M$ or thier lawyers would have an extremely hard time claiming that MS interop was a result of the hack if it wasn't, as judges could see a clear progression of the source code. Just think, MS says that the samba team hacked thier servers, stole the source, and is using it. Well, just look @ the samba logs and see that they were doing this well in advance of the hack. Hooray for open source.

Also, Microsoft is one of the few true symbols of "Big evil company" out there, can you imagine the kind of PR they'll get when the local news starts reporting that MS is "Going after a free alternative OS" Unless MS owns news anchors, (well, more than one networks worth,) the news couldn't possible substantiate the spin we are all paraniod of.

Now, the only real question left is, if someone has the source to say, windows, what good is it going to do them? THe only real motive I can think of is. Post it on the net anonymously.

If this happens, then MS is fucked, as trade secrets aren't trade secrets once thier known.

Well, we can all cross our fingers (and penguin's can cross thier fingers)

Thats enough rambling,

--Alex the Gnome Fish

dare?

[jbarnett]

Just Say NO to Microsoft source!

Than entire article reminded me of a anti-drug/dare progranda. It will infect your mind!

m$ must open their source since it is soon on

[vinylat33]

.... the net.

When their source will be in the hands of the-not-so-funny-evil-hackers, the attacks on windows-servers will increase with successfull results. Anyone knows that security by obscurity (binairies aren't easy in finding holes) isn't what your security model should be based on.

By allowing nice-hackers access to the source, the first easy attacks will be save.

Be prepared for installing service pack 6,7,8,9,10,11,12,13,14,15,16..... and so.
I told you so....

vinylat33

Suprise suprise m$

[Valar]

Could this be karma(sic). I mean, perhaps the source was stolen because some kind of deity with a sense of humor wanted to get them back for all the stealing they've done?

Double standard.

[Operandi]

While agree using another firm's code that was obtained illegally is wrong, it sorta pisses me off, this situation. You all damn know MS has taken code from open source projects, all fine since they keep their source closed. Yet since we are doing the right thing and keeping our code open, we have to nearly *expect* MS legal to go on a witch hunt. I tell you what, I don't think 2 wrongs make a right but I have a sweaty lusty desire for this source getting released into public domain. Once it's been there long enoug, it'll slowly creep into open projects and y'all know it.

Regards

trade secrets mean...

[nels_tomlinson]

that you MUST keep the secret, right? So when Microsoft carelessly allowed spies to copy their secrets, they lost the trade secret protection, didn't they? The spies have broken the law, and should be punished, but if they publish the "secrets", it's none of my doing that that's not a secret any more. There may be a copyright to keep me from cutting and pasting, but other than that, it seems that I should be in the clear.

In a nutshell,(TM) I thought that once a trade secret slipped out, it was no longer protected by law. Can someone who IS a lawyer comment on this? Is it true that it doesn't matter HOW a trade secret is divulged?