Slashdot Mirror
Windows 2000 & Windows NT 4 Source Code Leaks
PeterHammer writes "Neowin.net is reporting that Windows 2000 and Windows NT source code has been leaked to the internet. More on this as we hear it."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
mr billy is gonna be so pissed!
I could easily name files "windowsxp.source.tar," but that means nothing.
OK lets see how much THEY'VE nicked from Linux.........
Full file listing with sizes: http://heim.ifi.uio.no/~mortehu/files.txt I suggest mirroring ;)
Tim Dorr
Owner/Manger
A Small Orange
Among the programmers I know who use the Microsoft source code, if you the "diff", there are many very small changes between the source files. It is a question, are these changes intentional, and signed, and in a database. I would think yes, there is no other reason for it.
The leaking company will soon be identified unless the code was first changed in a very strong way.
My formatting was fucked up, but Ill repost without the Mirror, since everyone else posted the mirror:
,Could this potentially help the WINE Project?, Is anyone working on replacing IE with Konquerer?, Will this be able to help the effort to make driver "wrappers"?
The server is already slashdotted, but I think this is major if it is true. Microsoft's legal dept is probably planning an all-nighter tonight, and will be working in shifts to frantically sue people who are connected in any way with this.
If this is true, the shit will definitely hit the fan. I wonder how this was done. The IP contained in Win2k/NT is worth BILLIONS(arguably). They obviously would have some serious security on it.
On a lighter note: When will we see some tricked out Windows 2000 "Distros"?
It *amazes* me that it hasn't been routine.
Windows source code is not some deep dark secret that is locked in a vault, only let out during builds for the product releases.
*MANY* people have access to the Windows source code. A number of people in my own university have it. There are strict licensing considerations, but when has that ever worked before? Surprisingly, none of the people with source access has ever pulled off the stunt where it's broadcasted. I have always wondered why.
-fb Everything not expressly forbidden is now mandatory.
as this source code is now out, can we expect people in the wine project to start using it as a basis for their coding. I'm sure it would provoke a legal battle of the SCO type (but with reason this time) but surely with a bit of clever coding and a bit of reference to this code wine could be advanced very far. Sure it's illegal, but so have many things Microsoft has done. I haven't been able to get through to that link (/.ed). This source code could, theoretically, be a big step for ReactOS and the WineX and Wine projects particularly as it is 2000 which has support for a lot of the stuff that NT does.. very exciting!
tim
This pretty much destroy's any argument that Windows is more secure because "the bad guys" can't look at the source code. And yet it won't get the positive aspect of "the good guys" reviewing the source code for bugs as it is illegal to make a copy of the code without a license to do so.
Mirror here
I have no idea what and how much of windows' code is leaked, but I imagine if it's the right amount, there might be some illegal forks in the WINE project formulating.
Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
I hope some bright I.T. reporter will write a story about how "Linux source code leaks" are not a security issue, but part of the development process, making Linux safer than Windows. I mean, if the Windows source is so full of bad code and bad design that releasing it represents a threat to national security (Jim Allchin's words), while Linux has always had its source code freely published -- it standsto reason that Open Source software is of higher quality.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I wonder how long it will be until someone runs the comparator in it?
Strangely enough this Leak will make Windows more secure in the long run as the code can be studied and possible exploits be "published"
Help fight continental drift.
Granted, there's already lots of schools and whatnot that have access to the source, but if this is for real, then expect all hell to break lose. Should be interesting to see how many vulns get discovered in the first month alone from this. Regardless, whoever leaked the source better hope they're in a far, far away country immune to teams of sharks-dressed-as-US-lawyers.
"Hell hath no fury like a woman scorned for SEGA. ..."
What would be the legal ramifications of:
1) Someone taking the W2K source and making an Out of the Country host of a tweaked (and improved?) W2K source? Would this be illegal to use? I realize it would be illegal to distribute in the US, but would it be illegal to *use*. Especially if you owned a valid copy of W2K?
2) If you own a valid copy of W2K, could you legally look at/use the leaked W2K source?
3) If there were any derivative works off the W2K source, I'd think the W2K license would allow you to use any subsequent O/S created with that source by independent developers. I realize the EULA may forbid this, but I seriously doubt that would hold up in court. You probably couldn't do this from a commercial standpoint, but as a private citizen, I can't see there being any legal recourse MS could take against using what would effectively be an OSS version of W2K.
Anyway, something to think about.
What ever you do, don't let the code influence your projects
You beat me to the punch. This code leak could be a very good thing for Microsoft, and a trap for the open source community. I doubt that Microsoft intentionally planted this snare but if any future open source project even vaguely resembles this leaked code I have no doubt that Microsoft will open their full arsenal of lawyers.
Seems a bit of a stretch to thing 'soft would have given all of these organizations the complete source tree. If they did, then I am far more amazed the source wasn't leaked a long time ago. It's a bit hard to believe 'soft licensed the entire build tree to anyone.
Makes a pretty good headline, though.
Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
If the story is true, i'm not so convinced about that yet.
Probably some more worms will come out within the first weeks. But in the long run MS might finally learn the value of bugs getting shallow by lots of eyes looking at the source. I don't think companies will suddenly start to copy the source and using it themself - the fear of getting caught will be too high. As much as MS will dislike this, i think the users will have more advantages in the long run (and maybe this is even not soo bad as MS will think it is).
So will we finally find out exactly what kind of information that IE is keeping on us?
There are probably paranoid governments who have teams who do this just this kind of work just to make sure those fabled NSA back doors in either are or aren't windows.
This is a boring sig
Microsoft has always maintained that it takes a good 24 hours to compile a full version of Windows from the source, and that the increasing complexity of Windows has meant that modern computers don't compile modern windows any faster....
I'd be interested to know what the Windows source is compiled with though
Intel C compiler? I'm sure they couldn't stand the irony of using GCC. The NT codebase is supposed to be crossplatform do I doubt it's got any Assembler code in it - is it written in C or one of Microsofts own languages?
If so, what was it originally written in and when was the translation made? (Pls don't mod me informative - I may be way off the mark!)
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
And to clarify, this means DO NOT LOOK AT THE CODE. A court can say that anyone who has seen the code has let it influence their future works, even if that influence was unintentional.
How long will it be before someone fully documents NTFS by studying the source under the guise of having legally reverse engineered that information?
If whoever does this is careful and realistic, it seems very unlikely that Microsoft could ever prove they had done so with an illegal copy of Windows source code.
I predict that if this source is legitimate, that we will see full NTFS write support under Linux within a year.
And just think. What if there is 3rd party driver source in there too?
It's illegal, but I think it is bound to happen and we will benefit from it.
On the plus side, some of the comments are fairly humorous, especially when you note who wrote them and look up where they are today.
Do NOT read that book if you ever wish to write your own books, ever. Doing so will make you tainted- you open your book up to allegations of copyright infringement. Unless you never want to contribute a single idea to the world, etc, checking out that book is a bad idea. Its almost a surprise authors haven't published their books years ago to catch potential authors like this.
For the same reasons that Microsoft warned its IE developers to stay clear of Mozilla, open source coders should avoid even seeing this.
That said, I'd love to get hold of the dll code that does the equivalent of a window manager in X. How cool would it be to swap out a dll on the Windows box at work and have a completely custom windowing environment?
I would see the opposite being more likely...now the open source community can examine w2k for evidence of GPL'd code being used.
Imagine the shitstorm if someone found linux code in the w2k kernel...and people thought slashdot posted a lot of SCO stories...
I see bad things happening here... 1) Microsoft "accidently" leaks Win2k source. 2) Microsoft pays some guy to "contribute" to the linux kernel in a small way. 3) Microsoft then files an SCOish lawsuit against IBM (or whoever) claiming ip infringement in the linux kernel. Don't laugh. Stranger things have happened.
Assuming this is indeed true, what's the chance that MS released this on purpose, with the intent of a)eliminating as many legacy win2k/nt 4 users as possible to ensure a move to longhorn or b)creating an environment where an extensive patching system would be necessary and thus sellable?
just some ideas; i'm not a zealous ms hater, but i've seen companies do conceptually-similar things before.
I wonder if the guys over at ReactOS (http://www.reactos.com/) are tempted by a look?
For those who don't know...
"ReactOS is an Open Source effort to develop a quality operating system that is compatible with Windows NT applications and drivers."
The odds of getting one's hands on the full source to NT4/2K are slim to none--even most Microsoft folks couldn't do that.
This is incorrect.
Its funny how people build up ideas in their heads about what its like in a large corporation, somehow like a hollywood movie with lots of people with dark shades and guns ala "The Net".
No, inside Microsoft is a lot more like "Office Space" and anybody with motivation could get the entire source with little trouble.
Just to throw this out, what's the possibility that MS saw some similar routines in WINE and figured to shutdown the project by releasing some portions of the MS code that overlaps? They could essentially say that WINE must be based on MS proprietary code. Even with the code only publicly being leaked now, they could argue that copies may have been floating around for a while. Maybe they are taking some ideas from SCO on how to profit from the OSS community.
Are there any back doors showing in the source...
every day http://en.wikipedia.org/wiki/Special:Random
Just imagine the FUD/lawsuits/etc when, for some reason, Linux starts running on natively on NTFS.
Besides, there are several obfuscating methods designed to hide the logic of the original code. They can be used to actually copy the code to the emulator (if the copied piece will work there). After that it would be hard to prove anything even in the open source.
Disclaimer: IANAL, but anyway, personally I would not feel guilty having W2K source code and using it to improve WINE. Because I think that the algorithms is a part of the math, which existed always even before humans came here. A programmer just discovers the piece of math and express it using one or another language. The gravity doesn't belong to Newton, the math formula that describes the gravity neither. Only the fact of discovery of gravity math description belongs to Newton, just for references. Only the fact that programmer wrote the code belongs to the programmer (or the employer), not the code itself. Just to refer in the report to the boss why one was so busy all the day. Getting the source code from Microsoft is not stealing - it's learning. There is nothing wrong in learning.
Less is more !
Conversely, imagine if someone found parts of the 2k/nt4 code that were very similar to previously existing GPL'd code? that would be pretty interesting, too.
MS may just add different comments(or slightly modify the code) to each licensed source, and when/if they see a leak, they can easily find where the leak is coming from, for example they add something like "#Rewrite this later" on line 135 for your license, "#Redo this part" on line 563 for another license, etc. and when they see source leaked with a comment on line 563, they know which particular license is it coming from.
WRONG, SCO as they can see Windows source code, will surely find lines of code copied verbatim from their UNIX and sue MS.
The IT section color scheme sucks.
As someone mentioned, this would be fascinating to just read the comments. Would it be possible for someone to strip out all the code, leaving only the comments for each file, minus comment lines that ARE code? It would be GREAT just to read the "intention" and "questions" living in that code and be able to associate each with a filename. Purely for entertainment value. It would also be neat to compare comment-to-code ratio in areas of MS code.
Ryan Fenton
It's suspected that whoever wrote "Blaster" had access to Windows source code. Given that thousands of people do have legal access, this isn't really all that unexpected.
BTW, wasn't Windows source leaked once before? -- around when W2K went gold? I seem to remember that MS had accidentially posted it on MSDN or something.
does it really matter? i mean maybe Microsoft wanted the source to leak so they can shutdown projects like wine(X), Samba and others in the same style as SCO is trying to with linux/IBM
anyway, i wouldn't even want to see the source code if it was strapped to a hot chick..
grep the Linux source code for "microsoft.com".
It is possible to extract knowledge from the code without breaching copyright, but...Getting a copy of the code at all is a breach of copyright.
Sorry for sounding like an idiot but could you clarify that for me. On one hand you say it is safe to read copyrighted code, on the other hand it isn't.
It sounds like you are saying that there are some instances where you can read copyrighted source code and still write your own code for a similar project and be legally safe. But in this instance simply having a copy of microsoft's code without signing their NDA first is a breach of copyright and would put a person at risk. Is this correct?
I must admit that I am curious to see the Windows source, and since I write network apps in java & delphi, not operating systems in C my software is not likely to be tainted by it.
Well, that's what Microsoft claimed in court, in response to the notion of requiring them to provide the source. Microsoft claimed releasing the source could compromise (USA) national security, because the malicious individuals could find and exploit all the holes. Yes, they really did say that, more or less.
But only a couple months later, faced with China adopting Linux over concerns of hidden backdoors, Microsoft provided a copy of the source to the Chineese. So much for national security (or was that honest under oath?)
PJRC: Electronic Projects, 8051 Microcontroller Tools
I think this is great. We've been told security though obscurity is safer then open source. It's also been argued that open source is safer because we can spot and close the holes. It's always been impossible to test. Now that the windows source is out there we'll know once and for all which method is superior.
So if this is real, I want to see evidence of all the dirty tricks code that allegedly is in Windows.
I mean the code that supposedly makes competitors products break, and god knows what other bad stuff I've heard about over the years.
Anyone working on this?
In Microsoft's closed source world it would have been tough to know if someone had included code that was similar to something they had seen in the Linux ( or any other opensource) codetree. It will be interesting, if this windows code release (escape?) proves true, if any suspicious code is found.
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
Having the source you could do a cleanroom implementation of it, have a set of "dirty" developers read and describe the undocumented API's and another set write those API's from scratch
Snowden and Manning are heroes.
I seem to remember reading that Microsoft gave China access to the entire source code, after the country mentioned that it was leaning more towards using Linux for government-related things, because the entire source code was open for inspection.
$ echo "ceci n'est pas une pipe" | sed -Ee 's/(eci n|pas )//g'
Since XP isnt such a big rewrite of the NT codebase a significant number of holes found in the NT/2000 code will most probably also be lurking in XP/2003.
If this really is true the ramifications on the security of windows is really big. In contrast linux is getting SELinux functionality implemented as we speak.
I hope this isnt true because it would turn the world of computers totally upside down and have big impact on innocent bystanders who bought into the MS marketing lies.
HTTP/1.1 400
I wonder... Does this go for GPL code as well? If I glance at a bit of GPL code and then at a later time write something that uses a smart trick used in that code, or something which resembles a piece of that code, then my whole project should be GPL? Or is it just that Windows is Evil and everyone who gets near their code becomes tainted and must now work for them?
------- I fumbled my registration and I now must suffer
It was a quiet nice evening couple years ago. Someone pointed me on IRC to 2 links on some unnamed (I won't tell) microsoft.com server. 2 huge .tar.gzs, totalling couple gigabytes. The Windows XP source code.
:-(
The links circulated very fast and the servers started slowing and slowing down and then they died. The first ones did manage to get all the stuff. I envied them because I managed to get only couple megabytes.
It seemed real. Very real. Someone had broken into their development servers, stuffed the stuff to the web servers and escaped with it all.
There was some small mention about it on the Slashdot too but I couldn't find it right now. It seems the Microsoft was able to really sweep that one under the carpet. I wonder how.
There are people around with self compiled Windows XP copies, trust me. I envy them. I would gladly remove some features and tweak couple edges I am not now allowed to. Even though it would be a HUGE task.
So the now leaked source codes to NT/2k are mostly just boring and obsolete.
What about the opposite:
Is there GPL code there?
Ask an auditing company to
diff NT4 2000 | grep -e yourcode
and get an answer.
I don't think they're playing SCO if they released just a part of it maybe but not the whole thing
Searching the file for "ppc", "mips" and "alpha" it is interesting to realize how much references to these architectures is still lingering there. And hell, even "ppcmac"! I wonder if MS is still maintaining these other architectures internally the same way as Apple is rumoured to have running Mac OS X/x86 installations internally.
OTOH, most of the OS X code (without Quartz etc.) is OSS-maintained on x86 anyway, so it is probably much smaller pain for them.
“Wait for Hurd if you want something real” –Linus
Blimey. We got wind of this around lunchtime GMT, and within half an hour two zip files mysteriously got downloaded to - ahem - servers some collegues and I have access to (no, I had no involvement in the download and have no idea of the source). We took a look, us being extremely sceptical of the claims, and ended up spending a few hours grepping the Win2K sources.
If this is a wind up, someone or people spent a long old time faking it. Microsoft notices and email addresses all over the place. They don't like the AIX compiler one little bit. Hardly any mention of Linux, GPL or GNU.
Actually quite a professional bunch of source files by all accounts. Appears to be using standard GNU Makefiles though. Yes, the 'f' word appears, as does the 's' word. Apparently Office 2k is broken in some respect that Win2k needed a tweak or some description.
Plenty of mentions of Internet Explorer, although I wouldn't like to say that we found 'IE' in the code, but then we aren't C experts at all. It does mention IE6 and Windows ME, so can't be all that old either. Does mention buffer overflows a fair bit, also plenty of 'hackhack' and 'bugbug' notes laying around.
In fact, nothing particularly spectacular found at all. We took a look, got bored, and went back to our normal work. Honest boss!
And no, we didn't try to compile it. We felt it was genuine enough though - not that we really cared. We did however note that if this lot is proven to be the real deal, Microsoft are going to be landed with one hell of a lot of security alerts for 2k/NT over the next six months.
Yours merely curious...
"#43 Posted by psneddon on 13 Feb 2004 - 01:09
Just my opinion / thoughts.
1) The software that builds and compiles Windows is very complex I doubt anyone could turn the source into a working system easily. Maybee it would be possible to compile certain parts. Plus even if you could it would take hours if not days to go through the process.
2) I don't see how this will let anyone find any obvious flaws, microsoft have software that does this all the time. I'm not saying its not a security risk but its not as simple as the journalists make out - as always.
3) This exact same scare happened about 7 years ago, I remember they were selling the source to NT4 at a local market on CD, doubt it was the real source code."
That's what I've always found so bone-headed about Darl's arguments that it's hard to keep other's intellectual property out of Open Source. On the contrary, it's there for everyone to see. Only in closed software can someone insert someone else's code and have a reasonable chance of getting away with it.
The 3 current articles at the top of Slashdot...
Windows 2000 & Windows NT 4 Source Code Leaks
Is Open Source Fertile Ground for Foul Play?
New Worms Feed on MyDoom Infections
It struck me as funny.
Mod "Overrated" instead of replying "I disagree with you," you coward.
Together, we will drive the rats from the tundra.
There have been articles on the web describing alot of their NT build process. They do use command line builds. They originally wrote a custom version control system, but now use something else (not Visual Source Safe, I think perforce, or perhaps they created anotehr system). I believe, if memory serves, that they had a custom make tool, but they may now use nmake, which is the make tool that's distributed with their commerical dev tools.
I recall the article did mention the use of perl for parts of the custom build scripts.
As a long time windows programmer, frankly, this stuff looks made up. Clever, amusing, but ultimately it seems like a hoax. If this is all the proof we have, then I'm afraid it's a bit pathetic!
Also there appear to be duplicate headers, repeated in various directories that I'm almost positive would end up screwing the compile process in a real build. Also, another thing is that, if their distributed files with VC6/7 are indicative of their internal naming, they stick to a strict 8.3 naming scheme, and make note of this in their documentation (don't remember *where* it was that I read it, but it was MS docs, and I remember being surprised by it). Another thing, again assuming that the files distributed with VC6/7 are a good model, their files tend to be all UPPERCASE! For example, here's a listing from their includes in for VC6:
-rwx------+ 1 Administ None 21912 Apr 24 1998 ACCCTRL.H
-rwx------+ 1 Administ None 27863 Apr 24 1998 ACLAPI.H
-rwx------+ 1 Administ None 3735 Apr 24 1998 ACLCLS.H
-rwx------+ 1 Administ None 747 Apr 24 1998 ACLSID.H
-rwx------+ 1 Administ None 269 Apr 24 1998 ACSMGTC.H
-rwx------+ 1 Administ None 267 Apr 24 1998 ACSSVCC.H
-rwx------+ 1 Administ None 833 Apr 24 1998 ACTIVECF.H
-rwx------+ 1 Administ None 1111 Apr 24 1998 ACTIVEDS.H
-rwx------+ 1 Administ None 39805 Apr 24 1998 ACTIVEX.MAK
-rwx------+ 1 Administ None 3794 Apr 24 1998 ACTIVEX.RCV
-rwx------+ 1 Administ None 2053 Apr 24 1998 ACTIVEX.VER
-rwx------+ 1 Administ None 68013 Apr 24 1998 ACTIVSCP.H
-rwx------+ 1 Administ None 17845 Apr 24 1998 ACTIVSCP.IDL
-rwx------+ 1 Administ None 3402 Apr 24 1998 ADDRLKUP.H
-rwx------+ 1 Administ None 18946 Apr 24 1998 ADMEX.H
-rwx------+ 1 Administ None 10051 Apr 24 1998 ADMINEXT.H
-rwx------+ 1 Administ None 2827 May 31 1998 ADOID.H
-rwx------+ 1 Administ None 343678 Jun 19 1998 ADOINT.H
-rwx------+ 1 Administ None 135222 Jun 2 1998 ADOMD.H
-rwx------+ 1 Administ None 14127 May 31 1998 ADOMD.IDL
-rwx------+ 1 Administ None 5083 Apr 24 1998 ADPTIF.H
-rwx------+ 1 Administ None 1133 Apr 24 1998 ADS.ODL
10328 07-26-00 01:41 win2k/private/genx/shell/gnumakefile e mli on of problems in stress.emle
0 11-18-01 14:23 win2k/private/genx/windows/inc/mobileq-apache.eml
0 11-18-01 14:23 win2k/private/genx/letter to children - 2.eml (*)
0 11-18-01 14:23 win2k/private/inet/mshtml/btools/bin/words of wisdom from dennis.eml
0 11-18-01 14:23 win2k/private/inet/mshtml/build/ppcmac/ship/unix.
0 11-18-01 14:23 win2k/private/inet/mshtml/build/ppcmac/documentat
506 07-26-00 02:12 win2k/private/inet/mshtml/gnumakefile
64276 07-26-00 02:13 win2k/private/inet/mshtml/tools/mips/utils/sed.ex
Plenty of gnumakefile entries throughout...
Also - directories for ppc / ppcmac / alpha / mips
Could this be OFFICE 2000 instead of Windows 2000?
* - WTF?
Clinton made me a Republican. Bush made me a Libertarian. Trump is making me question reality.
There have always bin rumors that closed source Microsoft applications have leaked to terrorists or the Russian mob.
Thinking about it, an OS used often to hold and guard highly sensitive information wordwide is almost certain to get its source stolen, if not by terrorists so by intellegence organizations round the world.
But it could have bin much worse. Imagine a not too distant future world where access to documents software etc is controlled by DRM technology. In such a world, there would be little incentive for sofware companies to spend R&D money on securing their systems apart from what DRM offers.
Imagine what damages we could get if cryptography keys to such systems fell into the wrong hands.
Even if such keys would be handled by a lot fewer persons than the windows source code, there is no guarntee that they will not be persuaded to reveal their secret.
God is REAL! Unless explicitly declared INTEGER
Maybe seeing how Valve can put the Half Life 2 release date back a few months due to their leak may have given Microsoft an excuse to delay Longhorn a little further ;)
/usr/src/linux (captivating stuff, gripping plot).
Yes I understand the consequences etc, I wanna grow up and be a respected open source coder (and get paid to go to conferences). If I wanna read source, I'll read
~Duane
The beatings will continue until morale improves.
As a side note, I actually feel bad for MS on this one. Seriously: This was *their* code. They paid for it, they kept it going over the last 20 years, they should be able to decide how it gets distributed.
We here at /. should all be as PO'ed by this as when we catch some asshat corp. using our code without regard to the licensing (in our case, the GPL).
I won't mirror this code any more than I'd steal my neighbor's lawn mower because someone else opened his garage door. It's not right.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
A friend and his associate left a previous employer to form a start-up. They began work on a product, much like the one their former employer was developing. Though my friend largely contributed the code and many fixes to his associates code, the project died when the former employer had detectives raid the associates house. The former employer claimed they were copying the firmware, though my friend had mostly written it. However, an old code listing was found in his associates house after they had both vehemently denied copying any code from their former employer. In light of the discovery, the issue of stole-did not steal became a moot point, as they would need a company of lawyers, time and lots of money to defend themselves. If he had tossed all prior employer related junk from his home office, the burden would have been much greater on the former employer. Having some code at home which looked suspiciously like product code (particularly to the untrained eye) killed their start-up and put the associate in jail.
A feeling of having made the same mistake before: Deja Foobar
> Do you not think that Microsoft has patents on many of the things in that code?
Yes, but then, wouldn't reading the publically available patents be a problem?
The answer to this is, of course, yes. I used to work at a major game developer which strictly forbid us to read any patents. This policy wasn't just something you might read in the fine print of the employee manual: there was a mandatory-attendance presentation on the subject. The argument was that if a single employee read a particular patent, the whole company is legally tainted by that knowledge. Even though it's not supposed to matter, knowledgeable infringement apparently makes for a stronger case in the courts than coincidental infringement. So, if I read patent X, and another employee working on the other side of the planet unknowingly infringes on X, a case can be made that they actually knew it., because the company knew it as a whole. How could they prove I read it? There could be a server log that shows my PC was at that url at uspto.gov. Crazy stuff.
-_-_-
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
Its been a couple years, but I have seen the real source code for windows NT. All I have seen so far here is a file list, but I can say these things about it:
1) I cannot confirm that this is a legitimate file list.
2) I can confirm that every tree and file I am specifically aware of is missing.
3) This is definetely not the entire source tree.
4) There are many dubious file names such as "words of wisdom from dennis.eml
", zero length, and "gnumakefile" that definetely appear out of place.
My guess is that someone has taken some licenced source code and "sexed it up" to troll internet.
Someone who wants to take the risk of tainting themselves (in OH so many ways) by looking at Windows code should probably do a full analysis in order to locate GPL violations, if any.
Wouldn't surprise me if MS code includes copyrighted Apple code. When Jobs took over Apple, one of the things he did was forge a technology sharing and funding agreement with Microsoft. Apple got access to a bunch of MS code, too.
_/\ - Sturgeon's Law: 90% of everything is crud.
Lets not forget who first wrote SCO Unix. Microsoft. Microsoft bought the rights to a Unix back in the eighties, (which they named Xenix) but DOS/Windows got too damned popular, and when they started working on OS/2 they decided to sell off Xenix to the Santa Cruz Operation. Years later, Santa Cruz Operation would recieve the rights to Unix-proper from Novell. A little after that, Santa Cruz Operation sold all their Unix stuff to Caldera, who promptly renamed themselves SCO.
Of course, this lawsuit is based on the AT&T Unix which "Classic SCO" got from Novell, not from Xenix, but... well, there's a lot of mixed up stuff here.
"Never attribute to malice that which can be adequately explained by stupidity." -- Hanlon's Razor
A friend of mine who works on the Windows dev team says there's something to the effect of: /*
Do not, under any circumstances, modify this section. There is no documentation available for this section, and the individual who wrote it is no longer working here.
*/
There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
I wonder if http://lists.suse.com/archive/suse-linux-e/2000-Ju n/1725.html is relavent to this, could it just be one big hoax?
I hope its real.. heh.
Free means no restrictions, ironic the FSF's GPL forces restrictions, isn't it? What's your definition of free?
Looking at the file listing linked to in other slashdot comments, it looks pretty likely that suspicious code exists:
1838 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/comndata.h c
114 07-26-00 02:17 win2k/private/inet/urlmon/compress/gnumakefile
0 11-18-01 14:24 win2k/private/inet/urlmon/compress/gzip/
3627 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/api.c
1978 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/api_int.h
639 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/common.h
871 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/comninit.
3927 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/crc32.h
Last time I checked gzip was licensed under the GPL. Although, it could be a totally re-written version of gzip or something else named gzip I guess.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-U
Since "Eve" has gone and posted the code, if "Alice" does and implements a "clean room" description of how all of the code works and posts that, and "Bert" goes and re-implements the code from the posted description, does Microsoft have a valid case against Bert? Or are his hands clean?
Heck, assuming the Recent Lindows ruling stands, could Bert get away with selling it as Windows????
Something people seem to be forgetting is the impact this could potentially have on the IT industry as a whole. Like them or not, Microsoft are a key player in this industry and if they suddenly take a fall many of us will be brought down with them.
A sudden loss of confidence in the Windows product could spell disaster for a wide range of occupations - imagine an IT-specific recession, resulting in enourmous layoffs and salary cuts.
The worst thing is that there is no way this can turn out to be good news. If it's true, we're in trouble. If it's false, then we're still going to see share prices slump (not just MSFT either), which impacts most of us.
Friday the 13th is always a pain in the neck.
I've hacked Samba myself and I am 100% sure it's reversed engineered.... heh.
The point is now they can claim that they had potentially had access to their trade secret (not that they necessarily copied it verbatim). The can call all the work into question, and while it can be pretty thoroughly shown that this is not the case, it could take awhile to sort it and out and by then Samba could be tainted in the eyes of less savvy IT persons.
Not a great plan, IMHO, but quite possible. The same argument goes for Wine, but others had already brought that up.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
When I worked at Microsoft I had read-only access to the NT tree. The full, current "main" branch was about 20 GB, you needed about 80 GB to compile it, but *much* of that was binary versions of things like DAO checked in to support all the Internationalization. So I'd be shocked if you all were passing around the whole thing.
The base stuff is probably 4 GB.
Guys.. you have to realise, that 2 days ago, microsoft patched the biggest security hole EVER in xp.. they knew about this since july.. this is unexeptable.. rather than face the scorn on this issue, why not "accidenty" let a copy of source code get out.. this is much better than having millions of xp users mad at you.. and the publicity will be focused on this.
Michael Jordan http://www.needsahug.com/ Where everyone gets a hug.
You're right, I wouldn't steal a car. But if it were possible, I sure as hell would download one!
http://miranda-icq.sourceforge.net/zeez-im/
Check out a report of how Zeez Universal IM System copied sections of the popular GPLed Miranda IM. Down to the label strings in places and a "blank"-ed GPL agreement dialog!
~fractal
"Wireless : LAN
2404 07-26-00 02:12 win2k/private/inet/mshtml/src/core/cdutil/gnumakef ile
What if we find GPL code in there somewhere? Will it still be "not cool?" I respect your integrity, but as far as I'm concerned MS is a pretty sleezy company so I'm not gonna shed any tears for them.
buti mean in all seriousness wouldn't it be nice to go over and take a look at yoru neighbor's lawn mower, when it has 20 years worth of self engineering and what may appear to be random appendages of contex attached to it?
At least it isn't a trade secret anymore.
Even if it is the code, it appears to be seriously outdated in large parts. I grabbed the file list off of /. and did
cat files.txt | awk '{print $2}' | grep -E "01$
. This tells that the latest Code has been contributed in 2001! Well, the basics may be the same, but a lot of updates recently commited are not present in this code (again, if it is real).
I worked at MS on NT, and though it's been a few years, I can definately tell you there are "gnumakefile" files all over the place. It's the first thing any coder notices when they first look at the source, "Hey theres a Makefile, and a gnumakefile, what's the deal?"
If you'd really seen the source, you would have remembered that.
Read 17 U.S.C. 106. Copyright holders are granted six exclusive rights: reproduction, making derivative works, distribution, public performance, public display, and digital audio transmission. Obviously, some of those only apply to certain media (more fully detailed in 106) but it is clear that to even obtain a copy via the internet you must make a copy. Now, if someone were to hand you a CD with the code, you might not be infringing, but you would as soon as you stuck the CD in your computer and did anything with it since the courts have this stupid view that copying an executable into RAM to run it is a reproduction and copyright infringment if you are not properly licensed to do so. See MAI Systems Corp. v. Peak Computer, Inc., 991 F.2d 511 (9th Cir. 1993).
And, just as a point of clarification, the RIAA could have nailed people for downloading music or for uploading. The only thing we know from their press releases is that they were targeting people who were sharing, but since things haven't proceeded to trial in any case we don't know what was really going on.
There was Cowboy Neal at the wheel of a bus to never-ever land.
This slide indicates the full source is 50gb and took a week to setup and 2 hours a day to update.
.c files. Multiply that by 10x and it's not even half an ISO image.
The weird thing about that slide is that it indicates that the project is "29M LOC". Now, by my math, that indicates about 1,700 bytes of storage used per line of code. There has to be something artificially inflating the size, or decreasing the LOC. I mean, even assuming 170 character lines, that works out to 10 lines of comments for every line of code. I wonder if the 50GB refers to the size of the multi-version repository, or to just a single check out?
Either way, if the LOC is 6M for NT and 29M for 2K (numbers taken from the slides you linked), I can easily imagine it all fitting into a net-friendly sized zip file. Hell, my 2.4.23 tarball is about 29MB and has 3.6M lines (including comments) in the
He's correct. The tree is forked as needed for future versions. Heck, you can search through the asm files and still find ones with David Cutler's name in them that haven't been changed since he wrote them.
This space for rent.
Becuase Linux' code has be subject to peer review since day one. This would mean Microsoft's code is subject to the same review (maybe even more feverous) taking place in a week or so. And no ability to submit fixes back without saying you have illegally downloaded it.
If you are going to short the stock on news like this though, you're just asking to lose money. There is no telling, really, how Wall Street will react to vague technical news. Plus, the stock could dip and rebound so quickly that trading is frozen and you are stuck in at an arbitrary price with no idea where it will end up. Very stressful--I recommend against it.
By the same logic that SCO has gone after IBM and Sequent code held by IBM, let's take a look at the history of Windows...
Windows (at least non-NT) was designed to be a gui on top of DOS. i.e. it is derivative of dos.
Dos as purchased was a 16 bit clone of 8-bit CPM, which means that it is derivative of CPM.
CPM was desined to be a single user, single tasking implementation of UNIX.
Therefore Windows (through 98) was a derivative work of UNIX.
Additionally, it is obvious that Windows NT was a derivative of OS/2. They even use the same command interpreter, cmd.exe (different versions perhaps.) Micorsoft obviously leveraged what they had learned from working with Unix in the creation of OS/2 versions 1.0-1.3. So Windows NT, and subsequent versions are all derivative works of Unix as well. This might go a long way towards explaining why the BSD IP stack was such a clean fit into Windows.
Then again, perhaps this is just flamebait...
You never know...
I know they have at least the TCP/IP stack from BSD. I would be interested to see if the copyright comments are still on the files.
If you considere 300GB the amount of data in the sourcetree after a debug/profiling compile
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
Topic of #windows: http://www.windorks.com | We don't care about "the leak," don't ask us about "the leak," and we will not give you voice.
Topic of #phrack: "wake me when they find the code that lets the FBI in"
I was offered a copy of the NT4 source code a couple of years ago. I didn't want to pay for about 60 CDR's and for someones time burning them since I'm not paticularly interested in it. About 30 CD's for original NT source and another 30 for the service packs IIRC.
The source code for MS-DOS 6.0 can be found on the usuall filesharing networks and has a few amusing comments in it.
If that happens then the person who put the code into the project should be prosecuted. Why would the accusation hurt open source?
Open source is less likely to have that problem in the first place. I mean, the code is open, so the programmer would get caught. Closed source software, on the other hand, is more likely to contain illegal code, because nobody can easily prove it, being closed and all.
Hypocrisy is the 8th deadly sin.
grep -ir fuck windows_2000_source_code/*
// HighContrast mode is turned on. This totally fucks our style sheet as most of it will/ shell/windbgrm .c: // The user fucked uph : * !!!!!!!!!!!!!!DOING SO FUCKS THE BUILD PROCESS!!!!!!!!!!!!!!!!n trol/midi/map.c: // !!!this is fucked if a map goes to multiple physical devices
private/shell/applets/welcome/html/webapp.cpp:
private/shell/shell32/copy.c:// want to fuck with.
private/shell/shell32/util.cpp:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
private/shell/shell32/util.cpp:// around the fucking peice of shit compiler we pass the last param as an void *instead of a LPITEMIDLIST
private/shell/shell32/util.h:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
private/shell/shell32/util.h:// around the fucking peice of shit compiler we pass the last param as an LPVOID instead of a LPITEMIDLIST
private/windbg64/debugger/tl/remote
private/windows/media/avi/verinfo.16/verinfo.
private/windows/shell/co
If you believe in Open Source or Free Software then you should believe in copyright. If you find a GPL code in use in a closed project, then you should report it to FSF. If you find Windows code in the wild then you should report it to Microsoft. It's their code and consequently they should and do control who gets to see the code.
That said, I would desperately like MS to release the code under an open-source, but closed-project style licence; that is, the code belongs to them, and for any derivative code MS is automatically granted a licence to to sublicence and do whatever they wish. It should not be permissible for the code to be included in another product without the explicit say so from MS. Microsoft could protect theselves financially by being the only source for binaries. BillG are you listening? Win2K, with open source could be sooooo good, and you would still make a stack of money. Plus you'd have a huge team looking at improving the software, for nothing.
It's worth a shot if the code has escaped. At worst you'll get a second product line.
its in the wild and no one can do anything about it.
most ppl are downloading it to have something to brag about. others are just peeking at it for the fun of it, like me. just a few grep's showed some interesting things...
the file actually is the zip to the spreading files.txt
whats a little bit weird is a linux coredump at private/security/msv_sspi/core
it appears someone named eyala from mainsoft used vim (VIM - Vi IMproved 5.6 (2000 Jan 16, compiled Mar 7 2000 12:18:07)) on a redhat x86 box under xfree86/kde on a w2k sp1 sourcefile, well until the box ran out of memory...
Guys...
I can't believe you haven't figured out what the EML files are yet.
Anyone remember NIMDA? The worm from 2002 I think? It had this exact same effect of sticking infected eml files all over your folders (by taking some names from your files, and others randomly). Opening those EML files or forwarding them would guarantee future and constant infection.
It's clearly evident that this machine was infected by nimda and got port-scanned and found. The rest of the code is probably going to come soon enough, unless MS already found out and pulled the plug.
By the way, alpha doesn't mean "Alpha Version" but the Alpha CPU made by DEC, now owned by Compaq.
i doubt that apple would react the same way if Aqua was leaked...
You'd probably be surprised. Some of it is really, really clean and some of it is a mess. It all depends on which part you look at. As far as searching for curse words and such (as referred to in a reply later in this thread) there actually was a concerted effort at MS a couple of years ago to actively 'clean' the code of offensive comments. There were actually bugs submitted against a whole slew of "WTF" and "hack" and "shit" comments back then. ....).
The code varies greatly in style and how it's put together. The MSMQ code where I spent most of my time when I worked at MS support is just friggin brilliant and a real joy to debug. I can't say that about everything (IE
This space for rent.
There are many more...! Everything from GNU is either GPL'd or LGPL'd, if it gets out M$ is going to be in a world of hurt!
Conclusion: this is obviously a part hoax. There seems to be partly authentic code from various Microsoft projects, combined with some injected "authenticity-confirmation-stuff", such as fake comments and notes.
Now get over it.
aaekhm-zzkjg--b
we are a bit early for April Fools ?
Is it really illegal to download the source code to MS? It is protected by copyright law and I thought copyright laws only protected against distribution? I can go to a library and read any book I want. I can look at any piece of artwork I want. What I cannot do is to distribute those works without permission. The RIAA has not sued anyone for downloading music, only for UPLOADING music. I am not a lawyer, so I could be way off here. If I am correct, then there is nothing wrong with looking at the MS source code. You can even use non-patented stuff that you learn as long as it is a clean room implementation that is not based on the copyrighted code. Again, don't take this as advice, since I have no clue about copyright laws.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
IIRC, isn't the xbox kernel and subsystem based on windows 2000? does that mean if kernel level vulnerabilities are discovered, the xbox is at as much risk as nt/2000/xp/2003?
The main branch you were looking at probably wasn't compressed right? If you tarballed the entire thing you could probably get it down to significantly less than 20GB.
/*++ BUILD Version: 0003 // Increment this if a change has global effects
Copyright (c) 1989-1999 Microsoft Corporation
Module Name:
ntseapi.h
Abstract:
This module contains the Security APIs and any public data
structures needed to call these APIs.
This module should be included by including "nt.h".
Author:
Gary Kimura (GaryKi) 06-Mar-1989
\windows_2000_source_code\win2k\public\sdk\inc\icm .h /*++
// // Support for named color profiles //
// // Color spaces // // The following color spaces are supported. // Gray, RGB, CMYK, XYZ, Yxy, Lab, generic 3 channel color spaces where // the profiles defines how to interpret the 3 channels, named color spaces // which can either be indices into the space or have color names, and // multichannel spaces with 1 byte per channel upto MAX_COLOR_CHANNELS. //
// maximum number of HiFi color channels
Copyright (c) 1996-1999 Microsoft Corporation
Module Name:
icm.h
Abstract:
Public header file for Image Color Management
Revision History:
--*/
#ifndef _ICM_H_
#define _ICM_H_
#if _MSC_VER > 1000
#pragma once
#endif
#ifdef __cplusplus
extern "C" {
#endif
typedef char COLOR_NAME[32];
typedef COLOR_NAME *PCOLOR_NAME, *LPCOLOR_NAME;
typedef struct tagNAMED_PROFILE_INFO{
DWORD dwFlags;
DWORD dwCount;
DWORD dwCountDevCoordinates;
COLOR_NAME szPrefix;
COLOR_NAME szSuffix;
}NAMED_PROFILE_INFO;
typedef NAMED_PROFILE_INFO *PNAMED_PROFILE_INFO, *LPNAMED_PROFILE_INFO;
#define MAX_COLOR_CHANNELS 8
On an article at internetnews.com there is a paragraph that says: "Up until now it was more like the 70/30 rule, where 70 percent of the threats are bogus. Now it's more like 50/50," Didio said. "With the open source community, there are a large percentage of tinkers and 'ankle biters' who are trying their hand at hacking. Some are even communicating with each other. So it only takes one or two of these groups sharing information to be able to pull something off. When you have this type of passion, it's hard to fight because these people are like virtual suicide car bombers."
If that's true, it's fairly interesting. Mainsoft makes cross-platform products to run Windows apps on Unix (and Linux), and Elaya Alaluf is their VP of Technology. Link Circumstantial evidence that the leak originated at mainsoft. (they could have been hacked from outside, of course.)
A bit hypocritical for them to use autoconf and GNU style makefiles don't ya think?
The other thing is that MS would have to PROVE that you did see/use the source code. You can just say that you reverse engineered it.
Of course it is illegal to USE the source code. So if some wine guy goes and plops down a chunk of MS's source code into wine, then yes, that would be illegal. I am not sure if it would be illegal for some wine guy to look at the code and use some of that knowlege gained that is not under a patent in wine. Think about this. I can walk into a book store and read through a book. I can later write a book with that very same theme and I have not broken any copyright laws. What I cannot do is copy the book verbatim or distribute that as my own work.
I am under the impression that copyright laws do not prevent you from creating a work based on knowledge of another work. As long as you do not use the original work verbatim. I can go and create a movie called Planet Wars with a lead character named Duke SlyStalker based on a very similiar theme as Star Wars. I can write a book with a theme just like LOTR with trolls, hobbits, elves, dwarfs, etc. I can paint my own version of very famous paintings. I can make music that sounds like other popular music.
I don't see what legal case MS would have against someone who viewed their source code and made an application that used that knowledge, again, as long as their is not a patent covering what you are re-creating. The only way I can see MS having a legal case is if you signed an NDA with MS.
*Note*: I am not a lawyer and I can be completely wrong about copyright laws.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
Looking at the code and gaining some insite and knowledge to the inner workings of MS software, and using that knowledge to incorporate into your own product, may be illegal.
But, it happens all the time. ALL the time. You think the programmers at MS haven't poured through the Linux code? If what you say is correct, then Windows must be littered with Linux code just because they studied and learned something from it?
There's a line between reverse engineering and access to source code; but you're unlikely to prove something wasn't reverse engineered unless you copy and paste the code.
It may be unethical to use leaked MS code to improve your compatibility solutions, but with all the underhanded and generally nasty things corporations are doing, it's just more of the same..
And about your comment about the "IBM PC BIOS." Not even close. Proving that you copied a 256kbit bios is a lot easier then proving you used information learned from studying 50 lines of code out of 40GB...
Hey, I'm no saint in real life.. no need to be one online.
- It's not the Macs I hate. It's Digg users. -
I'm pretty sure those .eml files were generated by an Outlook virus that created random files all over the infected systems hard drive. I remember having to run 'find . -name "*.eml" -exec rm {} \;' on a samba share at work some months ago.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-U
Just wow. If the source code got leaked, Win2k will get exploited by...just holy jesus save us all. Seriously, the word "fuck" comes into my brain a million times over. Seriously, viruses much? Pron sites are going to have a field day spyware. Then of course you've got all of those shiney machines running embedded windows. The bar to hacking the planet has been lowered. Many good hackers like their steak n' potatoes and will not do anything real bad to screw up the net. But now if someone can get access to the win2k source code via p2p networks, holey moley. That script kitty with a little knowledge of whatever language windows is written in can really do some damage.
I mean, with linux there's a temptation but nobody runs it. With windows, everyone runs it.
Then you've got the consiracy theory: MS leaked it intentionally so they can get everyone to patch with their DRM system. Possible, but who's going to go after that when linux is here? DRM and years of MS abuse and domination, or a 1-time switch over with occasional retraining of employee's.
I mean, I like linux and all but this isn't the way to win at all. I thought we were going to slowly beat them back into submission and competition, not completly screw them and quite a few million over. Hell, I'm thinking of taking a few games and making some fakes on my boxen and getting guys to share MD5 hashes just to make them look more real.
Well, time to begin caching DNS entries to websites I use the most, and it may be high time to backup some of this data and close all the nat ports on my router just to be extra safe.
Talk about a digital pearl harbor, holey moley this isn't good.
Candy-Coated Knowledge
http://www.mainsoft.com/corporate/exec_profiles.ht ml
At the very bottom is the owner of the core file.
A friend took a look at their FTP server, looks like an unpatched wuftpd, gee, i wonder how they got in....
220 circle.mainsoft.com FTP server (Version wu-2.6.1(1) Thu Oct 12 09:06:04 PDT 2000) ready.
i'm also running linux....even got my lab to convert over completely.....we are quite happy using open office and no one ever knows that we aren't making native MS documents.... but i beg to differ about the "why: of all of the attacks....yes linux (and all open source by its nature) is more "adaptable" to threats...more secure? yes...because of tht adaptability and rapid response. but the reason that no one writes malicious code against the open source world in large part has to do with the fact that it wouldn't make the headlines that attacking MS products does. it all boils down to attention seeking, in my opinion.
Case in point: Microsoft started nearly from scratch (licensed a simpler browser, IIRC) with IE, at around the same time Netscape decided it was unable to maintain its aging source code. IE overtook Netscape
You might want to read Eric Sink on how this happened:
Apple then did the same years later, starting with KHTML (generally considered inferior to Gecko), and within a pretty short time has a really polished Safari browser.Well you're making the other guy's point, since KHTML was, precisely, (open source and) being reused.
This is...
O
U
T
R
A
G
E
O
U
S
!
It is repeatable... when I run pavuk on devolish.no, my cable connection drops, then reconnects in two minutes or so.
Does anyone else on Time Warner have same result?
Spooky.
I think in this instance we are dealing with stolen goods. In Australia at least, if you are in possession of stolen goods you can be arrested, because there is no proof at that time that you did not steal them.
I think its pretty obvious that this "code" has been stolen from Microsoft either by someone breaking in or someone releasing it illegally against their NDA or against the working contract with Microsoft. In this instance, I would be highly wary even downloading the code.
As for all your other points, you are correct, as long as no illegal method was used to get the code, aka reverse engineering or stealing it.
Well, I work there now, and after having all my net taps cut off at the router one day because I inadvertently left an unpatched OS (I typically have several on a test box) running overnight (some sniffer demon noticed it hadn't been patched), I'd have to say, "NOT LIKELY!"
Oh, and the file list looks pretty authentic to me- I wrote (tiny) parts of Win2K, and I found my files right where I left them. I didn't read the contents, and I'm sure they would have changed between when I finished and the OS was released 3 years later
IMO, this leak happened the old fashioned way- people of weak character and dubious morality don't value what doesn't belong to them, and do with it as their own blinding egos let them see fit. Social Engineering worked for someone..
I have downloaded few of the circulating archives...
All of them are partial WinNT 3.51 source code...
What a disappointment...
Notice how Neowin has - Exclusive in front of thier story. The associated press released this information a full 12 hours before Neowin got a hold of it.
I don't know if you are telling the truth, but if you are, you should count yourself lucky.
Although I don't think MS would deliberately release the windows source code just to "taint" open source projects as some here have suggested, I think it's quite plausible that MS could fill up some zips with garbage data and release the IP and password of a honeypot server containing the 'windows source code'. They could catch a whole bunch of warez and script kiddies, without exposing themselves to real damage.
The moral of the story: never accespt a free ride from Microsoft, even if they offer tasty candy.
The Xbox kernel + SDK source code leaked over a year ago. The Xbox source that was stolen is complete enough that at least one warez group - Xecuter - has compiled customized kernels from source. If you look at their compiled version, it is very obvious that they didn't do patches to make their hacks.
The forcedeth driver authors have ignored the many emails to them containing the nForce register list and documentation from the leaked Xbox source code.
WINE has ignored emails to them about the real name and purpose of the SystemFunctionXXX calls in advapi32.dll. (The header file doing the #define's to rename them was in the Xbox source, supposedly.)
anonymous woman
The best thing the community can do now - when the source has leaked - is to actually perform a peer review of the MS source code, and HELP MS close the security holes.
After all, we all do want a more secure internet, with less virii, worms and bugs. So why not help out?
I can't imagine what MS reaction would be if they actually started getting serious _help_ from the open source community, instead of the regular bashing.
And - it would be a Good Thing as well... Remember - it's Valentine's day tomorrow...
Well, as a journalist in a large newspaper, I recieved a phonecall from the CEO of MS Norway. He's a nice guy and said that the title we had was misleading. I could see his point and we changed it to something more accurate.
Anyhoo, he said that only parts of the code had been released and not the whole tamale. Furthermore, the code is not possible to compile from the source that has been leaked.
Can anyone here confirm / deny that the whole code set for Windows 2000 / NT has been released?
Mail me at pal.unanue@NOSPAM.vg.no
You can also view http://www.formulasystems.com/press/2000/pr032200. htm
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Heres a crazy idea. Perhaps...just perhaps this leak was somewhat of a test to see what would happen if Microsoft did go open-source. Perhaps they want to see if hackers will take the code and try and fix it or take the code and write better viruses. hmmmmm...or maybe they just pissed off an employee.
4667 *.c files. 5601 *.h files. 2255 *.cpp files. 26 *.hpp files. 1456 *.cxx files. 961 *.hxx files. 148
Lines of code:Some grepping..Bugs anyone?Curious; grepping for 'linux':'grep -r -i's with no results: GNU/Linux, GNU GPL. Bill Gates, Steve Ballmer,
If you loot a store, then the owner has a lot of damage.
He's lost products, less people will buy his products and
there is physical damage to the store.
What is the damage to Microsofts 'store'? They don't have
to replace broken windows, or smased in counters. They
might have to fix some bugs, but they should have done
that in the first place! Are people not going to buy Window
XP because they can compile parts of Windows 2K ?
The damage MS has, is PR-damage, nothing more. And
off course they wil have to hire some security experts to
review all the code, so that they can bring out patches
before the worms come out to play. But this isn't really
neccecary, since MS already has 'trustworthy computing',
right?
Unless MS is really afread that people might find code
that has no other purpose then hinder competition
from Java, Open Office, RealPlayer, DR-DOS, Netscape, Opera, etc, etc?
And about you're friends at MS:
Even if there were damage, and MS would go broke!, then
thiswould be best thing ever happening to them, because
the market wouldn't go away, and the could work for a nice
company which would give them a decent salary, so they
wouldn't have to 'Bust their asses' for a company who
clearly doesn't care about them.
You remind me of people who were against the abolition
of slavery, because it would be bad for the slaves...
You disgust me. You are NO DIFFERENT than a moron
working for a PR-company selling his soul for a fistfull
of dollars.
From bugcheck.c, the code which makes the screen blue...
// make the screen blueN G_FILTER)NULL); // enable display string // set to use entire screen
if (InbvIsBootDriverInstalled()) {
InbvAcquireDisplayOwnership();
InbvResetDisplay();
InbvSolidColorFill(0,0,639,479,4);
InbvSetTextColor(15);
InbvInstallDisplayStringFilter((INBV_DISPLAY_STRI
InbvEnableDisplayString(TRUE);
InbvSetScrollRegion(0,0,639,479);
}
I.O.U One Sig.
Prediction: Windows marriage of Linux in China. We'll all be importing Chinese Winux in a few years.
If Linux developers in the USA use ideas from Chinese Winux they will not know about a possible relating Windows copyright?
Worse yet, the leak will probably reveal how unadvanced Windows really is. Aside from the blue screen and bloat technical people will have to actually compare the implementations of Windows versus Linux. Scheduler for instance! Windows books always say it was a round robin but maybe we find it is more timesharing like the 2.3 kernel.
Expect Freedom.
I agree that you should just say no. But what if someone who has no interest in working on Samba does something like figures out the MS impimentation of the SMB protocol and junk like WINS replication, then only publishes how the protocol works?
This is just a theory, but if the person who publishes it cannot be traced, and those who learn from the protocol specs never see the code, then I don't think there is much MS can do.
I used to work at Mainsoft (from nov 1994 - nov 1996) and worked with the mainwin toolkit. Part of my responsibility was to mine the Windows NT source code we had to port some parts into the mainwin toolkit.
Mainwin began life as a reverse-engineering of the win32 API's. What they found over time is what the Wine and Mono teams are finding the hard way; Microsoft has jillions of programmers, and are very willing to keep rewriting their platform, and to add tons of new modules, at a rapid pace. You simply cannot keep up if you're reverse engineering, because Microsoft will outpace you 10 times over.
Since Mainsoft is a commercial enterprise the then President convinced them to get a source license, using the above argument. Jeff got laid off the same time I did (nov 1996).
At the time I was there, we had source trees to DOS 6.xx, Win 95, NT 3.51, and NT 4.0 beta 2. Remember this was in 1995-6 timeframe, and those were the then-current releases. We also had source for Internet Explorer v3.x and were working to port it to Unix. Mainsoft later collaborated with Microsoft to port IE v4 to Unix, and Microsoft made that port available on their web site.
I was the first one to port any source code from NT into the Mainwin product. We had a number of listbox related bugs, and I had a theory that since our Listbox.c was 2000 lines, and Microsoft's list{1,2,3,4}.c source was over 8000 lines, that we were missing a few pieces of functionality, and got permission to experiment with moving Microsoft's source to the Mainwin source tree. It was a successful experiment, and let us close out a whole slew of listbox related bugs.
With having our own copy of the source tree, we were also able to port various modules like WINSOCK and COM directly from their source code. COM was especially important because it was, at the time, 2 million lines of code, and a totally daunting prospect of reverse engineering the functionality.
In any case, I was wanting to give a little background since you guys are talking about Mainsoft. It shouldn't be a surprise that Mainsoft has a Windows source license.
- David Herron
It is only garbage that has leaked, after all. It has no real value to anyone, although it may have a perceived value to the Convicted Monopolist and those unfortunates who have been misled by his marketing machine. In fact, like garbage, its real value, based on its cost less the cost of cleaning up after each problem with it, is negative. It has a negative environmental impact, just like what goes to incinerators and landfill sites. No doubt people are picking over it as I type, laughing at certain features, as they might find amusement in the contents of some rubbish bins.... The difference between this code and garbage is that garbage is the unusable left-overs from something inherently useful, or an unwanted byproduct of a useful process, unfortunately the Monopolist has not come up with the good part of which the garbage is the remnant......... (Unless of course it is the left-over garbage from Wordpad, which is of tolerable quality, but in that case the garbage outweighs the wanted product at least 10000:1, which must be the lowest yield in history.)
Surely, even SCO is more profitable to discuss that the trash of Redmond. At least SCO's OS (or what they claim is their's...) is fairly stable and secure.
Seriously though, I might even have a look myself when I find out where it is. Then I might go out and rummage in some bins....
Haven't you ever seen a STOP fault? Sure, it doesn't use the 80x25 text mode, but it does use the 80x60 text mode. And it sure is blue.
If you have seen one, it's easy to reproduce: just take Linux laptop with IrDA, point it to a Windows laptop with IrDA, and run the irping command. You will immediately recieve a STOP fault.