Slashdot Mirror


Windows 2000 & Windows NT 4 Source Code Leaks

PeterHammer writes "Neowin.net is reporting that Windows 2000 and Windows NT source code has been leaked to the internet. More on this as we hear it."

56 of 2,764 comments (clear)

  1. For those that need more proof by timdorr · · Score: 5, Interesting

    Full file listing with sizes: http://heim.ifi.uio.no/~mortehu/files.txt I suggest mirroring ;)

    --
    Tim Dorr
    Owner/Manger
    A Small Orange
    1. Re:For those that need more proof by say · · Score: 5, Interesting

      What is this:

      win2k/private/inet/urlmon/iapp/gnumakefile
      win2 k/private/inet/urlmon/mon/gnumakefile
      win2k/priva te/inet/xml/xml/tokenizer/parser/gnumak efile

      (and so on - many, many instances)

      on the other hand, a few funny files:
      win2k/private/inet/xml/xml/tokenizer/dll/w ords of wisdom from dennis.eml
      win2k/private/inet/xml/xml/dso/letter to children - 2.eml

      and VERY interesting:
      win2k/private/ntos/w32/ntuser/kernel /

      --
      Roses are #FF0000, violets are #0000FF, all my base are belong to you
    2. Re:For those that need more proof by plaa · · Score: 4, Interesting

      A few more interesting ones:

      win2k/bsc/.glimpse_filenames_index
      etc.

      Huh? What's with the "."? Are they using Unix?

      win2k/private/inet/mshtml/src/site/download/pngl ib /
      win2k/private/inet/mshtml/src/site/download/zli b/
      win2k/private/inet/mshtml/src/site/download/jp glib 6a/
      win2k/private/inet/urlmon/compress/gzip/

      (AFAIK nothing illegal in using these, but interesting to know. Maybe the gnumakefiles are for these and similar?)

      win2k/private/ntos/rtl/boot/i386/cv - vered mazafi.eml
      win2k/private/shell/wontfix.txt
      win2k /private/shell/docs/leak.txt
      win2k/private/shell/ shdocvw/ofbugs.txt
      win2k/private/shell/cpls/appwi z/todo

      Interesting...

      win2k/private/shell/ext/viruschk/
      win2k/private /shell/ext/viruschk/mcafee/

      Wha?

      At least that list looks pretty damn convincing... If that list is a hoax its a pretty damn well made one.

      --

      I doubt, therefore I may be.
  2. Re:hmm seems a bit buggy by fishbowl · · Score: 5, Interesting

    It *amazes* me that it hasn't been routine.

    Windows source code is not some deep dark secret that is locked in a vault, only let out during builds for the product releases.

    *MANY* people have access to the Windows source code. A number of people in my own university have it. There are strict licensing considerations, but when has that ever worked before? Surprisingly, none of the people with source access has ever pulled off the stunt where it's broadcasted. I have always wondered why.

    --
    -fb Everything not expressly forbidden is now mandatory.
  3. So much for security through obscurity by Anonymous Coward · · Score: 5, Interesting

    This pretty much destroy's any argument that Windows is more secure because "the bad guys" can't look at the source code. And yet it won't get the positive aspect of "the good guys" reviewing the source code for bugs as it is illegal to make a copy of the code without a license to do so.

    1. Re:So much for security through obscurity by Anonymous Coward · · Score: 5, Interesting

      Just remember, eEye doesn't have access to the code and they have been sitting on exploits for months.

      Source helps, but it isn't everything.

      Does anyone else just get a tingly feeling seeing this article sitting on top of an article on Open Source being less secure because of it's openness?

    2. Re:So much for security through obscurity by The+Lynxpro · · Score: 4, Interesting

      Never. Remember Microsoft is currently their big supporter, a long with Sun Microsystems? They both took out large contracts with SCO at the beginning of the whole lawsuit business. Both companies know they could sue for damages later (against who? I don't know.) since the contracts could be seen as invalid. "You sold us this product under the guise we were required to buy it, but that's not true".

      So, all we need is an over-ambitious green-thumb attorney straight out of lawschool to discover this and bring it out in the open and force the hands of Microsoft and Sun to sue SCO out of existence over it so neither company "appears" guilty in the eyes of the SEC and class action lawsuit specialists. It could be the IT adaptation of the book/movie "The Firm."

      --
      "Right now, somewhere in this world, Scott Baio is plowing a woman he doesn't love," - Peter Griffin, *Family Guy*
    3. Re:So much for security through obscurity by RoLi · · Score: 4, Interesting
      Actually when you look at the security track record, WinNT/2K/XP is already in a world of hurt compared to Win9x.

      Blaster was the biggest worm - ever. And it worked only on NT, not on 9x...

      That Windows 2000 (or NT or XP) is "more secure" than Windows 98 has been repeated so often that most people started to believe it, even though the security track record shows the reversed situation.

    4. Re:So much for security through obscurity by Pharmboy · · Score: 5, Interesting

      Actually, I think it would be funny to see the open source community release a security patch for win2k before Windows does, proving that open source is more secure since it can be patched faster with more eyes looking at it.

      Of course, MS would flip out, call it an exploit, and have the next patch uninstall it, since any patch for MS products that do not come from MS "can't be trusted". Another reason I like Linux more and more every day, not having to rely on a single company for patches.

      --
      Tequila: It's not just for breakfast anymore!
    5. Re:So much for security through obscurity by benna · · Score: 5, Interesting

      You know its very interesting. This has just gotten released into the regular warez scene. Some group pred it on a bunch of sites. its called Windows.2000.Source.Code-iND. But anyway, i requested it be sent to a site im on. Imediatly one of the siteops said, "if that request is filled, i'll seriously leave." many others agreed with him. It seems at the very top of the scene, in the irc channel im in, curries and siteops are making a moral arguement NOT to move the source. When I asked what the big deal was, the siteop responded, "think about it, by downloading that you think its okay for people to search through it to hunt down ways to fuck people over." So anyway i was just facsinated by the sudden display of morals in the warez scene.

      --
      "It is not how things are in the world that is mystical, but that it exists." -Ludwig Wittgenstein
    6. Re:So much for security through obscurity by yandros · · Score: 5, Interesting

      Actually, there have been numerous studies/surveys by roughly every major `business market analyst' company (Gartner, Jupiter, et al) that show that Win9x variants are more widely used than all other Windows OS's combined, by a decent margin.

      Perhaps your personal experience in server rooms has misled you about the HUGE number of Win9x installations on user desktops?

  4. Re:Server problems ALREADY... by 1010011010 · · Score: 4, Interesting


    I hope some bright I.T. reporter will write a story about how "Linux source code leaks" are not a security issue, but part of the development process, making Linux safer than Windows. I mean, if the Windows source is so full of bad code and bad design that releasing it represents a threat to national security (Jim Allchin's words), while Linux has always had its source code freely published -- it standsto reason that Open Source software is of higher quality.

    --
    Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
  5. The comparator by fava · · Score: 4, Interesting

    I wonder how long it will be until someone runs the comparator in it?

  6. An open source of Windows... of sorts? by NitroWolf · · Score: 4, Interesting

    What would be the legal ramifications of:

    1) Someone taking the W2K source and making an Out of the Country host of a tweaked (and improved?) W2K source? Would this be illegal to use? I realize it would be illegal to distribute in the US, but would it be illegal to *use*. Especially if you owned a valid copy of W2K?

    2) If you own a valid copy of W2K, could you legally look at/use the leaked W2K source?

    3) If there were any derivative works off the W2K source, I'd think the W2K license would allow you to use any subsequent O/S created with that source by independent developers. I realize the EULA may forbid this, but I seriously doubt that would hold up in court. You probably couldn't do this from a commercial standpoint, but as a private citizen, I can't see there being any legal recourse MS could take against using what would effectively be an OSS version of W2K.

    Anyway, something to think about.

  7. Re:Just don't use the code by aoteoroa · · Score: 4, Interesting

    What ever you do, don't let the code influence your projects

    You beat me to the punch. This code leak could be a very good thing for Microsoft, and a trap for the open source community. I doubt that Microsoft intentionally planted this snare but if any future open source project even vaguely resembles this leaked code I have no doubt that Microsoft will open their full arsenal of lawyers.

  8. Re:it's true by Strudelkugel · · Score: 5, Interesting

    Seems a bit of a stretch to thing 'soft would have given all of these organizations the complete source tree. If they did, then I am far more amazed the source wasn't leaked a long time ago. It's a bit hard to believe 'soft licensed the entire build tree to anyone.

    Makes a pretty good headline, though.

    --
    Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
  9. Internet Explorer by CeleronXL · · Score: 4, Interesting

    So will we finally find out exactly what kind of information that IE is keeping on us?

  10. Re:it's true by Marillion · · Score: 5, Interesting
    Sure the source code will make it easier to find exploits, but I've believed for a few years that "institutional hackers" those who have long ago reversed compiled Windows into something suitable for writting worms. How else does the Code Red author decide, "Hey! I found this buffer overflow routine in the unicode support for URLs in the IIS Indexing Server"?

    There are probably paranoid governments who have teams who do this just this kind of work just to make sure those fabled NSA back doors in either are or aren't windows.

    --
    This is a boring sig
  11. Compilation and Windows source code by CdBee · · Score: 4, Interesting

    Microsoft has always maintained that it takes a good 24 hours to compile a full version of Windows from the source, and that the increasing complexity of Windows has meant that modern computers don't compile modern windows any faster....

    I'd be interested to know what the Windows source is compiled with though

    Intel C compiler? I'm sure they couldn't stand the irony of using GCC. The NT codebase is supposed to be crossplatform do I doubt it's got any Assembler code in it - is it written in C or one of Microsofts own languages?

    If so, what was it originally written in and when was the translation made? (Pls don't mod me informative - I may be way off the mark!)

    --
    I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
  12. It's not a problem. by ggruschow · · Score: 5, Interesting
    I've seen a fair chunk of the NT kernel code, legally, under NDA. The NDA bars me from revealing any details, but it doesn't prevent me from saying that, if I were MS, I wouldn't worry about anything aside from sheer embarassment.. However, I have to admit that getting something of that hulking size operating solidly is pretty respectable.

    On the plus side, some of the comments are fairly humorous, especially when you note who wrote them and look up where they are today.

  13. MOD PARENT UP by nickos · · Score: 5, Interesting

    For the same reasons that Microsoft warned its IE developers to stay clear of Mozilla, open source coders should avoid even seeing this.

    That said, I'd love to get hold of the dll code that does the equivalent of a window manager in X. How cool would it be to swap out a dll on the Windows box at work and have a completely custom windowing environment?

  14. The odds of getting the full source: experience. by rufusdufus · · Score: 5, Interesting

    The odds of getting one's hands on the full source to NT4/2K are slim to none--even most Microsoft folks couldn't do that.

    This is incorrect.

    Its funny how people build up ideas in their heads about what its like in a large corporation, somehow like a hollywood movie with lots of people with dark shades and guns ala "The Net".

    No, inside Microsoft is a lot more like "Office Space" and anybody with motivation could get the entire source with little trouble.

  15. Re:What now? by Jim_Maryland · · Score: 5, Interesting

    Just to throw this out, what's the possibility that MS saw some similar routines in WINE and figured to shutdown the project by releasing some portions of the MS code that overlaps? They could essentially say that WINE must be based on MS proprietary code. Even with the code only publicly being leaked now, they could argue that copies may have been floating around for a while. Maybe they are taking some ideas from SCO on how to profit from the OSS community.

  16. That leads to a fascinating question by way2trivial · · Score: 4, Interesting

    Are there any back doors showing in the source...

    --
    every day http://en.wikipedia.org/wiki/Special:Random
  17. :: prediction :: by macshune · · Score: 5, Interesting

    Just imagine the FUD/lawsuits/etc when, for some reason, Linux starts running on natively on NTFS.

    1. Re::: prediction :: by jonadab · · Score: 5, Interesting

      Actually, that's exactly what I was going to suggest, though not by copying.
      I was going to say the first thing anyone competent in C/C++ who gets their
      hands on the code ought to do (providing they don't need to take a hands-off
      approach due to, say, the need to be able to legally write competing OS code)
      would be to post English descriptions anonymously to usenet, describing the
      way NTFS works, especially the parts that are not currently well-understood.
      No source code snippets, just stuff like "it appears that such-and-such
      information about each file is stored and updated whenever it changes in three
      places: at offset blah in the file header info, and ...". (I don't know beans
      about NTFS, so any fs jargon that leaked into that sentence may not be accurate.
      But you get the idea of the kind of thing I mean.)

      Then somebody else could take that information and implement a compatible
      filesystem in a clean-room fashion.

      IANAL, but from what I've read on slashdot, there's apparently at least a
      vague possibility the resulting code might be legal. Though, one should
      consult legal counsel before spending significant time on such a project.

      --
      Cut that out, or I will ship you to Norilsk in a box.
  18. Now? Improve emulators! by axxackall · · Score: 4, Interesting
    Well, on a serious note, the leaked sources of NT and W2K can be used by win-emulator developers to improve their emulators. No need even to copy the code (it may or may not work directly inside that emulator anyway), but when it comes to debugging the developer may look at the original code in order to UNDERSTAND why it works differently.

    Besides, there are several obfuscating methods designed to hide the logic of the original code. They can be used to actually copy the code to the emulator (if the copied piece will work there). After that it would be hard to prove anything even in the open source.

    Disclaimer: IANAL, but anyway, personally I would not feel guilty having W2K source code and using it to improve WINE. Because I think that the algorithms is a part of the math, which existed always even before humans came here. A programmer just discovers the piece of math and express it using one or another language. The gravity doesn't belong to Newton, the math formula that describes the gravity neither. Only the fact of discovery of gravity math description belongs to Newton, just for references. Only the fact that programmer wrote the code belongs to the programmer (or the employer), not the code itself. Just to refer in the report to the boss why one was so busy all the day. Getting the source code from Microsoft is not stealing - it's learning. There is nothing wrong in learning.

    --

    Less is more !
  19. Someone PLEASE... by RyanFenton · · Score: 5, Interesting


    As someone mentioned, this would be fascinating to just read the comments. Would it be possible for someone to strip out all the code, leaving only the comments for each file, minus comment lines that ARE code? It would be GREAT just to read the "intention" and "questions" living in that code and be able to associate each with a filename. Purely for entertainment value. It would also be neat to compare comment-to-code ratio in areas of MS code. :^)

    Ryan Fenton

  20. Re:it's true by LinuxGeek · · Score: 5, Interesting
    So, if any Micro$oft employees have ever looked at Linux kernel source, they are no longer allowed to work on Windows 'cause now they are tainted? Either the sword cuts both ways, or not at all.

    In Microsoft's closed source world it would have been tough to know if someone had included code that was similar to something they had seen in the Linux ( or any other opensource) codetree. It will be interesting, if this windows code release (escape?) proves true, if any suspicious code is found.
    --

    Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
  21. Re:The shit will hit the fan + Mirror by Lehk228 · · Score: 4, Interesting

    Having the source you could do a cleanroom implementation of it, have a set of "dirty" developers read and describe the undocumented API's and another set write those API's from scratch

    --
    Snowden and Manning are heroes.
  22. MS giving source code to countries by xandroid · · Score: 5, Interesting

    I seem to remember reading that Microsoft gave China access to the entire source code, after the country mentioned that it was leaning more towards using Linux for government-related things, because the entire source code was open for inspection.

    --
    $ echo "ceci n'est pas une pipe" | sed -Ee 's/(eci n|pas )//g'
  23. Re:it's true by Anonymous Coward · · Score: 5, Interesting

    It was a quiet nice evening couple years ago. Someone pointed me on IRC to 2 links on some unnamed (I won't tell) microsoft.com server. 2 huge .tar.gzs, totalling couple gigabytes. The Windows XP source code.

    The links circulated very fast and the servers started slowing and slowing down and then they died. The first ones did manage to get all the stuff. I envied them because I managed to get only couple megabytes. :-(

    It seemed real. Very real. Someone had broken into their development servers, stuffed the stuff to the web servers and escaped with it all.

    There was some small mention about it on the Slashdot too but I couldn't find it right now. It seems the Microsoft was able to really sweep that one under the carpet. I wonder how.

    There are people around with self compiled Windows XP copies, trust me. I envy them. I would gladly remove some features and tweak couple edges I am not now allowed to. Even though it would be a HUGE task.

    So the now leaked source codes to NT/2k are mostly just boring and obsolete.

  24. Re:It's a TRAP!!! /Adm. Ackbar by Via_Patrino · · Score: 5, Interesting

    What about the opposite:
    Is there GPL code there?
    Ask an auditing company to
    diff NT4 2000 | grep -e yourcode
    and get an answer.

    I don't think they're playing SCO if they released just a part of it maybe but not the whole thing

  25. Seen it - nothing spectacular by Anonymous Coward · · Score: 5, Interesting

    Blimey. We got wind of this around lunchtime GMT, and within half an hour two zip files mysteriously got downloaded to - ahem - servers some collegues and I have access to (no, I had no involvement in the download and have no idea of the source). We took a look, us being extremely sceptical of the claims, and ended up spending a few hours grepping the Win2K sources.

    If this is a wind up, someone or people spent a long old time faking it. Microsoft notices and email addresses all over the place. They don't like the AIX compiler one little bit. Hardly any mention of Linux, GPL or GNU.

    Actually quite a professional bunch of source files by all accounts. Appears to be using standard GNU Makefiles though. Yes, the 'f' word appears, as does the 's' word. Apparently Office 2k is broken in some respect that Win2k needed a tweak or some description.

    Plenty of mentions of Internet Explorer, although I wouldn't like to say that we found 'IE' in the code, but then we aren't C experts at all. It does mention IE6 and Windows ME, so can't be all that old either. Does mention buffer overflows a fair bit, also plenty of 'hackhack' and 'bugbug' notes laying around.

    In fact, nothing particularly spectacular found at all. We took a look, got bored, and went back to our normal work. Honest boss!

    And no, we didn't try to compile it. We felt it was genuine enough though - not that we really cared. We did however note that if this lot is proven to be the real deal, Microsoft are going to be landed with one hell of a lot of security alerts for 2k/NT over the next six months.

    Yours merely curious...

  26. Interesting Neowin comment by bonch · · Score: 4, Interesting

    "#43 Posted by psneddon on 13 Feb 2004 - 01:09
    Just my opinion / thoughts.

    1) The software that builds and compiles Windows is very complex I doubt anyone could turn the source into a working system easily. Maybee it would be possible to compile certain parts. Plus even if you could it would take hours if not days to go through the process.

    2) I don't see how this will let anyone find any obvious flaws, microsoft have software that does this all the time. I'm not saying its not a security risk but its not as simple as the journalists make out - as always.

    3) This exact same scare happened about 7 years ago, I remember they were selling the source to NT4 at a local market on CD, doubt it was the real source code."

  27. DRM? by lysium · · Score: 4, Interesting
    Any chance that the juicy bits of Windows Media Player are sitting in that code? Breaking that system would make more than a few distributors cry...

    --
    Together, we will drive the rats from the tundra.
  28. Re:GNU make users? by TioHoltzman · · Score: 5, Interesting
    No they wouldn't.

    There have been articles on the web describing alot of their NT build process. They do use command line builds. They originally wrote a custom version control system, but now use something else (not Visual Source Safe, I think perforce, or perhaps they created anotehr system). I believe, if memory serves, that they had a custom make tool, but they may now use nmake, which is the make tool that's distributed with their commerical dev tools.

    I recall the article did mention the use of perl for parts of the custom build scripts.

    As a long time windows programmer, frankly, this stuff looks made up. Clever, amusing, but ultimately it seems like a hoax. If this is all the proof we have, then I'm afraid it's a bit pathetic!

    Also there appear to be duplicate headers, repeated in various directories that I'm almost positive would end up screwing the compile process in a real build. Also, another thing is that, if their distributed files with VC6/7 are indicative of their internal naming, they stick to a strict 8.3 naming scheme, and make note of this in their documentation (don't remember *where* it was that I read it, but it was MS docs, and I remember being surprised by it). Another thing, again assuming that the files distributed with VC6/7 are a good model, their files tend to be all UPPERCASE! For example, here's a listing from their includes in for VC6:

    -rwx------+ 1 Administ None 21912 Apr 24 1998 ACCCTRL.H
    -rwx------+ 1 Administ None 27863 Apr 24 1998 ACLAPI.H
    -rwx------+ 1 Administ None 3735 Apr 24 1998 ACLCLS.H
    -rwx------+ 1 Administ None 747 Apr 24 1998 ACLSID.H
    -rwx------+ 1 Administ None 269 Apr 24 1998 ACSMGTC.H
    -rwx------+ 1 Administ None 267 Apr 24 1998 ACSSVCC.H
    -rwx------+ 1 Administ None 833 Apr 24 1998 ACTIVECF.H
    -rwx------+ 1 Administ None 1111 Apr 24 1998 ACTIVEDS.H
    -rwx------+ 1 Administ None 39805 Apr 24 1998 ACTIVEX.MAK
    -rwx------+ 1 Administ None 3794 Apr 24 1998 ACTIVEX.RCV
    -rwx------+ 1 Administ None 2053 Apr 24 1998 ACTIVEX.VER
    -rwx------+ 1 Administ None 68013 Apr 24 1998 ACTIVSCP.H
    -rwx------+ 1 Administ None 17845 Apr 24 1998 ACTIVSCP.IDL
    -rwx------+ 1 Administ None 3402 Apr 24 1998 ADDRLKUP.H
    -rwx------+ 1 Administ None 18946 Apr 24 1998 ADMEX.H
    -rwx------+ 1 Administ None 10051 Apr 24 1998 ADMINEXT.H
    -rwx------+ 1 Administ None 2827 May 31 1998 ADOID.H
    -rwx------+ 1 Administ None 343678 Jun 19 1998 ADOINT.H
    -rwx------+ 1 Administ None 135222 Jun 2 1998 ADOMD.H
    -rwx------+ 1 Administ None 14127 May 31 1998 ADOMD.IDL
    -rwx------+ 1 Administ None 5083 Apr 24 1998 ADPTIF.H
    -rwx------+ 1 Administ None 1133 Apr 24 1998 ADS.ODL

  29. Re:tin foil hat by Skyshadow · · Score: 4, Interesting
    Actually, I think it would be easier to refute any claims that portions of the code were lifted now. Unlike with SCO, a full source tree exists for us to compare the potential offending code to.

    As a side note, I actually feel bad for MS on this one. Seriously: This was *their* code. They paid for it, they kept it going over the last 20 years, they should be able to decide how it gets distributed.

    We here at /. should all be as PO'ed by this as when we catch some asshat corp. using our code without regard to the licensing (in our case, the GPL).

    I won't mirror this code any more than I'd steal my neighbor's lawn mower because someone else opened his garage door. It's not right.

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  30. How it can go wrong by ackthpt · · Score: 5, Interesting

    A friend and his associate left a previous employer to form a start-up. They began work on a product, much like the one their former employer was developing. Though my friend largely contributed the code and many fixes to his associates code, the project died when the former employer had detectives raid the associates house. The former employer claimed they were copying the firmware, though my friend had mostly written it. However, an old code listing was found in his associates house after they had both vehemently denied copying any code from their former employer. In light of the discovery, the issue of stole-did not steal became a moot point, as they would need a company of lawyers, time and lots of money to defend themselves. If he had tossed all prior employer related junk from his home office, the burden would have been much greater on the former employer. Having some code at home which looked suspiciously like product code (particularly to the untrained eye) killed their start-up and put the associate in jail.

    --

    A feeling of having made the same mistake before: Deja Foobar
  31. Re:That is a MYTH by mypalmike · · Score: 4, Interesting

    > Do you not think that Microsoft has patents on many of the things in that code?

    Yes, but then, wouldn't reading the publically available patents be a problem?

    The answer to this is, of course, yes. I used to work at a major game developer which strictly forbid us to read any patents. This policy wasn't just something you might read in the fine print of the employee manual: there was a mandatory-attendance presentation on the subject. The argument was that if a single employee read a particular patent, the whole company is legally tainted by that knowledge. Even though it's not supposed to matter, knowledgeable infringement apparently makes for a stronger case in the courts than coincidental infringement. So, if I read patent X, and another employee working on the other side of the planet unknowingly infringes on X, a case can be made that they actually knew it., because the company knew it as a whole. How could they prove I read it? There could be a server log that shows my PC was at that url at uspto.gov. Crazy stuff.

    -_-_-

    --
    There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
  32. Re:SCO Code in Win2000 by UserGoogol · · Score: 5, Interesting

    Lets not forget who first wrote SCO Unix. Microsoft. Microsoft bought the rights to a Unix back in the eighties, (which they named Xenix) but DOS/Windows got too damned popular, and when they started working on OS/2 they decided to sell off Xenix to the Santa Cruz Operation. Years later, Santa Cruz Operation would recieve the rights to Unix-proper from Novell. A little after that, Santa Cruz Operation sold all their Unix stuff to Caldera, who promptly renamed themselves SCO.

    Of course, this lawsuit is based on the AT&T Unix which "Classic SCO" got from Novell, not from Xenix, but... well, there's a lot of mixed up stuff here.

    --
    "Never attribute to malice that which can be adequately explained by stupidity." -- Hanlon's Razor
  33. Re:it's true by tjw · · Score: 5, Interesting

    Looking at the file listing linked to in other slashdot comments, it looks pretty likely that suspicious code exists:

    114 07-26-00 02:17 win2k/private/inet/urlmon/compress/gnumakefile
    0 11-18-01 14:24 win2k/private/inet/urlmon/compress/gzip/
    3627 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/api.c
    1978 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/api_int.h
    639 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/common.h
    1838 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/comndata.h
    871 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/comninit.c
    3927 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/crc32.h

    Last time I checked gzip was licensed under the GPL. Although, it could be a totally re-written version of gzip or something else named gzip I guess.

    --

    XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UB E-TEST-EMAIL*C.34X
  34. Re:it's true by Saint+Stephen · · Score: 4, Interesting

    When I worked at Microsoft I had read-only access to the NT tree. The full, current "main" branch was about 20 GB, you needed about 80 GB to compile it, but *much* of that was binary versions of things like DAO checked in to support all the Internationalization. So I'd be shocked if you all were passing around the whole thing.

    The base stuff is probably 4 GB.

  35. No you haven't by Anonymous Coward · · Score: 5, Interesting

    I worked at MS on NT, and though it's been a few years, I can definately tell you there are "gnumakefile" files all over the place. It's the first thing any coder notices when they first look at the source, "Hey theres a Makefile, and a gnumakefile, what's the deal?"

    If you'd really seen the source, you would have remembered that.

  36. Mod Parent Up !! by TheGrayArea · · Score: 4, Interesting

    He's correct. The tree is forked as needed for future versions. Heck, you can search through the asm files and still find ones with David Cutler's name in them that haven't been changed since he wrote them.

    --

    This space for rent.
  37. from around the IRC campfires by neoThoth · · Score: 4, Interesting

    Topic of #windows: http://www.windorks.com | We don't care about "the leak," don't ask us about "the leak," and we will not give you voice.

    Topic of #phrack: "wake me when they find the code that lets the FBI in"

  38. Re:Finnaly de-lurked by ReNeGaDe75 · · Score: 4, Interesting

    If that happens then the person who put the code into the project should be prosecuted. Why would the accusation hurt open source?

    Open source is less likely to have that problem in the first place. I mean, the code is open, so the programmer would get caught. Closed source software, on the other hand, is more likely to contain illegal code, because nobody can easily prove it, being closed and all.

    --
    Hypocrisy is the 8th deadly sin.
  39. Re:it's true by Deadplant · · Score: 4, Interesting

    grep -ir fuck windows_2000_source_code/*

    private/shell/applets/welcome/html/webapp.cpp: // HighContrast mode is turned on. This totally fucks our style sheet as most of it will
    private/shell/shell32/copy.c:// want to fuck with.
    private/shell/shell32/util.cpp:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
    private/shell/shell32/util.cpp:// around the fucking peice of shit compiler we pass the last param as an void *instead of a LPITEMIDLIST
    private/shell/shell32/util.h:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
    private/shell/shell32/util.h:// around the fucking peice of shit compiler we pass the last param as an LPVOID instead of a LPITEMIDLIST
    private/windbg64/debugger/tl/remote/ shell/windbgrm .c: // The user fucked up
    private/windows/media/avi/verinfo.16/verinfo.h : * !!!!!!!!!!!!!!DOING SO FUCKS THE BUILD PROCESS!!!!!!!!!!!!!!!!
    private/windows/shell/con trol/midi/map.c: // !!!this is fucked if a map goes to multiple physical devices

  40. If you believe in Open Source or Free Software... by Bozovision · · Score: 4, Interesting

    If you believe in Open Source or Free Software then you should believe in copyright. If you find a GPL code in use in a closed project, then you should report it to FSF. If you find Windows code in the wild then you should report it to Microsoft. It's their code and consequently they should and do control who gets to see the code.

    That said, I would desperately like MS to release the code under an open-source, but closed-project style licence; that is, the code belongs to them, and for any derivative code MS is automatically granted a licence to to sublicence and do whatever they wish. It should not be permissible for the code to be included in another product without the explicit say so from MS. Microsoft could protect theselves financially by being the only source for binaries. BillG are you listening? Win2K, with open source could be sooooo good, and you would still make a stack of money. Plus you'd have a huge team looking at improving the software, for nothing.

    It's worth a shot if the code has escaped. At worst you'll get a second product line.

  41. Re:SHORT THE STOCK? by noisehole · · Score: 5, Interesting

    its in the wild and no one can do anything about it.
    most ppl are downloading it to have something to brag about. others are just peeking at it for the fun of it, like me. just a few grep's showed some interesting things...

    the file actually is the zip to the spreading files.txt

    whats a little bit weird is a linux coredump at private/security/msv_sspi/core

    it appears someone named eyala from mainsoft used vim (VIM - Vi IMproved 5.6 (2000 Jan 16, compiled Mar 7 2000 12:18:07)) on a redhat x86 box under xfree86/kde on a w2k sp1 sourcefile, well until the box ran out of memory...

  42. The EML Files by Alex_Ionescu · · Score: 5, Interesting

    Guys...

    I can't believe you haven't figured out what the EML files are yet.
    Anyone remember NIMDA? The worm from 2002 I think? It had this exact same effect of sticking infected eml files all over your folders (by taking some names from your files, and others randomly). Opening those EML files or forwarding them would guarantee future and constant infection.

    It's clearly evident that this machine was infected by nimda and got port-scanned and found. The rest of the code is probably going to come soon enough, unless MS already found out and pulled the plug.

    By the way, alpha doesn't mean "Alpha Version" but the Alpha CPU made by DEC, now owned by Compaq.

  43. Re:it's true by TheGrayArea · · Score: 4, Interesting

    You'd probably be surprised. Some of it is really, really clean and some of it is a mess. It all depends on which part you look at. As far as searching for curse words and such (as referred to in a reply later in this thread) there actually was a concerted effort at MS a couple of years ago to actively 'clean' the code of offensive comments. There were actually bugs submitted against a whole slew of "WTF" and "hack" and "shit" comments back then.
    The code varies greatly in style and how it's put together. The MSMQ code where I spent most of my time when I worked at MS support is just friggin brilliant and a real joy to debug. I can't say that about everything (IE ....).

    --

    This space for rent.
  44. Re:The real question is, of course - by AstroDrabb · · Score: 4, Interesting

    Is it really illegal to download the source code to MS? It is protected by copyright law and I thought copyright laws only protected against distribution? I can go to a library and read any book I want. I can look at any piece of artwork I want. What I cannot do is to distribute those works without permission. The RIAA has not sued anyone for downloading music, only for UPLOADING music. I am not a lawyer, so I could be way off here. If I am correct, then there is nothing wrong with looking at the MS source code. You can even use non-patented stuff that you learn as long as it is a clean room implementation that is not based on the copyrighted code. Again, don't take this as advice, since I have no clue about copyright laws.

    --
    If Tyranny and Oppression come to this land,
    it will be in the guise of fighting a foreign enemy. -James Madison
  45. A bit about the developer... by Anonymous Coward · · Score: 4, Interesting

    http://www.mainsoft.com/corporate/exec_profiles.ht ml
    At the very bottom is the owner of the core file.

    A friend took a look at their FTP server, looks like an unpatched wuftpd, gee, i wonder how they got in....

    220 circle.mainsoft.com FTP server (Version wu-2.6.1(1) Thu Oct 12 09:06:04 PDT 2000) ready.

  46. Interesting tidbits from the source.. by Anonymous Coward · · Score: 5, Interesting
    windows_2000_source_code.zip:

    4667 *.c files. 5601 *.h files. 2255 *.cpp files. 26 *.hpp files. 1456 *.cxx files. 961 *.hxx files. 148 .asm files = 15114 total "code" files.

    Lines of code:
    <...>@<...>:/stuff10/win2k# for i in `find . -name '*.c'`; do `echo `cat $i|wc -l``; done | perl -le '$sum = 0; while (<>) { $sum += $_; }; print "\nLines of .c code: $sum";'

    Lines of .c code: 4223425

    <shell command omitted for the rest..>

    Lines of .h code: 1205670
    Lines of .cpp code: 1763501
    Lines of .hpp code: 1684
    Lines of .cxx code: 1363944
    Lines of .hxx code: 194893
    Lines of .asm code: 78500

    Totalling 8831617 lines of code
    Some grepping..
    <...>@<...>:/stuff10/win2k# grep -r -i 'fuck' *
    ....
    private/shell/shell32/copy.c:// want to fuck with.
    private/shell/shell32/util.cpp:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
    private/shell/shell32/util.cpp:// around the fucking peice of shit compiler we pass the last param as an void *instead of a LPITEMIDLIST
    private/shell/shell32/util.h:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
    private/shell/shell32/util.h:// around the fucking peice of shit compiler we pass the last param as an LPVOID instead of a LPITEMIDLIST
    private/windbg64/debugger/tl/remote/ shell/windbgrm.c: // The user fucked up
    private/windows/media/avi/verinfo.16/verinfo.h : * !!!!!!!!!!!!!!DOING SO FUCKS THE BUILD PROCESS!!!!!!!!!!!!!!!!
    private/windows/shell/con trol/midi/map.c: // !!!this is fucked if a map goes to multiple physical devices
    Bugs anyone?
    <...>@<...>:/stuff10/win2k# grep -r -i 'a bug' *|wc -l
    408
    Curious; grepping for 'linux':
    private/ntos/udfs/udf.h:#define OSIDENTIFIER_UNIX_LINUX 5
    private/ntos/udfs/udf.h:#define OSIDENTIFIER_UNIX_MKLINUX 6
    'grep -r -i's with no results: GNU/Linux, GNU GPL. Bill Gates, Steve Ballmer,

    -- Hopefully Anonymous-Enough COWARD
  47. Re:It's a TRAP!!! /Adm. Ackbar by shird · · Score: 4, Interesting

    From bugcheck.c, the code which makes the screen blue...

    if (InbvIsBootDriverInstalled()) {

    InbvAcquireDisplayOwnership();

    InbvResetDisplay();
    InbvSolidColorFill(0,0,639,479,4); // make the screen blue
    InbvSetTextColor(15);
    InbvInstallDisplayStringFilter((INBV_DISPLAY_STRIN G_FILTER)NULL);
    InbvEnableDisplayString(TRUE); // enable display string
    InbvSetScrollRegion(0,0,639,479); // set to use entire screen
    }

    --
    I.O.U One Sig.