Slashdot Mirror
Windows 2000 & Windows NT 4 Source Code Leaks
PeterHammer writes "Neowin.net is reporting that Windows 2000 and Windows NT source code has been leaked to the internet. More on this as we hear it."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
A quick peek around indeed shows something named Windows.Source.Code.w2k.nt4.wxp.tar circulating, but this had to happen sooner or later, considering the number of institutions with access to the source. Wonder how long it'll take before a torrent of new worms using newly discovered security holes tear up the net.
I for one would love to peek around in this, more out of curiosity than any desire to actually do something useful with it.
The next great MMORPG.
Now will everyone stop bitching about Windows not being open source?!
Later isn't going to work, since the server was down even before it hit the Slashdot front page. I empathize with their server.
I did, however, managed to grab the news blurb (but not the, at that point, 214 comments) from the intermittent front page:
Torrent, anyone?
I had but a simple dream, to destroy all humans.
so here is the story
Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.
This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.
We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.
Please do not post any links/screenshots/hints or anything to do with the source code outbreak. Discussion is allowed but we will not condone people spreading this source code.
Are people deeply involved with OSS going to start fixing bugs in Win 2k? Might be fun and a dagger in MS's heart.
"We fix bugs in 24 to 40 hours, much faster than OSS."
Do I have to sign an NDA?
Seriously, this should be pretty interesting. I wonder how many bugs are ACTUALLY in the NT kernels...
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
I could easily name files "windowsxp.source.tar," but that means nothing.
There's plenty of worthless spam on the internet already.
I've been upgraded to "bad"!
OK lets see how much THEY'VE nicked from Linux.........
Maybe peer review will send a flurry of discovered holes to Microsoft for them to patch.
Maybe this will be positive for all of mankind!
Or maybe I'm crazy.
clifgriffin > blog
Full file listing with sizes: http://heim.ifi.uio.no/~mortehu/files.txt I suggest mirroring ;)
Tim Dorr
Owner/Manger
A Small Orange
GLL - General Leaked-Souce license
Ha ha!
Among the programmers I know who use the Microsoft source code, if you the "diff", there are many very small changes between the source files. It is a question, are these changes intentional, and signed, and in a database. I would think yes, there is no other reason for it.
The leaking company will soon be identified unless the code was first changed in a very strong way.
Seriously, don't look at it, you will no longer be considered "clean" and might become a liability to any project you work on.
Of course their source code leaks...they don't properly clean up their pointers....
Oh wait a sec...8-)
What ever you do, don't let the code influence your projects. The last thing we want is Microsoft joining in with SCO and accusing the open source community of using MS code in an open source project such as Linux. Sure you probably wouldn't want to with its reputation, but I am sure there would be those who would be tempted.
Jumpstart the tartan drive.
Neowin Message
The server is too busy at the moment. Please try again later.
Yep, looks like an error. Must be real Windows code then...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Microsoft just needed a push in the right direction, right?
-S
We Apprentice Developers and Designers
Seriously, the previous article lambasting open source for being vulnerable is nothing when compared to eyes backed with malicious intent poring over Windows source code for new exploits. So much for security through ignorance.
A feeling of having made the same mistake before: Deja Foobar
From the site: Please try again by pressing the refresh button in your browser.
Oh boy...
I want a ebuild!
emerge win2000
The funny thing is the fortune that appeared in the appropriate slashbox when I first saw this article.
;-)
"Never trust an operating system you don't have sources for.
-- Unknown source"
Mirror with comments.
Hope it's all just a bluff.
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
...Windows 2000 and Windows NT source code has been leaked to the internet.
The Internet, however, being a polite sort of fellow and completely undesirous of the undoubtedly horrible ramifications of having such a beastie running around loose, gently replaced the source code and gave Windows a friendly pat on the head.
I watched C-beams glitter in the dark near the Tannhauser gate.
Do NOT read that code if you ever wish to program for an open source OS, ever. Doing so will make you tainted- you open the project up to allegations of copyright infringement. Unless you never want to contribute a single line to Linux, *BSD, etc, checking out that code is a bad idea. Its almost a surprise MS didn't "leak" Win 95 or 3.1 years ago to catch open source developers like this.
I still have more fans than freaks. WTF is wrong with you people?
It *amazes* me that it hasn't been routine.
Windows source code is not some deep dark secret that is locked in a vault, only let out during builds for the product releases.
*MANY* people have access to the Windows source code. A number of people in my own university have it. There are strict licensing considerations, but when has that ever worked before? Surprisingly, none of the people with source access has ever pulled off the stunt where it's broadcasted. I have always wondered why.
-fb Everything not expressly forbidden is now mandatory.
We all know the real valuable stuff is in error.h.
So, what does it say?
right after a story that was about open vs. closed source
I never said I was smart, I just said I was smarter than you
as this source code is now out, can we expect people in the wine project to start using it as a basis for their coding. I'm sure it would provoke a legal battle of the SCO type (but with reason this time) but surely with a bit of clever coding and a bit of reference to this code wine could be advanced very far. Sure it's illegal, but so have many things Microsoft has done. I haven't been able to get through to that link (/.ed). This source code could, theoretically, be a big step for ReactOS and the WineX and Wine projects particularly as it is 2000 which has support for a lot of the stuff that NT does.. very exciting!
tim
This pretty much destroy's any argument that Windows is more secure because "the bad guys" can't look at the source code. And yet it won't get the positive aspect of "the good guys" reviewing the source code for bugs as it is illegal to make a copy of the code without a license to do so.
This is not good. Windows is designed primarily with 'security by obscurity' in mind. The security holes indeed show up every often and we have worms making it to the gazillion windows boxes before the patch does. Get ready for a deluge of worms/virri. Another bad week/month for sysadmins.
Free XBox, PS2
While you may not have heard of Neowin before, they are actually quite well known and are often placed in those '100 essential sites' lists.
They focus primarily on windows tech, and have a knack for breaking stories about Windows- leaked builds of future versions, beta builds of service packs, etc. Whoever runs the site is well connected in Microsoft.
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
See previous article
http://heim.ifi.uio.no/~mortehu/files.txt I'll wait till i can download it into a lab
I'm sure many of us want to pick at the code, but is it really worth it at the moment? Now that so many news orgs have made it well known, wouldn't it be fairly dangerous to try to grab a copy in the next comming hours? I mean, this must piss both MS and the US Gov off. ...with that said.. cant some troll be useful and..
I've left to find myself. If you happen to see me, please, keep me there until I return.
Open Source is Dangerous? ;)
How about Forcibly Opened source?
How...surprising! Look! A really good reason to move from previous versions to MS's new DRM enforced versions.
I haven't been able to even get to Neowin, it's been slashdotted since before this story even made it to "The Mysterious Future" here on /., but think about what this means if this is actually true. The potential vulnerabilities. All the trade secrets Microsoft put in there. Hell, IE 5 was released with Windows 2000, so if this is full source, it means IE 5 and the trident engine are in there as well.
If this is true, today may be the day that everything changes.
Neowin is one of the pillars of the beta scene... they normally have news on leaked betas/previews/etc...
Is the code that bad such that this news story considers this so dangerous to Microsoft? Seems a bit hysterical to me.
I don't know how useful it is to WINE, etc... OSS developers not wanting to be "contaminated" by looking at the source code won't look at this stuff anyway.
better remove your sig... theif... :P
ReactOS have announced they have hit all upcoming milestones and consider their project "feature complete".
I wonder how long it will be until someone runs the comparator in it?
Microsoft Windows 2000 was written with GNU/Emacs!
You need to restart your computer. Hold down the Power button for several seconds or press the Restart button.
Strangely enough this Leak will make Windows more secure in the long run as the code can be studied and possible exploits be "published"
Help fight continental drift.
I found the source code here.
Prevent email address forgery. Publish SPF records for y
Ok so here's MS's plan.
... Ya, I'm sure you know what goes here.
Step 1) Leak their source
Step 2) Sue Onen Source developers down the road because obviously they have studied the MS leaked source.
Step 3)
Ok but seriously, I'm not touching it. The last thing I need is Microsoft saying that I somehow owe something to them.
Jerks.
--
Mike
-- Mike wildcard@illuminatus.org
Where law ends, tyranny begins -- William Pitt
Granted, there's already lots of schools and whatnot that have access to the source, but if this is for real, then expect all hell to break lose. Should be interesting to see how many vulns get discovered in the first month alone from this. Regardless, whoever leaked the source better hope they're in a far, far away country immune to teams of sharks-dressed-as-US-lawyers.
"Hell hath no fury like a woman scorned for SEGA. ..."
... I might think Microsoft leaked it on purpose, so the OSS community would find the bugs, point them out publically, and even describe how to fix the problems.
Of course, I'm not the suspicious type ... :-)
JWhat would be the legal ramifications of:
1) Someone taking the W2K source and making an Out of the Country host of a tweaked (and improved?) W2K source? Would this be illegal to use? I realize it would be illegal to distribute in the US, but would it be illegal to *use*. Especially if you owned a valid copy of W2K?
2) If you own a valid copy of W2K, could you legally look at/use the leaked W2K source?
3) If there were any derivative works off the W2K source, I'd think the W2K license would allow you to use any subsequent O/S created with that source by independent developers. I realize the EULA may forbid this, but I seriously doubt that would hold up in court. You probably couldn't do this from a commercial standpoint, but as a private citizen, I can't see there being any legal recourse MS could take against using what would effectively be an OSS version of W2K.
Anyway, something to think about.
Mr Bill isn't the only one in a bad situation here, with the source code available to all those crackers/virus writers, there will be lots of new worms and exploits, millions of Windows users will be in a much worse situation too.
Worms and exploits will start to appear quicker, and more frequently than ever.
The IT section color scheme sucks.
Sco should verify that their source isn't found in Microsoft sources. Heck, they might find those lines that they reported in the Linux Kernel probably in Win2000 kernel.
Imagine that!
Now we just have to wait for SCO to have a leak and everyone's dirty laundry is out in the open.
---- The geek shall inherit the Earth.
Allthough driver 'wrappers' and the like would be awesome for the linux community. think of the lawsuits that would start if linux 2.7.0 had much much better support for NTFS and the like.
this actually can hurt us more than help.
Or perhaps you meant /.ed?
Learn to Play Go
hell, I bet Medusa would turn to stone if she saw the code.
In the last article on the /. home page, we have W. Russell Jones talking about all the insecurity of having source available in open source projects.
I'm afraid we've reach a massive failure here in security by obscurity, but time will tell. If this is true and if there are lots of security holes discovered, I find it hard to believe even a company of Microsoft's size can respond quickly enough to keep the outbreaks down. This threat is why open source is better than what W. Russell Jones made it out to be. The threat of security failing because of leaking source just isn't there with open source.
-N
I've nothing to say here...
Now I guess those of us who write code for free project have to be double carefull what code we read and who tracks us doing so.
I can allready forsee the seize-and-desist letters to free projects, claiming that one or more developers are have been tainted by knowledge of 'proprietory information' from microsoft, and the enclosed clicktrail on www.w2k-source.com provides the nessecary evidence. And you thought you were just checking out driver support info on a community site.
mfg lutz
What the NT kernel does is well understood. The object code is widely available, and key parts, like file system formats, have been reverse engineered. There's plenty of documentation. A few major development shops have access to the source anyway. If you're into kernel architecture, it might be interesting, but otherwise, so what?
If the story is true, i'm not so convinced about that yet.
Probably some more worms will come out within the first weeks. But in the long run MS might finally learn the value of bugs getting shallow by lots of eyes looking at the source. I don't think companies will suddenly start to copy the source and using it themself - the fear of getting caught will be too high. As much as MS will dislike this, i think the users will have more advantages in the long run (and maybe this is even not soo bad as MS will think it is).
So will we finally find out exactly what kind of information that IE is keeping on us?
It's only reasonable that software with so many holes will leak!
^_^
Microsoft gave a talk at usenix: Windows A Software Engineering Odyssey
This slide indicates the full source is 50gb and took a week to setup and 2 hours a day to update.
That implies to me that people could have the whole source but it would huge.
Slide 24 talks about their new perforce based system that only takes 3 hours to setup and 5 minutes to update.
It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT
.
How to easily find the Windows source code packages in your daily P2P incoming directory:
rosco@dipstick:~/emule/incoming$ ls -l --sort=size -r
total %@*@&^23462&^% bytes
-rw-r--r-- 1 rosco rosco 645124103 Feb 12 22:49 starwars.zip
-rw-r--r-- 1 rosco rosco 658124896 Feb 12 22:50 nt.zip
-rw-r--r-- 1 rosco rosco 660100457 Feb 12 22:49 goodbadugly.zip
-rw-r--r-- 1 rosco rosco 705012756 Feb 12 22:49 dasboot.zip
-rw-r--r-- 1 rosco rosco 706107014 Feb 12 22:56 daftpunk.zip
-rw-r--r-- 1 rosco rosco 710127685 Feb 12 22:58 chembros.zip
-rw-r--r-- 1 rosco rosco 9874520782^45 Feb 12 22:59 2ksrc.zip
-rw-r--r-- 1 rosco rosco 4578924574^37 Feb 12 23:12 ntsrc.zip
Segmentation fault. Core dumped.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Microsoft has always maintained that it takes a good 24 hours to compile a full version of Windows from the source, and that the increasing complexity of Windows has meant that modern computers don't compile modern windows any faster....
I'd be interested to know what the Windows source is compiled with though
Intel C compiler? I'm sure they couldn't stand the irony of using GCC. The NT codebase is supposed to be crossplatform do I doubt it's got any Assembler code in it - is it written in C or one of Microsofts own languages?
If so, what was it originally written in and when was the translation made? (Pls don't mod me informative - I may be way off the mark!)
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
> It *amazes* me that it hasn't been routine.
Because most people are paranoid enough to assume M$ watermarks each distributed copy to allow them to trace it back to the point of release. But now they are giving copies to governments like China and folks there just don't really give a damn about western notions of copyrights.
Democrat delenda est
What if we just use the parts that MS lifted from BSD?
How long will it be before someone fully documents NTFS by studying the source under the guise of having legally reverse engineered that information?
If whoever does this is careful and realistic, it seems very unlikely that Microsoft could ever prove they had done so with an illegal copy of Windows source code.
I predict that if this source is legitimate, that we will see full NTFS write support under Linux within a year.
And just think. What if there is 3rd party driver source in there too?
It's illegal, but I think it is bound to happen and we will benefit from it.
On the plus side, some of the comments are fairly humorous, especially when you note who wrote them and look up where they are today.
The Windows code hasn't had nearly as much peer review as open source OS's so I won't be suprised if this leads to a ton of exploits. The big problem here is that this source will be available to any black-hat that wants it--they obviously aren't going to be concerned about the legalities of obtaining leaked source code. But the businesses that use Windows aren't going to be able to audit the code for security leaks unless they obtain it illegally (or sign some agreements with Microsoft and shell out bundles of cash.)
Do NOT read that book if you ever wish to write your own books, ever. Doing so will make you tainted- you open your book up to allegations of copyright infringement. Unless you never want to contribute a single idea to the world, etc, checking out that book is a bad idea. Its almost a surprise authors haven't published their books years ago to catch potential authors like this.
In addition to the security implications this has, think about the implications this has on OSS writers? Previously, M$ tried to show the souce code to Windows to college students in the hope that they couldn't write OSS code because they'd have seen the Windows source.
This gives M$ a leg to stand on if they attempt to claim that any OSS has Windows code in it.
Any OSS writer that manages to get the code should proceed with caution.
I think from a legal standpoint it might be very important that OSS developers not look at the code. Even though they didn't leak it, MS still has rights to the code. If an open source program took advantage of illegally leaked code, what would the legal ramifications be on the OSS project? I don't know the answer, but I'd be willing to be real money that MS would sue. I remember reading an article where the SAMBA developer said he was very careful not to look at any code because of this. Reverse engineering is fine, but you don't get any help to do it.
For the same reasons that Microsoft warned its IE developers to stay clear of Mozilla, open source coders should avoid even seeing this.
That said, I'd love to get hold of the dll code that does the equivalent of a window manager in X. How cool would it be to swap out a dll on the Windows box at work and have a completely custom windowing environment?
I see bad things happening here... 1) Microsoft "accidently" leaks Win2k source. 2) Microsoft pays some guy to "contribute" to the linux kernel in a small way. 3) Microsoft then files an SCOish lawsuit against IBM (or whoever) claiming ip infringement in the linux kernel. Don't laugh. Stranger things have happened.
Assuming this is indeed true, what's the chance that MS released this on purpose, with the intent of a)eliminating as many legacy win2k/nt 4 users as possible to ensure a move to longhorn or b)creating an environment where an extensive patching system would be necessary and thus sellable?
just some ideas; i'm not a zealous ms hater, but i've seen companies do conceptually-similar things before.
I wonder if the guys over at ReactOS (http://www.reactos.com/) are tempted by a look?
For those who don't know...
"ReactOS is an Open Source effort to develop a quality operating system that is compatible with Windows NT applications and drivers."
The odds of getting one's hands on the full source to NT4/2K are slim to none--even most Microsoft folks couldn't do that.
This is incorrect.
Its funny how people build up ideas in their heads about what its like in a large corporation, somehow like a hollywood movie with lots of people with dark shades and guns ala "The Net".
No, inside Microsoft is a lot more like "Office Space" and anybody with motivation could get the entire source with little trouble.
Are there any back doors showing in the source...
every day http://en.wikipedia.org/wiki/Special:Random
Just imagine the FUD/lawsuits/etc when, for some reason, Linux starts running on natively on NTFS.
Besides, there are several obfuscating methods designed to hide the logic of the original code. They can be used to actually copy the code to the emulator (if the copied piece will work there). After that it would be hard to prove anything even in the open source.
Disclaimer: IANAL, but anyway, personally I would not feel guilty having W2K source code and using it to improve WINE. Because I think that the algorithms is a part of the math, which existed always even before humans came here. A programmer just discovers the piece of math and express it using one or another language. The gravity doesn't belong to Newton, the math formula that describes the gravity neither. Only the fact of discovery of gravity math description belongs to Newton, just for references. Only the fact that programmer wrote the code belongs to the programmer (or the employer), not the code itself. Just to refer in the report to the boss why one was so busy all the day. Getting the source code from Microsoft is not stealing - it's learning. There is nothing wrong in learning.
Less is more !
Conversely, imagine if someone found parts of the 2k/nt4 code that were very similar to previously existing GPL'd code? that would be pretty interesting, too.
100 GOSUB 7000 ; * Load stuff
110 GOSUB 900 ; * Show windows logo
120 GOSUB 20000 ; * Prompt for operator login
130 GOSUB 32000 ; * Fill half of memory with DLL's
140 GOSUB 16000 ; * Time waster loop
A feeling of having made the same mistake before: Deja Foobar
MS may just add different comments(or slightly modify the code) to each licensed source, and when/if they see a leak, they can easily find where the leak is coming from, for example they add something like "#Rewrite this later" on line 135 for your license, "#Redo this part" on line 563 for another license, etc. and when they see source leaked with a comment on line 563, they know which particular license is it coming from.
Imagine if somewhere hidden in the bowels of the Windows2000 source an intrepid SCO intern finds a sliver of SCO-owned Unix code. Then all hell would break loose...
As someone mentioned, this would be fascinating to just read the comments. Would it be possible for someone to strip out all the code, leaving only the comments for each file, minus comment lines that ARE code? It would be GREAT just to read the "intention" and "questions" living in that code and be able to associate each with a filename. Purely for entertainment value. It would also be neat to compare comment-to-code ratio in areas of MS code.
Ryan Fenton
http://www.windowsbeta.net/ is carrying the story (not slashdotted yet) and has a snippet from TaskManager up to prove validity.
The files listed in win2k/private/ntos/ appear to be kernel stuff. Yes, even asm files in there.
I hope you weren't planning on ever contributing to any Open Source projects after doing that. If it's later demonstrated that you had access to the W2K source and contributed vaguely similar code (even by accident) to a project, it could have severe repercussions for that project.
... the textbook author would own all of your code.
... trivial code will generally be similiar regardless) the more difficult that is.
IANAL but I do read Groklaw, and from what I understand copyright restricts the act of copying (duplicating). You can study someone's implimentation of something as much as you like, then go impliment something similiar yourself. As long as you do not copy the code verbatim you are not in violation of copyright law.
Otherwise, no student would be able to code having once looked at examples in a text book
The problem is, of course, proving one implimented the code oneself and did not in fact crib the whole thing from someone elses code, and the greater the similiarity (for code of sufficient complexity
In any event, it is a myth that, simply by looking at, or even studying, one set of code one is somehow "tainted" and unable to contribute to another, competing project, be it free or proprietary. To violate copyright law one must copy, not just receive inspiration from.
The Future of Human Evolution: Autonomy
My question is, has anybody managed to get this steaming pile of manure to compile? Seems like one would need to do that and then compare the binaries (ignoring any timestamping) before assuming this is authentic.
"Freedom means freedom for everybody" -- Dick Cheney
There ya go.
files.txt
8 91cade243c126|
and since Slashcode mangles ed2k-links: here for copy&paste (remove any spaces)
ed2k://|file|files.txt|2390731|959770f9507c332f26
Oh and BTW, this is just a LIST of files, not the sourcecode itself. So don't get cocky about copyrights.
Know what. Screw the whole legality issue. Those who have a foot in both the software design (even OSS?) and warez scene need to nab this. Much positive work could be done with windows/linux compatibility once we figure out the obscure protocols that windows uses. Yeah, it'll be legally grey, but who cares.
This will probably elicit a lot of replies about how Linux needs, especially now, legitimacy, especially under scrutiny of corps hoping to use it on desktops/servers. Individuals wouldn't care as much, obviously. They're right, in part at least. However, I've always admired the range of software choice Linux has, and just like Debian doesn't ship with all the necessary mplayer codecs.. they're out there, if you want 'em.
On another note.. what if someone took the code, released Linux software designed to help, say, samba, or something. Then another developer, without looking at the actual code for that program, made their own derivative by decompiling/whatever?
http://cltracker.net -- powerful craigslist multi-city search
The server is currently slashdotted, but I managed to download the first few lines of the Windows 2000 codebase. Here they are:
Why not ask the Micro$oft Office Assistant...he *always* comes up with the correct answer :-)
Source code (being mostly text) should compress a lot better than compiled binaries.
I was expecting the General Protection Fault License.
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
The Win2K Source was released a while ago.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
So if this is real, I want to see evidence of all the dirty tricks code that allegedly is in Windows.
I mean the code that supposedly makes competitors products break, and god knows what other bad stuff I've heard about over the years.
Anyone working on this?
mirror
Site slashdotted? Look here for mirrors, or even better: o
If you work on any Open Source project, DO NOT LOOK!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
You must either be new to Gentoo or new to Windows. It would most definately be:
ACCEPT_KEYWORDS="~x86" emerge win2000
Where's the Torrent? Huh? The first post should _always_ be the Torrent of the post.
Must-not-watch TV!
So we'll finally get to see NTFS driver that can write to the partition... SAMBA will be fully compatible with Active directory...
Now SCO can sue Microsoft for stealing their code, too! *LOL*
Seriously, though... If the circulating source is really NT4 & W2K, that would give a powerful instrument to both sides - the ones who wants to sue Microsoft for stealing their technologies and for Microsoft, too, since from now on they will be looking very closely at newcoming products of their rivals.
Having the source you could do a cleanroom implementation of it, have a set of "dirty" developers read and describe the undocumented API's and another set write those API's from scratch
Snowden and Manning are heroes.
I seem to remember reading that Microsoft gave China access to the entire source code, after the country mentioned that it was leaning more towards using Linux for government-related things, because the entire source code was open for inspection.
$ echo "ceci n'est pas une pipe" | sed -Ee 's/(eci n|pas )//g'
Since XP isnt such a big rewrite of the NT codebase a significant number of holes found in the NT/2000 code will most probably also be lurking in XP/2003.
If this really is true the ramifications on the security of windows is really big. In contrast linux is getting SELinux functionality implemented as we speak.
I hope this isnt true because it would turn the world of computers totally upside down and have big impact on innocent bystanders who bought into the MS marketing lies.
HTTP/1.1 400
In my best Bruce Campbell voice "Stop, it's a trick. Get an axe!" Hail to the king baby!
As long as you do not copy the code verbatim you are not in violation of copyright law.
Copying of nonliteral elements is actionable infringement. That's why many reverse engineering firms have two separate teams: one to describe a piece of copyrighted code and another to implement it.
In any event, it is a myth that, simply by looking at, or even studying, one set of code one is somehow "tainted" and unable to contribute to another, competing project, be it free or proprietary. To violate copyright law one must copy, not just receive inspiration from.
Try telling that to the estate of George Harrison, who lost in Bright Tunes v. Harrisongs. It's possible to copy without knowing you're copying, and it's still infringement.
took a week to setup and 2 hours a day to update
:-)
No wonder, with half a meg of memory
Agreed, but you forget one thing about size. Source code has very good compression ration. Almost every time ratio is 10:1 or more which would mean 1-5 GB, and considering Fedora dvd image i'm downloading right now 3.7GB, well nothing special about the size.
Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
I agree. Remember, at the trial MS argued that opening or showing parts of Windows source code would be a threat to national security. Not long after that, they gave their source code to Russia, China, and many multi-national corporations and other organizations as part of their Shared Source initiative. Now, don't know where the source was leaked from, but 1 + 1 = ?
If in fact, this story is true, MS is riding against the wind here. It is feeling pressure from the Open Source while its security, software, and business models are based on keeping the source secret. If so, how long can they keep up?
WINEHQ: Early today, a developer who wished to remain anonymous contribued an astonishing amount of source code to the WINE project. Some initial testing performed by WINE core developers revealed that WINE's compatibility with Microsoft Windows applications releasted for Windows NT and Windows 2000 had perfect compatibility, even down to some annoying and well-known bugs that have plagued certain Microsoft DLLs distributed with Microsoft's operating systems.
;)
"This will really make it possible for non-Windows users to run more applications than ever using WINE on alternate operating systems like Linux," said one develper we spoke with.
I would be the most poetically ironic event ever if it turns out that it was a MS Win security hole that allowed a hacker to enter a server and steal the code.
Doubly ironic if it was a hole that MS has known about for months and not bothered to patch.
Triply ironic if someone finds said hole, patches it, and ships patched source back to MS.
__ Someday, but not this morning, I'll finally learn to use the preview button.
Possibly, but would they really want to? The samba group ended up with faster code then MS by reverse engineering the SMB protocol instead of inheriting a bunch of code patched by different people over the years. I would imagine looking at the source would solve a bunch of problems for the short term.
Of course if this turns out to be true and all.
What about the opposite:
Is there GPL code there?
Ask an auditing company to
diff NT4 2000 | grep -e yourcode
and get an answer.
I don't think they're playing SCO if they released just a part of it maybe but not the whole thing
It's not like stealing, because they only took a fraction of a megabyte at a time. Only when they're all added up in your Swiss bank account does it amount to the full source code. It's like the take a penny, leave a penny jar.
Code leaks from Microsoft are not new. Check this article at CIO Update about a code leak a year ago: (emphasis mine)
Microsoft Corp. said it is tracing a key piece of code from its Windows Server 2003 software that was leaked onto the Internet, triggering concerns about piracy problems ahead of the company's scheduled product release later this month. The volume-licensing key in question allows for unlimited installations of Microsoft's Windows Server 2003 server operating system, the next upgrade from Windows NT that is slated for release on April 24.
However, this seems only to be a partial leak, not comparable to this complete (if it's real) source code leak.
Blimey. We got wind of this around lunchtime GMT, and within half an hour two zip files mysteriously got downloaded to - ahem - servers some collegues and I have access to (no, I had no involvement in the download and have no idea of the source). We took a look, us being extremely sceptical of the claims, and ended up spending a few hours grepping the Win2K sources.
If this is a wind up, someone or people spent a long old time faking it. Microsoft notices and email addresses all over the place. They don't like the AIX compiler one little bit. Hardly any mention of Linux, GPL or GNU.
Actually quite a professional bunch of source files by all accounts. Appears to be using standard GNU Makefiles though. Yes, the 'f' word appears, as does the 's' word. Apparently Office 2k is broken in some respect that Win2k needed a tweak or some description.
Plenty of mentions of Internet Explorer, although I wouldn't like to say that we found 'IE' in the code, but then we aren't C experts at all. It does mention IE6 and Windows ME, so can't be all that old either. Does mention buffer overflows a fair bit, also plenty of 'hackhack' and 'bugbug' notes laying around.
In fact, nothing particularly spectacular found at all. We took a look, got bored, and went back to our normal work. Honest boss!
And no, we didn't try to compile it. We felt it was genuine enough though - not that we really cared. We did however note that if this lot is proven to be the real deal, Microsoft are going to be landed with one hell of a lot of security alerts for 2k/NT over the next six months.
Yours merely curious...
whoa, i totally read that as "MOD PARENT UP SUPER FUNNY"
"#43 Posted by psneddon on 13 Feb 2004 - 01:09
Just my opinion / thoughts.
1) The software that builds and compiles Windows is very complex I doubt anyone could turn the source into a working system easily. Maybee it would be possible to compile certain parts. Plus even if you could it would take hours if not days to go through the process.
2) I don't see how this will let anyone find any obvious flaws, microsoft have software that does this all the time. I'm not saying its not a security risk but its not as simple as the journalists make out - as always.
3) This exact same scare happened about 7 years ago, I remember they were selling the source to NT4 at a local market on CD, doubt it was the real source code."
there might be patent issues, but i think they list those one the software or license somewhere. my understanding of trade secrets is that it is their reponsibility to maintain a the secret. and if this is *really* source code for nt4/win2k, it's not a secret anymore.
eric
We have all heard the story of it being towed back to port.
h tml
Many have heard the story, few have heard the truth. After all the early speculation (termed used by publisher who broke the story and later distanced themselves from it) by shoreside Unix advocates someone eventually talked to the Chief Engineer on board at the time and the software developer who wrote the code. They said it was not WinNT. If the OS had been Linux the ship would have been just as dead in the water. A naive server app corrupted it's own database and naive client apps (the infamous "LAN consoles" that crashed) needed that database to function properly and to operate equipment. In any case:
http://www.sciam.com/1998/1198issue/1198techbus2.
"Others insist that NT was not the culprit. According to Lieutenant Commander Roderick Fraser, who was the chief engineer on board the ship at the time of the incident, the fault was with certain applications that were developed by CAE Electronics in Leesburg, Va. As Harvey McKelvey, former director of navy programs for CAE, admits, "If you want to put a stick in anybody's eye, it should be in ours." But McKelvey adds that the crash would not have happened if the navy had been using a production version of the CAE software, which he asserts has safeguards to prevent the type of failure that occurred."
No. If the Wine folks look at the actual Windows source code, they aren't reverse engineering any more, they're copying, which is illegal
I'm tired of this b.s. Since when has looking at something been equated to copying it? Copying is copying. Looking is looking. However, obtaining the code is probably a copyright violation. After all, this post is not a copy of your post. It was inspired by it, I looked at your post, I legally cited your post, but I did not give you the rights to my post by doing so, nor can you force me to remove my post.
"There is no available source code! Only a heathen would suggest such a crime. Microsoft has an excellent security track record. Those are features, not bugs! The heathen apple and linux communities are spreading lies, it is all lies."
The front page there reads: "SLASHDOTTED TO HELL" in a nice, bold font.
Roses are #FF0000, violets are #0000FF, all my base are belong to you
The 3 current articles at the top of Slashdot...
Windows 2000 & Windows NT 4 Source Code Leaks
Is Open Source Fertile Ground for Foul Play?
New Worms Feed on MyDoom Infections
It struck me as funny.
Mod "Overrated" instead of replying "I disagree with you," you coward.
I found some of the file headers of particular interest:
Copyright 1984 Apple Computer, Cupertino, CA
Together, we will drive the rats from the tundra.
Oh, come on, get real! You miss one very important point in your comment...
The source code to SAMBA is Open Source!
This means that MS have probably got a few copies of Samba themselves already and were there any licensed MS code in it, you can rest assured the Microsoft would have sent their lawyers over long before now.
Just accept that the Samba guys are a pretty neat bunch of programmers that have genuinely backwards engineered Samba from the word go - it's the likeliest and most realistic conclusion to draw.
Gentoo Linux - another day, another USE flag.
There have been articles on the web describing alot of their NT build process. They do use command line builds. They originally wrote a custom version control system, but now use something else (not Visual Source Safe, I think perforce, or perhaps they created anotehr system). I believe, if memory serves, that they had a custom make tool, but they may now use nmake, which is the make tool that's distributed with their commerical dev tools.
I recall the article did mention the use of perl for parts of the custom build scripts.
As a long time windows programmer, frankly, this stuff looks made up. Clever, amusing, but ultimately it seems like a hoax. If this is all the proof we have, then I'm afraid it's a bit pathetic!
Also there appear to be duplicate headers, repeated in various directories that I'm almost positive would end up screwing the compile process in a real build. Also, another thing is that, if their distributed files with VC6/7 are indicative of their internal naming, they stick to a strict 8.3 naming scheme, and make note of this in their documentation (don't remember *where* it was that I read it, but it was MS docs, and I remember being surprised by it). Another thing, again assuming that the files distributed with VC6/7 are a good model, their files tend to be all UPPERCASE! For example, here's a listing from their includes in for VC6:
-rwx------+ 1 Administ None 21912 Apr 24 1998 ACCCTRL.H
-rwx------+ 1 Administ None 27863 Apr 24 1998 ACLAPI.H
-rwx------+ 1 Administ None 3735 Apr 24 1998 ACLCLS.H
-rwx------+ 1 Administ None 747 Apr 24 1998 ACLSID.H
-rwx------+ 1 Administ None 269 Apr 24 1998 ACSMGTC.H
-rwx------+ 1 Administ None 267 Apr 24 1998 ACSSVCC.H
-rwx------+ 1 Administ None 833 Apr 24 1998 ACTIVECF.H
-rwx------+ 1 Administ None 1111 Apr 24 1998 ACTIVEDS.H
-rwx------+ 1 Administ None 39805 Apr 24 1998 ACTIVEX.MAK
-rwx------+ 1 Administ None 3794 Apr 24 1998 ACTIVEX.RCV
-rwx------+ 1 Administ None 2053 Apr 24 1998 ACTIVEX.VER
-rwx------+ 1 Administ None 68013 Apr 24 1998 ACTIVSCP.H
-rwx------+ 1 Administ None 17845 Apr 24 1998 ACTIVSCP.IDL
-rwx------+ 1 Administ None 3402 Apr 24 1998 ADDRLKUP.H
-rwx------+ 1 Administ None 18946 Apr 24 1998 ADMEX.H
-rwx------+ 1 Administ None 10051 Apr 24 1998 ADMINEXT.H
-rwx------+ 1 Administ None 2827 May 31 1998 ADOID.H
-rwx------+ 1 Administ None 343678 Jun 19 1998 ADOINT.H
-rwx------+ 1 Administ None 135222 Jun 2 1998 ADOMD.H
-rwx------+ 1 Administ None 14127 May 31 1998 ADOMD.IDL
-rwx------+ 1 Administ None 5083 Apr 24 1998 ADPTIF.H
-rwx------+ 1 Administ None 1133 Apr 24 1998 ADS.ODL
Shouldn't that be -x86?
Ok, probably wasting three karma here, but ++parent
The contention is that you would have a dickens of a time proving in court that you were not directly influenced or did not directly copy the copyright work. Do you have the financial security to take this through the courts and win? No? Then, keep your nose clean. If you don't want to stink, don't go near the shit.
I understand what you're saying, but it's best to steer far and wide and very clear of it. Treat it like nuclear waste. You don't even look at it no one can try to taint you.
10328 07-26-00 01:41 win2k/private/genx/shell/gnumakefile e mli on of problems in stress.emle
0 11-18-01 14:23 win2k/private/genx/windows/inc/mobileq-apache.eml
0 11-18-01 14:23 win2k/private/genx/letter to children - 2.eml (*)
0 11-18-01 14:23 win2k/private/inet/mshtml/btools/bin/words of wisdom from dennis.eml
0 11-18-01 14:23 win2k/private/inet/mshtml/build/ppcmac/ship/unix.
0 11-18-01 14:23 win2k/private/inet/mshtml/build/ppcmac/documentat
506 07-26-00 02:12 win2k/private/inet/mshtml/gnumakefile
64276 07-26-00 02:13 win2k/private/inet/mshtml/tools/mips/utils/sed.ex
Plenty of gnumakefile entries throughout...
Also - directories for ppc / ppcmac / alpha / mips
Could this be OFFICE 2000 instead of Windows 2000?
* - WTF?
Clinton made me a Republican. Bush made me a Libertarian. Trump is making me question reality.
Forget your brand of "MS is doing it to get us on the sly".
How about:
MS took a calculated risk in allowing the Chinese government access to the code in order to secure more sales, and are now paying for it, because someone Freed Billy!
http://pcblues.com - Digits and Wood
There have always bin rumors that closed source Microsoft applications have leaked to terrorists or the Russian mob.
Thinking about it, an OS used often to hold and guard highly sensitive information wordwide is almost certain to get its source stolen, if not by terrorists so by intellegence organizations round the world.
But it could have bin much worse. Imagine a not too distant future world where access to documents software etc is controlled by DRM technology. In such a world, there would be little incentive for sofware companies to spend R&D money on securing their systems apart from what DRM offers.
Imagine what damages we could get if cryptography keys to such systems fell into the wrong hands.
Even if such keys would be handled by a lot fewer persons than the windows source code, there is no guarntee that they will not be persuaded to reveal their secret.
God is REAL! Unless explicitly declared INTEGER
Maybe seeing how Valve can put the Half Life 2 release date back a few months due to their leak may have given Microsoft an excuse to delay Longhorn a little further ;)
/usr/src/linux (captivating stuff, gripping plot).
Yes I understand the consequences etc, I wanna grow up and be a respected open source coder (and get paid to go to conferences). If I wanna read source, I'll read
~Duane
The beatings will continue until morale improves.
Don't worry... We're safe. MS can't prove what you're downloading, because no one there can open a tar.bz2!
TAR!? BZ2?! What the hell? That's not ZIP!!!!
A friend and his associate left a previous employer to form a start-up. They began work on a product, much like the one their former employer was developing. Though my friend largely contributed the code and many fixes to his associates code, the project died when the former employer had detectives raid the associates house. The former employer claimed they were copying the firmware, though my friend had mostly written it. However, an old code listing was found in his associates house after they had both vehemently denied copying any code from their former employer. In light of the discovery, the issue of stole-did not steal became a moot point, as they would need a company of lawyers, time and lots of money to defend themselves. If he had tossed all prior employer related junk from his home office, the burden would have been much greater on the former employer. Having some code at home which looked suspiciously like product code (particularly to the untrained eye) killed their start-up and put the associate in jail.
A feeling of having made the same mistake before: Deja Foobar
Its been a couple years, but I have seen the real source code for windows NT. All I have seen so far here is a file list, but I can say these things about it:
1) I cannot confirm that this is a legitimate file list.
2) I can confirm that every tree and file I am specifically aware of is missing.
3) This is definetely not the entire source tree.
4) There are many dubious file names such as "words of wisdom from dennis.eml
", zero length, and "gnumakefile" that definetely appear out of place.
My guess is that someone has taken some licenced source code and "sexed it up" to troll internet.
I can't vouch for the reputation of the site (I've never come across it), but at the moment this is the only other site that appears to have any report on the source leak:
http://itvibe.com/default.aspx?NewsID=1283
My lack of God, it's Trotsky!
Someone who wants to take the risk of tainting themselves (in OH so many ways) by looking at Windows code should probably do a full analysis in order to locate GPL violations, if any.
Worse still - if you work on any Open Source project, and you look at Microsoft Source code. . . DO NOT COPY IT!!!
We like Linux as it is. Reliable, stable, and fast. Copying Microsoft code in would jeopardize that. Never mind the IP issues. . .
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
This is probably old hat now, but....
Real men don't do backups, they just pack their files into windows_2000_source_code.zip and post them to their website.... with torrent links...
Speaking of "a world of hurt," wouldn't the general reaction to a leak of this kind cause a precipitous fall(big or small) in Microsoft's stock? If was an investor, I would totally short the stock right now, since there will probably be some crazy reaction at just the hint of a leak...probably because people will think it's a bigger deal than it will end up being.
It looks as though at the end of the trading day, MSFT did lose some value. If not short it, then maybe sell it, if only to pick up some deals later...
Hrmph. I opened one of those files and all it said was:
-*- Any technology indistinguishable from magic is insufficiently advanced -*-
This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.
We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.
Please do not post any links/screenshots/hints or anything to do with the source code outbreak. Discussion is allowed but we will not condone people spreading this source code.
(The rest is just the comments, you know, crap like you get on /.)
So having said that, why does it surprise anyone that two identical lines (or whole procedures) of code end up in two different programs or operating systems? The code to control the hardware can only be written so many ways.
Besides, if the way all MS code acts is any indication of how it's written, the only place I can see it being of use is with virus/worm/trojan writers and geek comedy clubs.
Have you hugged your penguin today?
But, it only takes one person to look at the Windows source, then go do something vaguely similar in Linux (or any OSS project for that matter). The result would be devastating: Microsoft would litigate Linux to death.
As many have said, the principle behind these copyright suits is awful. Looking at code, then doing something somewhat similar (because of inspiration) should not be a copyright violation. But with Microsoft's legal and financial resources, the laws will "adapt" to what is most beneficial to them.
I can only echo what many other have said: for the sake of Linux and OSS in general, do not look at the Windows source!. That's a very conservative and overly-paranoid policy, but it's a invaluable measure for protection.
To me, general acceptance of open-source software is similar to political elections: every last spec of dirt is drug out and put under the spotlight. Any potential or suspect or even misunderstood characteristic is scrutinized, and the naysayers always manage to put a negative spin on it.
Open source only stands a chance if it can maintain the straight and narrow path... I hate to sound preachy, but any slight mishap, no matter how innocent or accidental, quickly turns into a major catastrophic disaster. There's just too much money and power interested in seeing OSS fail.
If code is made criminal, only criminals will have the code
Now that was a very satisfying cliche re-use. I hope it was an original cliche re-use.
BTW the server seems ve-wy slow to-day. I think we were just Farked.
"Will future ages believe that such stupid bigotry ever existed!" -- Ivanhoe
This is an attempt to corrupt your ability to write reliable code. It is the software equivalent of a Medusa. Once you've looked at it your mind will be agog to make blue screens. Do not look! For the love of Pete, DO NOT LOOK!!!!!
Windows viruses affect everyone. We all use the same Internet that slows down when the latest worm hits. Virus writers are scum, kill them all.
(2) Concerned individuals and companies can learn from those who look at the code just how BAD the vulnerabilities ARE.
Probably, but what can they do about it? It's Microsoft's IP, they can't fix it and just hand it back. Virus writers will probably write more worms, the Internet slows down, we all suffer (see 1).
This could very well accelerate migration away from Windows and towards other OS's which are secure despite having available source code.
Erm, Open Source software is quite happily gaining market share without the need for this, thank you very much. Up to now it's being doing so on the basis of being software that's as good as, or better than, what MS write. It has not needed any visibility of MS IP to do this.
I am certainly no MS fan but this theft is nothing more than someone somewhere wanting some kudos.
C'mon, people! The real fight is not having DRM pushed down our throats, not tearing apart MS's source code...
Gentoo Linux - another day, another USE flag.
... look at slashdot - it's being... slashdotted ...
Or must we say in this case: backslashdotted ?
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
Penguins spend their lives in the freezing cold fending off polar bears and rouge iceburgs and catching fish, they are totally used to it and even if a particular nasty polar bear comes around they can usually deal with it. If you release a home-trained hampster into that environment its just gonna die.
This comment does not represent the views or opinions of the user.
It has been reported that numerous patches have now been emailed to microsoft after the source code leaks of the previous hour. The quality of those patches has amazed Microsoft, which has with immediate effect fired most of its current employees and send out offer letters to the patch developers.
Inside sources also report that microsoft is also deliberating on firing all its employees and relying completely on the so-called underground community to maintain and develop new features of the Windows operating system. More on this as it comes.
What part of "being proved guilty beyond reasonable doubt" didn't you understand? It's the accuser's task to prove the accused party guilty, not the other way round.
It's 5:15PM. I got home from work 2 hours ago, and had a nap. It is a beautiful day outside, and the Windows source code has been leaked.
And I have 5 Moderator points.
Today -- today, life is good.
Re-read that quote; he's not denying anything about leaked source, he's denying that there have been any intrusions into Microsoft's software sources themselves. Not the same thing at all.
;-).
He's saying that the leaked code is the same as the code in their version control system
This is starting to sound like a Tolkien plot..
Beware the One tarball from the dark lord - it is highly corruptible and any OS coder who gazes at it is forever damned
You can't expect to wield supreme executive power, just because some watery tart threw a sword at you
Something people seem to be forgetting is the impact this could potentially have on the IT industry as a whole. Like them or not, Microsoft are a key player in this industry and if they suddenly take a fall many of us will be brought down with them.
A sudden loss of confidence in the Windows product could spell disaster for a wide range of occupations - imagine an IT-specific recession, resulting in enourmous layoffs and salary cuts.
The worst thing is that there is no way this can turn out to be good news. If it's true, we're in trouble. If it's false, then we're still going to see share prices slump (not just MSFT either), which impacts most of us.
Friday the 13th is always a pain in the neck.
I find this one refreshing...
/* You will be assimilated, suckers */
if (app.exename="NETSCAPE.EXE") system.sluggify();
And this one provides for the future...
if (site.url="www.google.com") {
browser.renderer.togglebuggyrenderer();
browser.fakepopup("www.msn.com");
}
I can't say anything about this one though:
if (user.status==PISSED_OFF)
prick.annoyingpopup("Hello, I noticed you are writing a letter")
Seriously, given the denounces of delayed APIs for Navigator, I wouldn't doubt the first one... could someone with the codes please grep for netscape.exe?
I've hacked Samba myself and I am 100% sure it's reversed engineered.... heh.
The point is now they can claim that they had potentially had access to their trade secret (not that they necessarily copied it verbatim). The can call all the work into question, and while it can be pretty thoroughly shown that this is not the case, it could take awhile to sort it and out and by then Samba could be tainted in the eyes of less savvy IT persons.
Not a great plan, IMHO, but quite possible. The same argument goes for Wine, but others had already brought that up.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
17 USC 101 defines a derivative work as:
That really cleared things up, didn't it?
But seriously, my point was that what the parent was stating as an absolute is actually untrue. You can be guilty of copyright infringement even if you dont "copy."
IAAL.
/.! You must be just some miserable karma whore... or then you just made a major typo and forgot the obligatory "N" and ",but".
My god, this is simply not possible - man, this is
Well, I believe the latter must be the case. Be more careful on your next post, OK?
“Wait for Hurd if you want something real” –Linus
Guys.. you have to realise, that 2 days ago, microsoft patched the biggest security hole EVER in xp.. they knew about this since july.. this is unexeptable.. rather than face the scorn on this issue, why not "accidenty" let a copy of source code get out.. this is much better than having millions of xp users mad at you.. and the publicity will be focused on this.
Michael Jordan http://www.needsahug.com/ Where everyone gets a hug.
Oops! You're right, of course. How embarassing.
Although, reading it again, I don't agree that "He's saying that the leaked code is the same as the code in their version control system". He's just saying that Microsoft's own copy hasn't been tampered with.
you're stealing sourcecode from the crippled children??
...I hear the source code to Linux gets leaked every other day!
http://miranda-icq.sourceforge.net/zeez-im/
Check out a report of how Zeez Universal IM System copied sections of the popular GPLed Miranda IM. Down to the label strings in places and a "blank"-ed GPL agreement dialog!
~fractal
"Wireless : LAN
2404 07-26-00 02:12 win2k/private/inet/mshtml/src/core/cdutil/gnumakef ile
200 GOSUB 38000 ; * Profit
What do you know about who reviews the windows code ?
Also, what assumptions are you making about the number of people, and their qualifications, that are reviewing OSS code ?
My opinions are my own, and do not necessarily represent those of my employer.
.... try this password: cia1234 or 1234nsa
...when hackers broke into Microsoft's corporate network. Google is your friend.
Even if it is the code, it appears to be seriously outdated in large parts. I grabbed the file list off of /. and did
cat files.txt | awk '{print $2}' | grep -E "01$
. This tells that the latest Code has been contributed in 2001! Well, the basics may be the same, but a lot of updates recently commited are not present in this code (again, if it is real).
I worked at MS on NT, and though it's been a few years, I can definately tell you there are "gnumakefile" files all over the place. It's the first thing any coder notices when they first look at the source, "Hey theres a Makefile, and a gnumakefile, what's the deal?"
If you'd really seen the source, you would have remembered that.
I already found a big security hole! Just commented out everything in file iexplorer.cc to fix it.
"There is no teacher but the enemy."-Mazer Rackham
Microsoft is sooooo obviously trying to pull an SCO here.
If you work on any Open Source project, DO NOT LOOK!
Whoops! I looked. And now it's clear why Microsoft bought a license from SCO.
All these headers start with "Copyright, AT&T" and "Copyright, Regents of the University of California". I wonder what that's all about.
(For the more literal-minded Slashdot readers: no I haven't really seen the code. This is a cheap jab at Microsoft, implying their code is derivative of unix and linux code,)
Opinions on the Twiddler2 hand-held keyboard?
Its a little long but here it is:
--------
#include "win31.h"
#include "win95.h"
#include "win98.h"
#include "workst~1.h"
#include "evenmore.h"
#include "oldstuff.h"
#include "billrulz.h"
#include "monopoly.h"
#define INSTALL = HARD
char make_prog_look_big[160000];
void main()
{
while(!CRASHED)
{
display_copyright_message();
display_bill_rules_message();
do_nothing_loop();
if (first_time_installation)
{
make_50_megabyte_swapfile();
do_nothing_loop();
totally_screw_up_HPFS_file_system();
search_and_destroy_the_rest_of_OS/2();
make_futile_attempt_to_damage_Linux();
disable_Netscape();
disable_RealPlayer();
disable_Lotus_Products();
hang_system();
}
write_something(anything);
display_copyright_message();
do_nothing_loop();
do_some_stuff();
if (still_not_crashed)
{
display_copyright_message();
do_nothing_loop();
basically_run_windows_3.1();
do_nothing_loop();
do_nothing_loop();
}
}
if (detect_cache())
disable_cache();
if (fast_cpu())
{
set_wait_states(lots);
set_mouse(speed, very_slow);
set_mouse(action, jumpy);
set_mouse(reaction, sometimes);
}
printf("Welcome to Windows 2000");
if (system_ok())
crash(to_dos_prompt)
else
system_memory = open("a:\swp0001.swp", O_CREATE);
while(something)
{
sleep(5);
get_user_input();
sleep(5);
act_on_user_input();
sleep(5);
}
create_general_protection_fault();
}
> Windows 2000 and Windows NT source code has been leaked to the internet.
Emergencies crews are working around the clock to clean up the most toxic leak since Exxon Valdez!
- For the complete works of Shakespeare: cat
Why this is perceived as such a security threat to Microsoft, when it's not for Linux?
100% compatibility with all Windows programs.
"Don't ask us how we did it!!!"
This slide indicates the full source is 50gb and took a week to setup and 2 hours a day to update.
.c files. Multiply that by 10x and it's not even half an ISO image.
The weird thing about that slide is that it indicates that the project is "29M LOC". Now, by my math, that indicates about 1,700 bytes of storage used per line of code. There has to be something artificially inflating the size, or decreasing the LOC. I mean, even assuming 170 character lines, that works out to 10 lines of comments for every line of code. I wonder if the 50GB refers to the size of the multi-version repository, or to just a single check out?
Either way, if the LOC is 6M for NT and 29M for 2K (numbers taken from the slides you linked), I can easily imagine it all fitting into a net-friendly sized zip file. Hell, my 2.4.23 tarball is about 29MB and has 3.6M lines (including comments) in the
or other released code. It should be possible to triangulate the source against existing released software, so at least we can know what exactly it is and whether this is a hoax or not.
and you didnt even use a link
You can see it here: here
;-) :-D
I didn't point you to it
Funny how different two companies feel about source code. Apple has somewhat embraced the open source model, contributing to KHTML, and using many other open source projects. While Microsoft has shunned them all.
Sorry, no typo. I'm really bad at detecting sarcasm but I think I got your meaning.
Hopefully the developers of Wine can use this to improve their product! Damn... imagine it actually working for the majority of Windows apps/games!!
*That* would be something to make people start using Linux as a desktop!
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
He's correct. The tree is forked as needed for future versions. Heck, you can search through the asm files and still find ones with David Cutler's name in them that haven't been changed since he wrote them.
This space for rent.
>I respect your integrity, but as far as I'm concerned MS is a pretty sleezy company so I'm not gonna shed any tears for them.
Its about not stooping to their level.
The main drivers of OpenSource are those which just program and share, not those that fight dirty/go on illogical and embarassing rants.
Look at SCO. I assume that there are many fine people there, but how do you view the company as a whole? After this SCO vs. IBM thing is over, what is your impression of them?
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
This is extremely good advice. I would go even further and say that if you would ever like to work on an open source project, don't look. The presence on a project of a person who had seen the Windows source could put the entire project at risk.
For a very practical example, consider Samba. If a person who had seen the Windows source were to contribute to Samba and it were later to come to light that the contributor had seen the Windows source, in the name of safety every piece of code that person contributed would have to be ripped out and replaced. Worse, to guarantee that there was no trace of taint, it would probably have to be replaced by people who had not only never been exposed to the Windows source, but who had also not seen the contributor's tainted code. In short, it would require the recruitment of people who had never worked on the project before, or even read the source. Finding those people would not be easy, to say nothing of the time and credibility that would be lost.
For that matter, even if you have legally seen the Windows source because Microsoft has provided it to your employer under their shared source program, the same taint would follow you. If your employer has access to Windows source and your job does not require you to see that source, do yourself a favor: don't look.
If you look at the Windows source, you at the least taint yourself WRT working on any project aimed at interoperability with Windows, and quite possibly on a much wider variety of projects than that.
In short, JUST SAY NO.
In this case the point should be that people who bought into the MS security concept will feel screwed. The ones on other systems will be able to do their business as usual while crazed windows admins run around firefighting for their lives.
I cant imagine how this could have a bad effect on linux at all. A big boost for ABM and the industry as a whole would survive just fine without MS. It isnt like MS has really truly made something significant other than piggybacking and marketing.
HTTP/1.1 400
http://www.sysinternals.com/ntw2k/info/xpsrctree.s html
full source tree is free, and generatable from the debug/dlls etc....
enjoy.
yes this is 100% legal
Liberty freedom are no1, not dicks in suits.
Does it say something about me that I'm more interested and excited about this than any news story that I've read in the last year? (Janet's tit included.)
$geek++;
Don't Panic!
I know they have at least the TCP/IP stack from BSD. I would be interested to see if the copyright comments are still on the files.
"The rumor regarding the availability of Windows source code is based on the speculation of an individual who saw a small section of un-identified code and thought it looked like Windows code. Microsoft is looking into this as a matter of due diligence," a company spokesman said. "If a small section of Windows source code were to be available, it would be a matter of intellectual property rights rather than security." - from Eweek.
Also see ZDNet, InternetNews and Google News
When I go out in the sun, I wear sunscreen and although I'm fairly pale, I probably won't get burned too badly. If someone goes outside with a T-shirt and shorts for the first time in their life (say a 25-year old), they'll probably get burned fairly badly (unless they wear a lot of sunscreen or aren't out for long).
Linux and other open source OS have had people looking at them for a long time. The people looking at the source of Linux are less likely to be a monoculture than the people at MS who are hired to look over software. In addition (uninformed speculation) more of the Linux people may have been black hats once - the less ordered (as in cubicle order rather than procedure order) system may be more amenable to some who fit a less monolithic background. Linux is thus likely to have been looked at by people who might once have looked to hack it and by people with a wider variety of skill sets. MS knows a lot about software, but their diversity in software knowledge and opinion is likely smaller than that of either their user set or of that of white hat hackers.
The other factor is that having the MS source without a licence is illegal - thus the people who are most likely to take advantage of the availability of the source are people without much respect for the license in the first place - black hats. Linux source can be viewed legally, and so is just as likely to be looked over by white hats as black hats (probably more likely, because of the population ratio of BH and WH).
In one of the Clancy books (I think "Debt of Honor"), he talked about secrecy being good for hiding information that someone doesn't want you to know - but that when it broke, the news would be much worse for that someone, and harder to control. That seems applicable here - only the news is directed almost exclusively to those who would do them harm.
If you considere 300GB the amount of data in the sourcetree after a debug/profiling compile
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
Topic of #windows: http://www.windorks.com | We don't care about "the leak," don't ask us about "the leak," and we will not give you voice.
Topic of #phrack: "wake me when they find the code that lets the FBI in"
Torrent here.
I was offered a copy of the NT4 source code a couple of years ago. I didn't want to pay for about 60 CDR's and for someones time burning them since I'm not paticularly interested in it. About 30 CD's for original NT source and another 30 for the service packs IIRC.
The source code for MS-DOS 6.0 can be found on the usuall filesharing networks and has a few amusing comments in it.
http://www.internetnews.com/ent-news/article.php/3 312451
r ol eak_1.html
. as p
http://zdnet.com.com/2100-1104_2-5158496.html
http://www.infoworld.com/article/04/02/12/HNmic
http://www.eweek.com/article2/0,4149,1526390,00
My guess, this is some of the source released to academic institutions for study. Lots of universities have access to a small portion of the windows source code, for use in various computer labs, and to create interoperable code. It comes on a single CD, and is not difficult to obtain.
.eml files be links to the original file? .eml files, like tcp-ip tutorial.eml. Would there really need to be a tutorial like this spread everywhere?
/. doing the trolling, this will probably hit the major news outlets tomorrow. No doubt, they will only quote the most pandering media whores around, to sensationalise the story. Any bets several major stories will point to /. as a culprit, or as a den of criminal hackers?
/.
I've studied one small section of M$'s source code, a single network module appearing in both NT4 and NT5.0, under NDA of course. I don't see it here. There are a lot of things I don't see here, and I'm still going through the tree. There are some things here that are clearly part of windoze, such as the source to regedit.
Some other things that make me suspicious this isn't all the source code:
1) lots of 0 length files, could all those
2) the win2k source just happens to total 658MBytes, about the size of a CD
3) there are a number of 0 length files of people's names with the letters CV next to them. cv - vered mazafi.eml, ronen-cv.eml
4) all through the file listing are repeats of
I think this is just a student prank, being trolled out of proportion. It's not just
the AC
I can't believe I'm admitting to extensive knowlege of windoze on
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
1. Get the OS to compile and boot.
2. Reproduce windows bugs.
3. Fix bugs faster the MS does.
[...]
6. Profit!
Yankee Group senior analyst (sic) Laura Didio has these alarming thoughts on internetnews.com about who might now be able to get their hands on the Windows source:
So Microsoft is the defender of truth and justice in the free world, and OSS hackers are like suicide car bombers?
She then went on to warn of the dangers of hackers using the several hundred megabytes worth of leaked source code to compile their own pirated copies of Windows 2000. What a dumbass.
And what exactly is a "tinker", anyway?
As subject, this torrent is actually the linux kernel ver 2.6.2!
" To steal ideas from one person is plagiarism; to steal from many is research. "
Also there appear to be duplicate headers, repeated in various directories that I'm almost positive would end up screwing the compile process in a real build. Also, another thing is that, if their distributed files with VC6/7 are indicative of their internal naming, they stick to a strict 8.3 naming scheme, and make note of this in their documentation (don't remember *where* it was that I read it, but it was MS docs, and I remember being surprised by it). Another thing, again assuming that the files distributed with VC6/7 are a good model, their files tend to be all UPPERCASE! For example, here's a listing from their includes in for VC6:
1. Filenames can be shared in different folders with no issue. No problem whatsoever.
2. 8.3 filenames are *only* needed for ISO9660 CDRs. The source tree uses whatever filenames people want.
Coming soon - pyrogyra
Linux 2.6.2...
har de har dar. well, it does what it says on the tin.
I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
All anyone seems to be pointing to is the source tree listing in a text file. Wow.
Such a listing for XP has been available on the Sysinternals site for years:
XP Source Tree
Couldn't this give the Open Source community problems down the road? As in Windows code ending up in some Open Source project ? Just the accusation would cause problems.. Unlikely , but everything is possible.
-- TRUST ME! I KNOW WHAT I'M DOING!
8.3 filenames are *only* needed for ISO9660 CDRs. The source tree uses whatever filenames people want. No, my understanding was that it was microsoft policy to use 8.3 naming because of backward compatibility (with older filesystems, i.e. Win 3.1, DOS, etc). Any of the released code with VC6 (and I think VC7) is 8.3. And I remember reading them suggesting that people follow this as well, for their own code.
SCO's actions are based on a company with little revenue, little cash, and nothing to lose. Microsoft has everything to lose. Say what you will about Microsoft, but they didn't get to where they are today with silly moves like that.
Laura Didio: aka the SCO queen and her take on this development!!
"Up until now it was more like the 70/30 rule, where 70 percent of the threats are bogus. Now it's more like 50/50," Didio said. "With the open source community, there are a large percentage of tinkers and 'ankle biters' who are trying their hand at hacking. Some are even communicating with each other. So it only takes one or two of these groups sharing information to be able to pull something off. When you have this type of passion, it's hard to fight because these people are like virtual suicide car bombers."
Please, don't slander BSD and research UNIX. That's just not right.
by a 500LB gorilla.
It has nothing to do with morals. It's self preservation.
Most companies don't have the resources to kick the crap out of warez distributors. MS isn't one of those companies.
Ben
Work Safe Porn
I think you people are going a little overboard. Windows source code isn't like a virus or something.
Wait a minute....
http://www.sschmidt.info/w2k_source.torrent
:-)
I haven't finished downloading this, but it's 200MB in size, has 944 peers!
The tracker is the same one you have listed:
http://alge.nlc.no:6969/announce
The hash is also the same.
true, its leaked constantly but sco is the only company that is stealing it.
email her. The link's on the story page (don't quite know where, 'cause I'm using lynx right now). Tell her nicely where she fucked up.
Don't just sit here and bitch on Slashdot...
If you believe in Open Source or Free Software then you should believe in copyright. If you find a GPL code in use in a closed project, then you should report it to FSF. If you find Windows code in the wild then you should report it to Microsoft. It's their code and consequently they should and do control who gets to see the code.
That said, I would desperately like MS to release the code under an open-source, but closed-project style licence; that is, the code belongs to them, and for any derivative code MS is automatically granted a licence to to sublicence and do whatever they wish. It should not be permissible for the code to be included in another product without the explicit say so from MS. Microsoft could protect theselves financially by being the only source for binaries. BillG are you listening? Win2K, with open source could be sooooo good, and you would still make a stack of money. Plus you'd have a huge team looking at improving the software, for nothing.
It's worth a shot if the code has escaped. At worst you'll get a second product line.
From the article...
"
This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.
"
Devastating?? Devastating because of the possible worms, viruses that can araise from this?
Closed or open, a piece of software "should" be secure and clean regardless.. if it's devastating it just proves that MS creates shit, so the fact that a pro-windows site actually says that is sad.
[alk]
Guys...
I can't believe you haven't figured out what the EML files are yet.
Anyone remember NIMDA? The worm from 2002 I think? It had this exact same effect of sticking infected eml files all over your folders (by taking some names from your files, and others randomly). Opening those EML files or forwarding them would guarantee future and constant infection.
It's clearly evident that this machine was infected by nimda and got port-scanned and found. The rest of the code is probably going to come soon enough, unless MS already found out and pulled the plug.
By the way, alpha doesn't mean "Alpha Version" but the Alpha CPU made by DEC, now owned by Compaq.
i doubt that apple would react the same way if Aqua was leaked...
Thankyou all for participating in *the* troll of 2004.
Here's some facts about the zip file that's on the run:
The zip file is 208 mb (213 748 207 bytes)
All the files with the "letts to children.eml" etc names are _completely_ empty.
All files are commented, some are said to be public implention examples while others got "semi public" or no note of being pubblic in the headers.
It doesn't really have any comments with personal twists etc, just facts from what I observed this far.
It only includes the OS stuff (e.g. mplayer/iis/ie isn't there in full or at all)
Got questions, just ask.
So i have been reading /. and looking at examples of source code that have been cited and created on /. but i think this is the real code that was leaked.
http://www.spymac.com/gallery/show_photo.php?picid =80374&size=big
-- Ben --
If it's really 300gb and it really is floating around out there, then that is one hell of a demo
Rubbish. Definitely look - there's a lot of stuff you can learn from seeing the source that can't be traced back to your having seen it. Take wine, for example[0]: they're trying to implement a largely undocumented ABI. At the moment it's hard even to know what they have to code. If they look at the source they could see what functions they need to implement, how they need to work etc. Make basic notes, never look at the code again, go on holiday for a month, come back and write the missing bits semi-cleanly. They wouldn't need to copy any of the implementation (doing so would violate MS's copyright) but it would sure help to know what functions they needed to write (and I guess that would count as nothing more than utilising the widespread leaking of a former trade secret[1], which has no protection under law). The key point is, don't under any circumstances copy the code. And, if you do choose to look at the source, I suggest you get rid of it afterwards and don't tell anyone.
[0] I'm not suggesting for a second that the wine devs would look at the code, you understand: it's an example.
[1] If the leak is genuine, MS need have no doubt that this will be all over every p2p network in existence within an hour or so.
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
Comment removed based on user account deletion
That the article author describes it as potentially devestating and full of security risk with the source being leaked. And yet, look what that very same thing has done to the open source community. True, it probably is a very bad thing for windows security. Yet another reason to switch to another OS?
And as you obviously don't know anything [....] why the fuck did you open your stupid mouth anyway?
Ever notice it's always the Anonymous Cowards who are so vehement in their criticism? Always with the "you're stupid" and the Mr. Tough Guy expletives: "why the fuck...."
Yeah, yeah, I know, Mr. Anonymous Coward: you're powerful and famous, in your mother's basement.
Opinions on the Twiddler2 hand-held keyboard?
IT WAS LIBERATED!!!!!!
The "Insert Quote Here" line is almost as predictable as inserting an actual quote.
There are many more...! Everything from GNU is either GPL'd or LGPL'd, if it gets out M$ is going to be in a world of hurt!
From ZDnet: The 203MB file contains the code that appears to be from Microsoft's enterprise operating system, but the code is not complete, said Dragos Ruiu, a security consultant and the organiser of the CanSecWest security conference, who has examined the file listing. "It was on the peer-to-peer networks and IRC (Internet relay chat) today," Ruiu said. "Everybody has got it; it's widespread now." The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday would be only a fraction of the full code base--if it is authentic. http://www.zdnet.com.au/news/software/0,2000061733 ,39116114,00.htm
I read rotten.com, I think I'm about as fscking tainted as they come. It's absurd to think that there would be ground for a lawsuit against an open source project you worked on because you had at one point glossed over the NT kernel source or something. That's like homeopathics who believe that remedies should contain miniscule quantities of active ingredients. In fact, the "strongest" formulations usually contain not a single molecule of the substances in question. Zero parts per billion -- pure water.
I've seen the Windows CE source. Maybe I should never program again because MS could sue me! I think not.
PS No offence to homeopathics, I don't care what crazy shite you belive in.
-73, de n1ywb
www.n1ywb.com
We have identified over one million lines of our IP in Microsoft's source code. While I cannot share most of them because they are a trade secret, here are three of the most glaring examples:
#include
for( ; ; )
if(!stop) {
Many of these lines have been copied verbatim several thousand times. We do not want to, but are forced to sue Microsoft for unlicensed use of our intellectual property.
We will institute a licensing program called gplSource which will allow Windows users to obtain the legal rights to use our IP. This cost will be significantly discounted to early adopters.
Already at least three Fortune 500 companies have seen the validity of our claims and have paid these fees on a per-CPU basis to continue using Windows. While we cannot divulge their names, they do exist. Really!
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
It's amazing how the "informed" slashdot crowd falls for a story like this. I think Neowin wanted to test their infrastructure so they trolled /.
On the other hand though, until now we have no way of knowing if a contributor has seen the M$ source, and is feeding it in to open source projects, trojan horse style. If this is true, we could do a proper audit ourselves, and rewrite anything that needs to be.
Think it absurd if you want; the law certainly allows for it. It works like this:
1) You see some proprietary source, either legally or otherwise;
2) You later work on some open source project;
3) The copyright holder of the proprietary source in 1) looks at the open source project and decides that some sections of the code look strikingly similar to their own code. They further discover that you wrote or contributed to those sections. They call their lawyer. Now, it may well be a combination of "coincidence plus a limited number of ways to do X" that caused the similarity, but you're going to have to convince a judge and/or jury of that. The other side will have to convince them that you copied it. They've got the striking similarity plus the fact that you've seen their source. What have you got?
Now, since you've seen the Windows CE source, why don't you ask the Samba project if you can join, and tell them you've seen MS source code (whether legally or not doesn't matter; seeing it is all that matters) and see if they will take you on as a developer.
I bet they won't.
we are a bit early for April Fools ?
In short, JUST SAY NO.
::: dramatic silence :::
::: cue dramatic music :::
Father: Where did you learn to do this? Tell me, where?!
Kid: I learned it from you, dad! I learned it from you!
MS's game department isn't what brings in all the money. It's their Windows and Office products that make the money.
They can grin a bear it when some games are pirated. Why do you think they (try to) crush companies that make mod chips for the XBox? Some things are more important.
And this is the source code to Windows. This is NOT just another product.
Anyone who dares to host it will be sat on until they are dead. Hell hath no fury.
Claiming this is just another product shows your definit lack of ability to comprehend the scope of this leak and the importance of it to MS's bottom line.
The legal costs required to shut down warez sites over a game generally are more than the amount of the losses. The legal costs required to crush the fools who dare to host the Windows source comes nowhere near the potential losses due to the leak.
Ben
Work Safe Porn
"Microsoft Corp. on Thursday confirmed that the source code for its Windows 2000 operating system has been leaked, a security breach that could give hackers important intelligence about how to exploit flaws in software run by most of the world's computers.
A Microsoft spokeswoman said someone had illegally posted incomplete portions of Windows 2000 on the Internet."
"After three days without programming, life becomes meaningless." - Tao of Programming
It's now all over online news..
l eak_1.html 3 312451 9 41292.htm i onprint/021204cccanatmicrosoft.149f2b31.html s &file=article&sid=671 n t/0,289142,sid1_gci950346,00.html
http://www.infoworld.com/article/04/02/12/HNmicro
http://www.ebcvg.com/news.php?id=1903
http://arstechnica.com/news/posts/1076628412.html
http://www.internetnews.com/ent-news/article.php/
http://www.sunherald.com/mld/sunherald/business/7
http://www.wvec.com/sharedcontent/nationworld/nat
http://www.komotv.com/stories/29778.htm
http://www.cryptonomicon.net/modules.php?name=New
http://www.dvhardware.net/article2423.html
http://searchwin2000.techtarget.com/originalConte
[alk]
No, my understanding was that it was microsoft policy to use 8.3 naming because of backward compatibility (with older filesystems, i.e. Win 3.1, DOS, etc). Any of the released code with VC6 (and I think VC7) is 8.3. And I remember reading them suggesting that people follow this as well, for their own code.
Having worked at Microsoft, I beg to differ. Source filenames are whatever you want. Files which have to be distributed externally are 8.3 because of ISO9660 (and a slight efficiency increase on VFAT systems). But files used internally? That's personal preference.
Coming soon - pyrogyra
Microsoft has confirmed the leak.... According to the Associated Press in this article http://www.sunherald.com/mld/sunherald/business/79 41292.htm
Microsoft Corp. said late Thursday that portions of its Windows source code - the tightly guarded blueprints of its dominant operating system - had been leaked over the Internet.
Microsoft spokesman Tom Pilla said in an interview with The Associated Press that some incomplete portions of the Windows 2000 and Windows NT4 source code had been "illegally made available on the Internet."
"Slashdot...let's see...NASA...the FCC...Windows source code leaked?!"
[click]
A fatal exception OE has occured at 0028:C001539A. The current application will be terminated.
"...what the hell?"
( meanwhile, deep inside Windows... )
if( sourceLeaked == true && url = "slashdot.org")
{
BSOD();
SendEmail( "bgates@microsoft.com", "IP of teh L1n|_|x haxx0r: "+userIP );
}
MS has confirmed that the code is real. Story here (washington post).
Microsoft Confirms Windows Code Leak
---
Microsoft Corp. on Thursday confirmed that the source code for two versions of its Windows operating system has been leaked, a security breach that could give hackers important intelligence about how to exploit flaws in software run by most of the world's computers.
"Today we became aware that incomplete portions of Windows 2000 and NT 4.0 source code was illegally made available on the Internet," said Microsoft spokesman Tom Pilla. "It's illegal for third parties to post Microsoft source code and we take that activity very seriously."
Pilla said the company does not know how much of the operating system code was compromised, but he said Microsoft believes it was not a complete version of either operating system.
There was no indication that the code was stolen through a breach of Microsoft's internal network, Pilla said. He said the FBI is investigating the matter.
Computer security experts said the release of Windows source code could pose a significant threat to Internet security, depending on what portion of the code was leaked.
A leak of any portion of the Windows code "could dramatically increase the probability that new zero-day vulnerabilities will be found," said Alan Paller, director of research the SANS Institute, a security training group based in Bethesda, Md.
"Zero day" exploits are highly effective attacks that occur when hackers discover a way to exploit a security vulnerability before or at the same time as a software maker learns of the flaw. Attackers can then use this information to launch a virus or worm that exploits the security hole before a patch can be released to fix the problem.
Thor Larholm, senior security researcher at Newport Beach, Calif.-based PivX Solutions, said the Windows source code file being traded on the Internet appears to be roughly 660 megabytes in size, about the size of one CD-ROM's worth of data. That is far short of the estimated 40 gigabytes of data that makes up the entire 40 million lines of code in the Windows operating system.
Even a partial leak "is a potentially very serious problem for Microsoft," Larholm said. "Just look at the vulnerabilities that are discovered by people who didn't have access to the source code."
The origin of the leak is not currently known. The Redmond, Wash.-based software giant closely guards the computer code that comprises the company's operating system. But Microsoft does license portions of its programming code to security researchers and more than 50 universities under its "Shared Source Initiative."
Microsoft last year said it would began sharing complete copies of its source code with governments around the world that want to validate the security of the software before deploying it in national defense and other sensitive areas. Microsoft signed an agreement in 2003 that lets the Australian government inspect the source code of Windows 2000, Windows XP and Windows Server 2003. Other counties, including India, are exploring similar arrangements.
Unlike open-source software like the widely used Linux operating system, the code comprising Microsoft's Windows software is not open for public inspection. Linux users are encouraged to participate in an open, continuous cycle of modifications and upgrades that its proponents say results in systems that are more secure and reliable than those powered by proprietary code like Windows.
IIRC, isn't the xbox kernel and subsystem based on windows 2000? does that mean if kernel level vulnerabilities are discovered, the xbox is at as much risk as nt/2000/xp/2003?
I guess MS confirmed: http://www.msnbc.msn.com/id/4253584/ From the MSnbc website.
Without being arrogant in anyway, we really need to keep in mind we aren't looking at a mom and pop company here.
I highly doubt this will be the almighty downfall everyone thinks it is going to be. Try to keep in perspective that if this is true (and I have some pretty serious suspicions it isn't) if it costs MSFT $100 000 000, do you think they will even notice? Well maybe a bit but by fiscal 2005? I doubt it.
The source for NT will be useless for any kind of exploit in a year because support will be removed by then and the attitude in that end of the pool has been keep up or fall behind. And yes I do recognize the sickening number of them out there, I support the bloody things.
As for 2000, keep in mind that Linux may have 10 million developers constantly surveying the code on a part time basis, but they all have other jobs. MSFT has thousands of full time employees they can throw at one patch (in a pinch) that will deal with all of this.
Or maybe all the opportunists out there should look at it from a conspiracy theory point of view? Maybe they wanted this to happen.... (btw I love starting rumors) That oughtta keep people entertained for atleast a few terraflops.
In the long run it won't even phase them, and always remember that even if Linux/Unix/Novell(-laugh) ever wins out; they will then be the top dog and will subsequently be the center of scrutiny. Bias is based on prejudice, which is generally malfounded.
Remember....conspiracy theory....stay up all night tonight thinking about it....then show up late for work tomorrow...and get fired so you can work more open source code.
(btw the teeshirt and sunblock example was really shotty)
In the above mentioned link, the following "observation" is made:
"With the open source community, there are a large percentage of tinkers and 'ankle biters' who are trying their hand at hacking. Some are even communicating with each other. So it only takes one or two of these groups sharing information to be able to pull something off. When you have this type of passion, it's hard to fight because these people are like virtual suicide car bombers."
Interesting choice of comparisons, if you ask me.
Hmm. That's my tracker. And it's dead now. I probably should learn to not have a public tracker.. *sigh*
Anyway, at least 1000 people got it down, so it shouldn't be too hard for some of them to make a new torrent. But I'm definetly not going to host it anymore.
--
alge of flauna
http://alge.nlc.no/
ELWOOD: It's a 106 miles to Chicago, we've got a full tank of gas, half a pack of cigarettes, it's dark, and we're wearing sunglasses.
JAKE: Hit it.
ref: http://www.imdb.com/title/tt0080455/quotes
Furry cows moo and decompress.
\windows_2000_source_code\win2k\public\sdk\inc\icm .h /*++
// // Support for named color profiles //
// // Color spaces // // The following color spaces are supported. // Gray, RGB, CMYK, XYZ, Yxy, Lab, generic 3 channel color spaces where // the profiles defines how to interpret the 3 channels, named color spaces // which can either be indices into the space or have color names, and // multichannel spaces with 1 byte per channel upto MAX_COLOR_CHANNELS. //
// maximum number of HiFi color channels
Copyright (c) 1996-1999 Microsoft Corporation
Module Name:
icm.h
Abstract:
Public header file for Image Color Management
Revision History:
--*/
#ifndef _ICM_H_
#define _ICM_H_
#if _MSC_VER > 1000
#pragma once
#endif
#ifdef __cplusplus
extern "C" {
#endif
typedef char COLOR_NAME[32];
typedef COLOR_NAME *PCOLOR_NAME, *LPCOLOR_NAME;
typedef struct tagNAMED_PROFILE_INFO{
DWORD dwFlags;
DWORD dwCount;
DWORD dwCountDevCoordinates;
COLOR_NAME szPrefix;
COLOR_NAME szSuffix;
}NAMED_PROFILE_INFO;
typedef NAMED_PROFILE_INFO *PNAMED_PROFILE_INFO, *LPNAMED_PROFILE_INFO;
#define MAX_COLOR_CHANNELS 8
My favourite quote:
"But Microsoft's president and chief executive, Steve Ballmer, insisted they had not been able to tamper with any of the company's key programs."
I am pro-lifechoice.
On an article at internetnews.com there is a paragraph that says: "Up until now it was more like the 70/30 rule, where 70 percent of the threats are bogus. Now it's more like 50/50," Didio said. "With the open source community, there are a large percentage of tinkers and 'ankle biters' who are trying their hand at hacking. Some are even communicating with each other. So it only takes one or two of these groups sharing information to be able to pull something off. When you have this type of passion, it's hard to fight because these people are like virtual suicide car bombers."
If that's true, it's fairly interesting. Mainsoft makes cross-platform products to run Windows apps on Unix (and Linux), and Elaya Alaluf is their VP of Technology. Link Circumstantial evidence that the leak originated at mainsoft. (they could have been hacked from outside, of course.)
How about some rationality (and consistency) here guys. If simply being in the same room as a copy of the windows source code is sufficient to contaminate everything you write from that point on, then SCO is gonna win its court case for sure. After all the IBM AIX code it contributed to linux was written by people who had seen the SYS V source code. Yes?
$ grep -r -i fuck *x :fucks?sMxl impse_index:fucking?sMjl come/html/webapp.cpp: // HighContrast mode is turned on. This totally fucks our style sheet as most of it will/ shell/windbgrm .c: // The user fucked uph : * !!!!!!!!!!!!!!DOING SO FUCKS THE BUILD PROCESS!!!!!!!!!!!!!!!!n trol/midi/map.c: // !!!this is fucked if a map goes to multiple physical devices
bsc/.glimpse_index:fuck?sMP
bsc/.glimpse_inde
bsc/.glimpse_index:fucked?sM`
bsc/.g
private/shell/applets/we
private/shell/shell32/copy.c:// want to fuck with.
private/shell/shell32/util.cpp:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
private/shell/shell32/util.cpp:// around the fucking peice of shit compiler we pass the last param as an void *instead of a LPITEMIDLIST
private/shell/shell32/util.h:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
private/shell/shell32/util.h:// around the fucking peice of shit compiler we pass the last param as an LPVOID instead of a LPITEMIDLIST
private/windbg64/debugger/tl/remote
private/windows/media/avi/verinfo.16/verinfo.
private/windows/shell/co
See Shit.
See fan.
See shit hit fan.
Duck!
Unknown host pong.
What? No source code of Clippy? :(. I think I'll pass..
It seems like they've confirmed that indeed, part of the OS's have been leaked.
6 48-2004Feb12.html
source:
http://www.washingtonpost.com/wp-dyn/articles/A37
[alk]
Security bugs.. Nah...
_ 01.html
ORGANIZATION=Mainsoft Co. Ltd.
MAINSOFTLM_HOST=@xora /app-defaults
$ grep -r strcpy -i . | wc
10454 42054 1069145
Where it was ganked from:
There is a core dump file inside the windows 2000 (sp1) archive, it clearly shows that the source was stolen from a system at Mainsoft. The following url confirms that they did have access to the leaked code. http://mainsoft.com/news/press_releases/2000_3_22
The actual strings which confirm this:
PWD=/usr/ms/win2k_sp1/private/security/msv_sspi
DOMAIN=mainsoft.com
REPLYTO=eyala@mainsoft.com
MWBATCH_SERVER=lod:8000
MSOFTLM_HOST=@xor
XAPPLRESDIR=/il2/users/eyal
EDITOR=vi
BASE_LIBPATH=/usr/lib
A bit hypocritical for them to use autoconf and GNU style makefiles don't ya think?
The other thing is that MS would have to PROVE that you did see/use the source code. You can just say that you reverse engineered it.
Of course it is illegal to USE the source code. So if some wine guy goes and plops down a chunk of MS's source code into wine, then yes, that would be illegal. I am not sure if it would be illegal for some wine guy to look at the code and use some of that knowlege gained that is not under a patent in wine. Think about this. I can walk into a book store and read through a book. I can later write a book with that very same theme and I have not broken any copyright laws. What I cannot do is copy the book verbatim or distribute that as my own work.
I am under the impression that copyright laws do not prevent you from creating a work based on knowledge of another work. As long as you do not use the original work verbatim. I can go and create a movie called Planet Wars with a lead character named Duke SlyStalker based on a very similiar theme as Star Wars. I can write a book with a theme just like LOTR with trolls, hobbits, elves, dwarfs, etc. I can paint my own version of very famous paintings. I can make music that sounds like other popular music.
I don't see what legal case MS would have against someone who viewed their source code and made an application that used that knowledge, again, as long as their is not a patent covering what you are re-creating. The only way I can see MS having a legal case is if you signed an NDA with MS.
*Note*: I am not a lawyer and I can be completely wrong about copyright laws.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
Looking at the code and gaining some insite and knowledge to the inner workings of MS software, and using that knowledge to incorporate into your own product, may be illegal.
But, it happens all the time. ALL the time. You think the programmers at MS haven't poured through the Linux code? If what you say is correct, then Windows must be littered with Linux code just because they studied and learned something from it?
There's a line between reverse engineering and access to source code; but you're unlikely to prove something wasn't reverse engineered unless you copy and paste the code.
It may be unethical to use leaked MS code to improve your compatibility solutions, but with all the underhanded and generally nasty things corporations are doing, it's just more of the same..
And about your comment about the "IBM PC BIOS." Not even close. Proving that you copied a 256kbit bios is a lot easier then proving you used information learned from studying 50 lines of code out of 40GB...
Hey, I'm no saint in real life.. no need to be one online.
- It's not the Macs I hate. It's Digg users. -
I'm pretty sure those .eml files were generated by an Outlook virus that created random files all over the infected systems hard drive. I remember having to run 'find . -name "*.eml" -exec rm {} \;' on a samba share at work some months ago.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-U
Actually I would conjecture that it is highly derivative of VMS, rather than UNIX.
After all, why else would they they shift the VMS letters forward one to get WNT (Windows NT)?
-Bill
SlashSig Karma: Excellent (mostly affected by moderatio
So now both M$ AND Linux are open source, but Linux is profiting by it, and M$ is whining and crying about it. Bite back at the borg! You will be assimilated, too!
Always going forward, 'cause we can't find reverse.
Just wow. If the source code got leaked, Win2k will get exploited by...just holy jesus save us all. Seriously, the word "fuck" comes into my brain a million times over. Seriously, viruses much? Pron sites are going to have a field day spyware. Then of course you've got all of those shiney machines running embedded windows. The bar to hacking the planet has been lowered. Many good hackers like their steak n' potatoes and will not do anything real bad to screw up the net. But now if someone can get access to the win2k source code via p2p networks, holey moley. That script kitty with a little knowledge of whatever language windows is written in can really do some damage.
I mean, with linux there's a temptation but nobody runs it. With windows, everyone runs it.
Then you've got the consiracy theory: MS leaked it intentionally so they can get everyone to patch with their DRM system. Possible, but who's going to go after that when linux is here? DRM and years of MS abuse and domination, or a 1-time switch over with occasional retraining of employee's.
I mean, I like linux and all but this isn't the way to win at all. I thought we were going to slowly beat them back into submission and competition, not completly screw them and quite a few million over. Hell, I'm thinking of taking a few games and making some fakes on my boxen and getting guys to share MD5 hashes just to make them look more real.
Well, time to begin caching DNS entries to websites I use the most, and it may be high time to backup some of this data and close all the nat ports on my router just to be extra safe.
Talk about a digital pearl harbor, holey moley this isn't good.
Candy-Coated Knowledge
Looking through the file listing, I see no mention of NTFS (that's not in dead code) except for a few files dealing with ntfsrec. It appears that those files are the NTFS recognizer. Maybe NTFS wasn't included in this leak?
http://www.securityfocus.com/news/8037
This is not the first, nor the last time this will happen.
How many times will it take to make people aware of the fact that such immense reliability on closed-source DRM-esque code will cause problems. Such closed-source *cannot* be closed forever. The information will be spread, and security through secrecy cannot win.
In addition, the mob-law illustrated here by the internet is an interesting phenomena (by no means unique to this incident - except maybe in the irony). LIterally thousands of people already have a copy of multi-million dollar source for free. It is an interesting epitomization of how such digital knowledge cannot be legally protected. What will MS do, sue any IP that shows up in BitTorrent or eDonkey? If the internet wants it, some individual might pay a few months behind bars, but the internet will have it...
free-enterprise, and free-information...
No. If the Wine folks look at the actual Windows source code, they aren't reverse engineering any more, they're copying, which is illegal.
IANAL. You are wrong. Non-clean-room reverse engineering is not only legal but is done at many, many companies. There is *absolutely no constraint* to use a clean room in reverse engineering.
The first clean room reverse engineering that I'm aware of is Phoenix of IBM's BIOS. They had *no* legal requirement to clean-room reverse engineer the BIOS. If they wanted to, they could hire IBM BIOS engineers for the job. However, by doing a clean room implementation, they ensured that they had an counterargument to *any* potential IBM claims of infringement. Had they not have used a cleanroom tactic, they might have had to actually have folks look at the code and at what people were doing with the code if charged with infringement. While this can be useful -- it's an immediate shutdown to any argument IBM might raise about infringement in court, and the judge doesn't even need to see the code -- it is definitely not necessary. I can look at GPL code and use the same approach said code does as long as I am not copying code verbatim (note that changing variables or something is not sufficient -- the work must be done by you, not be a mangled version of the original).
That being said, WINE has long had a policy of *not* accepting access to Windows source code. They've had people with access to it volunteer to give them stuff in the past, and they want to do a pseudo-cleanroom approach, since it makes matters simple from a legal standpoint. WINE will probably continue to ignore the source (and the WINE maintainers now have to worry about people submitting WINE patches containing Windows source...they may require indemnification or God knows what).
From a security standpoint, this is an utter disaster to Microsoft. They haven't had the benefit of many eyes all these years, and now they have a fucking lot of malicious eyes, and ten years of holes to remove in a week or so before the nastier exploits come out. None of those eyes have any incentive to submit patches to Microsoft. There will be attacks on relatively hardened systems, too.
This is going to suck for friends and family that I have using Windows.
May we never see th
http://www.mainsoft.com/corporate/exec_profiles.ht ml
At the very bottom is the owner of the core file.
A friend took a look at their FTP server, looks like an unpatched wuftpd, gee, i wonder how they got in....
220 circle.mainsoft.com FTP server (Version wu-2.6.1(1) Thu Oct 12 09:06:04 PDT 2000) ready.
Yes, Microsoft is acknowledging the use of BSD licensed code. I don't know if they are doing it in the source code, but since they are putting copyright notices in the release notes for their software they probably have copyright notices in the source code too. Look at the copyright information on their page, they not only honor Berkeley but also a lot of other people that have been actively contributing to various BSD software such as Luigi Rizzo.
By the looks of all the empty .eml files, the source was obviously stolen from a guy hit by the nimda virus.
.eml files are a typical indication of a computer that was infected by nimda then cleaned. Unfortuantly, this guy forgot to disable sharing of his shares after cleaning up.
Empty
I.O.U One Sig.
I'm submitting patches to the 2.6 kernel for the blue screen of death. I'm hoping they make it in to the next release.
http://torrent.spyderlake.com/download.php?info_ha sh=f03fc1e04869294d5644d3c8c5d0fb8f2d26aa59
scripsit AstroDrabb:
IANAL either, but I've had to deal with copyright issues in academe. You cannot create a derivative work -- that is part of the copyright-holder's monopoly. You needn't use a single line of text verbatim for it to be considered a derivative work; a movie adaptation which mangles the plot and doesn't use any of a book's dialogue is still a derivative work. So would a translation into Mandarin or a children's version.
There are exceptions, I believe, for parody -- various Star Wars knockoffs (e.g., the Death Star Clerks animation) are apparently legal as parody. Otherwise, you can get into hot water with the kind of things you're talking about. You have to be able to convince a jury that your work is not derivative of the earlier copyrighted work or you are infringing.
The painting one is an interesting example, because most of the `famous' paintings one would be inclined to make works derivative of are not in copyright any more. And when it comes to music, pop all sounds alike anyway, so it would be pretty hard to argue that anything is derivative of anything else, unless it copied bars on end of melody or something.
Now, academic plagiarism and copyright infringement are not the same thing, but the rule-of-thumb I tell students about plagiarism still applies: If I read your work and I think ``Hmm, I've read this somewhere before,'' there's already a problem. There doesn't have to be verbatim copying of text. It might not be enough to convict, so to speak, but unwelcome attention has been drawn and a legal fight is a possibility.
In principio creauit Linus Linucem.
Notice how Neowin has - Exclusive in front of thier story. The associated press released this information a full 12 hours before Neowin got a hold of it.
No GNU has been Hurd during the making of this comment.
Stop and think about it. Regardless of whether or not the leak was intentional or not, it hurts us. If the code leak was deliberate, it was a brilliant move, strategically. It will hurt the open source community far, far more than it will hurt Microsoft. Infact, this is probably the biggest punch Microsoft has landed on the face of Linux. If it was unintentional, the net result is the same. Here's why.
Think of the leaking of the Win2K/NT source tree as a virus.
It's a virus designed to undermine the credibility of open-source community. It operates by exploiting two well-known vulnerabilities in open-source coders---Their curiosity, and their propensity for sharing. The dispersal of portions of the Win2K/NT source tree effectively taints the entire open source community's efforts to develop cleanly. Think about it. By leaking the code, every new OSS project that has anything even remotely to do with Windows interoperability can now be accused of having it's hand in an (at best) an unethical cookie jar. The folks who maintain Windows-interoperable projects now have to second-guess every new submission they recieve. Even worse, the availability of portions of the Win2K/NT source tree means the functional validity of all open source projects can now be called into question. Before, it was certain that any "feature" present in open-source software was the result of hard work, close observation, and the occasional dose of clever back-engineering.. Now that we can see over the fence, we can be accused of everything from violating Microsoft's intellectual property rights to wholesale misappropriation of entire blocks of Windows code.. Sort of makes SCO's accusations seem a little more well-grounded, doesn't it?
The sad thing is, the virus is having an easy time making the rounds, since theres nothing we can do to stop it. We cant become "less curious". We can't become "less industrious". The only way to avoid being under the cloud of suspicion is to stop developing alltogether. Just watch what happens. My guess is, by the end of this year, the trade rags are going to begin to equate open-source software with "questionable parentage".
This game is gonna get interesting in a hurry.
Bowie J. Poag
Viruses are well supported by their authors, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.
So, Windows is not a virus.
qntm.org
While it's not news that MS doesn't see that there might be any security threats towards Windows, should we read more into this:
e ch nologyNews&storyID=4351461
"One main risk in having source code exposed to the public is the possibility that hackers could break into computers running Windows NT or Windows 2000 and destroy or steal data.
"Although the company said that was unlikely, given the relatively small portion of code that had been circulating, a greater risk could come from others using the code as a base for developing software that competes with Windows."
http://www.reuters.com/newsArticle.jhtml?type=t
a lot longer: Freenet
I wonder how many people will start using freenet just to get the sources and not get tagged as "one that downloaded the sources".
For once the BBC carried a tech story on the main news which was reported as follows:
Source code for Windows NT and 2000 was leaked onto the internet. Microsoft fear that the source code being open to view could make it easy for haclkers to attack these systems
So there you have it. Source code readable by plebs = security risk, a statement that will reflect on FOSS in the minds of joe public if you tell them that the Open Source means readable source code.
Hmmmmmm....
Hmmmmmm..... Deep fried and look like Squirrel.
The best thing the community can do now - when the source has leaked - is to actually perform a peer review of the MS source code, and HELP MS close the security holes.
After all, we all do want a more secure internet, with less virii, worms and bugs. So why not help out?
I can't imagine what MS reaction would be if they actually started getting serious _help_ from the open source community, instead of the regular bashing.
And - it would be a Good Thing as well... Remember - it's Valentine's day tomorrow...
http://heim.ifi.uio.no/~mortehu/files.txt seems to show signs of a Nimda (or similar) virus infection. Look at the number of 0-byte sized email messages distributed in inappropriate places throughout the tree. If whatever machine this source was ripped from did indeed have a virus then no wonder it was leaked.
Heres a crazy idea. Perhaps...just perhaps this leak was somewhat of a test to see what would happen if Microsoft did go open-source. Perhaps they want to see if hackers will take the code and try and fix it or take the code and write better viruses. hmmmmm...or maybe they just pissed off an employee.
Hmmm, so Microsoft now believe they control the freedom of the press also?
Gentoo Linux - another day, another USE flag.
"The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday is only a fraction of the full code base." Security consultant Dragos Ruiu, as quoted at zdnet.
Can this be true? Can the Windows 2000 source code really be forty gig? What is he counting as source code?
My Linux 2.6.0 kernel source tree is 348M. Of course, Windows will have the GUI as part of their kernel source, but for X, that's just another 279M. Yeah, okay, so toss in the source for the MS equivalent of window managers, and perhaps some other utilities, but still...
Is 40 gig a reasonable estimate? Really?
Phiwum's law: anyone that names an obvious law after himself and then puts it in his own sig is just pathetic.
I've read in another thread that Microsoft released bogus files onto kazaa. I decided I'd try to get one of these bogus files and see what they were. I found a 100mb ZIP file which was obviously a fake, everything's saying it's zipped up to like 200mb and extracts to 600mb. Using my handy dandy "file" command I discovered it was an mp3. A 100mb MP3. I played it and it was some 3 hour long thing full of absolutely nothing. For those of you intrested, the filetype was: MP3, 80kBits, 22.05kHz, JStereo
http://illhostit.com/ - Webhosting
4667 *.c files. 5601 *.h files. 2255 *.cpp files. 26 *.hpp files. 1456 *.cxx files. 961 *.hxx files. 148
Lines of code:Some grepping..Bugs anyone?Curious; grepping for 'linux':'grep -r -i's with no results: GNU/Linux, GNU GPL. Bill Gates, Steve Ballmer,
From bugcheck.c, the code which makes the screen blue...
// make the screen blueN G_FILTER)NULL); // enable display string // set to use entire screen
if (InbvIsBootDriverInstalled()) {
InbvAcquireDisplayOwnership();
InbvResetDisplay();
InbvSolidColorFill(0,0,639,479,4);
InbvSetTextColor(15);
InbvInstallDisplayStringFilter((INBV_DISPLAY_STRI
InbvEnableDisplayString(TRUE);
InbvSetScrollRegion(0,0,639,479);
}
I.O.U One Sig.
So many people are talking about open source stuff that no one has looked at the obvious. Microsoft did this on purpose. Let the code conveniently get out onto the net and then let more and more security holes be found. Nice sales tactic to get everyone to move to Windows XP or Server 2003. Microsoft - "you know, if most of guys out there refuse to upgrade then we will give you real reason to upgrade, this is our new licensing plan." Reminds me of mechanics damaging cars themselves just to do repairs.
This shit is real.
Includes kernel stuff, crypto code(ouch!), architecture documents, some stuff that looks like internal emails but I can't get them to open(will work on that later)...
This is FUN!
Prediction: Windows marriage of Linux in China. We'll all be importing Chinese Winux in a few years.
If Linux developers in the USA use ideas from Chinese Winux they will not know about a possible relating Windows copyright?
Worse yet, the leak will probably reveal how unadvanced Windows really is. Aside from the blue screen and bloat technical people will have to actually compare the implementations of Windows versus Linux. Scheduler for instance! Windows books always say it was a round robin but maybe we find it is more timesharing like the 2.3 kernel.
Expect Freedom.
I agree that you should just say no. But what if someone who has no interest in working on Samba does something like figures out the MS impimentation of the SMB protocol and junk like WINS replication, then only publishes how the protocol works?
This is just a theory, but if the person who publishes it cannot be traced, and those who learn from the protocol specs never see the code, then I don't think there is much MS can do.
27117 07-26-00 22:00 win2k/private/ntos/w32/ntuser/kernel/security.c
:)
This file is the absolute strong evidence that Microsoft did increase the security in the Windows kernel.
Iraq: war to save the U
I couldn't help it...I just had to look. It was actually hundreds of thousands of goto statements...interspersed with:
while(1) fork();
to moderate efficiency.
I'm now blind (a la "don't look in the Ark of the Covenant")...and of course running from both SCO and MS.
The Reuter's article on Yahoo contains a number of inaccuracies that are clearly prejudicial, and are probably sourced within Microsoft.
It (the story) amounts to an obvious attempt to spin up a scenario that will lead ultimately to criminal prosectution of persons involved in Open Source. And the story being such an obvious attempt at spin doctoring could lead one to believe there is more going on here than one poorly written news story...
Apparently Gates & Co. have decided their civil case fronted by SCO is not quite strong enough, and are trying to establish criminal precedent in order that, whether the current SCO effort succeeds or fails, the next case will be criminal.
One could hope that the courts will develop enough tech skillz to determine that the line
showing up in both windoze and Linux code does not constitute proof of theft under some Gatesien system of jurisprudence ...
Examples of the (imo) prejudicial language in the story [emphasis mine]:
There is no evidence cited that the code is being "traded". It appears that it is being distributed, but I haven't seen any reports of it being exchanged for anything else. This is key, since the languaged used here implies a profit motive on the part of the alleged "traders"; necesary for the criminal prosectution because there is a need to establish that the code is worth a great deal...
This sounds like it came straight out of a Microsoft publicist. It is an emotional appeal statement, designed to imply a henious threat to the alleged victim, Microsoft (and by implication, SCO).
The statement is factually inaccurate, even as metaphore. Source code is a principle part of the products manufactured by most software companies, but expertise in the creation of source code is more properly the "lifeblood" of the company.
Of course, Microsoft is a bit challenged in the expertise dept, but that should be applied to "any software company"....
If it is indeed "illegal" for 3rd parties to post the sources, then why would the aforementioned "agreements" require threat of civil action? If it's illegal, there should be no need to lititgate. The threats would be of prosecution, not litigation.
Furthermore, the word "share" here is ridiculous. If you've ever looked at what it takes to get an NDA to look at M$ sources, there's no "sharing" to it. It's a business transaction, and it doesn't happen unless M$ gets the lions "share" of any potential benefit.
WTF? Well, admittedly I haven't written any "programs running on Windows" in quite a few years, but I no idea things had changed quite that much... [that's sarcasm in case you can't tell; the statement is just plain wrong]
"The Internet is made of cats."
http://www.microsoft.com/presspass/press/2004/Feb0 4/02-12windowssource.asp
REDMOND, Wash., Feb. 12, 2004 -- On Thursday, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. It's illegal for third parties to post Microsoft source code, and we take such activity very seriously.
We are currently investigating these postings and are working with the appropriate law-enforcement authorities.
At this point it does not appear that this is the result of any breach of Microsoft's corporate network or internal security.
At this time there is no known impact on customers. We will continue to monitor the situation.
Finally! The source code to Solitaire!
You create your own reality - Leave mine to me.
It is only garbage that has leaked, after all. It has no real value to anyone, although it may have a perceived value to the Convicted Monopolist and those unfortunates who have been misled by his marketing machine. In fact, like garbage, its real value, based on its cost less the cost of cleaning up after each problem with it, is negative. It has a negative environmental impact, just like what goes to incinerators and landfill sites. No doubt people are picking over it as I type, laughing at certain features, as they might find amusement in the contents of some rubbish bins.... The difference between this code and garbage is that garbage is the unusable left-overs from something inherently useful, or an unwanted byproduct of a useful process, unfortunately the Monopolist has not come up with the good part of which the garbage is the remnant......... (Unless of course it is the left-over garbage from Wordpad, which is of tolerable quality, but in that case the garbage outweighs the wanted product at least 10000:1, which must be the lowest yield in history.)
Surely, even SCO is more profitable to discuss that the trash of Redmond. At least SCO's OS (or what they claim is their's...) is fairly stable and secure.
Seriously though, I might even have a look myself when I find out where it is. Then I might go out and rummage in some bins....
I know what Wine is. You apparantly failed to see the pun that was intended here.
Calling atheism and agnosticism a religion is like calling bald a hair color.
LOL
/. is to be able to indulge my whims to engage in cheap shots :->
Oh, no question, the use of the dollar sign is a cheap shot. But, hey, at least a quarter of why I hang out at
Maybe my serious stuff would be read more if I were to adopt a more "proper" tone but after too many years in jacket and tie (or even suit-bound - blech!) in flourescent-lit office buildings, I just can't be bothered.
I mean, criminy, I've been in self-imposed exile from the land of corporate jobs and "serious" business prose for over three years now and have just come home from the mushiest, sappiest, flat out cutest Valentine's Day dinner of my life, part of which was spent discussing the implications of my swiftly growing business and my swiftly improving finances. So doggone it, the silly letter usages stay. The world will just have to survive the trauma of it all.
Down with propriety! Hail giggling and ditzy cheap shots!
Rustin
Data is the lever, rigor the fulcrum, brains the force that drives it all.