Slashdot Mirror
Microsoft Source Follow-Up
shystershep writes "It's official. Microsoft admits that 'portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet.' No more details, although it seems clear that it is only a portion of the code. Microsoft is, naturally, downplaying its impact, while everyone else is busy speculating about how serious this could get." A lot of you apparently haven't read yesterday's story. An investigation of the code is already underway.
The Winsock API is included in the leaked source that's something fantastic hahaha.
maybe open source developers get a chance to fix some bugs it may have ;)
"The quality of life is inversely proportional to the number of keys on your keyring."
The text of the statement:
Statement from Microsoft Regarding Illegal Posting of Windows Source Code
REDMOND, Wash., Feb. 12, 2004 -- On Thursday, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. It's illegal for third parties to post Microsoft source code, and we take such activity very seriously.
We are currently investigating these postings and are working with the appropriate law-enforcement authorities.
At this point it does not appear that this is the result of any breach of Microsoft's corporate network or internal security.
At this time there is no known impact on customers. We will continue to monitor the situation.
This is not part of my post. It's my signature. I bet you're disappointed.
There are a number of empty .eml files in the archive. While their FTP server looks like (didn't check) it is running a vulnerable version of wu-ftpd , it seems more likely Nimda got to them first.
I wonder what the final MS press release will name as the cause. "Evil Linux Hackers", perhaps?
Contact Me (got tired of viruses emailing me).
>>Microsoft is, naturally, downplaying its impact
Of couse they are. They don't want to admit that its 203MB of files, they will just say its a small fragment.
Makes me wonder about all the weird e-mail files in the zip though...
NeoThermic
Use my link above, or to view my server, NeoThermic.com
There is a utility "cb" for re-making C code which would have been good to use for Mainsoft if person there was trying to avoid identification!
Also probably cutting comments out.
Has anyone actually built this code? Will it actually be useful to anyone? I could see how having enough of the code available might allow someone to create a version of windows 2000 that would work with plex86, which would be exceptionally exciting. Just how much of the code is there anyway? It's reputedly a ~200MB archive which also contains assorted tools needed to compile from the source, so only so much of that can be code. 200MB of pure source code would seem like it was probably enough to assemble most or all of Windows from.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
So, does the leak coverage story mean no more Microsoft ads? Haven't seen one since the story broke and they've started to become a staple here.
EWeek is reporting that Mainsoft, a partner with Microsoft, is the source of the source code leak.
eWeek article mentions that leaked code was not traced to the Shared Source licensing program, because there were so many profanities in it.
I hope the guys who left the f-words in will get a promotion or something for aiding the investigation.
It will be interesting to see how Microsoft stock will react. Also, I wonder how this will affect MS's security patching process.
one world | many people
formerly long-time Redmond partner Mainsoft.
All the bugs will now be visible and accessible...
Maybe they will be forced to allow the "million eyeballs" to fix them.
Save Yourselves! GPL the code...
Hm. I bet Andrew Morton has better things to do then trawl through WinNT code. Staying away from it does seem safest, though...
The Army reading list
What occured here looks like corporate espionage and theft, plain and simple. Whoever leaked this should be caught, and sent to Federal pound-you-in-the-ass prison. I know everyone here loves to hate on M$ (hahah funny), but nobody deserves to have their hard earned work lifted without their permission.
SIG:Slashdot: indymedia for nerds.
References to MainWin can also be found throughout the leaked source files, which do not compile into a usable form of Windows.
I don't think any code can claim this, no matter M$ says
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
Now I can play Half-life 2 on Windows 2000 all while keeping it real.
BBC also has a Q&A on the recent event, including thoughts on how this may impact Microsoft themselves.
Microsoft has said that this represents about 15% of the total source code for the operating system. It is not enough to recreate the operating system.
The first reports on how buggy the code really is... This will either refute or prove what the OSS community has always thought.
That OS software is viewed by many, and therefore fixed by many.
If there are holes.... it's just going to be some sort of patch fest / orgy. Redhat, MDK, et al, should get positioned just in case.
www.slightlycrewed.com - Because aren't we all?
THe most astonishing phrase is this:
Analysis indicates files within the leaked archive are only a subset of the Windows source code, which was licensed to Mainsoft for use in the company's MainWin product. MainWin utilizes the source to create native Unix versions of Windows applications.
Mainsoft says it has incorporated millions of lines of untouched Windows code into MainWin.
WHAT?!?!!?!??
how long until
The company I worked for 12 years ago was licensed to get part of the Windows 3.1 code in order to interface our product with theirs. There must be 1000's of companies that do this and have been doing this. I'm amazed it took this long for someone to finally steal it and post it.
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better." - Unknown
we were talking about how dangerous it would be for linux coders to look at it, after all the SCO mess. To which a friend replied it would be dangerous for anyone to look at it, considering how ugly it must be.
Anyone wanna bet microsoft programmers are hoping that their code doesn't show up with their name on it, for fear of public embarassment? Of course programming for microsoft is probably embarassing enough. No bob, I'm not working for microsoft, I'm doing gay porn!
I read somewhere that the bulk of the code that has been analysed so far turned out to be MSPaint.
In other news Fark releases FarkPaint. Photoshop-larity ensues.
SCO after reviewing the leaked source code claims it contains SCO code and will move forward with IP claims against Microsoft.
Now that the source code to Paint is out there, we can expect many derivative works to surface in the coming months. The impact on the graphics software market will be devestating.
One bad monkey spoils the whole barrel.
Get yourself an attorney, you've broken the law. Possible PATRIOT act violations at play and also financial compensation to MicroSoft may be required.
"It is not clear at this point how the three and a half year-old source code escaped Mainsoft."
You know.. It's simple: code wants to be free
>The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes.
I wonder what Linux security hole allowed that to happen.
LAUGH, ITS A JOKE.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
The Microsoft stock is dropping rapidly.. unfortunately for their investors - especially with the events of the past two weeks!
I got some rather interesting feedback yesterday when I asked if OS coders would use this to improve Wine and whether that would be legitimate. Of course I was flamed! But hey. Now answer this - why would looking at the code instantly taint you from joining any OS initiative. ie. If you had seen the code, what would stop you from coding part of a new groupware client, or what would stop you from coding an OS DVD Player.. I'm sure the effects aren't so far reaching?
Please don't be too harsh on me - I'm stupid!
tim
According to this article, Linux was involved:i d=107667411 8
http://www.betanews.com/article.php3?s
Is this damaging because 15% of the source to the NT / W2K tree was leaked and we're all suddenly vulnerable or is this no big deal since the code is three years old and it's only 15%? I haven't heard anyone talking about DRM, activation or serial code being in the leak, so I just don't see how this could affect MS other than to help interoperability of other software.
I can't wait for DirectX on Linux. Or Linux on NTFS.
Life is the leading cause of death in America.
And knowing how prompt Microsoft are at fixing known exploits, I really wonder how anybody can consider their products secure. I mean, Valve cited the code leak as the reason for a long rewrite and delay for Half-Life 2 (it's a bloody GAME!), and Microsoft downplays such incidents. We have a new model: Security through ignoring.
on Microsoft's mythological free command-line tools which are allegedly free for download?
If you work on open source... or anything else for that matter.. DON'T TOUCH THIS WITH A 50-FOOT POLE!
Touching this source could make you "tainted" and could give MS or others cause to sue you or shut down your project for assumed trade secret violations. They might not win, but you don't want to have to go to the trouble of being hauled into court over this.
Not that there would be anything all that interesting.. I saw the file listing and it looks like fairly standard stuff... but just the fact that you've seen it could cause tainting to occur.
I repeat: DO NOT TOUCH THIS CODE! Do not download it, look at it, or think about it. Forget that it exists.
<hat type="foil">
Could MS have leaked this intentionally, to bait the OSS community and prepare for a SCO-esque assault?
</hat>
Well, i read on El Reg .. http://www.theregister.co.uk/content/4/35547.html
and Betanews...
http://www.betanews.com/article.php3?sid=107663251 5
That it is only s30% of the source...
But hey,
that's one hell of a lot..
I Wonder.
They're just testing to see if the open source software people will actually look at it. Otherwise, you'd know by now that it's just a shitload of ASCII art (like a big page-length piece saying TUX SUX).
Until Slashdot fixes the funny modifier, use insightful or interesting. The poster knows your intentions.
http://everything2.com/index.pl?node_id=1519713
Today is the day after Windows NT becomes "Open Source", although not by choice. So far what's happened is... speculation and nothing else. As the roller coaster teeters at the top of the track, all walks of I.T. life are assessing the thrills and spills to come. Here follows a collection of views, insights and ruminations on the matter, collected from as many sources as possible.
Disclaimer: This is a summary of collected opinions on this issue. I am not claiming that any of this will happen, that these views are correct, or that I agree with them. If you spot anything particularly sensationalist or inaccurate here, please make suggestions and correct me.
Noung says re What will occur the day after Windows NT becomes open source : My understanding is that it hasn't exactly become "Open Source" (by choice or not), as we don't even know how much has been leaked... You should probably point that out as your write-up implies the whole thing is out.
jasonm says re What will occur the day after Windows NT becomes open source: it's hardly open source. it may be pirated source, but calling it open source misinterprets the term entirely
In reply to this I can only say that "open source" doesn't necessarily refer to openly licensed code released intently. Although I disagree with jasonm, I do believe that this is an issue which needs clarifying--the source certainly isn't open source in the same way that the Linux kernel or a typical openly licensed project is.
Microsoft Viewpoint
With everything out in the open, Microsoft's honesty regarding past issues is going to face heavy exposure. This might lead to legal battles for Microsoft itself, however, the leak is likely to have come from a separate company which the code was licensed to, and it is unlikely that Microsoft would be giving anything containing juicy secrets away to separate entities. Of course, the conspiracy theorists are already up in arms, voicing the possibility that Microsoft released this code their selves with the intention of converting Windows 2000 and NT users into purchasers of their latest operating systems. This is unlikely to be the case if common code is shared between 2000/NT and their latest releases, i.e. XP, else they would effectively be banging the gavel on this too. Microsoft may be forced to publish just how much of Windows XP stems from Win2K/NT.
archiewood says re What will occur the day after Windows NT becomes open source : You might've heard this already, but an interesting (likelihood of truth aside) theory is that Microsoft released the code deliberately, hoping Windows-derived code segments may eventually end up in Linux. Could be a perfect way to shut down their biggest competitor.
Already a popular idea is 'grep-ping' through the code for comments, and comparing the contents with released code from separate projects. The Slashdot crowd are literally frothing at the mouth at the thought of picking up on misconduct/incompetence in this code and exposing it. It's well-known that BSD network code exists (licensed) in Windows--a first stop for many will be to hunt this code down and ensure that it has been implemented legally and within terms of the license. This is an example of a known intellectual property issue; code monkeys are going to be much more interested in finding scandals of their own in the code.
Patches. Will Microsoft accept a more open approach to fixing problems in their code base? This may be a prime opportunity for them to re-license this code, and reap the benefits of the leak using a similar model to the Linux kernel code. However, with Microsoft's track record it's more likely that they will take an SCO-style approach and concentrate on protecting their own IP.
Hacker Viewpoint
Black hat, white hat... regardless of their choice in head wear, tinkerers from all disciplines are going to want a piece of the action.
White hats, the goo
Current favourite, the author of MyDoom, but many youngsters are looking to make their mark in this prestigious contest
Grab a beer, sit back, and enjoy this great sporting occassion - sponsored by Microsoft, Security Through Obscurity.
"If you think nobody cares if you're alive, try missing a couple of car payments." Earl Wilson
...of the total that accepted wisdom says makes up the full source tree, but what percentage of the full source is for the thousands of drivers etc. that really aren't part of the OS proper.
I wouldn't be so sure that what has leaked is an insignificant portion just because of the number of lines of code.
Then, it's probably the best their spin-meisters can come up with while Bill calls an emergency meeting in his office and yells at people (he has yelled at people in his office before.) I can just picture it:
A feeling of having made the same mistake before: Deja Foobar
>>BetaNews has learned that Thursday's leak of the Windows 2000 source code originated not from Microsoft, but from long-time Redmond partner Mainsoft.
...
. as p
The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes. Dated July 25, 2000, the source code represents Windows 2000 Service Pack 1.
Clues to the source code's origin lie in a "core dump" file, which is left by the Linux operating system to record the memory a program is using when it crashes. Further investigation by BetaNews revealed the machine was likely used by Mainsoft's Director of Technology, Eyal Alaluf.
http://www.eweek.com/article2/0,4149,1526830,00
Probably "Former" Director of Technology.
I'm also wondering if anyone will find any code in there that deliberately breaks other apps, as often claimed in the past. Of course, this would be vehemently denied by MS, and claimed as added in by the thief. Is there any kind of CRC check on this thing ?
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
Is probably make Microsoft be a bit more proactive about patching their systems. Don't forget that there are also alot of pro-Microsoft people out there who will go through this code and point out the flaws.
slashdot, news for crazed liberal socialist zealots
say "Having access to source code is bad. See how damaging it is to us? You want Linux now?"
Part of OSSs problem is that John Q Public just can't understand the benefits or the way things work with OSS.
I'm shocked to find out that there is profanity in the comments/code. Anybody know specifically what they say? Seems a bit unprofessional.
M$ Programmer: Well, nobody's going to read this anyway, so "\\f*ck this bullsh*t"
For personal projects, this is fine (I've vented a bit in my personal coding projects), but I would never do anything like that at work...
-n-
It is easier to read the disassembly, then to read MS code. This will not induce new hacks, but if the OSS ppl start reading it, in the future, MS may suddenly sue and claim it was their stolen code.
There seems to be varying claims on the size of this code. Geeknews claimed it was 660 mb of "around 30-40gb", whereas another news source claimed that it was "around 13.5 million lines out of 30-50 million lines" can anyone prove either of these theories? Cheers.. Tim
tim
Further investigation by BetaNews revealed the machine was likely used by Mainsoft's Director of Technology, Eyal Alaluf.
Ouch. Somebody's career is going gently into the good night. Either Alaluf, or the person who set up Mainsoft's security, was pretty dangerously negligent.
I'm reminded that last time there was a windows source leak we were all encouraged NOT to look at it, so that we wouldn't have to deal with the source ending up in Linux.
Seems like a good idea, but...
Was it ESR that made that nifty app to compare SCO and Linux sources? Could it be fiddled with to see if Linux or other free/open source code made it's way into windows?
It would be quite a coup if we could somehow legally show that they stole from the community without having to deal with the gnarly mess of windows code finding it's way into Linux.
I'm not implying that such a thing HAS happened, but we're presented with an opportunity here.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
Hahaha, according the article: because Linux was not stable, we have now the windows source code
Clues to the source code's origin lie in a "core dump" file, which is left by the Linux operating system to record the memory a program is using when it crashes.
joke of the century
...from the source leak if it has occurred at the proper time.
One of Microsoft's big problems when introducing a new operating system (felt especially strongly when they released XP) is that they often have difficulty moving corporations and smaller companies to the new platform right away.
Many people still run 2000 (because it was M$'s first decent operating system) instead of XP because they have NO REASON to move to XP.
All of a sudden, 2000, and NT4 (which are holding strong in their pie-slice of the M$ OS world) have been subjected to enormous security liabilities.
Obviously the only answer for companies stuck with M$, move to XP! LOL.
Mighty convenient isn't it?
Loading...
This may illustrate one of the halmarks of open source software-- that software open to prying eyes is inherently more secure than closed source. I won't be surprised if digging through the source reveals a number of exploitable security flaws, perhaps many more than have been revealed with the source closed!
To paraphrase Bruce Schneier, if I give you the plans to my safe, and 100 identical safes with the combinations so you can study the locking mechanism in detail, and you still can't crack my safe-- that's security!
Maybe I'm a little jaded, but my guess is that in about a year, when we're closer to the Longhorn release, Microsoft will claim that the heritage Win2000/NT4 core is "too compromised" because of this leak and officially discontinue support prior to its seven year life-cycle. Along then along with Win98, everyone will be compelled to migrate to their new products.
:)
Just a thought...
Anybody, any estimation on how soon exploits will appear?
Hmmm... I'll be selling linux firewalls to companies ;)
Bite my shiny metal... oops... Nevermind!
According to BetaNews the source code was leaked by a company called "MainSoft" which has been a Microsoft partner for as long as the shared source initiative has been in place. Mainsoft makes a product called mainwin which is used to create native UNIX versions versions of Windows software. They go on to say the information was found by looking at a .core file found with the code.
See here:
http://www.betanews.com/article.php3?sid=107667411 8
"The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes.
Clues to the source code's origin lie in a "core dump" file, which is left by the Linux operating system to record the memory a program is using when it crashes. Further investigation by BetaNews revealed the machine was likely used by Mainsoft's Director of Technology, Eyal Alaluf."
Wow, Microsoft's first source code leak in history came from running Linux. And they traced it because Linux's core files make forensics trivial!
I'm betting there's a lot of folks in Redmond right now saying: "who the hell decided to put Windows code on a Linux box?!!!"
P.S. Eyal is screwed, right?
If guns kill people, then CmdrTaco's keyboard misspells words.
Anyone around here remember when the Apple QuickDraw code was leaked 1989?
It started quite a big ruckus, with the media making it out to be the entire OS, and the FBI starting what has been described as more or less a witch-hunt on 'hackers'..
I would not be surprized to see a repeat of that, substituting 'hackers' for 'file-sharers'..
Thats right folks. This source code was being used to port IE to linux. As we all know, IE is an integral part of an operating system, therefore the only way to port it to linux is by integrating it into the linux kernel, which means IE is now GPL!
Who doesn't think that there are specific optimizations/workarounds in the Windows source code to allow MS products like Office, SQL Server, etc to have a performance edge over competing 3rd party products?
Frankly, I think this is the reason why MS is so damn anal about guarding its code. I don't think it has anything to do with security.
Probably the tcp/ip stack is included in the sources (i guess it has been fixed in SP1)... hahaha
wonder also if win$hit source may be a violation of sco IP...
This won't have any impact - remember the HL2 source? Where are the hacked games, the compromised code?
Same with Windows code - in any case, instead of being a cutting edge game and 3D environment, it's a 4 year old OS... whoopee-doo...
a way for Microsoft to undermine those two operating systems and push for corporate users to adopt XP much more rapidly?
Maybe Microsoft released the source code and is treating it as a leak. After all, it's not the entire source code, and any critical parts may have been rewritten under XP.
Just a thought.
I'm sure that Microsoft now wishes that it source code files had been locked into self-expiring, heavily encrypted, copy-resistant file formats. Events like this can only increase demands for "Trusted Computing" initiatives that prevent accidental or intentional leakage of security-sensitive intellectual property.
Given that so many companies outsource or collaborate with a far-flung global network of suppliers -- I'm sure MSFT need only whisper about the threat of leaked trade secrets to get corporate IT to adopt DRM/Trusted computing for everyday use.
Two wrongs don't make a right, but three lefts do.
Everyone is panicking about how revelation of the source will open Windows up to hacks. In an ideal world, knowing how good code is written shouldn't give away the 'hacks'. In this case, MS is rightfully fearing review of places where they fail to check string lengths or buffer sizes, the way that they handle exceptions (if they do), the way that their logic copes, or fails to cope, with unexpected input.
However, good code wouldn't have this problem, string lengths would be checked, there wouldn't be hardcoded passwords, components that are not supposed to trust one another really don't, etc.
This exposure of the source may reveal just how crappy their code is. If its not crappy, I don't see necessarily how its more 'hackable'. Apache is open, and nobody hacks it to pieces on a daily basis. Can you imagine what would happen if the source of IIS was leaked?
I want to delete my account but Slashdot doesn't allow it.
to post (anonymously, of course) individual files of the source to be viewed online?
Granted, it may be devastating for Microsoft if everybody sees their code, which was developed under the assumption that nobody else would ever see it.
Mind you, we always claim that open source is superior because since everyone can look at it, there are less bugs, less security problems, etc.
Now, when this happens to Microsoft, everybody is worried what security problems might come up.
I sense a strange kind of double-moral here -- perhaps both on the side of Microsoft, and in the open source community.
Heh...there was a funny spot on an article:
/. was a new site!
Programmers on Slashdot.org, a new site on the Sourceforge.net open source development site, posted messages urging open source developers to help in the cleanup process to help reduce the possibility of security outbreaks for all customers
I didn't realize that
Doh!
It's not the end for people to get a gander at your code. Anybody can look at *BSD and Linux, and it is still possible to run a stable system. See, it's not all that bad. :)
SCO is adding Microsoft to its suit, claiming portions of Windows NT are software to which SCO holds the license and which were used without its permission. SCO declined, however, to say what specific lines of code were involved in its claim.
Bureaucracy loves company.
Until Microsoft succeeds in using this to shut down the entire free software movment by tying it up in the courts?
Talk about scorched earth tactics...DAMN...and they only had to release 15% of their code to kill Linux, too.
Amazing, awe-inspiring, even.
Looks like someone put it on usenet...
Windows.2000.source.code-NOGROUP - 2 of 2 - "windows_2000_source_code.zip" (*/557) - 203.8M
If this is true, then I suspect that the list of possible culprits is very short and some poor sap who didn't think things through is going to be in *very* hot water indeed early next week.
UNIX? They're not even circumcised! Savages!
I don't know what types of code (security/importance-wise) were involved, but have we considered that *MS* (and co-conspirators) may actually be behind the "leak" to let some code out and see what the world can find for them? Like a trial balloon?
If you want to see something "viral", then by all means. Acessing the source code is only going to do you harm. It's not worth the risk, even if it may provide important answers about the mysteries of Windows.
Compare it to this:
http://en.wikipedia.org/wiki/Pandora
The source could do wonderful things. It could allow the use of NTFS on alternate platforms. It could enable major improvements in software like WINE. The benefits could go on and on... BUT IT ISN'T WORTH IT! You will put your own well being, and the well being of the entire programming community (not only open source) at risk if you tamper with this source!
Their whole .NET framework can be decompiled anyway. In other words, all software created with their next generation languages will be reverse-engineerable (i.e. you can reproduce the source code FROM the product they sell).
.NET code which does a pretty good job but not that many people use it and MS doesnt really push it.
.NET code without protecting it - we'll see this story all the time.
They include a product with their Visual Studio to protect
If companies start releasing
Mainsoft specialise in cross-platform development, enabling devlopers to develop using MS tools for deployment on *nix. Interestingly, for the conspiracy theorists, their previous mentions on /. date from 2000 and center around rumours that they were porting Office and IE to Linux. More news on the leak from Internetnews.com and The Register.
The code is said to be W2k-SP1.
Mr. Gates, I think you should turn Windows into an Open Source product. Forget this whole business of selling software... that is so 20th century and investors are wising up to the disadvantages that closed, proprietary systems present. Microsoft should take the lead of other notable products (JBoss, MySQL, OpenOffice.org, etc.) which are currently stealing market share away from competing Microsoft products and give it away for free, with source code (expletives or not). They can make their money from the sale of documentation and support services, as well as sales of physical media. This way they could achieve their goal of taking away the competitive advantage which the competition, Linux and gang, currently have and they'd pick up a whole bunch of programmers in the Open Source community who would work on it without them having to hire additional development staff.
Given that they're a public company, it's in their best interest too as it would positively impact their bottom line. They would only need a fraction of their current development staff (programmers are hugely expensive and could be laid off), and with sales of documentation, media, and support services, they'd be able to leverage the advantages of Open Source and increase their margins dramatically while cornering the market. No doubt security would be one of the first areas where improvements are made as well as future ports to other platforms.
It's a sure win-win for everyone.
This may be a little paranoid, but is it possible that this whole thing is a honeypot, and now MS can go around pulling SCO type stunts on OSS projects?
Lots of petrified grits
Is it just me or does this smell like a stealth PR stunt to you? Gee... source code gets leaked... this hits a few communities right in the nose. Now MS can say "See, open source is bad because all these new viruses are made because our source was leaked" and "File-sharing is bad because this is how this is moving around the internet". It's just too conveniently making MS look like a victim.
FLR
what did you expect? have you ever read the eula?
XIX) by clicking agree, you agree that you are part of the unpaid alpha testers.
and in SP3) you are now part of the unpaid beta testers group.
A few years ago the NT source was floating around IRC. Not a complete set though.
I wonder if we'll see responses from Microsoft saying, "See? It's all Linux's fault--darn, insecure Linux full of bugs and backdoors--that allowed our SuperSecret Source Code to be stolen."
...
Sounds pretty likely to me
Dlugar
Computer Go: Writing Software to Play the Ancient Game of Go
Microsoft compares the GPL to a virus. I guess the Windows source is like a virus in more ways than one.
Take a look at Kazaa - there's about 100 people sharing Windows source code right this moment. It's impossible to prevent it now. WHAT HAPPENED TO NATIONAL SECURITY? Microsoft said in court in 2002 (?) that it can not publish the source code of Windows because it would be a national threat. Why did the government let it happen if it really is so? Why allow them to show the code to China or Russia or some universities if it is a national threat like Microsoft claimed. Who has screwed up here and what will happen when terrorists will hire hackers to investigate the code?
Heck just go for it and make it part of KDE and Gnome !
``It seems unlikely this is going to create a material, significant security problem,'' said Rob Enderle, a technology expert and principal analyst with the Enderle Group. ``It's more embarrassing than anything else because it makes it look like Microsoft can't control its code.''
It's disappointing to see such lazy reporting from the Times.
*** "Freiheit ist immer die Freiheit des Andersdenkenden". -- Rosa Luxemburg ***
It can't be that fun to work on -- Did you guys know that Microsoft has to _pay_ people to work on this codebase! If there was really anything interesting in it, people would be working there for fun on their own time.
First thing that poped in my head was a line from Time Bandits
"Mom! Dad! Don't touch it! It's EVIL!"
What's the deal with Terry Gilliam and clear plastic costumes anyway?
If you think it's expensive to hire a professional to do the job, wait until you hire an amateur. --Red Adair
A lot of you apparently haven't read yesterday's story.
/. community and their long lost relatives read the story.
As of this writing there's over 2500 replies to yesterday's story. The average for a "regular" story is what, somewhere around 200 or 300 hundred. I would rather say, the whole friggin
The purpose of life is to find the purpose of life.
Let's slashdot microsoft.com ;)
It would be nice to be sure of anything the way some people are of everything.
Since we all agree that all code has bug in them and since this code is out we can safely assume that some bugs will be found.
Now all the white-hat hackers are prevented by law to take a look at the code and since all black-hat hackers don't give a damn about that law, those who run windows are in a pretty bad place right now. Even worse than usual actually.
Oh well, the windows admins who like working overtime will love the coming year I suspect.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
Think about it. M$ 'releases' non-vital (read M$ Paint etc) source onto the Internet. Subsequent investigations with federal officers reveal that a major security flaw in Linux resulted in the source being stolen. The message sent out to the corporate world "If you value your company's IP, do not use Linux." Shift press attention away from Windoze onto Linux 'security holes.'
(because it was M$'s first decent operating system)
I thought DOS 5 was pretty good, too...
Doh!
I think the most fascinating part of this whole fiasco is the fact that code for Microsoft "Bob" is still prevalent throughout the source. I can only wait in anticipation as the open source community takes advantage is this and quickly puts out its own variants.
Emerge Bob
Release the source... or what appears to be source...
Then tell businesses and users that the only way to be "safe" from possible exploits is to upgrade to the "tighter then a drum" Windows 2003 version.
Sad...I hope someone can trace the release to MS and someone there has the courage to speak up. Of course it may be "terrorists"... oh wait are we still fighting them or are we looking for WMD...
I mean how obvious does MS have to get before the world sees what they are up to.
I've given this topic considerable thought, and here are the possible conclusions I've reached.
.NET framework out from underneath the Linux community (by claiming patent infringement again). Two shovels of dirt on the grave of linux.
1) MS will use this source leak in the future to claim that various open source projects (Samba, Gnome, KDE, OpenOffice(?), linux) that get new features which MS finds competitive are 'derivative' works, regardless of whether or not the developers actually looked at the source.
2) There will be enough people looking at this source for large portions of the code's functionality essentially entering into 'public domain', with people writing up how the components work. It will be essentially impossible for anyone to do 'virgin' development on 'windows-like' features for anything, as the information on precisely what the Windows version does will only be 2 steps of association from the programmer.
3) MS will pull a 'patent' or 'trade secret' violation claim on Samba/Linux/GNOME/KDE, in addition to pulling the
From my interpretation, this all seems quite feasable given current legal atmosphere. Any lawyers here have a comment on this?
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Microsoft has a company policy that Microsoft developers may not read GPL source. They have this policy precisely to avoid this type of contamination.
'Independent invention' generally does not happen in the domain of copyrighted works -- if the developers of B have never read the source of A, or anything derived from A, it's pretty sure that B will not look like A. Thus, if Microsoft's employees and contractors follow their policy, then no Windows code will look like any GPL code, ever.
Just like you know Courtney Love has on dirty underware, I am able to look at Microsoft and say the same thing. I'm not so sure If I even want to see how dirty Microsoft's code might be.
I though fail/it was /proc
Karma: The shiznight, mostly because I am the Drizzle.
[ I unintentionally posted as an AC first - hopefully it's interesting enough that I get more interesting mods than redundant.]
theregister.co.uk
look for yourself
What about the .eml files? You wouldn't have those in Linux.
It's also possible that the source was on the disk of a machine that was scrapped or sent out for repair by Mainsoft. This would still be a breach of security but is more common than one might think.
This is not a trivial problem.
Though many of us - myself included - would not mind a peek into the collective mindshare of the Evil One, one cannot look into the abysss and return unchanged.
Sorry. Debated last night with philosophy majors. They won, six shots to five black and tans.
To translate it bluntly: This is still copyrighted code, owned by Microsoft. Duping even their "badly-written routines" into an inocuous place may lead to an SCO-esque attack in the near future , claiming violations in certain filesystem and mounting routines, or possibly something involving Samba, or a myriad of other wincompatibility issues.
It feels like a tactic that may be conceived by some bright bulb in MS Legal to bring conflict to the competition, or at least stifle development past current kernels.
I am starting to get the shakes that I get in a poker game when my all-in bet is called when I have pocket kings. (Last time that happened, the opponent had A-J suited. He flopped aces-up. I swore loudly.)
I am not a lawyer. I play one online, and I'm studying for the patent bar, but I don't pretend to dish out legal advice. Still, if I go all-in, I have the goods.
I used to be someone else. Now I'm someone better.
Real life is underrated.
now gone partner...
Isn't interesting that the source for many projects is wide open ... and we don't have people running around with their heads cut off like the end of the world is coming.
So - which is it? Is closed-source or open-source more secure?
Looks like now we'll have the chance to find out!
Notice the leak came ffrom ' a linux comptuer'..
Nice way to suggest its that damned linux that is to blame. At least to the common man, the linkage will be sublimina, but it will stick.
Its almost as bad as ' a red ford suv ran over the child ' or ' the gun killed the intruder '..
---- Booth was a patriot ----
From CRN
/. had been around for a while. Time must not pass as quick as it seems to me.
:)
"Programmers on Slashdot.org, a new site on the Sourceforge.net open source development site"
A new site ? Oh, and I thought
Hope they meant a news site.
And by the way, if you're not a programmer, go away, it's a place for programmers here, or so it seems.
first thing I did was hit the P2P nets and sure enough... within a few hours of the story breaking, there it was all over the place
just like a paris hilton sex romp video.
Too bad it's not nearly as intersting or entertaining.
For those with a morbid curosity, I'd recomend a "gunzip -l" without actual pursual of the source. Oh, yeah... and you're neighbor's WiFi bandwidth is your friend.
PepsiCo has reported an early 2nd quarter earnings report that projects a remarkable profit.
This may be related to increased sales of Mountain Dew to basement-dwellers.
Has any one taken a look to see if the old rumors that Win2K is more stable because it uses open source code is true? If so, would that make Microsoft in violation of the GPL?
This is...
O
U
T
R
A
G
E
O
U
S
!
Microsoft has a company policy that Microsoft developers may not read GPL source.
Please read the post that you are replying to; specifically this portion:
windows developers have had access to gpl'd source for well over a decade.
To re-iterate Frymaster's point: If merely having access, without reading it 'taints' you, why are all MS developers not 'tainted', especially considering that MS itself distributes GPLed works?
.
.
.
The funniest part of this whole thing has been the industry pundits explaining the ramifications of the source release in various media outlets.
The best I've seen today is on crn.com by some joker named Winell from Econium. He manages to say with a straight face:Mr. Winell has obviously never used Windows ME if he thinks Microsoft quality control prevents "bad releases". You know Econium must be a real player when the title of their home page is "Welcome to Econium who is a solutions provider."
The classic yesterday was Laura Didio from Yankee Group comparing OSS hackers to suicide car bombers.
Nothing like an embarassing Microsoft moment to get the "experts" out from under their rocks.
These days a console is supposed to be small... what I'd really like to see are the logs from the IM sessions the XBox designers had.
In a related story, Linus Torvalds was forced to announce today that the source code for the Linux operating system was made public on the Internet.
"We're not sure how it was leaked. What's up there certainly looks legitimate, and we've had some reports that some of it even compiles. It appears it may have been leaked back in August, 1991, originally to an FTP server in Finland."
There are at least 3 servers that appear to have Linux source code available, although online discussions indicate that there may be many more. There is speculation that the code can e acquired through FTP, Gopher, HTTP, Bittorrent, Rsync, SMB, NFS, AFS, Freenet, and that people may even be _selling_ CS's and DVD's with the code.
SCO was quick to comment that "After they copied those 5 lines from one of our header files, the {deleted} deserved it. As soon as we find a person in our company that knows how to download a file, we'll be comparing every line of Linux to this stuff we bought from AT&T. Oh hey! We've already found something - they copied the word '#include' from us!" The phone interview was cut short as Mr. McBride was called away to launch a new lawsuit.
Law enforcement agencies have been contacted and are investigating, but the process is slow as the officers are heard to exclaim "Wow, it has a GUI?", "Damn, this is stable - I can't crash it at all!", "Whadda you mean, Office is included?", and "How do I turn off the grappling hook and use the rocket launcher?"
Mason, Buildkernel and more: http://www.stearns.org/
Listen, people;
THE FIGHT IS OVER!!!
MICROSOFT HAS WON!!!
All that they have to do is tie up the open source movments (specifically the mozilla, apache, wine, *BSD, Open Office, Linux, FreeDOS, samba and any other interoperable OSS project) in the legal system until they either fold or are marginalised.
Because of this leak, they now have the legal means to drage the Open Source world into a labyrinth court process which WILL KILL IT.
The fight is over, If Open Source is not now dead in the water, it will be before the year is out. I'd say before summer even gets here.
The article doesn't say it was *stolen* from a Linux box, it just says that an analysis of the files suggests that it had come from a Linux box. For example, the image could have been a CD that was burned on a Linux box, and then misplaced. And given that Mainsoft's work is "Windows on *nix" I'd be surprised if they didn't have a few Linux boxes around ;-) As things stand, this says absolutely nothing about Linux security.
"The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes. Dated July 25, 2000, the source code represents Windows 2000 Service Pack 1." Even microsoft's security problems are because of a linux computer....yea sure...
"The code is still covered by copyright, and any programmer should probably avoid looking at it, to avoid SCO-style legal implications," said DeGroot of Directions on Microsoft. "If you look at it, and similar code turns up in your own work or even is already in your own work, you could have problems if Microsoft believes you have stolen its code. Proving that you didn't see something can be difficult. My understanding is that Microsoft tells its own programmers that they may not view Linux source code, for example."
Wouldn't it be harder to prove that someone *did* view the sourcecode? Isn't the burden of proof on the prosecution?
Really now..
tell me THAT wouldn't be useful..
infact i'd find it positively funny as all hell if someone started releasing "open source" win2K patches before MS does.. i mean.. 0 day fixes from when bugs are reported..
Now the source is out.. what are they going to do? really.. it's kinda like disclaimers on emails that tell you to delete them if your the wrong recipent..
also.. wonder how many hooks there are for office specific applications..??
One piece of info that doesn't make sense to me is the claim that the Windows source code base is 40 Gb in size, so a mere CD ROM's worth is not important. Doesn't all the GNU/Linux core OS code fit on a single CD? If this is true, then Windows isn't just bloated, a new word would have to be invented for it. If it is not true, then someone is trying to spin the issue with bullshit.
...to say everybody must migrate RIGHT NOW to Server 2003 and XP. ;-)
Seriously, esp once the security patches hit XP with SP2 this summer, expect Ms to start suggesting that anything older is not to be trusted...
This is no less stupid than the idiots who claim the US never went to the moon, who think alien ships have visited the Earth, that evolution is a lie, or that Bush stole the 2000 election. (Oops, that last one is true.)
You, sir, are a MORON.
/*
* winnt.h uses these totally screwed up structure names.
* Does anybody speak Hungarian over there?
*/
I'd like to use this as vindication for all the times I've been criticised for my comments.
Ever since i've watched the movie, i had a feeling that something like that in the movie (were synaptic software source code was released to the world) was going to happen to Microsoft. It its just weird, that its like dejavu, that nothing can be completley secure, for every lock there is a key, and it just proves that anything possible. Now all we need to do is figure out who Microsoft had to kill to get their hands on "their" source code.
In a related leak, Microsoft admitted that it leaked 100% of the object code to Windows XP the day that Windows XP was released. The FBI, in cooperation with Microsoft officials, is investigating this release and considers it a serious case of corporate espionage.
"Aww, you motherfuckers. Okay. Alright. I'm putting cases on all you bitches. Huh. You think you can do this shit... Jake. You think you can do this to me? You motherfuckers will be playing basketball in Pelican Bay when I get finished with you. Shoe program, nigga. 23 hour lockdown. I'm the man up in this piece. You'll never see the light of... who the fuck do you think you're fucking with? I'm the police, I run shit around here. You just live here. Yeah, that's right, you better walk away. Go on and walk away... 'cause I'm gonna' burn this motherfucker down. King Kong ain't got shit on me. That's right, that's right. Shit, I don't, fuck. I'm winning anyway, I'm winning... I'm winning any motherfucking way. I can't lose. Yeah, you can shoot me, but you can't kill me."
Ok, so what to do? Well, here is the plan:
Set up a server that runs the comparator by ESR against any new submission to any open source project against any code released either by mistake on with malice by a closed source vendor.
This will help to identify copyright problems before they arise.
You can't handle the truth.
They have made many wild claims without anything to back them up and even some without a pretext.
$5 says if Microsoft plans to pull a SCO, they'll be laying claims and suing regardless.
It's about time these bastards went open source (!) and let the world scrutinize the crap they write.
DISCLAIMER:
I don't believe what I write, and neither should you.
Zip files are rarely used for distributing source code amongst the Linux/Unix community because compressed tar files are far more efficient.
zip -r source.zip /usr/src/linux-2.4.22-1.2149.nptl /usr/src/linux-2.4.22-1.2149.nptl /usr/src/linux-2.4.22-1.2149.nptl
ls -l source.zip
-rw-rw-r-- 1 build build 49091705 Feb 14 06:20 source.zip
tar cjf source.tar.bz2
ls -l source.tar.bz2
-rw-rw-r-- 1 build build 31964979 Feb 14 06:23 source.tar.bz2
tar czf source.tar.gz
ls -l source.tar.gz rw-rw-r-- 1 build build 40689187 Feb 14 06:31 source.tar.gz
The resulting tarred archive compressed by bz2 is is around 35% smaller than the zipped source. With the exception of the the jar format for java classes, the zip format is rarely use by Linux/Unix developers for distributing source code.
IMO this points to the source code being lost by from a Microsoft based platform.
In retaliation, Microsoft says they're going to release the source code to the Linux kernel.
They can push the "Our code was on Linux, it was stolen, so Linux is somehow insecure" angle.
Did you remember to turn your brain on this morning? This is almost as good as the "tainted developer" theory of deliberate release.
Bill Gates doesn't lie awake at night worrying about the likes of YOU.
You, sir, are a moron.
..how easy is it to figure out what the code does?
Are there any useful comments in the code? Is there any documentation about how all the different modules fit together? Are there even any make files?
Step one is okay but you've got step 2 and 3 wrong. It should be:
Step 1: 'accidentally' release old windows source
Step 2: Warn public of huge security issues
Step 3: Tell public thier only option is to upgrade to the new version of windows
Step 4: Profit!
All right! Another variation from the conspiracy nuts!
You, sir, are a MORON!!!
A low Slashdot user ID? *sniff, sniff* Well... that's just the nicest thing anyone's ever said about me! I feel so happy ... thanks anomynous coward!
Dlugar
Computer Go: Writing Software to Play the Ancient Game of Go
Amusingly, Mainsoft's primary product seems to be Visual SourceSafe for UNIX.
This'll give them some promotion.
i cannt re-iterate how stupid all thie fear is ....
check out this alternate universe:
musicians are fucked. apparently, we can't look at other peoples copywritten music without 'taining' our ability to write original music.
everybody from bach to bon jovi is now in violation of copywright law. musicians have henceforth been instructed never to look at somebody elses music lest they be sued later for copying the notes and rhythms.
harumph. this is rediculous.
"Old man yells at systemd"
I hear this sort of subtle manipulation content on a daily basis. be it intentional or not, it does have a tendency to sway public opinion. If you hear 'xyz is bad' enough, you begin to get desensitized to it, then slowly accepting of it as 'fact'.
As far as the source, I'm talking national TV, major newspapers and radio stations, not some little unknown backwoods news shop.. Perhaps you have already become too desensitized to notice... Where as it irratates the hell out of me so i notice it every time.
---- Booth was a patriot ----
Funny to see Microsoft learn from Valve. With the Half-Life 2 source being stolen, they had the perfect excuse (hax0rs can make cheats for online play and hack the clients/servers) to delay the game for nearly a year. Anyone who looked at the leaked game knew that it was nowhere near finished, contrary to their claims.
Now Microsoft can use the same excuse to force upgrades on people, harass other companies who happen to create similar code to theirs, excuse any future win2k/xp worms, and delays, et unpleasant cetera.
Uhh, you got a bittorrent link?
I don't see how we as an open source community think that bad things will happen from the recent leak. Linux source code is open source, and few people use that to exploit other computers.
if it's the 15% that works
Does Windows have even 15% that works???
I always thought Windows kinda creaked and groaned as it crawled along the information highway. Windows kinda reminds me of a Wile E. Coyote device for catching the RoadRunner, complete with parts falling off as it moves along until, just as the objective is reached, kerplowwie...it falls all the hell apart.
So tell me...how does it feel to be Wile E. Coyote?
SELECT * FROM User WHERE Clue > 0
0 rows returned
More likely it comes from MS in that format?
"Access to the source code could allow hackers to exploit the operating system and attack machines running some versions of Windows."
Of course Linux users would say "Linux source code is easily accessible, but that's what makes it more secure." The article.
Marion Ravenwood: "Oh no! What's happening Indy?"
Indy: "They've opened the Ark and released the evil power inside."
Marion: "What should we do?"
Indy: "Don't look at it! Keep your eyes shut!"
M$ prolly had this leaked on purpose to scare the WinNT/Win2000 holdouts to come into the WinXP/DRM fold. (The old 'Publicly visible source == more exploits' logic.)
Hi everybody,
Macplus.org has a screenshot of some of the code, where the Mainsoft name appears, along with a name: "eyala". One of the board members is "Eyal Alaluf".
To quote mainsoft's site:
"Eyal Alaluf is Mainsoft's Director of Technology, a position he has held since January 2000. Bringing more than 10 years of industry experience to this role, Eyal oversees the development team behind Visual MainWin. After joining Mainsoft in 1994 as the company's first Senior Developer, Eyal has risen through the ranks. He became the company's Chief Engineer before landing in his current position.
After graduating with dual degrees in mathematics and computer science from the Hebrew University in Israel, Eyal joined the Israel Defense Forces and worked as a software developer in the Israeli Navy where he was involved in creating advanced technologies and research. "
[paranoid] Hmmm, Microsoft, UNIX, the Israeli army... [/paranoid]
Hello! I'm a disaster waiting to happen!
I know it has been posted a hundred times before but I am kind of scared what could become of this. This shouldn't have happened and there are so many risks for the OSS-Community that I must believe that this was one of Microsofts tricks. They are smart, and with SCO going down in court this looks like a very logical move to me: Infect the OSS-code and sue them. The problem with Microsoft is that they don't play by the rules. The only way out of this, as lame as it may seem, is to play by the rules. If they ever sue the FSF or whoever I want to be as sure as I am now with SCO that there is NO otherwise copyrighted IP inside OSS source.
What's worse, I would loose all the joy in booting Linux if I wasn't sure it was the collective and legitimate work of all those people I highly respect.
So, let's all be careful,
Lispy
I'd enjoy it. IBM v. MS, the legal battle of the century. Think about it. What if MS loses? What would the IBM counter-sue look like?
OH, YEAH. That would be like WWE Battle Royale for Geeks or something.
I'd still use linux. Screw MS.
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
To MICROSOFT, it's disasterous. To the users? I doubt it. First, having the source does not preclude a tone of attacks. If this was the case, Linux would be under attack daily. Second, it'd be a miracle if anyone could make head or tales of their spaghetti.
Gorkman
SCO today announced that Windows contains pirated Unix source code.
If what I've heard about it is true, reading this source will forever impair your ability to code, period.
After SLAVING away for 20 years to create a Windows-killer operating system, I have finally completed my work and released Johndows 1.0! Yes, it runs your Windows apps, perfectly in fact, as my main design goal has been perfect compatibility with Windows 2000! On top of that, I have added a large number of freeware applications PRE-INSTALLED! Yes, all this can be yours for the low low price of $29.95. Just send a cheque to me, John. 1 Johnsoft Way. Nueven NO.
Everyone thank Al Gore for the source code. Thanks AL!!!
I'm pretty sure you can do that. Google for changing the color, and I imagine the text is Hex in a kernel file somewhere.
A little time with hexedit and explorer.exe and you're probably good.
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
I don't want to copy Microsoft's code. I want to document how those undocumented functions work that office uses, and then let wine hackers implement them.
I agree that I cannot legally get a hold of this code though. (It is copyrighted by them, and they haven't given me permission.)
What's this windows source you are talking about? I checked over at freshmeat but coulnd't find it. Sounds interesting. Is it a new OS project? Where can I contribute? ;-)
cu,
Lispy
"Finally, this is very important: If you propose to continue working in the IT industry, and somebody offers you a look at the source, just say no. Remember - if you learn too much about the internals of Microsoft products, you may find yourself unable to work for anybody except Microsoft. Yike."
How does this affect me? I use Gentoo.
"...A lot of you apparently haven't read yesterday's story...."
Words from an "editor" at a "news" site that consistently posts dupes of artictles that its very own "editors" have "apparently" not read either.
ironic.
You probably are entirely unfamiliar with the case. But if MS stole your PATENTED ideas, i doubt you'd describe yourself as a "crybaby company" when you sued them.
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
has anybody attempted to use the code analyzer that was developed for the SCO / IBM case. it would interesting to see if there were any similarities between MS code and the multitude of OSS code.
Why did I lurk so long before registering for a Slashdot account? I could have had a Slashdot ID of less than 100000.
Obviously the only answer for companies stuck with M$, move to XP
No. Windows 2000 is NT 5.0, XP is 5.1 and Server 2003 is 5.2. Notice the minor version bump which indicates that all these releases share a lot a code.
It is reasonable to think they want to have users switch to Longhorn (does anybody know if it will be NT 5.3 or 6.O ?), but then the leak occured too soon, for they're not ready yet.
Karma cannot be described by words alone.
What if this code was leaked, in an effort to ENCOURAGE people to find flaws, report on them, or exploit them, so that Microsoft can know exactly where people go first, to attack the OS itself?
What if they're using this as a means to find their own bugs, the ones their "talented staff" is unable to find or fix themselves?
What if they're using the "eyes" of the Open Source community to audit their own code? Free Q&A support from a community who hates Microsoft to the core, due to the damage Microsoft has done to them over the years.
</conspiracy mode="off">
...are provided by noisehole in this post from yeterday's discussion. He reckons Betanews lifted the analysis from his post.
Don't ya think that virus writers are often anti-MS, and thus usually pro-linux? think of the recent ones - many have been either a) for profit spamming or b) "Hey world! MS sucks!" .
Spammers want a million hosts. Going against linux is harder than Windows. and nobody writes a virus to infect linux hosts to tell them that MS sucks..
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
Say, a retired programmer took a look at the leaked Windows source code then published a "code specification" that another (still employed) programmer could look and and then write a program to meet that specification. Technically, he never saw the source code, in fact, he need never even know that the "code specification" was inspired by the leaked Windows source. ...just thinking out loud, as it were....
.
.
A goal is a dream with a deadline
The expanded contents of the zip file is around the size of a single CD. This points to the contents being originally distributed from Microsoft on CD-rom.
Microsoft has made so much fuss about retaining control of the source code. In May 2002, under oath at the antitrust hearing Jim Allchin, group vice president for platforms at Microsoft, stated that, because the Windows operating systems contained inherent flaws, disclosing the Windows operating system source code could damage national security and even threaten the U.S. war effort.
It's going to be interesting if it is subsequently found that Microsoft itself has been distributing said source code over the internet in zip format.
By the way, In February 2003, Microsoft signed a pact with Chinese officials to reveal the Windows operating system source code. Bill Gates even hinted that China will be privy to all, not just part, of the source code its government wished to inspect.
Dispite gaining more favored trading status with the USA, there remains many embargos over technology transfers which could put the US at future risk.
Either Jim Allchin lied under oath, to prevent code revelation being any part of the settlement, OR the Microsoft corporation is behaving traitorously, by exposing national security issues to foreign governments.
The exposure of Microsoft source code put users at risk because of the inherent design and implimentation flaws built into the source code.
In comparison open source development practices enables open source distributions and users to evaluate the source code from the start. This forces developers to build in security from the early outset of each project or risk abandonment for more secure alternate solutions. End users can particpate in the development process.
I wonder if were going to see a major wine release short after this episode.... the wine developers must be at least curious to look at the source.
OK, the cat is out of the bag. Yeah this sucks for Microsoft. Yeah OSS developers need to stay away. But has anyone seriously considered reverse engineering the code? I mean if some self sacrificing developer was to check out the code and write up some specs it could provide to be helpful to such projects as WINE, Samba and ReactOS without their respective developers ever becomming tainted (dirty dirty ;). Obviously IANAL nor do I read Groklaw regularly and this is a little different than what Compaq (if memory serves) did with the origonal x86 BIOS but wouldn't a double blind reverse engineering still be legal?
. . . about 3/4 throught the eWeek article, I came across this gem of a paragraph:
." (Italics mine)
"The goal of WISE is to enable developers to write applications using Windows APIs and deploy them on Unix operating systems such as Linux
(He pulls bullshit flag out of back pocket, waves it in the air, and throws it in the general direction of eWeek and "Nate Mook, BetaNews")
UnFlippingReal
(my apologies if someone has pointed this out already)
At least one of the 200mb files here on the download section.
Oh come on. This is just their way of complying with the anti-trust regulations, opening up the API's and stuff. ;-)
my other sig is a 500 page novel
See topic..
First of all, look at the number of files and the amount of data that were leaked: Some 30,000 files, 660 MB worth of data. For reference, the entire source weighs in around 40 GB and 40 million lines of code. Then look at what portion of the OS it was taken from: Windows 2000 Service Pack 1, released around the end of 2000.
Now, before you start thinking "zero-day" or any such doomsday thought, keep in mind that this stuff is almost four years old and does not figure even 1% of the total code. If it had been a solid 50% of XP's or Server 2003's code, I can understand the concern.
The best response in this case is still: Keep patching those servers and workstations, and watch for announcements from Redmond. There is no need to be any more alarmist if you are already running Windows and are following good security practices.
This is really good news! This means an interesting opportunity for the Open Source community to patch some of those annoying holes that have yet to be patched and publically disclosed!!
:) But please, someone, if you do submit bug fixes to MS, release them under the GPL! :)
I hope it is ALL of the source so that custom versions of "Secure Windows" can be developed and passed around. Could you imagine the ramifications of a "secure windows"?
I don't expect to see more bugs and exploits, but rather the opposite. I even imagine bug submissions to Microsoft along with proposed fixes.
Muhahahaha!
Do you have the creation dates for those archives or bitorrent headers? I can only find evidence of the said file in zip format before the story broke in the press.
Yeah, right. I've never seen so many /. posts on a single thread so quickly as I saw on that one. Four pages worth in the first few hours alone. SCO completely and utterly destroyed by IBM wouldn't attract that much comment.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Next to the press-release, there's a Related Links section with the link "Microsoft Resources: * Shared Source Web Site"
Because people have basically overlooked the release of the NT4 source. The NT4 tree is reportedly more complete, and contains driver code which can be used to "fill in the gaps" in the Windows 2000 source tree.
Which, according to Microsoft, will be any operating system, program, applet, virus, or worm that runs on any computer physically smaller or newer than an IBM System 360/40.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Maybe it was an intentional leak on Mainsoft's part - in the interests of the OSS community.
Consider that the leak was traced back to Mainsoft, a company who ports Microsoft code to *nix boxes.
If you were a low level coder at Mainsoft, and you saw GPL'd code in Windows, how else would you get word out without risking your job? You code on unix all day, you work on linux servers, so you're just as likely to be a fan of OSS as any other *nix geek. Either way you're likely to be a moral/ethical coder.
But, what if you're wrong? What if it turns out the code in question is in the OSS project illegally? Then you're not only out of work for crying wolf, but you personally will always be remembered as a Judas.
So why not 'leak' the source anonymously and let the community sort it out?
Granted it's not a probable scenario - it's much more likely just an outside hack and theft like the half-life 2 debacle.
But it's slightly more reasonable than some diabolical conspiracy by Microsoft to entrap OSS coders.
// "Can't clowns and pirates just -try- to get along?"
The main spin is whether "leaked source code" and "wide open to hacking" are pretty much the same thing. Imagine someone saying 'we are concerned if Linux source code has been leaked to the internet and gets into the wrong hands. A talented hacker with source code can wreak havoc and will cost our enterprise clients, consumers and businesses time, effort and money to combat it'
here
mt
I hate MS as much as anyone. But I think that's a huge stretch. It would be a far bigger PR scandal if this was some sort of stunt and they got caught. They're not in a position yet where they need to take such risky and drastic measures to tarnish the competition. If they were near their demise I would agree it's possible, but they're nowhere near dead. In this case they really are a victim. Although they still don't get my sympathy...
Developers: We can use your help.
I think this is FUD within FUD, to try to generate some ill-will towards Linux, as if the computer running Linux had something to do with the code being put on the Internet by a HUMAN process.
Well maybe not... We have the possibility to verify the sources in case of accusations. I don't think Microsoft would be able to pull a SCO on this one.
Perhaps a special Friday the 13th executive board group sepukku at 4:00?
Hard to find a lot of positive outcomes but maybe Microsoft will have to tone down security through obscurity.
/* this doesn't work properly yet, but....ah screw it, it's good enough. we gotta meet the deadline */ /* could be a potential security problem, but we'll just release a patch later */ /* wtf does this do again? i wrote this while i was drunk, but i can't remember its purpose. */
that the code was gotten from a Linux box? I think Microsoft would be playing this for all it's worth claiming that this wouldn't have happened if the code was kept on a commercial Unix (like SCO, HP-UX or Sun) as opposed to Linux. Silly really, but you know how people play these games. Mind you I'm not claiming that the code leak was a game in itself. It, very well, could have been accidental. But this new information gives Microsoft a powerful tool to make claims about their security vs. Linux.
I try to be fu
$ grep -r "shit" * ie.c: // this is really shit
$ grep -r "fuck" *
outlook.c: // this de BaKAD00r to f0ck you
I'm going to show my complete and total ignorance of programming here... but how can there be 40GB of source for a product that doesn't even half fill a 640MB CD? Even if you add in all the variants and patches, it doesn't approach a significantly larger fraction of 40GB.
Anyone see if the Microsoft private keys were possibly stored in the source code? That would be the worse!
Who cares! It's just source code for crying out loud! And, really, Windows was (and will be for years to come) already the target of thousands of virus attacks and also extremely unstable without this source leak. Which, really, it might even help them.
So, stop watching CNN and learn how to react properly to news.
Microsoft may or may not be relying on security through obscurity. I don't know since I haven't looked at the code. It might be that there will be a rash of worms and exploits that will be crafted by programmers who have searched through this source for holes. In this case having the source out in the open (as opposed to open source) will not be a two edged sword. Nobody is going to look at this code to submit fixes back to MS. So it is possible that now that the obscurity is gone, so is the security.
Interestingly, though there will probably be a short-term rash of problems due to this, in the long term this will lead to an "innoculation" effect as MS plugs holes that are found and possibly plugs similar holes that are not found.
If you ask me, I would guess that the next few months are going to be filled with Win2k patches.
Lasers Controlled Games!
It's kind of interesting that IE seems to use libpng1.0 beta 2 - version 0.88. That's very out of date and vulnerabilities have been found and fixed since then. Hopefully some critical upgrade upgraded libpng.
I get these worms mixed up, but doesn't Nimda drop a backdoor? Couldn't the code have been an unexpectedly excellent find for someone? How long ago does this mean it was stolen? Can it be 2 years, as Nimda is?
Do the exploits used by slammer, blaster, mydoom [and maybe more?] exist in this part of the source?
The Slashdot Paradox: "100% Overrated"
MS has said for years that Linux is more vulnerable because the source is out there yet now a chunck of 2k(aka XP) is out there and its "no big deal". Sorry but XP is 2k with eye candy and an improved kernel. XP wasn't a new OS from the ground up and knowing how poor a job MS does with finding security problems I don't see how logically you can say this is anything but devastating. 15% of the source code for Microsoft's newest OS is floating around the Net. That is a big deal.
I don't know why I expected Microsoft to finally act like an honest company and tell the truth here, but they are in even worse denial then we oringally thought if they think we are buying the no big deal line.
If you wanna get rich, you know that payback is a bitch
... I haven't downloaded this stuff, but I've heard a lot of people stating that there are tons of empty .eml files, suggesting it was taken from a system infected with Nimda.
.eml files then it sounds like this source may have been copied from one to another, and without some more conclusive evidence, who is to say which it was actually stolen from...
And now we have a core dump files from a Linux PC....
If no one has been able to explain the
For the kajillionth time, putting GPLed code into a proprietary codebase DOES NOT make the whole thing GPLed. If MS did put GPLed code into one of their products accidentally or otherwise and then distributed it, that is copyright violation. The GPL does not rely on contract law and therefore CANNOT specify the penalty for violating it. Since the GPL is a straight copyright license pure copyright law applies. This means MS' hypothetical penalty would be between them, a court of law and the aggreived FOSS project.
The judge is such a case is unlikely to order MS' codebase GPLed. MS would have to either put out a sanitized patch for the code in question or pay the developers for an alternative license. The exact circumstances of the case would determine what if any punitive damages MS would have to pay in addition to recompensating the developers.
MS would have the OPTION of making the entire contaminated codebase GPLed to satisfy the license but I doubt they would take that option. They could do it for the FUD value but since the aggrieved FOSS project wouldn't accept that as a settlement, MS would just have to do something else. Imagine that! A FOSS project could rule out an MS product being GPLed to PREVENT harm to a project or FOSS in general.
One of the only realistic ways a terrorist organization could bring down the United States governement isn't through military might, but through it's continued support of Microsoft Window's (tm) "Operating" Systems. It doesn't matter that only _part_ of the code was released. Because with the moment NIX is gaining through IBM and Apple and to a lesser extent, Sun... this only adds to that momentum. I wouldn't be too suprised if I saw more leaks in the coming months, either. If only Janet Jackson's nipple was sporting a Tux ring :(
the best exemple of BSD code in Windows (all version I think) is the ftp.exe file... Just open it with notepad and search for:
"Copyright (c) 1983 The Regents of the University of California. All rights reserved."
And I think the TCP/IP stack is also based on it (they would be really stupid to do otherwise)... But I think this is all old news...and it's all very legal in case you didn't know
I live in Soviet Canuckistan you insensitive clod!
My question is as follows:
If MS are so worried about the source code being exploited to find security holes then it leads me to believe that MS knows these holes. Why aren't they pro-actively fixing it?!?!
Big hint to MS... Fix the exploits then it won't matter if the source code is leaked!
Disclaimer: The opinions expressed are not the responsiblity of the user, as I probably stole them anyway
Leak parts of your code, claim billions in damage, deduct from tax
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
Anyone find it interesting this is Friday the 13th? Microsoft has some bad luck this year.. Today's trading show's share's are falling steady. Well, what's bad luck for some is good luck for others, huh? I wonder if we'll have a new "I love you" for v day tomorrow?
Mod +5 Drunk
MD is owned by Pepsi.
"// WARNING: doesn't handle buffer overflow"
Heh. Great job!
"// potentially off-by-1, but who cares..."
Yeah, who cares about security anyway?
___FutureShoks___
sangreal66 desperately proposed " Or... Perhaps they've improved their code.". I hardly think thats the case.
See Shattering Windows: Is a Disaster Lurking?
They didn't release the code to set-up the Open Source community, they did it to buy a stay of execution!
Due to the recent leak of our source code, Longhorn will not be available until approximately 2009. We apologize for the delay, but the recent leak will require us to rewrite our code from the ground up.
Note: I don't actually believe they'll have to rewrite anything, but they can use it as an excuse none-the-less.
fs
The Xbox kernel + SDK source code leaked over a year ago. The Xbox source that was stolen is complete enough that at least one warez group - Xecuter - has compiled customized kernels from source. If you look at their compiled version, it is very obvious that they didn't do patches to make their hacks.
The forcedeth driver authors have ignored the many emails to them containing the nForce register list and documentation from the leaked Xbox source code.
WINE has ignored emails to them about the real name and purpose of the SystemFunctionXXX calls in advapi32.dll. (The header file doing the #define's to rename them was in the Xbox source, supposedly.)
anonymous woman
Windows can burn CDs. People who can contribute linux bits have seen the source code.
Sue!
The Slashdot Paradox: "100% Overrated"
You could get Win 95 source code nearly ten years ago and what impact did that have, Chicken McLittles?
In its statement, the company said the main concern is the potential theft of its handiwork rather than the possible security threat that such a leak might pose. This is a marvelous statement from a company whose main focus is now security.
...Let's use techniques found in the source ("accidently" released) & modify Linux so MS can sue the penguin world for IP infringement.
Granted, it may be devastating for Microsoft if everybody sees their code, which was developed under the assumption that nobody else would ever see it.
It is always assumed from the beginning that anyone can view FOSS code. The awareness that what one is writing will be public has a pervasive effect on the author. There is no end of subtle bugs and vulnerabilities that can affect either style of development. However, FOSS code that is a complete turkey from stem to stern will be well known and laughed at on IRC within hours of its release.
I want to document how those undocumented functions work that office uses, and then let wine hackers implement them.
The thing is, the people who wrote those undocumented functions probably wish that office didn't use them. This leak could be hell for the folks making sure Longhorn still runs all of today's apps.
Even a WISE one would not forget to do that...
;)
Must be another sign of end of the world...
Guys, let me warn you, this is nothing to laugh about! DON'T TOUCH THAT STUFF! Two of my friends work in Motorola research laboratory. Yesterday one of the downloaded the code at home and then they both looked at it. One of them was lucky - his retina burned the second he saw the code. The second did not escape that easily. His eyes glued to the screen, his hands typing madly... the paramedics found him 20 minutes later clutching the mouse and writhing in agony. After 2 hours in intensive care he (or, rather what left of him) was sent home. Today, after they were not let into the office building, both of them got pink slips by courier mail.
A cousin of a girlfriend of my former classmate yesterday went to the university computer lab to print his essay. He catched a glimpse of some code on the screen and didn't even thought about it for a second. When he returned home, he logged on to sourceforge.net and before anyone could stop him, he tainted a dozen software projects there. Shit, two perfectly good Xeon servers had to be scrapped and replaced with clean machines in a hurry.
That's just crazy, this code is the strongest shit I ever saw... oh, fuck, forget what I just said - "the strongest shit I ever heard about and never saw". It's worse than the GPL, it taints your code so quickly you can't even notice that. PLEASE, FOR THE SAKE OF EVERYTHING GOOD IN THIS WORLD, DON'T DOWNLOAD THE CODE.
Copy this message and send it to all your friends! You need to warn them not to look at the code! POST IT ON FORUMS AND MESSAGE BOARDS! THIS IS AN EVIL PLOT TO TAINT ALL CODE IN THIS WORLD! DON'T LET THIS HAPPEN!
Future Wiki -- If you don't think about the future, you cannot have one.
SSPI is Security Support Provider Interface,
a security thingy.
What is MSV?
Looks like now we've got a little issue here:
Some might believe MS has incorporated GPL'd code into windows.
However, in order to ascertain whether or not this is the case, and to provide proof, one would have to grep through the windows source. However, one cannot do that without violating MS's proprietary license. One cannot learn if MS is using GPL'd code without first subjecting oneself to a flurry of lawsuits...
But of course MS/SCO can look at GPL'd code whenever they want, and scream "They Stoled Our Source Codes" at the top of their lungs.....................
Defenestrate Windows...
what impact will this have on me? or end-users in general? Will access to this source give hackers any more to work with than a good understanding of windows API? Should we expect to find "underground" replacements of system .dll's and the like, with bugfixes, added functionality, or backdoors? Or is all this mostly just a threat to MS and to the open-source community?
The Half Life 2 code was leaked awhile back, there still isn't a linux/amiga/c64 port or anything to do with it. The only thing that can happen is, you'll find a whole lot of cheaters on HL2 once it comes out. Same way, we can probably expect a bunch of viruses/worms at the most. If the guys at Wine get their hands on the code, (I doubt they'd want to, they could get in serious trouble.) you could probably have a lot more working win32 apps on linux.
Could MS have leaked this in hopes that someone out there will find a way to fix Windows vulnerabilities? Makes you wonder! Okay...okay...but there would we be without YAMSCT! (Yet Another MS Conspiracy Theory).
Contrary to what most posters here are advising, maybe we should set up a group, like a division of Groklaw for example, that has as much leaked closed-liscence code as possible.
The purpose of this closed-liscence division would be to run independant comparisons of new OSS contributions against a library of leaked closed-liscence code to ensure nothing gets slipped by the project managers and poisons the project source.
I was initially going to suggest that the project manager do this comparison, but that would be too risky for the project (closed-source legal teams might have a go at it). Instead using a trusted OSS community party to do the checking saves us the hassle of each project manager having to download all the latest leaked closed-source. The "source-notary" would have a central repository of leaked material, which would not be redistributed by them, only made available to the original authors and for use to run comparisons on new OSS project code submissions and therefore avoid having a company pay a developer to salt the OSS project with leaked code.
I think this is a pretty mature way of handling this and should satisfy all parties.
I have read a few articles on this, and most misrepresent why this could be very bad from a security issue as compared to Open Source Software.
First, just because you can see the code does not make a product less secure (in theory anyway). With Open Source Software, everyone can see the code and find flaws, but anyone can also submit a patch to fix the flaws.
With this Microsoft source code, anyone can find flaws and security issues, but NO-ONE would dare to send Microsoft a patch in fear of litigation.
Well, it seems to have worked.
--
If I actually could spell I'd have spelled it right in the first place.
If I remember correctly, even though QuickDraw wasn't anywhere near the entire OS, it *was* the underpinning of the user interface, it's the user interface that made the Macintosh what it was. Add to this, that some of the code was purported to be quite innovative, and there was a source for concern.
in SCO ware?! So, when are we going to see SCO take on M$ for stealing code from unixware and putting it in windows? =) I mean, after all, they didn't get much out of IBM, but now here's "thousands of files" that are probably direct copies of #include *.h files in windows source...Go get em' SCO!
your tinfoil hat is on crooked
Hey, sorry but I wrote this and want to have my name on it. Ignore my AC post please. Contrary to what most posters here are advising, maybe we should set up a group, like a division of Groklaw for example, that has as much leaked closed-liscence code as possible.
The purpose of this closed-liscence division would be to run independant comparisons of new OSS contributions against a library of leaked closed-liscence code to ensure nothing gets slipped by the project managers and poisons the project source.
I was initially going to suggest that the project manager do this comparison, but that would be too risky for the project (closed-source legal teams might have a go at it). Instead using a trusted OSS community party to do the checking saves us the hassle of each project manager having to download all the latest leaked closed-source. The "source-notary" would have a central repository of leaked material, which would not be redistributed by them, only made available to the original authors and for use to run comparisons on new OSS project code submissions and therefore avoid having a company pay a developer to salt the OSS project with leaked code.
I think this is a pretty mature way of handling this and should satisfy all parties.
Wow, great company name. It's only one letter away from meconium.
Not as much potty mouth as in the Linux kernel, but funny enough nonetheless.
I love the frustrations that one writer shows when referring to the alpha cpp compiler. Quite funny! Microsoft programmers can drop the f-bomb with the best of them.
Longhorn is 6.0.
This could lead to a similar situation to that seen within the Xbox developers scene - there's software developed to run on a modded xbox without using Microsoft's copyrighted XDK, which is semi-not-quite-yet-illegal and therefore can be considered "virgin" or "white", and software developed very much with the XDK which is illegal and which you have to look slightly harder for.
t ed software or content in their possession] demonstrates, there's a hella lot of them...
Could we see Virgin, White, Corporate Linux and alongside it dark Linux products, built to no legal compliance and used by the quite large group of people who don't care about copyright issues? As the flourishing 'piracy' culture [I'd guestimate 70-80% of any sample population will have borrowed/copied/cracked/shared/downloaded/shoplif
Will keeping the 2 seperate be one of the main challenges to Linux growth, development and ultimately commercial success?
Just my 1/50th of a theory.
The Slashdot Paradox: "100% Overrated"
Windows 2000 support is set to expire in 2007 anyway... One year won't make a difference. That's assuming longhorn is out in 2006, which I think is a dubious claim.
The html parser code is also there (htmparser.cpp) and has more than 10k lines!
If I only could parse HTML exactly like IE... ops. Forget it.
(at the bottom)r ofiles.ht ml
http://www.mainsoft.com/corporate/exec_p
In a society that believes in nothing, fear becomes the only agenda ~ Bill Durodié
It may be the wrong decision for you to free information if you will be caught, but when it is not I who have done it, and when no one has been caught, the fact remains that information has been freed.
This is a good. Users who suffer as a result of this freedom will be driven to freedom or will go down with the ship clinging to illusions of power.
Though Microsoft may suffer ecnomically, it is inevitable that they will. Only so long will they be able to drive us apart - divide us.
We will come together triumphant.
I cheer the freedom that has been wrought today. It is the unfolding of history unto its natural end.
Other than that, no, I really don't care that much. Got a life, you know, if I want to see the story I'll click on the link. Otherwise I'll just go back to masturbating in my office with the door closed like all the other slashdotters.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Call me crazy, but I thought that the GPL allows reuse of Linux source code. So you can't "steal" it unless you copy it w/o the copyright notices.
Gandalf : There are few who can. The language is that of Redmond, which I will not utter here. In the common tongue, it says "One OS To Rule Them All, One OS To Find Them, One OS To Bring Them All And With The NDA Bind Them"
Made me laugh -- Double-Plus Funny -- best parody on SlashDot, ever!
-kgj
-kgj
Microsoft goes Open-source?!
Now that you have the source, you can go here to understand it: http://www.osr.com/seminars_wsci.shtml
The compiler, it does nothing!
Isn't it traditional for someone to post a bittorrent?
Wikileaks, no DNS
I provided links so people could validate the source as I don't want anyone to think this is my work. The real reason I C&Ped it, is to prevent a good site from being slashdotted.
You may now return to masturbating in your office, good luck with that.... personally, I'm not sure that validates your claim of having a life.
This is from their web site:
Statement to the Media Regarding Microsoft Source Code Leak
Mainsoft has been a Microsoft partner since 1994, when we first entered a source code licensing agreement with Microsoft. Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognize the gravity of the situation.
We will cooperate fully with Microsoft and all authorities in their investigation
We are unable to issue any further statement or answer questions until we have more information.
From Mike Gullard, Chairman of the Board, Mainsoft Corporation
=^..^= all your rodent are belong to us
Since no other entity than Microsoft is officially allowed to access the Windows code, every kernel patch should be sent to them as of today.
Not necessarily true-- which brings to what I want.
I recall hearing that Eric Raymond had modified a program which took input file(s), cut the file(s) into overlapping 5 line snippets, generated MD5 checksums on each of the snippets, and output a list of MD5 checksums along with the generating file posistion. So, if Group1 uses it on their source code, and Group2 uses it on their source code, they can compare for identical code without any risk of letting the other guy steal any.
What I would like is for some very careful person to:
-Gather a group of witnesses, probably including a lawyer
-Get an computer with an expendable hard drive
-Put a clean install of an OS and whatever package you need to download the M$ tainted source
-Download the M$ tainted source to this computer drive
-Unpack the tainted source
-Generate the MD5 checksum file -- with the witnesses making sure that the person at no point looks at the contents of any of these files
-Upload the MD5 checksum file to a safe place
-Remove and physically destroy the hard drive-- for safety's sake, send the pieces to Micro$oft afterwards
-Have each party present fill out an affidavit saying they witnessed these above events, and that no-one saw the actual code in question-- include a certified copy with the package for Microsoft.
- Distribute the MD5 checksum file far and wide.
This will allow for easier checking of anyone trying to include tainted code into GPL code, to help automate such checking. I want a copy of that checksum file, dammit!
//Information does not want to be free; it wants to breed.
$ strings win2k/private/security/msv_sspi/core|grep 'PWD='v _sspi
PWD=/usr/ms/win2k_sp1/private/security/ms
In a society that believes in nothing, fear becomes the only agenda ~ Bill Durodié
I keep hearing that the entire Windows 2000 source code is 50 gigs.. I find that really hard to believe. Does anybody know how big the Linux kernel source, X, and KDE or Gnome would be to compare? My linux kernel tree, with object files, is only 226 megs.
yeah right - el reg is going to get /.'ed
you filthy filthy ho!
How in the HELL did this get 5, Insightful? Make me sick, fucking Microsoft bigot.
Whos going to check Open Source projects, or any other for that matter, to ensure they dont contain MS code?
The Programmer cant
The Maintainer/Leader cant
Can you rely on *noone* in the open source community *ever* downloading this leak...
So how about a new IT role, that of the "Analyst Code Screener", someone not involved in development that can freely look at MS code then look at project Y to see if its all clear.
// BUGBUG (reinerf)
// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
// around the fucking peice of shit compiler we pass the last param as an LPVOID instead of a LPITEMIDLIST
[parody]
In other news today, MSFT Chairman Bill Gates announced the creation of a new software division at Microsoft, whose job it will be to study FOSS source code to look for similarities with Windows code. Says Mr. Gates, "Due to the recent unfortunate release of our IP, we will now be keeping the open-source community honest by comparing all past and future versions of Windows code to all past and future versions of all open-source applications, as well as the Linux kernel. We don't expect to find anything, but if we do we will certainly take action."
Part of the effort will be the construction of a clustered supercomputer to constantly analyze code downloaded daily from SourceForge and similar web sites, comparing against a database of Windows code. This will employ "fuzzy logic" that will not only detect direct copies of Windows code, but also code that approximately matches Windows code or comments in code. Continued Mr Gates, "We're going to be reasonable with our findings, and will fund the creation of a panel to review all findings preliminary to legal action, but with this illegal Windows source code release we have no choice but to aggressively protect our IP."
[/parody]
Hope that doesn't give them any ideas...but if they aren't already thinking along these lines I'd be amazed.
=^..^= all your rodent are belong to us
I wonder how many people on /. will start using comments or code snippets from the windows source in their sigs?
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
Or to put it another way:
"Everybody! Stay away from the brown source code! Do NOT take the brown source code!"
www.eFax.com are spammers
... the IP claims against MainSoft, who ported MS' code, so now a $699 license for all who run Windows, and -- Darl's convulsing with joy here -- if you run Linux and Windows, using MainSoft to integrate, well ...
$699 + $699 + $699 = $2097 (plus the software costs from MS and MS).
But businesses have been advised to be vigilant and beef up their security teams.
<sarcasm>
I am responsible for a number of systems that employ technologies including the Apache webserver, OpenSSH, and the Linux kernel. I am deeply concerned to find out that the source code of these very programs have been released into public, for free! Anyone from anywhere in the world can download the source, compile it on their own machines, change it, and even submit their changes back to the developers to be included in the next release. I can not even start to believe the security implications that this must cause. I mean, how can a system like Apache be secure if everyone in the world with decent programming knowledge can look at all of its source and find its weaknesses? And Apache runs two-thirds of the Web!! I hear that people all over the world have contributed to the Linux kernel. How do I know that I can trust something that was written in a country not ruled by Capitalist lobbying and corporate power, where the dollar is the bottom line and one expects to pay a high price for quality? How can something developed for free be better than a system which costs thousands of dollars and forces restrictive licensing upon its users?
The only solution is to switch to something that is carefully guarded and kept closed.
</sarcasm>
Let's look at this another way. OSS is going strong, we've made serious inroads in recent history. Redmond has Redmond for programmers. We have the world. MS is corporate (with all the associated baggage that goes with it) and we have the personal initiative, pride and the results to show for it. True, I'm not a programmer, but what could be sooo earthshattering in NT code that would tempt someone to even consider messing with such an obvious success? We're on a roll. Leave it alone. We don't need it!!! My 2 cents.
Yeah, well.. Does the fact that my employer uses warez instead of buying software make any difference?
Having the most widly used program in the world be closed source opens a company up for all kinds of problems. But this is to be expected when the source is also vital for low-level system developers to make programs that access the OS. MS can only have it both ways (Closed source, large software development community w/ source access) if they monitor computer security for any company with source code access.
It is impossible for every company to be unhackable and have every developer be moral and ethical. We already discussed that programmers leak confidential information about abused welfare children, Apple system APIs, and that large companies like Valve can get hacked and lose the source to a video game with huge development costs. Isn't it safe to say that the leak of this source is innevitable. I would be really interested to see if a lawyer could prove that this is an innevitable incedent and MS should have assumed a liability like this would occur. What were the minimum req. of the code repository and network security?
The other side of the coin is that MS can sue Micro**** that leaked the code for the 3 years of support on W2k that they are going to be at risk with over possible security threats because any hack can now create breaches in security, with the ability to see where buffer overflows are created in the code and such.
- Kill Yourself, spare us all! -
I forgot to post that Columbia has a website where you can compare Harrison's song My Sweet Lord with the 'original' Ronald Mack song He's So Fine and judge for yourself if Harrison infringed on Mack - it is here.
Spoke to someone in Microsoft Support today, they told me it was less than 1% of the OS code.
In the first discussion on this topic, I mentioned the oft-quoted claim that the total source code is somewhere near 40 gig (estimate attributed to at least one "analyst), while only one CD worth was leaked. I asked whether 40 gig could even be a reasonable estimate.
One of the respondents said he's putting together a Linux distro that weighs in at under 6 gig at the moment. I still don't know whether the 40 gig is reasonable or not.
Anyway, evidently Microsoft's support staff wants to increase the bloat figure by 50%. If 600M is less than 1% of the source, then the source for Windows 2000 must be 60 gig.
(Yeah, yeah, I know. The alternative is the too unlikely to be believed theory that the MS support guy was talking out his ass.)
Phiwum's law: anyone that names an obvious law after himself and then puts it in his own sig is just pathetic.
Only w/ Microsoft will you find the code "escape". It may not be the smartest code... but its united in its resistance.
"The truth suffers from too much analysis"
Do we finally get to see Rosie Cotton naked?
Have we such short memories?
I think everyone has seen the creepy creepy creepy plunge the S&P 500 has taken the September 10th, 2001.
But just looky at the MSFT chart, specially if compared with the S&P 500 chart plot for the same period.
MSFT has dived a whole 10% in one week.
Yes, it's nothing as obvious and strong as the September 10th mini-crash, but leaked sources don't exactly mean the same as the world as we know it being under attack.
Just clicky the charts.
"Prior to Microsoft's Shared Source Initiative launched in 2001, Mainsoft, which calls itself "the software porting company," was one of only two partners with access to the Windows source code under Microsoft's Windows Interface Source Environment (WISE) program.
heh, looks they should have called it "Underground Network Windows Interface Source Environment."
*ducks*
But seriously, given the fact that folks made off with only 15% of the Windows source, in about six months they'll be such great, write-home-to-mom projects as:
31337 \/\/1nsock 3.455 fr33 pr0n edition
hax0r c3rtificate handling w/ 178-bit encryption
Any maybe...
1337 Media Player DRM-free F0R3V3R
punch little holes in cards.
Oh shit, thats how the grayhairs in FL vote...
The leaked code includes 30,915 files and was apparently removed FROM A LINUX COMPUTER USED BY MAINSOFT FOR DEVELOPMENT PURPOSES.
BWAHAHAHAHAHAH!!!! They're using a Linux box to write Windows-compatible code? Or maybe it's their CVS server?
My real question is:
Has anybody examined the Windows code to see HOW BAD IT IS? I mean, with all those 24-year-old Windows programmers Bill hires, I'd like to see the code quality.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Damn those guys in Redmond are clever! Unethical, but oh so clever!
The facts are that Microsoft's entire product line was developed for a personal computing architecture. Clearly they are having problems moving from the vision of their early roots to that of a networked world. Microsoft systems are inherently insecure the moment they connect to any kind of network because they were designed for a different purpose. Maybe when all the talking about Longhorn ends, and the new architecture is finally released, Microsoft will be able to transition the user base to a truly network platform. But that's a ways off. And there are so many quarterly reports to be filed in the meantime.
The truth of this dilemma proves itself on a near weekly basis at incredible cost to the great monopolized herd of Windows users.
So if they can't "fix" the fundamental design flaws of their pc oriented architecture, the marketing masters of Redmond had to come up with perception fix. With this strategic leak of source code, Microsoft can now shift the "blame" to open source evil doers. It's brilliant!
Instead of the great herd blaming Microsoft for selling them shoddy products, that they are unable (or unwilling) to "fix", Microsoft can now point at evil robbers who have no respect for intellectual property (i.e. shoddy, half baked, woefully insecure and hap hazardly constructed software products that should never be connected to a network without the cover of a enormously precautious shell).
We all know Microsoft has two very big problems. One is security. The other is convincing an angry user base of over 450 million users to upgrade to the next generation of profitable products. When it comes to basic product features, the great herd is quite satisfied with the applications and systems they've already paid for. Except for one thing - security! They're mad that the products Microsoft sold them are so susceptible to misuse and abuse of all sorts. Susceptible the moment they connect to other computers.
So the challenge for Microsoft is to get out from under taking the heat, er, responsibility for their products, while shifting the blame to the only meaningful competition left standing. And do it in a way where the great herd finally accepts the bottom line engorging argument that the only way to resolve the security problems of end of life Windows systems is to upgrade enmass.
Of course Microsoft will officially downplay the "security" concerns about the released code, while putting the blame on open source evil doers who have no respect for intellectual property rights. The tech press has already taken the bait. We are guaranteed that from this day forward there will never, ever, be a MyDoom type story in the press that doesn't reference the release of this code. Security pundits and techsperts of all sorts are already preparing their power points and bulletin templates with this soon to be boilerplate message.
It's brilliant. The strategic release of this code paves the way for moving the installed base. It is exactly the woeful insecurity of those 450 million plus legacy Windows systems that will provide the impetus for force marching the great herd to the tightly bolted Windows XP Stack, rife with patent restricted interfaces, and yearly subscription licenses. A whole new generation of lock in, perfected at the expense of the only meaningful competition left standing - open source communities.
It's brilliant! It's end game.
~ge~
This has been a banner month for M$: first, myDoom.a, then myDoom.b, then Doomjuice, followed by two of the most critical security vulnerabilities, now leaked source code. ... They say your entire life flashes before your eyes in the final seconds, I sure hope BillG is enjoying that BSOD.
zac
-- my sig got
Can someone send me the scrollbar widget code? I'll fix the damn thing and send diffs back to them.
The fact that this comes out right on the heels of this quote just makes me laugh:
"I'm not naive enough to think that proprietary commercial operating system software doesn't have the same sort of vulnerability, but the barriers to implementing them are much higher, because the source is better protected."
--A. Russell Jones, "Open Source Is Fertile Ground for Foul Play".
(Granted, the context was policing code insertion.)
...small furry creatures from Alpha Centauri...
Win2k_SP1 added that, apparently.
Does anyone know if this leaked source code might enable someone to finally decode NTFS? That might really help people that want to try Linux but aren't willing to give up Windows.
There are two major problems blocking Linux uptake on the desktop. The windows binary pool is huge, and the lack of standards of packages, menus, interface etc on Linux.
Now if the WINE project can be merged with this source code, or if the raw hardware interfaces of Windows is translated to linux APIs to make it something like usermode linux only windows binary emulation in windows using windows source code, that will fix one part of the problem. I believe the other part, standardizing packages and the GUI will eventually happen...
With these two problems fixed, theres no reason Dell and HP wouldnt sell and promote Linux on laptops and desktops as the standard.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
Some organiztion that has legal access to this code should create an indemnity filter, which can be used by the open source community to screen submissions.
Though file creation & modification dates/times can be changed with touch, can they not?
This is so clever its almost evil. What do you do when not enough people are upgrading from 2000 to XP? Simple. Stage a "leak" of parts of the source you don't really care if people have. Act like this code is uber-secret and its release will make 2000 far too insecure to run. Not only does this encourage people who wouldn't upgrade to upgrade but it also lets you continue the "open source is evil" campaign with an actual example. Gotta love Microsoft.
~Morosoph
"Developers will also appreciate Visual MainWin's J2EE Integration Package and industry-leading XML support. And it actually recompiles Windows source code with the Unix compilers to create native Unix applications..."
Oh how true Mainsoft's marketing is...
and its not only in the software world, physicists and mathematicians and all sorts of people working independently often come up with the same work at around the same time.
"How do you make sure the most current changes in a file aren't overwritten? How do you audit the changes made; when they were made and who made them? How are you supposed to know what changes were made?"
Oh gosh I think Mainsoft must be burying their face in their hands...
Microsoft has great "flextime". You can work any 80 hours per week you want.
Here it is:d =8267 131
http://slashdot.org/comments.pl?sid=96614&ci
(remove the space between "ha" and "sh" in the url.
Anybody gonna find a job for these guys??? I'll hire 'em
ITF 2003
Here's her bio from the site...
Laura DiDio is a senior analyst for the Yankee Group's Application Infrastructure & Software Platforms Planning Service, which is closely aligned with the Enterprise Computing & Networking Planning Service. In this capacity, Ms. DiDio focuses on desktop and server operating systems, with a particular emphasis on Microsoft Windows 2000, Windows XP, Active Directory, and Novell, Inc.'s NetWare. Additional areas of coverage are Web services platforms and standards including Microsoft's emerging .NET services and the rival J2EE. She also covers the directory services arena and interoperability and migration issues associated with Active Directory, eDirectory, and Sun's iPlanet, as well as desktop and server operating system security, software distribution, and third-party performance monitoring and management tools.
Ms. DiDio has covered client and server operating systems, directory services, and OS and NOS security for 15 years as an analyst, reporter, and editor. Prior to joining Yankee Group, she spent three and a half years at Giga Information Group, where she held a similar position. Before that she held various reporting positions at a number of computer networking industry trade publications including: Computerworld, Network World, Communications Week, LAN Times, and Digital Review. Ms. DiDio also worked as an investigative reporter for various broadcasting and print outlets including CNN and Channel 5 News in New York. Her investigative reports have also appeared in The Village Voice and The Minneapolis Star Tribune. Laura DiDio holds a B.A. in Communications and a minor in French from Fordham University
Here's our chance to take the code, find all the bugs and errors, fix it, clean it up, and give it back to Microsoft, 10 times better than when it went out into the wild.... heh. What a way to get the benefits of Open Source code review without actually opening up the whole code base.... *grin*
"Is this not a rare fellow, my lord? He's as good at any thing, and yet a fool." -from "As You Like It", Act 5,
Yes, this would take care to ensure that the first party never goes near code for related projects, and that second party never goes near the M$ source, and can prove how they came to know the protocol details, but isn't this enough of a risk that M$ would be foolish to release the code themselves?
In other words, don't M$ stand to lose at least as much as they might gain from disclosure? While many of the conspiracy theories around them seem plausible, it makes this one seem a little less likely.
Ceterum censeo subscriptionem esse delendam.
Source code can be found here. Enjoy, hehe..
http://www.gpf-comics.com/d/20010131.html
um, technically, that would mean AC is a she not a he. I wouldn't mind getting to Karma though - in the biblical sense....
Somebody mod the parent up, and please send this logical connection of statements, events, and evidence to some congress critters, or any officials who may listen.
You may think they pay attention to these things, but in reality they really don't. It takes someone to show them what is going on before they will take action.
I regularly have coffee & see a house of rep. member, another 2 live in my neighborhood. etc. Being around DC has it's perks, let's make some good things happen slashdot, we have power in numbers!
Seriously. Seriously. If it is known the microsoft is lying under oath, and showing foreign communist governments it's source code, they will be in a world of hate when proper authorities find out. The DOJ may be lax, but when this is learned, someone's head will roll.
From tweakui.c
(Had to remove some *'s because of slashdot's filter)
/*
* CriticalInit
*
* Here is where we put the stuff to impede reverse-engineering.
*
* 1. All of our strings are encoded. Decode them now.
*
* 2. Get the shell32 internal entry points via GetProcAddress
* so that a "hdr" won't see them.
*
*/
HRESULT PASCAL
CriticalInit(void)
{
int itch;
int iit;
HINSTANCE hinst;
itch = cA(c_rgtchCommon)-1;
do {
c_rgtchCommon[itch] ^= c_rgtchCommon[itch-1];
} while (--itch);
hinst = GetModuleHandle(c_tszShell32Dll);
for (iit = 0; iit < sizeof(mit) / sizeof(LPCSTR); iit++) {
DWORD dwOrd = ((LPDWORD)&mit)[iit];
((FARPROC *)&mit)[iit] = GetProcAddress(hinst, MAKEINTRESOURCE(dwOrd));
if (((FARPROC *)&mit)[iit] == 0 && !HIWORD(dwOrd)) {
return E_FAIL;
}
}
return Ole_Init();
}
Ooo, ooo, stept on some toes? Hit a nerve? Look, there's nothing wrong with masturbation, and if you use oil, you'll have less hand burns.
funny how some of their key technologies seem to have being carefuly removed from these sources...
- at the ntos kernel it is possible to see their vm code, UDF fs but not a single NTFS. (just a routine to "detect" NTFS)
- the functions reported buggy recently by eeyes advisory cannot be found either, like ASN1BERDecCheck().
- no code to the netbios server that listen on ports 139...
and the list goes... this whole thing is pretty strange.
DEC made the source for VMS available on microfiche. This allowed the customer to look at the code without making it easy for someone to copy and distribute the source code to unauthorized people.
Mea navis aericumbens anguillis abundat
You either the follow the path of science or you don't. Everything in between is hypocrisy.
What the theists say (and what you claim in your last paragraph) is true. BUT 99% of science is like that. The vast majority of science is THEORIES (not laws; not facts). You cannot really "prove" many things. For instance, can you prove that the radiation and light emitted by the sun is due to nuclear reactions occuring within the sun? Not really. We have never gotten through the surface (any probe will melt long before it gets through the surface). All we have are theories. For all we know, there might be some aliens living in the center of the sun might be responsible for relasing the radiation and heat.
Can you prove that the techtonic plates underneath the surface of the earth causes earthquakes? Not really. It's just a theory. It's based on our best understanding.
Can you prove that matter is made up of particles? Not really. It's all based on indirect observation and theories. The way things are going, it might even be so that particles don't exist*; all you have are strings. Strings cannot be "proven" but that seems to be our best theories right now (actually, strings haven't been widely accepted yet; however, I expect them to be accepted within 20 years).
The same thing goes for theories relating to biology. Yes, you cannot prove the theory of evolution, natural selection, or anything like that. But that's our best models.
So the point that you are making (i.e. need to emphasize appearance) is totally irrelevant. Stricly speaking, 99% of science is appearance. If you follow the path of science, the theist argument of "evidence" is moot--because you hardly ever prove anything (even observational evidence can be wrong). If anything, the theists will disagree EVEN if someone observed it. After all, theists still don't support the view that the universe is billions of years old (religion says a few thousand (Christianity) to a few million (hinduism)--all wrong).
FOOTNOTE:
* By particles not existing, I'm referring to the view that everything in the universe is composed of strings (re: superstring theory; M-Theory). What we thought of as particles are the results of the oscillation of the strings. NOTE: I'm not a scientist but that's my understanding of it.
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
http://www.crn.com/sections/BreakingNews/dailyarch ives.asp?ArticleID=47983
What's the risk of Microsoft's intellectual property "contaminating" other IP?
Or, put another way, would MS have an argument for acting SCO-like against other OSs? MS could say "your code looks like ours, we think you stole it from the leak."
No. You're wrong. I looked at your link and they don't compare anyone to suicide bombers.. or even mention anything metaphorically similar. You're trolling for mods.
Did anyone else read Laura's surname like this at a first glance.... fits perfectly.
other os developers just have to make sure their new code won't look like anything like ms's.. but then still they have to look in win2k =/
It may have been mentioned, however, the idea here is to sell more XP software and get all the big cos. not running XP to upgrade to XP...There are big cos. still running on Win98 still. Not to mentioned NT and 2000.
M$'s statement will read: "Pay us for XP and there will no security issues due to the code leak..."
Esta es una firma en Espanol.
It encourages upgrades that might not have happened otherwise, and it makes open source look bad, since MS can point to any attacks that result and say, "Look what happens when people can see your source code!"
... that the complete source code for each version of Windows is included verbatim as both ASCII and Unicode in some part of the digit string of pi.
What powerpoint presentation wouldn't work right in CrossOver Office? I think you're going to have to find another example of an app not working on linux, 'cause powerpoint is fully supported in linux via crossover office/wine....
compressed tar files are far more efficient [than zip files].
.tar.gz of the kernel source? It sucks.
Not when you want to browse the contents of the archive or extract a single file. First it has to uncompress the whole thing, and then browse the tar.
Did you ever press Enter in Midnight Commander on a
MS lawyers would be onto you faster than you could say "Santa Cruz Operation", but the irony is wonderful :-)
Why would anyone engrave "Elbereth"?
Over on Groklaw there is an analysis of the implications on the MS code leak by Dennis S. Karjala, a law professor at Arizona State University. e basically says, among other things, that MS's trade secrets are now null and void.
Unknown host pong.
Maybe the place where I work is unusual, but, according to my experience, computers are upgraded all at the same time in a company. Perhaps some old computers were sold at scrap value and the buyer had the common sense to check the disks for valuable stuff...
DO NOT READ IT!
If you do, you'll die in seven days time.
Look at Kazaa P2P network - there are now HUNDREDS of people sharing the source! It's impossible to do anything about it now.
Please shut the fuck up, you hypocritical assweed. You are the worst culprit among the crud that passes for editors here for posting duplicate stories. Eat shit and die.
If you were blocking sigs, you wouldn't have to read this.
well at least I haven't been able to pick up, was how long between the code being swiped and appearing on the 'net.
It's older code w2000 SP1(?) or some such - so maybe it has done some underground rounds already before someone got careless, or wanted to get the script kiddies to download it to cover themselves.
The Singularity is closer than you think
Quant
You might have forgotton how recent last great leak of source code occured.
October 2003:Valve Software,Half Life 2 source,Microsoft Outlook
March 2000:Microsoft, "Whistler"/XP source code, QAZ Trojan The QAZ Trojan was confirmed as the source of the leak.vi /boot/grub/grub.conf
Change
Default=2 # Windows
to
Default=0 # Linux
I'll bet more windows users wish keeping their computers secure for the next few months could be so easy!
The U of C will like this with their Virus writing credits. The winsock code has holes - now that the code is "open" it will not take long and the fun starts. Microsoft, I suspect is so full of holes that is why they close the source. But it is out of the bag now.
Why assume someone is dangerously negligent, when probably all it takes is some ordinary negligence with common practices. Although this is a wild ass speculation, maybe someone bought a "recycled" a computer and found this on a hard-drive partition...
Maybe even a scenaro like this...
Eyal's computer gets upgraded (because he's a bigwig and gets new toys as a perk). Person who recycles computers for Mainsoft either doesn't erase the disk or perhaps only erases the partition that doesn't have this data. The old disk is "recycled". Two years later, someone gets the recycled computer and when looking for credit card numbers and passwords stumbles upon windows source code...
Or, maybe he downloads this on to his laptop and forgets his laptop at an airport security checkpoint after 9/11. Two years later, nobody claims it so it's auctioned by the TSA on e-bay...
Seems to me it could happen pretty innocently these days w/o being dangerously negligent and apparently the service packs that were part of the code are around the 2-year vintage
Like windows 98 lite, and cracks... patching is a different method.. you don't need to compile to patch!!!
I think "funny" mods don't affect Karma anymore anyway. If you want to mod him up but not give karma, vote "funny"
ed2k://|file|windows_2000_source_code.zip|21374820 7|34bb9f3a3e8d3e0c4490a96ec30b9f3c|/
:)
Mmmmm...Buggy code....
Hey,who knows someday we could as well see this: fanis@raven:~#apt-get install WinXp Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: libwinxp-common , libwinxp0 , libBSOD The following NEW packages will be installed: winsock-0.0 , libDirectX , libDirectX-dev , iexplore-libs , iexlore-i18n-el Selected previous unselected package WinXP .......
In fact, it's possible that one of the copies of the cdrom in question couldn't be read by the person who had it and it was disposed of and found by someone digging thru their garbage.
They probably have pretty good security against such an event, but no security is ever perfect. One imagines some junkyard scavenger digging thru piles of trash, finding the CD, thinking "Oh, cool!" and managing to reconstruct the contents of the disk, thereby gaining points with his 133t kazaa buddies.
Heh.
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
This is total BS --y ou don't know what you're talking about, buddy!
...world do not.
They'll move to XP because M$ will push it as a temporary solution until Longhorn comes out. Hell, only moving to a (cough) "trusted computing" environment now lets M$ guarentee to stockholders that people will upgrade in droves. They'll probably become very outspoken about security in the near future, LOL!
Loading...
There were rumours flying in the past that code from DEC's VMS OS made its way into NT. The rumour was that it happened and DEC settled out of court with Microsoft.
It'll be interesting to see if anyone actually looks. (You can get not all, but alot of the VMS source code on microfiche and other media)
Yea, I used to work there. No, I have no first hand knowledge. Just rumours. Take them for what they are.
What's my Karma Mr. Burns? "Excellent"
yes they get paid but not as expensive as before. 7K rupees rather than $70K.
http://torrent.spyderlake.com/download.php?info_ha sh=66a26447f563c3dc2336de74ae37dc14d11dd8b9
If Microsoft posted the code then in a few years they can sue the Linux companies like SCO is doing claming that someone contaiminated the Linux source tree with it.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
So, I decided it would be neat to find all instances of 'fuck' in the source... and here, for your reading pleasure...
// HighContrast mode is turned on. This totally fucks our style sheet as most of it will
// get ignored. The best we can do is to resize our window so the gigantic fonts will
// show correctly.
// !!!this is fucked if a map goes to multiple physical devices
// we return the *last* dResult, this is
// totally random for some messages (like MODM_GETVOLUME).
// The user fucked up
// see if this file is loaded by kernel, thus something we don't
// want to fuck with.
// BUGBUG (reinerf)
// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
// around the fucking peice of shit compiler we pass the last param as an void *instead of a LPITEMIDLIST
* !!!!!!!IF YOU CHANGE TABS TO SPACES, YOU WILL BE KILLED!!!!!!!
* !!!!!!!!!!!!!!DOING SO FUCKS THE BUILD PROCESS!!!!!!!!!!!!!!!!
./weed | bong
THAT's the problem? People look at Linux' code all the time without this much worry. That's a pretty bad admission on MS' part if they did but know it. Linux thrives on people gandering at the code.. while Windows scampers, cockroach like, at the slightest light being thrown on it...?
Very well wrought. :)
:)
Thanks bunches
I haven't had time to sort through all 900+ replies on this thread but...
Isn't this code leak going to open a huge gateway for M$ and others to promote Trusted Computing and the use of 'fritz chips'?
Trusted Computing scares the living hell out of me...I can see this code leak as the gate to some bad times ahead for all...
--John
A female journalist mentioned she viewed the code and found snippets of foul language in the comments.
First of all, would Microsoft contract their code with curses to foreign governments and large corporations? If so is it possible that the copy was leaked directly from Microsoft or that the leaker inserted those comments?
Second of all, isn't it illegal even for a journalist to download illegally distributed source code?
For instance, one of my recent projects was writing a replacement GINA for Windows. This is the component that determines authorization, eg, the login window and associated logic. There were various that reasons existing products and projects were unsuitable. Microsoft's documentation is absolutely, incontrovertibly horrible (so incomplete that I get the distinct feeling it's intentionally meant to stop integration efforts). However, I managed to get through it by some reverse engineering (testing how various parameters affect a function) and some online research (third party websites, wine source when GPL is OK for the project).
What if Microsoft decides that I couldn't have done this without access to their source? There are only a few companies that write real GINAs without passing through actual login to MSGINA and I know some of them have access to source, so it may have been very helpful.
Obviously, I'm staying as far away from the leaked code as possible. In fact, I'm hesitant to even post to Slashdot as that might remotely associate me with some people that have the files or I might accidentally glance at a file listing or code snippet from some careless individual.
I'm not naive: I know that if I get taken to court, I'll be the one that has to prove that I never looked at the source. How the hell am I supposed to do that?
Even worse, a lot of the documentation I use comes from people who've reverse engineered it out of Windows. When I read something online, how am I supposed to know if it came from someone who truly reverse engineered it or from someone who had illegitimate source access? IAANAL (obviously) so this might even be OK legally, but I know that if Microsoft goes after me, I'll be destroyed due to their resources so I put little faith in the law (and Microsoft really hates people like me, I get people off of AD onto standard LDAP schemas).
Some of my other projects include remote filesystems via IFS and some various driver-level stuff. This really, really scares me. I spent days looking at hex dumps to get some things working. For a lot of projects the only way to test anything is a reboot, so I've put a lot of time into these projects and this leak gives Microsoft an opportunity to easily destroy all my work.
I'm seriously thinking of talking to a lawyer RIGHT NOW as I'd like to know exactly how I can protect my livelihood from now on and what steps I can take to gather evidence that I've never looked at Windows source.
Could you post a working link to said files?
Has any one else noticed the lack of copyright notices in lots of the /shell source files?
/ntcrypto sources. And other places too.
/shell.
Also saw some missing c/r notices in
Of the 4K source and 5k header files, I wonder how many are missing the required c/r notice that identifies i.p ownership. 5%? 10%? 20%? My guess - around 10% almost all in
Looks like m.s legal has been getting sloppy the last few years.
Guess what guys, this means that the Common Controls code maybe public domain. You'll never have to write another toolbar or tree control class ever again.
The tooltips code looks a bit hairy though...
Honestly, after the war on Iraq coverage on CNN, I try to stay away from that ultrabiased news source as much as I can.
It's right here for the taking...
/*
...see the URL for more...
/Dave
Here's an excerpt:
Microsoft(r) Windows(tm) XP Source Code
(c)copyright 1998 Microsoft Corporation
This is closed-source software.
Distribute it and die.
*/
#include "dos30.h"
#include "win31.h"
#include "win95.h"
#include "workst~1.h"
#include "evenmore.h"
#include "oldstuff.h"
#include "billrulz.h"
#include "monopoly.h"
#define INSTALL HARD
char make_prog_look_big[16000000];
ASSIMILATION_CLASS main(int argc, char * argv)
{
char * eat_up_all_avail_mem;
eat_up_all_avail_mem = (char *)malloc(sizeof(free_mem()));
FPGA, Wireless, ASIC, Verilog, VHDL, HW, 10yr exp, Team Lead, Ottawa (More? Email above. slashdotusername=dgmartin98 )
has anybody thought that maybe microsoft leaked this code themself? I mean look at the timeline
1. announce nt4 will not be supported after end of the year.
2. a few days later nt4 and win2k partial code 'leaks' out
maybe this is just a plan by microsoft to have some of the code out in the open so exploits can be found so they can patch them then release a security update before ending support so those that don't want to ugprade from NT4 will feel secure.
Releasing win2k partial code could be the same code that's in windows server 2003 and by getting it out in the public they are actually finding holes not previously found in win2k. Microsoft office xp sp3 code leaks out. Same code in office system maybe? Then once exploits get out in the open and they can release patches it will make the public look at m$ in a different way, and say OH WOW look! they are actually fixing things!
This is great business sense by fixing and updating windows 2003 and office system cause if it's more then somewhat secure and less flaws found it will sell more copies
But the downside is the consumer side. cause we the consumer get screwed by all the new bugs and worms that come out because of flaws found in the partial released code.
In the end microsoft wins yet again, by gaining back the trust of the consumer and getting their almighty dollar
My Two Cents
From Visual MainWin 5.0.2 System Requirements for Linux:
"GCC 3.2 (Mainsoft fixed version)"
GPL demands them to give back the source, but they gave us the wrong source!
(Seriously, this means they developed for GCC and saw the Windows source. Are they "tainted" too?)
Take a look at it. Take a good look at it. If you ever code anything so fucking horrible, I'M GONNA COME AND KICK YOUR ASS!
You have been warned.
No wonder MS code quality is so shitty, that code is of less quality than your average college programming assignment: swearwords, long chunks in comments, odd variable names, lots of bugs, bad design, etc.
But Microsoft's Stuart Okin said:"If you were to write perfect software, it would still be possible to find vulnerabilities. Every time you put in some type of protection against criminals, they work out ways of circumventing it.", 11 48153,00.html
http://www.guardian.co.uk/business/story/0,3604
Apparently Microsoft doesn't understand the meaning of 'perfect'. No wonder they're so far from it.
- I am made of meat.
problem 1: when i accidentally and i do _mean_ accidentally looked over the shoulder of someone who had access to AFPS - AT & T's "advanced file and print sharer" source code, which is actually NT 3.5 source code ported by AT & T to Unix, i was slightly freaked out by the similarity between the code there and the code that i had written in samba's NT Domain Services, like samrd. the thing is that in order to produce network-API-compatible code, there _is_ no other way to do the same job. so yes, i think that Wine and Samba have to watch it.
... so who cares what a developer writes in his code as long as he doesn't make it a static :)
As written before, a lot of sourcecode has comments in it that could be viewed as offending by some, including Linux kernel code.
The only thing it conveys is the way a developer thinks about it's users (ie. the "f**** stupid user" remarks, if any), which in turn can tell you a bit in which light the program was written.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
I remember there was some controversy about NSA_KEY being defined in Windows 2000. Is there any reference to this in the leaked source?
getting covered in DogPoo?
Like THIS?
.
(David Bowman, EVA near HUGE Monolithic Win-PC in orbit around Jupiter) "My God - its full of Malware!"
This olso happened with the second matrix movie. There were so many ideeas about the third movie, everybody speculated the future story by discussing even the smallest detail.Houndreds of ideeas, way to many flames, many possible stories were written.
And then the third movie went out and it was crap.
Yap same thing will happen in this case.
Am I the only one who finds it interesting that when Linux releases it's source code to the public it's "many eyes catch all bugs" but when the Windows source is leaked it's "many eyes exploit many bugs"? It kinda sounds like a gross double standard.
Apparently the Microsoft Source Code contains notes with insults, swearing, admissions that stuff doesn't work, loads of funny stuff. One example I read in the papers was "potentially off-by-1 but who cares" Could anyone who has seen it please e-mail as many examples of these funny or incompetent sections. I'm on samuel_coates@hotmail.com I'm trying to get my hands on this stuff as soon as possible. If someone is particularly helpful, I'll make it worth their while.... Cheers Sam.
I am trying to find out as many examples of swearing, sloppy workmanship, insults to users etc etc in the Microsoft Source Code. Please e-mail me examples to Samuel_coates@hotmail.com I will make it worth your while if you reply promptly and come up with lots of examples.
Hi I'm trying to track down examples of amusing, insulting, or devious notes inserted into the Microsoft code. I will make it worth anyones while if they e-mail me soon enough with lots of good examples of amusing notes inserted into the code. I'm on samuel_coates@hotmail.com Thanks
To everyone who has seen the code. I'm looking for examples of notes inserted inthe code which are funny, insulting, random, insult Microsoft, insult the end user, all that kind of stuff. I you have seen it and can send me lots of examples to samuel_coates@hotmail.com in the next 24 hours I will make it worth your while.... Many thanks Sam
Is there such a thing called copywraith? Just like a ringwraith enslaved by the One Ring to the Dark Lord, a copywraith is enslaved by the One OS to the Dark Gates. It can also be used to describe lawyers enslaved by RIAA or SCO.
The classic yesterday was Laura Didio from Yankee Group comparing OSS hackers to suicide car bombers.
Isn't that the same whore who signed SCO's agreement to see the disputed source code and reported that it did look like Linux stole from SCO? Real reputable information source there.
As well as the nt4 and 2000 source code, part of a recent build of longhorn has had its source code leaked too.
|
edonkey/overnet url:
ed2k://|file|windows longhorn build 4008 source code (partial ).rar|1357906140|dba2a19a3c822837ad6ade3b7f178862
I don't know of any torrents. If anyone finds one, please reply to this post with details.
damn that's funny; wish I had mod points, as I'd mod you up; sadly(?) I've never registered a nick, so I can't
GrimRC
An explicit copyright notice has not been required in the U.S. since it joined the Berne convention in 1989. All documents are born copyrighted and stay that way until either the copyright expires or the copyright holder explicitly releases it into the public domain. IP property cannot be released into the public domain by mere exposure.
In fact any good IP lawyer will tell you that trade secret documents like source code should not have a copyright notice, lest anyone wrongly get the idea that it is not secret material.
I would be surprised if a single copyright notice appeared anywhere in the code.
looking at a listing of the largest files:
u sic.wav
.doc files:
c "User Interface Functional Specification: ICM Printer, Display, and Scanner/Camera Color Management Tabs"
d oc "User Interface Functional Specification: ICC Profile Installation"
s nm p.doc "Windows SNMP An Open Interface for Programming
t /t ransport/democracy in flames.eml ???
find win2k/ -not -type d -printf '%k' -printf '\t' -print | sort -rn | less
some very interesting ones show up. you can even entertain yourself with some incidental music:
win2k/private/shell/applets/welcome/res/m
some of the more interesting
win2k/private/shell/docs/search.doc "Search Architecture"
win2k/private/shell/docs/architec.doc "Basic Shell Browser Architecture"
win2k/private/ntos/w32/ntgdi/icm/docs/monptr.do
win2k/private/ntos/w32/ntgdi/icm/docs/install2.
win2k/private/net/snmp/manager/winsnmp/docs/win
Network Management Applications
using the Simple Network Management Protocol under Microsoft2 Windows WinSNMP/Manager API"
win2k/private/ntos/w32/ntgdi/icm/docs/appui.doc "User Interface Functional Specification: ICM Application Common Dialog User Interface"
win2k/private/windbg64/debugger/tl/remote/gambi
win2k/private/net/snmp/docs/snmp.doc "NT 5.0 Network Management SNMP Framework"
soon we shall have Newer version of an inferior linux distro floating around known as windux
Hi I'm trying to track down examples of amusing, insulting, or devious notes inserted into the Microsoft code. I will make it worth anyones while if they e-mail me soon enough with lots of good examples of amusing notes inserted into the code. I'm on antipiracy@microsoft.com Thanks
A proud member of the Onion-in-Hand alliance
You obviously have had no direct experience of the law regarding copyright, trade secrets, and enforceable i.p rights with regards to computer software source code.
The statute law and case law in the US is quite simple, no copyright notice equals no effectively enforceable property right. Unless you are will to spend a huge amount of time and money in court, and you escape a summary judgment of dismissal against you.
The part of Berne '89 you referred to applies to publically published works not unpublished works.
The copyright notice in the source code is the first step in asserting ownership over the source and the intellectual property contained within. The paper trail of patents, specs, reqs, working papers, change logs etc., plus the audit trail of regular backups and shipped binaries, are what are used to establish ownership if the i.p is ever contested in court.
If you have no copyright notice you have broken the first link in the chain of a defendable i.p claim. It is usually considered gross negligence.
And that's why the guys from legal are so anal about what you put in your source file headers.
If you have no copyright notice you have broken the first link in the chain of a defendable i.p claim. It is usually considered gross negligence.
At our code shop our legal hired gun ordered us to never to insert copyright notices except in the splash panels. We do have the 'unpublished and proprietary blah blah' stuff.
And there are no copyright notices anywhere in the 20,000-odd leaked files, at least that I could find via grep. So it looks like MS does the same thing.
People keep saying:
An open source programmer will write a feature X that is like in Windows and Microsoft will sue them for stealing the code because now the code is available.
Somebody explain please... what stops the programmer from looking at corresponding part of Windows source code and making totally sure their code is all the way UNLIKE Windows source? Just making sure that no single line looks the same, that no single procedure uses all the same algorithm, and if it does, modify it in such a way, that it derives from Windows just in that way that it is completely opposite? And then ask MS people to show a single infriging line of code. It can still be a patent infrigement. But not copyright.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Download these two via eDonkey:
8 20 7|34bb9f3a3e8d3e0c4490a96ec30b9f3c|/
1 48 3|afcb4b1fd05ed574e2ee77618222621d|/
(Remove the spaces in the links.)
ed2k://|file|windows_2000_source_code.zip|21374
And:
ed2k://|file|windows_nt_4_source_code.zip|24113