Microsoft Source Follow-Up

shystershep writes "It's official. Microsoft admits that 'portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet.' No more details, although it seems clear that it is only a portion of the code. Microsoft is, naturally, downplaying its impact, while everyone else is busy speculating about how serious this could get." A lot of you apparently haven't read yesterday's story. An investigation of the code is already underway.

Source of the leak

[cyt0plas]

There are a number of empty .eml files in the archive. While their FTP server looks like (didn't check) it is running a vulnerable version of wu-ftpd , it seems more likely Nimda got to them first.

I wonder what the final MS press release will name as the cause. "Evil Linux Hackers", perhaps?

Re:source out on the open

[Krunch]

The link to the Groklaw's article is here.

Source was Mainsoft - and from a Linux machine

[blorg]

"Evil Linux Hackers", perhaps?" Ironically, there is a Linux connection. Betanews is reporting that an analysis of the leaked Microsoft code indicates that it came from Mainsoft, specifically a Linux machine belonging to Mainsoft's Director of Technology.

Mainsoft specialise in cross-platform development, enabling devlopers to develop using MS tools for deployment on *nix. Interestingly, for the conspiracy theorists, their previous mentions on /. date from 2000 and center around rumours that they were porting Office and IE to Linux. More news on the leak from Internetnews.com and The Register.

The code is said to be W2k-SP1.

Re:Swearing?

[omega9]

$ grep -Hirn "fuck" /usr/src/linux/*|wc -l

43

$ grep -Hirn " shit " /usr/src/linux/*|wc -l

14

And one occurrance of "piss". There're more, but I''m not spending more then a minute on this.

What about the .eml files?

[enosys]

What about the .eml files? You wouldn't have those in Linux.

Re:Is there any GPL Violating Software in it?

[slipgun]

Has any one taken a look to see if the old rumors that Win2K is more stable because it uses open source code is true? If so, would that make Microsoft in violation of the GPL?

If they're using GPL code, yes. They already use open source code, and admit it freely - however, it's licensed under the BSD license, and hence can be distributed in closed source systems.

(Someone correct me if I'm completely wrong, but I think that's right).

Re:Winsock API Included.

[AzrealAO]

Rumor is GNU style Makfiles (which isn't illegal) and parts of gnu autoconf (which I suspect is illegal, if they actually include it in the OS).

Of course there are. This source code leak came from a company who ports Windows software to Unix.

Re:Entertainment value of media "experts"

[paco+verde]

Here's some general contact information for Yankee Group off their website:

Media Relations and
General Inquiry
Kim Vranas
Director of Marketing
kvranas@yankeegroup.com
Voice: 617.880.0214
Fax: 617.210.0014

Re:Winsock API Included.

[br0ck]

Mainsoft has released a short statement which sounds like an admission that the code did indeed come from them.

Statement to the Media Regarding Microsoft Source Code Leak
Mainsoft has been a Microsoft partner since 1994, when we first entered a source code licensing agreement with Microsoft. Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognize the gravity of the situation.

We will cooperate fully with Microsoft and all authorities in their investigation

We are unable to issue any further statement or answer questions until we have more information.

From Mike Gullard, Chairman of the Board, Mainsoft Corporation