Slashdot Mirror
Microsoft Source Follow-Up
shystershep writes "It's official. Microsoft admits that 'portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet.' No more details, although it seems clear that it is only a portion of the code. Microsoft is, naturally, downplaying its impact, while everyone else is busy speculating about how serious this could get." A lot of you apparently haven't read yesterday's story. An investigation of the code is already underway.
>>Microsoft is, naturally, downplaying its impact
Of couse they are. They don't want to admit that its 203MB of files, they will just say its a small fragment.
Makes me wonder about all the weird e-mail files in the zip though...
NeoThermic
Use my link above, or to view my server, NeoThermic.com
Has anyone actually built this code? Will it actually be useful to anyone? I could see how having enough of the code available might allow someone to create a version of windows 2000 that would work with plex86, which would be exceptionally exciting. Just how much of the code is there anyway? It's reputedly a ~200MB archive which also contains assorted tools needed to compile from the source, so only so much of that can be code. 200MB of pure source code would seem like it was probably enough to assemble most or all of Windows from.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
eWeek article mentions that leaked code was not traced to the Shared Source licensing program, because there were so many profanities in it.
I hope the guys who left the f-words in will get a promotion or something for aiding the investigation.
THe most astonishing phrase is this:
Analysis indicates files within the leaked archive are only a subset of the Windows source code, which was licensed to Mainsoft for use in the company's MainWin product. MainWin utilizes the source to create native Unix versions of Windows applications.
Mainsoft says it has incorporated millions of lines of untouched Windows code into MainWin.
WHAT?!?!!?!??
how long until
Microsoft will probably use this to thier advantage: "The leaked code ... was apparently removed from a Linux computer "
The company I worked for 12 years ago was licensed to get part of the Windows 3.1 code in order to interface our product with theirs. There must be 1000's of companies that do this and have been doing this. I'm amazed it took this long for someone to finally steal it and post it.
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better." - Unknown
we were talking about how dangerous it would be for linux coders to look at it, after all the SCO mess. To which a friend replied it would be dangerous for anyone to look at it, considering how ugly it must be.
Anyone wanna bet microsoft programmers are hoping that their code doesn't show up with their name on it, for fear of public embarassment? Of course programming for microsoft is probably embarassing enough. No bob, I'm not working for microsoft, I'm doing gay porn!
And knowing how prompt Microsoft are at fixing known exploits, I really wonder how anybody can consider their products secure. I mean, Valve cited the code leak as the reason for a long rewrite and delay for Half-Life 2 (it's a bloody GAME!), and Microsoft downplays such incidents. We have a new model: Security through ignoring.
http://everything2.com/index.pl?node_id=1519713
Today is the day after Windows NT becomes "Open Source", although not by choice. So far what's happened is... speculation and nothing else. As the roller coaster teeters at the top of the track, all walks of I.T. life are assessing the thrills and spills to come. Here follows a collection of views, insights and ruminations on the matter, collected from as many sources as possible.
Disclaimer: This is a summary of collected opinions on this issue. I am not claiming that any of this will happen, that these views are correct, or that I agree with them. If you spot anything particularly sensationalist or inaccurate here, please make suggestions and correct me.
Noung says re What will occur the day after Windows NT becomes open source : My understanding is that it hasn't exactly become "Open Source" (by choice or not), as we don't even know how much has been leaked... You should probably point that out as your write-up implies the whole thing is out.
jasonm says re What will occur the day after Windows NT becomes open source: it's hardly open source. it may be pirated source, but calling it open source misinterprets the term entirely
In reply to this I can only say that "open source" doesn't necessarily refer to openly licensed code released intently. Although I disagree with jasonm, I do believe that this is an issue which needs clarifying--the source certainly isn't open source in the same way that the Linux kernel or a typical openly licensed project is.
Microsoft Viewpoint
With everything out in the open, Microsoft's honesty regarding past issues is going to face heavy exposure. This might lead to legal battles for Microsoft itself, however, the leak is likely to have come from a separate company which the code was licensed to, and it is unlikely that Microsoft would be giving anything containing juicy secrets away to separate entities. Of course, the conspiracy theorists are already up in arms, voicing the possibility that Microsoft released this code their selves with the intention of converting Windows 2000 and NT users into purchasers of their latest operating systems. This is unlikely to be the case if common code is shared between 2000/NT and their latest releases, i.e. XP, else they would effectively be banging the gavel on this too. Microsoft may be forced to publish just how much of Windows XP stems from Win2K/NT.
archiewood says re What will occur the day after Windows NT becomes open source : You might've heard this already, but an interesting (likelihood of truth aside) theory is that Microsoft released the code deliberately, hoping Windows-derived code segments may eventually end up in Linux. Could be a perfect way to shut down their biggest competitor.
Already a popular idea is 'grep-ping' through the code for comments, and comparing the contents with released code from separate projects. The Slashdot crowd are literally frothing at the mouth at the thought of picking up on misconduct/incompetence in this code and exposing it. It's well-known that BSD network code exists (licensed) in Windows--a first stop for many will be to hunt this code down and ensure that it has been implemented legally and within terms of the license. This is an example of a known intellectual property issue; code monkeys are going to be much more interested in finding scandals of their own in the code.
Patches. Will Microsoft accept a more open approach to fixing problems in their code base? This may be a prime opportunity for them to re-license this code, and reap the benefits of the leak using a similar model to the Linux kernel code. However, with Microsoft's track record it's more likely that they will take an SCO-style approach and concentrate on protecting their own IP.
Hacker Viewpoint
Black hat, white hat... regardless of their choice in head wear, tinkerers from all disciplines are going to want a piece of the action.
White hats, the goo
I'm shocked to find out that there is profanity in the comments/code. Anybody know specifically what they say? Seems a bit unprofessional.
M$ Programmer: Well, nobody's going to read this anyway, so "\\f*ck this bullsh*t"
For personal projects, this is fine (I've vented a bit in my personal coding projects), but I would never do anything like that at work...
-n-
The link seems to be slashdotted, but isn't that the company which ported IE to Unix and was rumoured to be doing something similar for MS Office?
I'm reminded that last time there was a windows source leak we were all encouraged NOT to look at it, so that we wouldn't have to deal with the source ending up in Linux.
Seems like a good idea, but...
Was it ESR that made that nifty app to compare SCO and Linux sources? Could it be fiddled with to see if Linux or other free/open source code made it's way into windows?
It would be quite a coup if we could somehow legally show that they stole from the community without having to deal with the gnarly mess of windows code finding it's way into Linux.
I'm not implying that such a thing HAS happened, but we're presented with an opportunity here.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
Second, we're going to see lawsuits in the next 2 years where Microsoft identifies code in Linux, added after February 10, 2004, which are either copied from, or influenced by, the Windows source code. And, as absurd as this is, it will be used to have, as Microsoft would say, a chilling effect on innovation.
Hm. I bet Andrew Morton has better things to do then trawl through WinNT code. Staying away from it does seem safest, though...
Part of future kernen maintenance should probably include comparisons against this code, just to be safe. The worst possible thing would be for some witless idiot to include any of it into any OSS project and have this miss final review.
IMHO, rather than chortling over this disclosure, I'd rather have the code be kept completely secret by MSFT. Unfortunately, information is hard to keep secret when so may people have it.
GF.
Lots of petrified grits
...from the source leak if it has occurred at the proper time.
One of Microsoft's big problems when introducing a new operating system (felt especially strongly when they released XP) is that they often have difficulty moving corporations and smaller companies to the new platform right away.
Many people still run 2000 (because it was M$'s first decent operating system) instead of XP because they have NO REASON to move to XP.
All of a sudden, 2000, and NT4 (which are holding strong in their pie-slice of the M$ OS world) have been subjected to enormous security liabilities.
Obviously the only answer for companies stuck with M$, move to XP! LOL.
Mighty convenient isn't it?
Loading...
Yea!
Fuck what happened to Stacker, Apple (quicktime) and all the other companies that MSFT stole from! Forget they perjury about the source code being a National secret (right before they let China have a copy)
I'm sure that Microsoft now wishes that it source code files had been locked into self-expiring, heavily encrypted, copy-resistant file formats. Events like this can only increase demands for "Trusted Computing" initiatives that prevent accidental or intentional leakage of security-sensitive intellectual property.
Given that so many companies outsource or collaborate with a far-flung global network of suppliers -- I'm sure MSFT need only whisper about the threat of leaked trade secrets to get corporate IT to adopt DRM/Trusted computing for everyday use.
Two wrongs don't make a right, but three lefts do.
Everyone is panicking about how revelation of the source will open Windows up to hacks. In an ideal world, knowing how good code is written shouldn't give away the 'hacks'. In this case, MS is rightfully fearing review of places where they fail to check string lengths or buffer sizes, the way that they handle exceptions (if they do), the way that their logic copes, or fails to cope, with unexpected input.
However, good code wouldn't have this problem, string lengths would be checked, there wouldn't be hardcoded passwords, components that are not supposed to trust one another really don't, etc.
This exposure of the source may reveal just how crappy their code is. If its not crappy, I don't see necessarily how its more 'hackable'. Apache is open, and nobody hacks it to pieces on a daily basis. Can you imagine what would happen if the source of IIS was leaked?
I want to delete my account but Slashdot doesn't allow it.
If this is true, then I suspect that the list of possible culprits is very short and some poor sap who didn't think things through is going to be in *very* hot water indeed early next week.
UNIX? They're not even circumcised! Savages!
windows developers have had access to gpl'd source for well over a decade... but that hasn't legally impaired their ability to make their products.
any legal action against opensource projects by microsoft relating to these leaks will still have to demonstrate that:
2 1337 4 u!
I agree...just ask Burst.com
``It seems unlikely this is going to create a material, significant security problem,'' said Rob Enderle, a technology expert and principal analyst with the Enderle Group. ``It's more embarrassing than anything else because it makes it look like Microsoft can't control its code.''
It's disappointing to see such lazy reporting from the Times.
*** "Freiheit ist immer die Freiheit des Andersdenkenden". -- Rosa Luxemburg ***
An article run by the BBC says that Microsoft never releases cryptographic/DRM/activation portions of the source to its partner companies. If this release really did come from "Mainsoft" then it doesn't contain any of that that stuff which I'm sure Microsoft is happy about.
Since we all agree that all code has bug in them and since this code is out we can safely assume that some bugs will be found.
Now all the white-hat hackers are prevented by law to take a look at the code and since all black-hat hackers don't give a damn about that law, those who run windows are in a pretty bad place right now. Even worse than usual actually.
Oh well, the windows admins who like working overtime will love the coming year I suspect.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
I remember reading that Steve Balmer and Bill Gates specifically FORBID any MS employees from reading / accessing GPL'ed code unless given express permission from somewhere high up.
...
... sounds familiar to all these conspiracy theories floating around about the leaked win2k source, doesn't it?
They had their "don't touch gpl" rule in place for quite a few years now. But they can access BSD licensed code and incorporate them freely.
Just because they had access doesn't mean MS employees are out to break the law
it works in reverse too. To microsoft, all this free linux code floating around on the net is a huge temptation for its employees to cut some corners and potentially land ms in big legal trouble
Has any one taken a look to see if the old rumors that Win2K is more stable because it uses open source code is true? If so, would that make Microsoft in violation of the GPL?
Or an idiot developer working on a linux box happened to check in the core file with other work.
I've seen junk like that before, so it's entirely possible.
The funniest part of this whole thing has been the industry pundits explaining the ramifications of the source release in various media outlets.
The best I've seen today is on crn.com by some joker named Winell from Econium. He manages to say with a straight face:Mr. Winell has obviously never used Windows ME if he thinks Microsoft quality control prevents "bad releases". You know Econium must be a real player when the title of their home page is "Welcome to Econium who is a solutions provider."
The classic yesterday was Laura Didio from Yankee Group comparing OSS hackers to suicide car bombers.
Nothing like an embarassing Microsoft moment to get the "experts" out from under their rocks.
Listen, people;
THE FIGHT IS OVER!!!
MICROSOFT HAS WON!!!
All that they have to do is tie up the open source movments (specifically the mozilla, apache, wine, *BSD, Open Office, Linux, FreeDOS, samba and any other interoperable OSS project) in the legal system until they either fold or are marginalised.
Because of this leak, they now have the legal means to drage the Open Source world into a labyrinth court process which WILL KILL IT.
The fight is over, If Open Source is not now dead in the water, it will be before the year is out. I'd say before summer even gets here.
Clues to the source code's origin lie in a "core dump" file, which is left by the Linux operating system to record the memory a program is using when it crashes. Further investigation by BetaNews revealed the machine was likely used by Mainsoft's Director of Technology, Eyal Alaluf.
;)
right, betanews revealed it.. damnit. they could've at least credited me
bastards
Zip files are rarely used for distributing source code amongst the Linux/Unix community because compressed tar files are far more efficient.
zip -r source.zip /usr/src/linux-2.4.22-1.2149.nptl /usr/src/linux-2.4.22-1.2149.nptl /usr/src/linux-2.4.22-1.2149.nptl
ls -l source.zip
-rw-rw-r-- 1 build build 49091705 Feb 14 06:20 source.zip
tar cjf source.tar.bz2
ls -l source.tar.bz2
-rw-rw-r-- 1 build build 31964979 Feb 14 06:23 source.tar.bz2
tar czf source.tar.gz
ls -l source.tar.gz rw-rw-r-- 1 build build 40689187 Feb 14 06:31 source.tar.gz
The resulting tarred archive compressed by bz2 is is around 35% smaller than the zipped source. With the exception of the the jar format for java classes, the zip format is rarely use by Linux/Unix developers for distributing source code.
IMO this points to the source code being lost by from a Microsoft based platform.
I like the way this guy thinks - and I think this too.
Let's do some math..and since we're talking conspiracy theory here, we only need to use addition!
* MS "kills off" the old OSs, but not enough corp users move
* MS goes security nuts and publicizes ever patch. Let's not mention that some patches take 6 months to come...
* Release the code through a "trusted partner" - MS supports lots of partners which, via programming, politics or press, support the beast in return.
* Frightened CEOs scream - CIOs look at updating to XPee vs. training staff on Linux and OpenOffice. Looks ok, until...
* Frightened CEO's PowerPoint presentation doesn't work right
SOLUTION:
* CEO - "Upgrade!"
* MS = PROFIT!
C'mon - add to the panic...It's Fun!
Imagine the impact, if, say, the following comment is found in the IE PNG rendering engine
(Disclaimer: this example is FICTIOUS. I do not have access to the code in any way. If such a comment is found, I hereby promise to imediately cease and desist watching Deadzone.)
Karma cannot be described by words alone.
Funny to see Microsoft learn from Valve. With the Half-Life 2 source being stolen, they had the perfect excuse (hax0rs can make cheats for online play and hack the clients/servers) to delay the game for nearly a year. Anyone who looked at the leaked game knew that it was nowhere near finished, contrary to their claims.
Now Microsoft can use the same excuse to force upgrades on people, harass other companies who happen to create similar code to theirs, excuse any future win2k/xp worms, and delays, et unpleasant cetera.
ask yourself why it isn't on the front page of cnn? Or at least on the front page under techology. Isn't the microsoft source code leak a bigger story than some silly write up on stock market AI and the FCC screwing with the internet?
Microsoft is after all the largest tech company in the world, and windows is it's flagship product. I wonder why this isn't being covered more by the mainstream press. Maybe it's my geekiness talking, but this is a big story at least the biggest tech story of the day.
or equally important, make it anchor CSS images properly?
Jeremy
has anybody attempted to use the code analyzer that was developed for the SCO / IBM case. it would interesting to see if there were any similarities between MS code and the multitude of OSS code.
Why did I lurk so long before registering for a Slashdot account? I could have had a Slashdot ID of less than 100000.
Obviously the only answer for companies stuck with M$, move to XP
No. Windows 2000 is NT 5.0, XP is 5.1 and Server 2003 is 5.2. Notice the minor version bump which indicates that all these releases share a lot a code.
It is reasonable to think they want to have users switch to Longhorn (does anybody know if it will be NT 5.3 or 6.O ?), but then the leak occured too soon, for they're not ready yet.
Karma cannot be described by words alone.
Anyone else notice that the GNU PNG library was in the root directory? it looked as if it were put there by mainsoft devs though. but it was funny to find richard stallmans name associated with windows source code
There is actually a lot of network related code in there. Microsoft while trying to downplay, it can't deny that 13 million lines have been released. It doesn't matter the total size of windows and whether this is 1% or 25%. The old addage is you can count on one mistake for every thousand lines of code. Look at programs that are just a few thousand lines of code that have exploits. I'd say at the very least, we are looking at 20 buffer overflows in the code. Obviously not every single one will be found, but you can count on a few. Espically since people will be looking mighty hard. With comments like "this may be off by -1, but I'm not sure", I think we are almost guarenteed some buffer overflows.
This will also give the daring souls willing to look at it a chance to tell us if there is GPL code. Rumor is GNU style Makfiles (which isn't illegal) and parts of gnu autoconf (which I suspect is illegal, if they actually include it in the OS).
Say, a retired programmer took a look at the leaked Windows source code then published a "code specification" that another (still employed) programmer could look and and then write a program to meet that specification. Technically, he never saw the source code, in fact, he need never even know that the "code specification" was inspired by the leaked Windows source. ...just thinking out loud, as it were....
.
.
A goal is a dream with a deadline
The expanded contents of the zip file is around the size of a single CD. This points to the contents being originally distributed from Microsoft on CD-rom.
Microsoft has made so much fuss about retaining control of the source code. In May 2002, under oath at the antitrust hearing Jim Allchin, group vice president for platforms at Microsoft, stated that, because the Windows operating systems contained inherent flaws, disclosing the Windows operating system source code could damage national security and even threaten the U.S. war effort.
It's going to be interesting if it is subsequently found that Microsoft itself has been distributing said source code over the internet in zip format.
By the way, In February 2003, Microsoft signed a pact with Chinese officials to reveal the Windows operating system source code. Bill Gates even hinted that China will be privy to all, not just part, of the source code its government wished to inspect.
Dispite gaining more favored trading status with the USA, there remains many embargos over technology transfers which could put the US at future risk.
Either Jim Allchin lied under oath, to prevent code revelation being any part of the settlement, OR the Microsoft corporation is behaving traitorously, by exposing national security issues to foreign governments.
The exposure of Microsoft source code put users at risk because of the inherent design and implimentation flaws built into the source code.
In comparison open source development practices enables open source distributions and users to evaluate the source code from the start. This forces developers to build in security from the early outset of each project or risk abandonment for more secure alternate solutions. End users can particpate in the development process.
OK, the cat is out of the bag. Yeah this sucks for Microsoft. Yeah OSS developers need to stay away. But has anyone seriously considered reverse engineering the code? I mean if some self sacrificing developer was to check out the code and write up some specs it could provide to be helpful to such projects as WINE, Samba and ReactOS without their respective developers ever becomming tainted (dirty dirty ;). Obviously IANAL nor do I read Groklaw regularly and this is a little different than what Compaq (if memory serves) did with the origonal x86 BIOS but wouldn't a double blind reverse engineering still be legal?
First of all, look at the number of files and the amount of data that were leaked: Some 30,000 files, 660 MB worth of data. For reference, the entire source weighs in around 40 GB and 40 million lines of code. Then look at what portion of the OS it was taken from: Windows 2000 Service Pack 1, released around the end of 2000.
Now, before you start thinking "zero-day" or any such doomsday thought, keep in mind that this stuff is almost four years old and does not figure even 1% of the total code. If it had been a solid 50% of XP's or Server 2003's code, I can understand the concern.
The best response in this case is still: Keep patching those servers and workstations, and watch for announcements from Redmond. There is no need to be any more alarmist if you are already running Windows and are following good security practices.
It's evil!
Heh, I thought your comment was going to be a TIme Bandits reference.
I think this is FUD within FUD, to try to generate some ill-will towards Linux, as if the computer running Linux had something to do with the code being put on the Internet by a HUMAN process.
It needs a volunteer who agrees to screen patches, but does not contribute any code. That person would have to have legal access to Microsoft's code, using the leaked code would not be acceptable, and due to the MS NDA they have to sign, could probably only accept or reject patches in full without being specific about which parts of the code have been copied. But I expect that if a contributer was found to have been copying code, they would be considered untrustworthy and the maintainers would not want anything that is contributed by them anyway, so this is not really a disadvantage.
It is "kludgy", but not too bad. Check out this page for how to easily get alpha transparancies in your pages. Check out Dredg's Online Store for a real world example.
if they work too long they get fined (look at the parking ticket on ebay...)
I'm going to show my complete and total ignorance of programming here... but how can there be 40GB of source for a product that doesn't even half fill a 640MB CD? Even if you add in all the variants and patches, it doesn't approach a significantly larger fraction of 40GB.
MS has said for years that Linux is more vulnerable because the source is out there yet now a chunck of 2k(aka XP) is out there and its "no big deal". Sorry but XP is 2k with eye candy and an improved kernel. XP wasn't a new OS from the ground up and knowing how poor a job MS does with finding security problems I don't see how logically you can say this is anything but devastating. 15% of the source code for Microsoft's newest OS is floating around the Net. That is a big deal.
I don't know why I expected Microsoft to finally act like an honest company and tell the truth here, but they are in even worse denial then we oringally thought if they think we are buying the no big deal line.
If you wanna get rich, you know that payback is a bitch
the best exemple of BSD code in Windows (all version I think) is the ftp.exe file... Just open it with notepad and search for:
"Copyright (c) 1983 The Regents of the University of California. All rights reserved."
And I think the TCP/IP stack is also based on it (they would be really stupid to do otherwise)... But I think this is all old news...and it's all very legal in case you didn't know
I live in Soviet Canuckistan you insensitive clod!
"// WARNING: doesn't handle buffer overflow"
Heh. Great job!
"// potentially off-by-1, but who cares..."
Yeah, who cares about security anyway?
The Xbox kernel + SDK source code leaked over a year ago. The Xbox source that was stolen is complete enough that at least one warez group - Xecuter - has compiled customized kernels from source. If you look at their compiled version, it is very obvious that they didn't do patches to make their hacks.
The forcedeth driver authors have ignored the many emails to them containing the nForce register list and documentation from the leaked Xbox source code.
WINE has ignored emails to them about the real name and purpose of the SystemFunctionXXX calls in advapi32.dll. (The header file doing the #define's to rename them was in the Xbox source, supposedly.)
anonymous woman
Looks like now we've got a little issue here:
Some might believe MS has incorporated GPL'd code into windows.
However, in order to ascertain whether or not this is the case, and to provide proof, one would have to grep through the windows source. However, one cannot do that without violating MS's proprietary license. One cannot learn if MS is using GPL'd code without first subjecting oneself to a flurry of lawsuits...
But of course MS/SCO can look at GPL'd code whenever they want, and scream "They Stoled Our Source Codes" at the top of their lungs.....................
Defenestrate Windows...
Well, it seems to have worked.
--
If I actually could spell I'd have spelled it right in the first place.
Hey, sorry but I wrote this and want to have my name on it. Ignore my AC post please. Contrary to what most posters here are advising, maybe we should set up a group, like a division of Groklaw for example, that has as much leaked closed-liscence code as possible.
The purpose of this closed-liscence division would be to run independant comparisons of new OSS contributions against a library of leaked closed-liscence code to ensure nothing gets slipped by the project managers and poisons the project source.
I was initially going to suggest that the project manager do this comparison, but that would be too risky for the project (closed-source legal teams might have a go at it). Instead using a trusted OSS community party to do the checking saves us the hassle of each project manager having to download all the latest leaked closed-source. The "source-notary" would have a central repository of leaked material, which would not be redistributed by them, only made available to the original authors and for use to run comparisons on new OSS project code submissions and therefore avoid having a company pay a developer to salt the OSS project with leaked code.
I think this is a pretty mature way of handling this and should satisfy all parties.
musicians are f*ed. apparently, we can't look at other peoples copywritten music without 'taining' our ability to write original music.
There was a science fiction short story I read that detailed that exact scenario. It was either in Omni or in a compilation in the early '80s, and it went somewhat like this:
In a future society, your career path is chosen for you soon after birth, by a semi-benevolent system that can tell what you'll like to do. The main character is chosen to be a musician, and creates beautiful music in complete isolation. But a shadowy figure lets the kid listen to a Bach fugue. The kid knows he's in deep doo doo, because the music has influenced him in a forbidden way. Despite his efforts, he's discovered -- because his compositions now have no fugues at all.
The story goes on to reveal the dark side of the supposedly benevolent society, showing what happens to those who don't fit in. Very dark story with an ambiguous ending, IIRC. Wonder what the name and author was?
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
INFORMATIVE!?!?! You've been modded INFORMATIVE because you don't have any reading comprehension skills!? How do these people get mod points anyway?
was apparently removed from a Linux computer
Would you care to remove your foot from your mouth by explaining how "from" actually means "because of"? The guy could've accidentally ftp'd the damn thing to a public FTP server. Someone may have stolen it locally because he didn't lock his work station. A CORE DUMP COULD'VE BEEN CHECKED INTO A CVS ON A COMPLETELY DIFFERENT MACHINE THAN THE ONE THE CORE DUMP REFERENCES BY THE DIRECTOR BECAUSE HE WAS BEING CARELESS. It is not uncommon for people to check in bizarre shit that doesn't belong in the tree because they're not paying attention.
On top of that, if it really was an FTP flaw, would you care to explain how that's because of running Linux? Oh, I'm sorry, are there no FTP clients on UNIX? On Windows? Funny. I have a DOS FTP client right here.
On top of that, core dump files are SUPPOSED to make forensics trivial. The whole POINT is to provide valid information about the process at the time it crapped out so you can figure out what happened.
It is a POSSIBILITY that a Linux vulnerability exposed the code. Is is not LIKELY and there is no EVIDENCE at this point to even subtly suggest such a thing may be true. Before you go spouting such unbelievably warped bullshit, why don't you try analyzing the facts and firmly grounding yourself in reality first. If you'd done that, you'd realize that nobody knows exactly how it leaked at this point.
Unbelievable...
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Took you long enough. People on IRC were discussing Mainsoft at least 3 hours prior.
private/inet/mshtml/imgfilt/pngfilt/cpngfilt.cpp:1 245
/pnglib/pngrtran.c:1357
// BUGBUG we really should preserve the full 16-bit values
// for proper transparent calculation but our main client,
// MSHTML, doesn't preserve the RGB values at 16-bit resolution
// either so it doesn't matter.
private/inet/mshtml/imgfilt/pngfilt/sca nline.cpp:320
// alpha not gamma corrected
private/inet/mshtml/src/site/download
#if defined(PNG_READ_BACKGROUND_SUPPORTED)
/* replace any alpha or transparency with the supplied background color.
background is the color (in rgb or grey or palette index, as
appropriate). note that paletted files are taken care of elsewhere */
I've thought about this too, and I'm beginning to wonder something.
...and they can't look at the source from this leak to make SURE...
...lawsuit ensues.
...no way this is a good thing. I am *so* not a lawyer, so I don't know exactly how these things work...but is there a third scenario that I'm missing here?
If it's the responsibility of the folks in charge of Foo_Project to ensure that none of the contributions to their code are actually from Windows...
Scenario A:
1. Evil kid contributes Windows source to Foo_Project.
2. Since they haven't seen the code, Foo_Project developers have no idea it's from the leaked Windows source.
3. Foo_Project developers cheerfully integrate the code.
4.
Scenario B:
1. Foo_Project developers look at source code.
2. Lawsuit ensues, and the developers have their hands dirty already.
.
'If you're flammable and have legs, you are never blocking a fire exit.'
You might have forgotton how recent last great leak of source code occured.
October 2003:Valve Software,Half Life 2 source,Microsoft Outlook
March 2000:Microsoft, "Whistler"/XP source code, QAZ Trojan The QAZ Trojan was confirmed as the source of the leak.Please correct me if Im wrong, but doesnt IE have plugin support so it can use an external plugin to load certain data types? Why hasnt someone made a png plugin to IE that fixes this. I mean CSS I can understand because it effects the entire page and Im sure IE wont let you have that much control, but png? that should be easy.
But then again, that would make sense and this world has a way of doing the oposite of what makes sense.
"We Don't Need No Truthless Heros!" - Project 86
I think it is far more likely that all the .eml files were left behind by a virus/worm like nimda. I've seen something like that happen before. They may be zero length because of an antivirus scanner or shield utility.
(nil)
A female journalist mentioned she viewed the code and found snippets of foul language in the comments.
First of all, would Microsoft contract their code with curses to foreign governments and large corporations? If so is it possible that the copy was leaked directly from Microsoft or that the leaker inserted those comments?
Second of all, isn't it illegal even for a journalist to download illegally distributed source code?
Man, that SCO scam has really made people paranoid
Fortunately Groklaw obtained a nice and to-the-point clarification about the legal issues involved.
http://www.groklaw.net/article.php?story=200402
(No, OSS developers, you don't need to poke out your eyes now that windows source is out in the open.)