Slashdot Mirror
Microsoft Source Follow-Up
shystershep writes "It's official. Microsoft admits that 'portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet.' No more details, although it seems clear that it is only a portion of the code. Microsoft is, naturally, downplaying its impact, while everyone else is busy speculating about how serious this could get." A lot of you apparently haven't read yesterday's story. An investigation of the code is already underway.
>>Microsoft is, naturally, downplaying its impact
Of couse they are. They don't want to admit that its 203MB of files, they will just say its a small fragment.
Makes me wonder about all the weird e-mail files in the zip though...
NeoThermic
Use my link above, or to view my server, NeoThermic.com
THe most astonishing phrase is this:
Analysis indicates files within the leaked archive are only a subset of the Windows source code, which was licensed to Mainsoft for use in the company's MainWin product. MainWin utilizes the source to create native Unix versions of Windows applications.
Mainsoft says it has incorporated millions of lines of untouched Windows code into MainWin.
WHAT?!?!!?!??
how long until
Microsoft will probably use this to thier advantage: "The leaked code ... was apparently removed from a Linux computer "
The company I worked for 12 years ago was licensed to get part of the Windows 3.1 code in order to interface our product with theirs. There must be 1000's of companies that do this and have been doing this. I'm amazed it took this long for someone to finally steal it and post it.
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better." - Unknown
I'm shocked to find out that there is profanity in the comments/code. Anybody know specifically what they say? Seems a bit unprofessional.
M$ Programmer: Well, nobody's going to read this anyway, so "\\f*ck this bullsh*t"
For personal projects, this is fine (I've vented a bit in my personal coding projects), but I would never do anything like that at work...
-n-
The link seems to be slashdotted, but isn't that the company which ported IE to Unix and was rumoured to be doing something similar for MS Office?
Everyone is panicking about how revelation of the source will open Windows up to hacks. In an ideal world, knowing how good code is written shouldn't give away the 'hacks'. In this case, MS is rightfully fearing review of places where they fail to check string lengths or buffer sizes, the way that they handle exceptions (if they do), the way that their logic copes, or fails to cope, with unexpected input.
However, good code wouldn't have this problem, string lengths would be checked, there wouldn't be hardcoded passwords, components that are not supposed to trust one another really don't, etc.
This exposure of the source may reveal just how crappy their code is. If its not crappy, I don't see necessarily how its more 'hackable'. Apache is open, and nobody hacks it to pieces on a daily basis. Can you imagine what would happen if the source of IIS was leaked?
I want to delete my account but Slashdot doesn't allow it.
If this is true, then I suspect that the list of possible culprits is very short and some poor sap who didn't think things through is going to be in *very* hot water indeed early next week.
UNIX? They're not even circumcised! Savages!
windows developers have had access to gpl'd source for well over a decade... but that hasn't legally impaired their ability to make their products.
any legal action against opensource projects by microsoft relating to these leaks will still have to demonstrate that:
2 1337 4 u!
15% of what? They seem to be very vague about this. The link you mention claims it is 15% of the operating system. Does it mean 15% of Win2K or 15% of all Windows code (95+98+ME+NT+2000+XP+2003+CE)?
Furthermore, the most of the code in a given operating system belongs to the drivers. If it's the important 15%, then it could be completely irrelevant that you don't have the 85% that deal with graphics cards and similar.
I agree...just ask Burst.com
I remember reading that Steve Balmer and Bill Gates specifically FORBID any MS employees from reading / accessing GPL'ed code unless given express permission from somewhere high up.
...
... sounds familiar to all these conspiracy theories floating around about the leaked win2k source, doesn't it?
They had their "don't touch gpl" rule in place for quite a few years now. But they can access BSD licensed code and incorporate them freely.
Just because they had access doesn't mean MS employees are out to break the law
it works in reverse too. To microsoft, all this free linux code floating around on the net is a huge temptation for its employees to cut some corners and potentially land ms in big legal trouble
The funniest part of this whole thing has been the industry pundits explaining the ramifications of the source release in various media outlets.
The best I've seen today is on crn.com by some joker named Winell from Econium. He manages to say with a straight face:Mr. Winell has obviously never used Windows ME if he thinks Microsoft quality control prevents "bad releases". You know Econium must be a real player when the title of their home page is "Welcome to Econium who is a solutions provider."
The classic yesterday was Laura Didio from Yankee Group comparing OSS hackers to suicide car bombers.
Nothing like an embarassing Microsoft moment to get the "experts" out from under their rocks.
Clues to the source code's origin lie in a "core dump" file, which is left by the Linux operating system to record the memory a program is using when it crashes. Further investigation by BetaNews revealed the machine was likely used by Mainsoft's Director of Technology, Eyal Alaluf.
;)
right, betanews revealed it.. damnit. they could've at least credited me
bastards
Imagine the impact, if, say, the following comment is found in the IE PNG rendering engine
(Disclaimer: this example is FICTIOUS. I do not have access to the code in any way. If such a comment is found, I hereby promise to imediately cease and desist watching Deadzone.)
Karma cannot be described by words alone.
has anybody attempted to use the code analyzer that was developed for the SCO / IBM case. it would interesting to see if there were any similarities between MS code and the multitude of OSS code.
Why did I lurk so long before registering for a Slashdot account? I could have had a Slashdot ID of less than 100000.
There is actually a lot of network related code in there. Microsoft while trying to downplay, it can't deny that 13 million lines have been released. It doesn't matter the total size of windows and whether this is 1% or 25%. The old addage is you can count on one mistake for every thousand lines of code. Look at programs that are just a few thousand lines of code that have exploits. I'd say at the very least, we are looking at 20 buffer overflows in the code. Obviously not every single one will be found, but you can count on a few. Espically since people will be looking mighty hard. With comments like "this may be off by -1, but I'm not sure", I think we are almost guarenteed some buffer overflows.
This will also give the daring souls willing to look at it a chance to tell us if there is GPL code. Rumor is GNU style Makfiles (which isn't illegal) and parts of gnu autoconf (which I suspect is illegal, if they actually include it in the OS).
Say, a retired programmer took a look at the leaked Windows source code then published a "code specification" that another (still employed) programmer could look and and then write a program to meet that specification. Technically, he never saw the source code, in fact, he need never even know that the "code specification" was inspired by the leaked Windows source. ...just thinking out loud, as it were....
.
.
A goal is a dream with a deadline
The expanded contents of the zip file is around the size of a single CD. This points to the contents being originally distributed from Microsoft on CD-rom.
Microsoft has made so much fuss about retaining control of the source code. In May 2002, under oath at the antitrust hearing Jim Allchin, group vice president for platforms at Microsoft, stated that, because the Windows operating systems contained inherent flaws, disclosing the Windows operating system source code could damage national security and even threaten the U.S. war effort.
It's going to be interesting if it is subsequently found that Microsoft itself has been distributing said source code over the internet in zip format.
By the way, In February 2003, Microsoft signed a pact with Chinese officials to reveal the Windows operating system source code. Bill Gates even hinted that China will be privy to all, not just part, of the source code its government wished to inspect.
Dispite gaining more favored trading status with the USA, there remains many embargos over technology transfers which could put the US at future risk.
Either Jim Allchin lied under oath, to prevent code revelation being any part of the settlement, OR the Microsoft corporation is behaving traitorously, by exposing national security issues to foreign governments.
The exposure of Microsoft source code put users at risk because of the inherent design and implimentation flaws built into the source code.
In comparison open source development practices enables open source distributions and users to evaluate the source code from the start. This forces developers to build in security from the early outset of each project or risk abandonment for more secure alternate solutions. End users can particpate in the development process.