Slashdot Mirror
Microsoft Source Follow-Up
shystershep writes "It's official. Microsoft admits that 'portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet.' No more details, although it seems clear that it is only a portion of the code. Microsoft is, naturally, downplaying its impact, while everyone else is busy speculating about how serious this could get." A lot of you apparently haven't read yesterday's story. An investigation of the code is already underway.
The Winsock API is included in the leaked source that's something fantastic hahaha.
There are a number of empty .eml files in the archive. While their FTP server looks like (didn't check) it is running a vulnerable version of wu-ftpd , it seems more likely Nimda got to them first.
I wonder what the final MS press release will name as the cause. "Evil Linux Hackers", perhaps?
Contact Me (got tired of viruses emailing me).
>>Microsoft is, naturally, downplaying its impact
Of couse they are. They don't want to admit that its 203MB of files, they will just say its a small fragment.
Makes me wonder about all the weird e-mail files in the zip though...
NeoThermic
Use my link above, or to view my server, NeoThermic.com
Has anyone actually built this code? Will it actually be useful to anyone? I could see how having enough of the code available might allow someone to create a version of windows 2000 that would work with plex86, which would be exceptionally exciting. Just how much of the code is there anyway? It's reputedly a ~200MB archive which also contains assorted tools needed to compile from the source, so only so much of that can be code. 200MB of pure source code would seem like it was probably enough to assemble most or all of Windows from.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
formerly long-time Redmond partner Mainsoft.
Hm. I bet Andrew Morton has better things to do then trawl through WinNT code. Staying away from it does seem safest, though...
The Army reading list
What occured here looks like corporate espionage and theft, plain and simple. Whoever leaked this should be caught, and sent to Federal pound-you-in-the-ass prison. I know everyone here loves to hate on M$ (hahah funny), but nobody deserves to have their hard earned work lifted without their permission.
SIG:Slashdot: indymedia for nerds.
References to MainWin can also be found throughout the leaked source files, which do not compile into a usable form of Windows.
I don't think any code can claim this, no matter M$ says
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
Now I can play Half-life 2 on Windows 2000 all while keeping it real.
BBC also has a Q&A on the recent event, including thoughts on how this may impact Microsoft themselves.
Microsoft has said that this represents about 15% of the total source code for the operating system. It is not enough to recreate the operating system.
THe most astonishing phrase is this:
Analysis indicates files within the leaked archive are only a subset of the Windows source code, which was licensed to Mainsoft for use in the company's MainWin product. MainWin utilizes the source to create native Unix versions of Windows applications.
Mainsoft says it has incorporated millions of lines of untouched Windows code into MainWin.
WHAT?!?!!?!??
how long until
Microsoft will probably use this to thier advantage: "The leaked code ... was apparently removed from a Linux computer "
The company I worked for 12 years ago was licensed to get part of the Windows 3.1 code in order to interface our product with theirs. There must be 1000's of companies that do this and have been doing this. I'm amazed it took this long for someone to finally steal it and post it.
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better." - Unknown
Now that the source code to Paint is out there, we can expect many derivative works to surface in the coming months. The impact on the graphics software market will be devestating.
One bad monkey spoils the whole barrel.
"It is not clear at this point how the three and a half year-old source code escaped Mainsoft."
You know.. It's simple: code wants to be free
>The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes.
I wonder what Linux security hole allowed that to happen.
LAUGH, ITS A JOKE.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Is this damaging because 15% of the source to the NT / W2K tree was leaked and we're all suddenly vulnerable or is this no big deal since the code is three years old and it's only 15%? I haven't heard anyone talking about DRM, activation or serial code being in the leak, so I just don't see how this could affect MS other than to help interoperability of other software.
Groklaw has warned that anyone who gains access to the Windows source, whether or not they actually read it, may legally impair their ability to make contributions to open source resembling anything that exists in Windows.
Current favourite, the author of MyDoom, but many youngsters are looking to make their mark in this prestigious contest
Grab a beer, sit back, and enjoy this great sporting occassion - sponsored by Microsoft, Security Through Obscurity.
"If you think nobody cares if you're alive, try missing a couple of car payments." Earl Wilson
Steadily droppingtoday...
...of the total that accepted wisdom says makes up the full source tree, but what percentage of the full source is for the thousands of drivers etc. that really aren't part of the OS proper.
I wouldn't be so sure that what has leaked is an insignificant portion just because of the number of lines of code.
I'm shocked to find out that there is profanity in the comments/code. Anybody know specifically what they say? Seems a bit unprofessional.
M$ Programmer: Well, nobody's going to read this anyway, so "\\f*ck this bullsh*t"
For personal projects, this is fine (I've vented a bit in my personal coding projects), but I would never do anything like that at work...
-n-
The link seems to be slashdotted, but isn't that the company which ported IE to Unix and was rumoured to be doing something similar for MS Office?
I'm reminded that last time there was a windows source leak we were all encouraged NOT to look at it, so that we wouldn't have to deal with the source ending up in Linux.
Seems like a good idea, but...
Was it ESR that made that nifty app to compare SCO and Linux sources? Could it be fiddled with to see if Linux or other free/open source code made it's way into windows?
It would be quite a coup if we could somehow legally show that they stole from the community without having to deal with the gnarly mess of windows code finding it's way into Linux.
I'm not implying that such a thing HAS happened, but we're presented with an opportunity here.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
...from the source leak if it has occurred at the proper time.
One of Microsoft's big problems when introducing a new operating system (felt especially strongly when they released XP) is that they often have difficulty moving corporations and smaller companies to the new platform right away.
Many people still run 2000 (because it was M$'s first decent operating system) instead of XP because they have NO REASON to move to XP.
All of a sudden, 2000, and NT4 (which are holding strong in their pie-slice of the M$ OS world) have been subjected to enormous security liabilities.
Obviously the only answer for companies stuck with M$, move to XP! LOL.
Mighty convenient isn't it?
Loading...
This may illustrate one of the halmarks of open source software-- that software open to prying eyes is inherently more secure than closed source. I won't be surprised if digging through the source reveals a number of exploitable security flaws, perhaps many more than have been revealed with the source closed!
To paraphrase Bruce Schneier, if I give you the plans to my safe, and 100 identical safes with the combinations so you can study the locking mechanism in detail, and you still can't crack my safe-- that's security!
Maybe I'm a little jaded, but my guess is that in about a year, when we're closer to the Longhorn release, Microsoft will claim that the heritage Win2000/NT4 core is "too compromised" because of this leak and officially discontinue support prior to its seven year life-cycle. Along then along with Win98, everyone will be compelled to migrate to their new products.
:)
Just a thought...
Anyone around here remember when the Apple QuickDraw code was leaked 1989?
It started quite a big ruckus, with the media making it out to be the entire OS, and the FBI starting what has been described as more or less a witch-hunt on 'hackers'..
I would not be surprized to see a repeat of that, substituting 'hackers' for 'file-sharers'..
I'm sure that Microsoft now wishes that it source code files had been locked into self-expiring, heavily encrypted, copy-resistant file formats. Events like this can only increase demands for "Trusted Computing" initiatives that prevent accidental or intentional leakage of security-sensitive intellectual property.
Given that so many companies outsource or collaborate with a far-flung global network of suppliers -- I'm sure MSFT need only whisper about the threat of leaked trade secrets to get corporate IT to adopt DRM/Trusted computing for everyday use.
Two wrongs don't make a right, but three lefts do.
Everyone is panicking about how revelation of the source will open Windows up to hacks. In an ideal world, knowing how good code is written shouldn't give away the 'hacks'. In this case, MS is rightfully fearing review of places where they fail to check string lengths or buffer sizes, the way that they handle exceptions (if they do), the way that their logic copes, or fails to cope, with unexpected input.
However, good code wouldn't have this problem, string lengths would be checked, there wouldn't be hardcoded passwords, components that are not supposed to trust one another really don't, etc.
This exposure of the source may reveal just how crappy their code is. If its not crappy, I don't see necessarily how its more 'hackable'. Apache is open, and nobody hacks it to pieces on a daily basis. Can you imagine what would happen if the source of IIS was leaked?
I want to delete my account but Slashdot doesn't allow it.
Thats a good point.
1) Leak unimportant proprietary source and bait competing open source developers to download.
2) Initiate legal action against "tainted" developers contributing to open source projects.
3) Continue to PROFIT!!!
If this is true, then I suspect that the list of possible culprits is very short and some poor sap who didn't think things through is going to be in *very* hot water indeed early next week.
UNIX? They're not even circumcised! Savages!
windows developers have had access to gpl'd source for well over a decade... but that hasn't legally impaired their ability to make their products.
any legal action against opensource projects by microsoft relating to these leaks will still have to demonstrate that:
2 1337 4 u!
I mentioned that yesterday and was called some sort of IP alarmist. THIS IS SERIOUS - if you now or in the future contribute your own IP to the open-source world, don't look at Microsoft's source code. You won't learn anything useful, and more importantly, you need to be able to truthfully say "I've never seen it, and specifically and intentionally avoided getting a copy of it or looking at it".
The odds of coming up with something vaguely similar to their stuff is high enough that it's not worth being accused of copying their work. The best defense against such an accusation is to have never seen their work.
If I were a tinfoil-hat kind of person, I'd wonder if this isn't some sort of SCO-ish related thing.
I want someone to change de Blue Screen of Death by a Red Screen that says "Switch to Linux!"
"There is no teacher but the enemy."-Mazer Rackham
The link to the Groklaw's article is here.
No GNU has been Hurd during the making of this comment.
Billy in the land of the underpants gnomes:
Step 1: 'accidentally' release windows source
Step 2: Secretly hire unafiliated programmer to copy blocks of windows source to OSS projects (comments intact)
Step 3: Sue IBM/RedHat/Novell into the ground
Step 4: Profit!
This comment is fully compliant with RFC 527.
Mainsoft specialise in cross-platform development, enabling devlopers to develop using MS tools for deployment on *nix. Interestingly, for the conspiracy theorists, their previous mentions on /. date from 2000 and center around rumours that they were porting Office and IE to Linux. More news on the leak from Internetnews.com and The Register.
The code is said to be W2k-SP1.
This may be a little paranoid, but is it possible that this whole thing is a honeypot, and now MS can go around pulling SCO type stunts on OSS projects?
Lots of petrified grits
Is it just me or does this smell like a stealth PR stunt to you? Gee... source code gets leaked... this hits a few communities right in the nose. Now MS can say "See, open source is bad because all these new viruses are made because our source was leaked" and "File-sharing is bad because this is how this is moving around the internet". It's just too conveniently making MS look like a victim.
FLR
Heck just go for it and make it part of KDE and Gnome !
Since we all agree that all code has bug in them and since this code is out we can safely assume that some bugs will be found.
Now all the white-hat hackers are prevented by law to take a look at the code and since all black-hat hackers don't give a damn about that law, those who run windows are in a pretty bad place right now. Even worse than usual actually.
Oh well, the windows admins who like working overtime will love the coming year I suspect.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
I think the most fascinating part of this whole fiasco is the fact that code for Microsoft "Bob" is still prevalent throughout the source. I can only wait in anticipation as the open source community takes advantage is this and quickly puts out its own variants.
Emerge Bob
I've given this topic considerable thought, and here are the possible conclusions I've reached.
.NET framework out from underneath the Linux community (by claiming patent infringement again). Two shovels of dirt on the grave of linux.
1) MS will use this source leak in the future to claim that various open source projects (Samba, Gnome, KDE, OpenOffice(?), linux) that get new features which MS finds competitive are 'derivative' works, regardless of whether or not the developers actually looked at the source.
2) There will be enough people looking at this source for large portions of the code's functionality essentially entering into 'public domain', with people writing up how the components work. It will be essentially impossible for anyone to do 'virgin' development on 'windows-like' features for anything, as the information on precisely what the Windows version does will only be 2 steps of association from the programmer.
3) MS will pull a 'patent' or 'trade secret' violation claim on Samba/Linux/GNOME/KDE, in addition to pulling the
From my interpretation, this all seems quite feasable given current legal atmosphere. Any lawyers here have a comment on this?
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
[ I unintentionally posted as an AC first - hopefully it's interesting enough that I get more interesting mods than redundant.]
What about the .eml files? You wouldn't have those in Linux.
This is not a trivial problem.
Though many of us - myself included - would not mind a peek into the collective mindshare of the Evil One, one cannot look into the abysss and return unchanged.
Sorry. Debated last night with philosophy majors. They won, six shots to five black and tans.
To translate it bluntly: This is still copyrighted code, owned by Microsoft. Duping even their "badly-written routines" into an inocuous place may lead to an SCO-esque attack in the near future , claiming violations in certain filesystem and mounting routines, or possibly something involving Samba, or a myriad of other wincompatibility issues.
It feels like a tactic that may be conceived by some bright bulb in MS Legal to bring conflict to the competition, or at least stifle development past current kernels.
I am starting to get the shakes that I get in a poker game when my all-in bet is called when I have pocket kings. (Last time that happened, the opponent had A-J suited. He flopped aces-up. I swore loudly.)
I am not a lawyer. I play one online, and I'm studying for the patent bar, but I don't pretend to dish out legal advice. Still, if I go all-in, I have the goods.
I used to be someone else. Now I'm someone better.
Real life is underrated.
Isn't interesting that the source for many projects is wide open ... and we don't have people running around with their heads cut off like the end of the world is coming.
So - which is it? Is closed-source or open-source more secure?
Looks like now we'll have the chance to find out!
- Release portions of an older baseline which have already been fixed/replaced (to minimize the hacker potential), but are algorithmically distinctive enough to be recognized if they were used in another product.
- Wait for a well-meaning open source user to submit one of the pieces as a patch to the Linux kernel
- Scan new kernels for distictive algorithm.
When found
- Launch expensive lawsuit at RedHat, Lindows, et al. Demand injunctions against distribution, damages, etc.
Or maybe, I've just read too much SCO-IBM coverage here. --JohnNotice the leak came ffrom ' a linux comptuer'..
Nice way to suggest its that damned linux that is to blame. At least to the common man, the linkage will be sublimina, but it will stick.
Its almost as bad as ' a red ford suv ran over the child ' or ' the gun killed the intruder '..
---- Booth was a patriot ----
"any legal action against opensource projects by microsoft relating to these leaks will still have to demonstrate that:
1. the opensource code was copied from the leaked nt code
2. the nt code wasn't boosted from opensource projects first"
The defendant will have to prove that the code was boosted. Microsoft is under no obligation to try to prove a negative.
A.
...bringing you cynical quips since 1998
I remember reading that Steve Balmer and Bill Gates specifically FORBID any MS employees from reading / accessing GPL'ed code unless given express permission from somewhere high up.
...
... sounds familiar to all these conspiracy theories floating around about the leaked win2k source, doesn't it?
They had their "don't touch gpl" rule in place for quite a few years now. But they can access BSD licensed code and incorporate them freely.
Just because they had access doesn't mean MS employees are out to break the law
it works in reverse too. To microsoft, all this free linux code floating around on the net is a huge temptation for its employees to cut some corners and potentially land ms in big legal trouble
Has any one taken a look to see if the old rumors that Win2K is more stable because it uses open source code is true? If so, would that make Microsoft in violation of the GPL?
This is...
O
U
T
R
A
G
E
O
U
S
!
Or an idiot developer working on a linux box happened to check in the core file with other work.
I've seen junk like that before, so it's entirely possible.
The funniest part of this whole thing has been the industry pundits explaining the ramifications of the source release in various media outlets.
The best I've seen today is on crn.com by some joker named Winell from Econium. He manages to say with a straight face:Mr. Winell has obviously never used Windows ME if he thinks Microsoft quality control prevents "bad releases". You know Econium must be a real player when the title of their home page is "Welcome to Econium who is a solutions provider."
The classic yesterday was Laura Didio from Yankee Group comparing OSS hackers to suicide car bombers.
Nothing like an embarassing Microsoft moment to get the "experts" out from under their rocks.
In a related story, Linus Torvalds was forced to announce today that the source code for the Linux operating system was made public on the Internet.
"We're not sure how it was leaked. What's up there certainly looks legitimate, and we've had some reports that some of it even compiles. It appears it may have been leaked back in August, 1991, originally to an FTP server in Finland."
There are at least 3 servers that appear to have Linux source code available, although online discussions indicate that there may be many more. There is speculation that the code can e acquired through FTP, Gopher, HTTP, Bittorrent, Rsync, SMB, NFS, AFS, Freenet, and that people may even be _selling_ CS's and DVD's with the code.
SCO was quick to comment that "After they copied those 5 lines from one of our header files, the {deleted} deserved it. As soon as we find a person in our company that knows how to download a file, we'll be comparing every line of Linux to this stuff we bought from AT&T. Oh hey! We've already found something - they copied the word '#include' from us!" The phone interview was cut short as Mr. McBride was called away to launch a new lawsuit.
Law enforcement agencies have been contacted and are investigating, but the process is slow as the officers are heard to exclaim "Wow, it has a GUI?", "Damn, this is stable - I can't crash it at all!", "Whadda you mean, Office is included?", and "How do I turn off the grappling hook and use the rocket launcher?"
Mason, Buildkernel and more: http://www.stearns.org/
The article doesn't say it was *stolen* from a Linux box, it just says that an analysis of the files suggests that it had come from a Linux box. For example, the image could have been a CD that was burned on a Linux box, and then misplaced. And given that Mainsoft's work is "Windows on *nix" I'd be surprised if they didn't have a few Linux boxes around ;-) As things stand, this says absolutely nothing about Linux security.
if the developers of B have never read the source of A, or anything derived from A, it's pretty sure that B will not look like A.
Except, in the realm of software, that just doesn't apply. A "best way" often exists to accomplish some simple task, and 20 good developers would all independantly "discover" that way. Even in more complicated code, you'll see a large overlap of broader ideas, all arising independantly
This makes one of my peeves about software patents... Patents include the critiria of non-obviousness. If 20 developers would all come up with the same solution, that seems like a pretty damned obvious technique, IMO.
Take the XOR'ed image patent, for example... Even ignoring the idea of prior art (which IMO existed), using XOR to put one image on top of another such that you can later remove the superimposed image cleanly (ie, a mouse cursor over a background), even a moron would use XOR. Yet, the USPTO still decided to grant that one.
So yes, very similar works do arise, totally independant of each other, in the field of software engineering. Unfortunately, considering our legal system's pro-corporate bias, that will most likely work against us. Rather than believing that Billy G and Linus both came up with printf("Hello World\n");, this source release will quite likely suffice to convince the courts that various open source projects "stole" such trivial statements from Microsoft code.
Or to borrow a joke from the SCO threads, "Wow, look at all of the i++; statements those damned open source commies used, just like in SCO's code!"
Zip files are rarely used for distributing source code amongst the Linux/Unix community because compressed tar files are far more efficient.
zip -r source.zip /usr/src/linux-2.4.22-1.2149.nptl /usr/src/linux-2.4.22-1.2149.nptl /usr/src/linux-2.4.22-1.2149.nptl
ls -l source.zip
-rw-rw-r-- 1 build build 49091705 Feb 14 06:20 source.zip
tar cjf source.tar.bz2
ls -l source.tar.bz2
-rw-rw-r-- 1 build build 31964979 Feb 14 06:23 source.tar.bz2
tar czf source.tar.gz
ls -l source.tar.gz rw-rw-r-- 1 build build 40689187 Feb 14 06:31 source.tar.gz
The resulting tarred archive compressed by bz2 is is around 35% smaller than the zipped source. With the exception of the the jar format for java classes, the zip format is rarely use by Linux/Unix developers for distributing source code.
IMO this points to the source code being lost by from a Microsoft based platform.
I like the way this guy thinks - and I think this too.
Let's do some math..and since we're talking conspiracy theory here, we only need to use addition!
* MS "kills off" the old OSs, but not enough corp users move
* MS goes security nuts and publicizes ever patch. Let's not mention that some patches take 6 months to come...
* Release the code through a "trusted partner" - MS supports lots of partners which, via programming, politics or press, support the beast in return.
* Frightened CEOs scream - CIOs look at updating to XPee vs. training staff on Linux and OpenOffice. Looks ok, until...
* Frightened CEO's PowerPoint presentation doesn't work right
SOLUTION:
* CEO - "Upgrade!"
* MS = PROFIT!
C'mon - add to the panic...It's Fun!
While you are absolutely correct, he with the most money wins in the US court system.
Microsoft will just sue you into oblivion, and when you run out of money, they'll have won.
i cannt re-iterate how stupid all thie fear is ....
check out this alternate universe:
musicians are fucked. apparently, we can't look at other peoples copywritten music without 'taining' our ability to write original music.
everybody from bach to bon jovi is now in violation of copywright law. musicians have henceforth been instructed never to look at somebody elses music lest they be sued later for copying the notes and rhythms.
harumph. this is rediculous.
"Old man yells at systemd"
if it's the 15% that works
Does Windows have even 15% that works???
I always thought Windows kinda creaked and groaned as it crawled along the information highway. Windows kinda reminds me of a Wile E. Coyote device for catching the RoadRunner, complete with parts falling off as it moves along until, just as the objective is reached, kerplowwie...it falls all the hell apart.
So tell me...how does it feel to be Wile E. Coyote?
SELECT * FROM User WHERE Clue > 0
0 rows returned
ask yourself why it isn't on the front page of cnn? Or at least on the front page under techology. Isn't the microsoft source code leak a bigger story than some silly write up on stock market AI and the FCC screwing with the internet?
Microsoft is after all the largest tech company in the world, and windows is it's flagship product. I wonder why this isn't being covered more by the mainstream press. Maybe it's my geekiness talking, but this is a big story at least the biggest tech story of the day.
You could download the windows source code and have it sitting archived on your hard drive without ever looking at it. But if you independently write code that does something like windows does, and there is a copy of the windows source code on your hard drive, what do you think a jury would think?
The only GPL software I'm aware of MS distributing is with Unix Services For Windows (formerly interix) -- gcc and some other command line tools. You can bet big bucks the people that compile gcc don't do any work on VC.
Do you even lift?
These aren't the 'roids you're looking for.
Does that mean *BSD is finally, after all that, dying?
sulli
RTFJ.
"Finally, this is very important: If you propose to continue working in the IT industry, and somebody offers you a look at the source, just say no. Remember - if you learn too much about the internals of Microsoft products, you may find yourself unable to work for anybody except Microsoft. Yike."
has anybody attempted to use the code analyzer that was developed for the SCO / IBM case. it would interesting to see if there were any similarities between MS code and the multitude of OSS code.
Why did I lurk so long before registering for a Slashdot account? I could have had a Slashdot ID of less than 100000.
Obviously the only answer for companies stuck with M$, move to XP
No. Windows 2000 is NT 5.0, XP is 5.1 and Server 2003 is 5.2. Notice the minor version bump which indicates that all these releases share a lot a code.
It is reasonable to think they want to have users switch to Longhorn (does anybody know if it will be NT 5.3 or 6.O ?), but then the leak occured too soon, for they're not ready yet.
Karma cannot be described by words alone.
And you think the entire community, including IBM and other companies that have bet the farm or at least huge sums of money on OSS are just going to roll over and take it?
If the lawsuits get too frivolous, not even Microsoft will be immune to countersuits, plus such massive lawsuits aren't going to be "free" in reputation terms, either. ("Gee, if all Microsoft can produce is lawsuits, maybe they aren't such a leading company after all?")
Besides, so they prove some small chunk of code is encumbered. (It is virtually inconceivable that huge chunks of code will make it in.) So we rip it out and keep going. Killing any given iteration of Apache may be possible, but taking down the entire thing legally is going to be quite a feat! (And remember that unlike SCO, Microsoft is limited by the fact that they are still selling software; they can't for instance go after the GPL in a really serious way because they'd likely end up invalidating their own licenses; "Unenforcable GPL" is good FUD but would be an atrocious court strategy for them!)
It's not hopeless, not by a long shot. I won't say they couldn't make a real annoyance of themselves and I won't say Total Open Source victory is some sort of inevitability, but it's not hopeless.
...are provided by noisehole in this post from yeterday's discussion. He reckons Betanews lifted the analysis from his post.
Say, a retired programmer took a look at the leaked Windows source code then published a "code specification" that another (still employed) programmer could look and and then write a program to meet that specification. Technically, he never saw the source code, in fact, he need never even know that the "code specification" was inspired by the leaked Windows source. ...just thinking out loud, as it were....
.
.
A goal is a dream with a deadline
The expanded contents of the zip file is around the size of a single CD. This points to the contents being originally distributed from Microsoft on CD-rom.
Microsoft has made so much fuss about retaining control of the source code. In May 2002, under oath at the antitrust hearing Jim Allchin, group vice president for platforms at Microsoft, stated that, because the Windows operating systems contained inherent flaws, disclosing the Windows operating system source code could damage national security and even threaten the U.S. war effort.
It's going to be interesting if it is subsequently found that Microsoft itself has been distributing said source code over the internet in zip format.
By the way, In February 2003, Microsoft signed a pact with Chinese officials to reveal the Windows operating system source code. Bill Gates even hinted that China will be privy to all, not just part, of the source code its government wished to inspect.
Dispite gaining more favored trading status with the USA, there remains many embargos over technology transfers which could put the US at future risk.
Either Jim Allchin lied under oath, to prevent code revelation being any part of the settlement, OR the Microsoft corporation is behaving traitorously, by exposing national security issues to foreign governments.
The exposure of Microsoft source code put users at risk because of the inherent design and implimentation flaws built into the source code.
In comparison open source development practices enables open source distributions and users to evaluate the source code from the start. This forces developers to build in security from the early outset of each project or risk abandonment for more secure alternate solutions. End users can particpate in the development process.
No, one reason Linux/*BSD/etc. are more secure is because the source code has always been available, and has been reviewed and hacked by thousands of people for 10 years. The source didn't just show up on the Internet yesterday.
If Linux's source had been developed in secret for the last ten years, you better believe its sudden revelation would lead to the discovery of new vulnerabilities and exploits, and that's exatly what will happen to NT/2000/XP if there are any substantive pieces of the OS in the partical source that has been released.
Microsoft is downplaying the whole situation as an intellecutal property issue, but I don't believe it. It will likely result in more vulnerabilities and exploits against Windows. Microsoft execs have been saying for years that revealing Windows source code would make the OS more vulnerable to attacks.
They get paid for the first 40 hours in a week, then the other 60-70 hours is for the fun of it all.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
I think this is FUD within FUD, to try to generate some ill-will towards Linux, as if the computer running Linux had something to do with the code being put on the Internet by a HUMAN process.
Windows kernel gets the kernel GPL'd
How can a site so full of OSS supporters have so many people so ignorant of how software licensing works? Yes, if they were found to be infringing the GPL they COULD GPL the whole kernel, but that would be stupid. They would just pay damages for infringement and remove the GPL code from future releases. This "viral licensing" bullshit is so idiotic, I can't understand how it got started. I blame SCO.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
For the kajillionth time, putting GPLed code into a proprietary codebase DOES NOT make the whole thing GPLed. If MS did put GPLed code into one of their products accidentally or otherwise and then distributed it, that is copyright violation. The GPL does not rely on contract law and therefore CANNOT specify the penalty for violating it. Since the GPL is a straight copyright license pure copyright law applies. This means MS' hypothetical penalty would be between them, a court of law and the aggreived FOSS project.
The judge is such a case is unlikely to order MS' codebase GPLed. MS would have to either put out a sanitized patch for the code in question or pay the developers for an alternative license. The exact circumstances of the case would determine what if any punitive damages MS would have to pay in addition to recompensating the developers.
MS would have the OPTION of making the entire contaminated codebase GPLed to satisfy the license but I doubt they would take that option. They could do it for the FUD value but since the aggrieved FOSS project wouldn't accept that as a settlement, MS would just have to do something else. Imagine that! A FOSS project could rule out an MS product being GPLed to PREVENT harm to a project or FOSS in general.
the best exemple of BSD code in Windows (all version I think) is the ftp.exe file... Just open it with notepad and search for:
"Copyright (c) 1983 The Regents of the University of California. All rights reserved."
And I think the TCP/IP stack is also based on it (they would be really stupid to do otherwise)... But I think this is all old news...and it's all very legal in case you didn't know
I live in Soviet Canuckistan you insensitive clod!
This seems to be a popular opinion, but it is false.
You are buying into the same FUD Microsoft is spewing about the GPL.
Just looking at the code does not "taint" you. There are plenty of ex-Microsoft employees who have looked at Microsoft source code and have then contributed to non-Microsoft projects (not just OSS, but closed-source from competing companies). Really, are you claiming that a coder that has seen Microsoft's code is legally impossible to employ except at Microsoft? What if some poor sap has seen both Microsoft's code and a competitor like Suns? They can't ever work on software again anywhere?
Conversely Microsoft hires people all the time that have looked at GPL code. They don't seem worried that these people are "tainted" despite the fact that their public announcements would seem to indicate that it is impossible for such people to work there.
The person/company in trouble is the one that made the code available. Apparently this is somebody at Mainsoft, who should be punished hard. This sort of behavior is extremely damaging to IT!
Guys, let me warn you, this is nothing to laugh about! DON'T TOUCH THAT STUFF! Two of my friends work in Motorola research laboratory. Yesterday one of the downloaded the code at home and then they both looked at it. One of them was lucky - his retina burned the second he saw the code. The second did not escape that easily. His eyes glued to the screen, his hands typing madly... the paramedics found him 20 minutes later clutching the mouse and writhing in agony. After 2 hours in intensive care he (or, rather what left of him) was sent home. Today, after they were not let into the office building, both of them got pink slips by courier mail.
A cousin of a girlfriend of my former classmate yesterday went to the university computer lab to print his essay. He catched a glimpse of some code on the screen and didn't even thought about it for a second. When he returned home, he logged on to sourceforge.net and before anyone could stop him, he tainted a dozen software projects there. Shit, two perfectly good Xeon servers had to be scrapped and replaced with clean machines in a hurry.
That's just crazy, this code is the strongest shit I ever saw... oh, fuck, forget what I just said - "the strongest shit I ever heard about and never saw". It's worse than the GPL, it taints your code so quickly you can't even notice that. PLEASE, FOR THE SAKE OF EVERYTHING GOOD IN THIS WORLD, DON'T DOWNLOAD THE CODE.
Copy this message and send it to all your friends! You need to warn them not to look at the code! POST IT ON FORUMS AND MESSAGE BOARDS! THIS IS AN EVIL PLOT TO TAINT ALL CODE IN THIS WORLD! DON'T LET THIS HAPPEN!
Future Wiki -- If you don't think about the future, you cannot have one.
I have read a few articles on this, and most misrepresent why this could be very bad from a security issue as compared to Open Source Software.
First, just because you can see the code does not make a product less secure (in theory anyway). With Open Source Software, everyone can see the code and find flaws, but anyone can also submit a patch to fix the flaws.
With this Microsoft source code, anyone can find flaws and security issues, but NO-ONE would dare to send Microsoft a patch in fear of litigation.
Well, it seems to have worked.
--
If I actually could spell I'd have spelled it right in the first place.
Hey, sorry but I wrote this and want to have my name on it. Ignore my AC post please. Contrary to what most posters here are advising, maybe we should set up a group, like a division of Groklaw for example, that has as much leaked closed-liscence code as possible.
The purpose of this closed-liscence division would be to run independant comparisons of new OSS contributions against a library of leaked closed-liscence code to ensure nothing gets slipped by the project managers and poisons the project source.
I was initially going to suggest that the project manager do this comparison, but that would be too risky for the project (closed-source legal teams might have a go at it). Instead using a trusted OSS community party to do the checking saves us the hassle of each project manager having to download all the latest leaked closed-source. The "source-notary" would have a central repository of leaked material, which would not be redistributed by them, only made available to the original authors and for use to run comparisons on new OSS project code submissions and therefore avoid having a company pay a developer to salt the OSS project with leaked code.
I think this is a pretty mature way of handling this and should satisfy all parties.
Isn't it traditional for someone to post a bittorrent?
Wikileaks, no DNS
I keep seeing these figures for the size of the entire Windows source code base, "40GB and 40 million lines of code." Unless I'm missing something, this just doesn't add up. ~40 billion characters / 40 million lines implies that the average length of a line of code in the Windows source is 1000 characters. Even if the comments are terribly verbose, I highly doubt that is correct.
Now, I haven't looked at the leaked (putative) Windows source code yet, but I did check some of the Linux kernel source, and the average seems to be more on the order of 20-30 characters per line.
If Windows source is statistically similar, 40 million lines would be close to 1 gigabyte (not 40), so the 650 or so megs of leaked code might indeed be a significant chunk of it. (I saw at least one claim that the leaked code comprises 13 million lines, which would be in line with these estimates.)
I find the "40 million lines" claim for Windows source code, even including all the drivers etc., a lot more credible than the "40 gigabytes" (which would imply something like a billion lines of code). Even then, it's a lot. For comparison, a recent Linux kernel on my machine is about 5 million lines of source code (and 150 megs), and an entire Linux distribution of around the same vintage as W2K, namely Redhat 7.1, is about 30 million lines. The total functionality of W2K is arguably significantly less than that of an entire Linux distribution.
Kiscica
This is from their web site:
Statement to the Media Regarding Microsoft Source Code Leak
Mainsoft has been a Microsoft partner since 1994, when we first entered a source code licensing agreement with Microsoft. Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognize the gravity of the situation.
We will cooperate fully with Microsoft and all authorities in their investigation
We are unable to issue any further statement or answer questions until we have more information.
From Mike Gullard, Chairman of the Board, Mainsoft Corporation
=^..^= all your rodent are belong to us
I wonder how many people on /. will start using comments or code snippets from the windows source in their sigs?
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
Only w/ Microsoft will you find the code "escape". It may not be the smartest code... but its united in its resistance.
"The truth suffers from too much analysis"
There are two major problems blocking Linux uptake on the desktop. The windows binary pool is huge, and the lack of standards of packages, menus, interface etc on Linux.
Now if the WINE project can be merged with this source code, or if the raw hardware interfaces of Windows is translated to linux APIs to make it something like usermode linux only windows binary emulation in windows using windows source code, that will fix one part of the problem. I believe the other part, standardizing packages and the GUI will eventually happen...
With these two problems fixed, theres no reason Dell and HP wouldnt sell and promote Linux on laptops and desktops as the standard.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
Microsoft has great "flextime". You can work any 80 hours per week you want.