Slashdot Mirror
Microsoft Source Follow-Up
shystershep writes "It's official. Microsoft admits that 'portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet.' No more details, although it seems clear that it is only a portion of the code. Microsoft is, naturally, downplaying its impact, while everyone else is busy speculating about how serious this could get." A lot of you apparently haven't read yesterday's story. An investigation of the code is already underway.
The Winsock API is included in the leaked source that's something fantastic hahaha.
There are a number of empty .eml files in the archive. While their FTP server looks like (didn't check) it is running a vulnerable version of wu-ftpd , it seems more likely Nimda got to them first.
I wonder what the final MS press release will name as the cause. "Evil Linux Hackers", perhaps?
Contact Me (got tired of viruses emailing me).
>>Microsoft is, naturally, downplaying its impact
Of couse they are. They don't want to admit that its 203MB of files, they will just say its a small fragment.
Makes me wonder about all the weird e-mail files in the zip though...
NeoThermic
Use my link above, or to view my server, NeoThermic.com
formerly long-time Redmond partner Mainsoft.
Hm. I bet Andrew Morton has better things to do then trawl through WinNT code. Staying away from it does seem safest, though...
The Army reading list
References to MainWin can also be found throughout the leaked source files, which do not compile into a usable form of Windows.
I don't think any code can claim this, no matter M$ says
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
THe most astonishing phrase is this:
Analysis indicates files within the leaked archive are only a subset of the Windows source code, which was licensed to Mainsoft for use in the company's MainWin product. MainWin utilizes the source to create native Unix versions of Windows applications.
Mainsoft says it has incorporated millions of lines of untouched Windows code into MainWin.
WHAT?!?!!?!??
how long until
Microsoft will probably use this to thier advantage: "The leaked code ... was apparently removed from a Linux computer "
The company I worked for 12 years ago was licensed to get part of the Windows 3.1 code in order to interface our product with theirs. There must be 1000's of companies that do this and have been doing this. I'm amazed it took this long for someone to finally steal it and post it.
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better." - Unknown
Now that the source code to Paint is out there, we can expect many derivative works to surface in the coming months. The impact on the graphics software market will be devestating.
One bad monkey spoils the whole barrel.
"It is not clear at this point how the three and a half year-old source code escaped Mainsoft."
You know.. It's simple: code wants to be free
>The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes.
I wonder what Linux security hole allowed that to happen.
LAUGH, ITS A JOKE.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Is this damaging because 15% of the source to the NT / W2K tree was leaked and we're all suddenly vulnerable or is this no big deal since the code is three years old and it's only 15%? I haven't heard anyone talking about DRM, activation or serial code being in the leak, so I just don't see how this could affect MS other than to help interoperability of other software.
Current favourite, the author of MyDoom, but many youngsters are looking to make their mark in this prestigious contest
Grab a beer, sit back, and enjoy this great sporting occassion - sponsored by Microsoft, Security Through Obscurity.
"If you think nobody cares if you're alive, try missing a couple of car payments." Earl Wilson
...of the total that accepted wisdom says makes up the full source tree, but what percentage of the full source is for the thousands of drivers etc. that really aren't part of the OS proper.
I wouldn't be so sure that what has leaked is an insignificant portion just because of the number of lines of code.
I'm shocked to find out that there is profanity in the comments/code. Anybody know specifically what they say? Seems a bit unprofessional.
M$ Programmer: Well, nobody's going to read this anyway, so "\\f*ck this bullsh*t"
For personal projects, this is fine (I've vented a bit in my personal coding projects), but I would never do anything like that at work...
-n-
The link seems to be slashdotted, but isn't that the company which ported IE to Unix and was rumoured to be doing something similar for MS Office?
Sure, it's only 15% of the code... but the only missing component is Internet Explorer.
Maybe I'm a little jaded, but my guess is that in about a year, when we're closer to the Longhorn release, Microsoft will claim that the heritage Win2000/NT4 core is "too compromised" because of this leak and officially discontinue support prior to its seven year life-cycle. Along then along with Win98, everyone will be compelled to migrate to their new products.
:)
Just a thought...
Has anyone actually built this code?
/dev/null, where it will be undone, and we will be kept safe from the Lawyers of Evil.
Gandalf: No! Don't ever use it!
Frodo: How do we know it's source to the One OS of the Dark Lord?
Gandalf tosses a CD-R into the burner, and burns Windows.Source.Code.w2k.nt4.wxp.tar onto it. When the CD is done, there are glowing fiery letters on it.
Frodo : I can't read the fiery letters.
Gandalf : There are few who can. The language is that of Redmond, which I will not utter here. In the common tongue, it says "One OS To Rule Them All, One OS To Find Them, One OS To Bring Them All And With The NDA Bind Them"
Frodo: Take the source code Gandalf!
Gandalf : Noo! Do not tempt me with it! I dare not take it! Not even to keep it safe! You must understand Frodo, that I would be tempted to use this source code, for good. To disclose hidden API's, help the WINE project. But through me, all of open source would be tainted, and the LawyerWraiths of The Dark Lord will sure destroy us.
Frodo : But it cannot stay here!
Gandalf : No, no it can't.
Frodo : What must I do?
Gandalf : It must be sent to the fires of
So remember folks, don't download it, or look at it, or attempt to build it! It is evil, and answers only to the hand of The Dark One.
"Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
Everyone is panicking about how revelation of the source will open Windows up to hacks. In an ideal world, knowing how good code is written shouldn't give away the 'hacks'. In this case, MS is rightfully fearing review of places where they fail to check string lengths or buffer sizes, the way that they handle exceptions (if they do), the way that their logic copes, or fails to cope, with unexpected input.
However, good code wouldn't have this problem, string lengths would be checked, there wouldn't be hardcoded passwords, components that are not supposed to trust one another really don't, etc.
This exposure of the source may reveal just how crappy their code is. If its not crappy, I don't see necessarily how its more 'hackable'. Apache is open, and nobody hacks it to pieces on a daily basis. Can you imagine what would happen if the source of IIS was leaked?
I want to delete my account but Slashdot doesn't allow it.
I did. 200 megs of compressed source, 22 hours of compiling, and all I got was "Notepad.exe"
If this is true, then I suspect that the list of possible culprits is very short and some poor sap who didn't think things through is going to be in *very* hot water indeed early next week.
UNIX? They're not even circumcised! Savages!
windows developers have had access to gpl'd source for well over a decade... but that hasn't legally impaired their ability to make their products.
any legal action against opensource projects by microsoft relating to these leaks will still have to demonstrate that:
2 1337 4 u!
I mentioned that yesterday and was called some sort of IP alarmist. THIS IS SERIOUS - if you now or in the future contribute your own IP to the open-source world, don't look at Microsoft's source code. You won't learn anything useful, and more importantly, you need to be able to truthfully say "I've never seen it, and specifically and intentionally avoided getting a copy of it or looking at it".
The odds of coming up with something vaguely similar to their stuff is high enough that it's not worth being accused of copying their work. The best defense against such an accusation is to have never seen their work.
If I were a tinfoil-hat kind of person, I'd wonder if this isn't some sort of SCO-ish related thing.
You're lucky. You've got yourself a half decent text editor there. Imagine if you'd taken 200 gigs of compressed source, 22 days of compiling, and found that you only ended up with emacs.
I want someone to change de Blue Screen of Death by a Red Screen that says "Switch to Linux!"
"There is no teacher but the enemy."-Mazer Rackham
The link to the Groklaw's article is here.
No GNU has been Hurd during the making of this comment.
15% of what? They seem to be very vague about this. The link you mention claims it is 15% of the operating system. Does it mean 15% of Win2K or 15% of all Windows code (95+98+ME+NT+2000+XP+2003+CE)?
Furthermore, the most of the code in a given operating system belongs to the drivers. If it's the important 15%, then it could be completely irrelevant that you don't have the 85% that deal with graphics cards and similar.
Billy in the land of the underpants gnomes:
Step 1: 'accidentally' release windows source
Step 2: Secretly hire unafiliated programmer to copy blocks of windows source to OSS projects (comments intact)
Step 3: Sue IBM/RedHat/Novell into the ground
Step 4: Profit!
This comment is fully compliant with RFC 527.
Mainsoft specialise in cross-platform development, enabling devlopers to develop using MS tools for deployment on *nix. Interestingly, for the conspiracy theorists, their previous mentions on /. date from 2000 and center around rumours that they were porting Office and IE to Linux. More news on the leak from Internetnews.com and The Register.
The code is said to be W2k-SP1.
Is it just me or does this smell like a stealth PR stunt to you? Gee... source code gets leaked... this hits a few communities right in the nose. Now MS can say "See, open source is bad because all these new viruses are made because our source was leaked" and "File-sharing is bad because this is how this is moving around the internet". It's just too conveniently making MS look like a victim.
FLR
I agree...just ask Burst.com
> Actually, it's supposedly only 15% of the source code.
They'll be in trouble, if it's the 15% that works.
Sheesh, evil *and* a jerk. -- Jade
Heck just go for it and make it part of KDE and Gnome !
I've given this topic considerable thought, and here are the possible conclusions I've reached.
.NET framework out from underneath the Linux community (by claiming patent infringement again). Two shovels of dirt on the grave of linux.
1) MS will use this source leak in the future to claim that various open source projects (Samba, Gnome, KDE, OpenOffice(?), linux) that get new features which MS finds competitive are 'derivative' works, regardless of whether or not the developers actually looked at the source.
2) There will be enough people looking at this source for large portions of the code's functionality essentially entering into 'public domain', with people writing up how the components work. It will be essentially impossible for anyone to do 'virgin' development on 'windows-like' features for anything, as the information on precisely what the Windows version does will only be 2 steps of association from the programmer.
3) MS will pull a 'patent' or 'trade secret' violation claim on Samba/Linux/GNOME/KDE, in addition to pulling the
From my interpretation, this all seems quite feasable given current legal atmosphere. Any lawyers here have a comment on this?
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
What about the .eml files? You wouldn't have those in Linux.
- Release portions of an older baseline which have already been fixed/replaced (to minimize the hacker potential), but are algorithmically distinctive enough to be recognized if they were used in another product.
- Wait for a well-meaning open source user to submit one of the pieces as a patch to the Linux kernel
- Scan new kernels for distictive algorithm.
When found
- Launch expensive lawsuit at RedHat, Lindows, et al. Demand injunctions against distribution, damages, etc.
Or maybe, I've just read too much SCO-IBM coverage here. --JohnI remember reading that Steve Balmer and Bill Gates specifically FORBID any MS employees from reading / accessing GPL'ed code unless given express permission from somewhere high up.
...
... sounds familiar to all these conspiracy theories floating around about the leaked win2k source, doesn't it?
They had their "don't touch gpl" rule in place for quite a few years now. But they can access BSD licensed code and incorporate them freely.
Just because they had access doesn't mean MS employees are out to break the law
it works in reverse too. To microsoft, all this free linux code floating around on the net is a huge temptation for its employees to cut some corners and potentially land ms in big legal trouble
The funniest part of this whole thing has been the industry pundits explaining the ramifications of the source release in various media outlets.
The best I've seen today is on crn.com by some joker named Winell from Econium. He manages to say with a straight face:Mr. Winell has obviously never used Windows ME if he thinks Microsoft quality control prevents "bad releases". You know Econium must be a real player when the title of their home page is "Welcome to Econium who is a solutions provider."
The classic yesterday was Laura Didio from Yankee Group comparing OSS hackers to suicide car bombers.
Nothing like an embarassing Microsoft moment to get the "experts" out from under their rocks.
In a related story, Linus Torvalds was forced to announce today that the source code for the Linux operating system was made public on the Internet.
"We're not sure how it was leaked. What's up there certainly looks legitimate, and we've had some reports that some of it even compiles. It appears it may have been leaked back in August, 1991, originally to an FTP server in Finland."
There are at least 3 servers that appear to have Linux source code available, although online discussions indicate that there may be many more. There is speculation that the code can e acquired through FTP, Gopher, HTTP, Bittorrent, Rsync, SMB, NFS, AFS, Freenet, and that people may even be _selling_ CS's and DVD's with the code.
SCO was quick to comment that "After they copied those 5 lines from one of our header files, the {deleted} deserved it. As soon as we find a person in our company that knows how to download a file, we'll be comparing every line of Linux to this stuff we bought from AT&T. Oh hey! We've already found something - they copied the word '#include' from us!" The phone interview was cut short as Mr. McBride was called away to launch a new lawsuit.
Law enforcement agencies have been contacted and are investigating, but the process is slow as the officers are heard to exclaim "Wow, it has a GUI?", "Damn, this is stable - I can't crash it at all!", "Whadda you mean, Office is included?", and "How do I turn off the grappling hook and use the rocket launcher?"
Mason, Buildkernel and more: http://www.stearns.org/
Has any one taken a look to see if the old rumors that Win2K is more stable because it uses open source code is true? If so, would that make Microsoft in violation of the GPL?
If they're using GPL code, yes. They already use open source code, and admit it freely - however, it's licensed under the BSD license, and hence can be distributed in closed source systems.
(Someone correct me if I'm completely wrong, but I think that's right).
SpamNet - a spam blocker that really works
if the developers of B have never read the source of A, or anything derived from A, it's pretty sure that B will not look like A.
Except, in the realm of software, that just doesn't apply. A "best way" often exists to accomplish some simple task, and 20 good developers would all independantly "discover" that way. Even in more complicated code, you'll see a large overlap of broader ideas, all arising independantly
This makes one of my peeves about software patents... Patents include the critiria of non-obviousness. If 20 developers would all come up with the same solution, that seems like a pretty damned obvious technique, IMO.
Take the XOR'ed image patent, for example... Even ignoring the idea of prior art (which IMO existed), using XOR to put one image on top of another such that you can later remove the superimposed image cleanly (ie, a mouse cursor over a background), even a moron would use XOR. Yet, the USPTO still decided to grant that one.
So yes, very similar works do arise, totally independant of each other, in the field of software engineering. Unfortunately, considering our legal system's pro-corporate bias, that will most likely work against us. Rather than believing that Billy G and Linus both came up with printf("Hello World\n");, this source release will quite likely suffice to convince the courts that various open source projects "stole" such trivial statements from Microsoft code.
Or to borrow a joke from the SCO threads, "Wow, look at all of the i++; statements those damned open source commies used, just like in SCO's code!"
Imagine the impact, if, say, the following comment is found in the IE PNG rendering engine
(Disclaimer: this example is FICTIOUS. I do not have access to the code in any way. If such a comment is found, I hereby promise to imediately cease and desist watching Deadzone.)
Karma cannot be described by words alone.
1 Now the serpent was more subtil than any beast of the field which the LORD God had made. And he said unto the woman, Yea, hath God said, Ye shall not eat of every tree of the garden?
2 And the woman said unto the serpent, We may eat of the fruit of the trees of the garden:
3 But of the fruit of the tree which is in the midst of the garden, God hath said, Ye shall not eat of it, neither shall ye touch it, lest ye die.
4 And the serpent said unto the woman, Ye shall not surely die:
5 For God doth know that in the day ye eat thereof, then your eyes shall be opened, and ye shall be as gods, knowing good and evil.
6 And when the woman saw that the tree was good for food, and that it was pleasant to the eyes, and a tree to be desired to make one wise, she took of the fruit thereof, and did eat, and gave also unto her husband with her; and he did eat.
The account continues in verse seven if you don't know how it turned out. I agree with Groklaw's advice. Leave it be!
www.mikesmind.com - www.daddyworkathome.com - www.freetofarm.org - www.tenfoottable.com
i cannt re-iterate how stupid all thie fear is ....
check out this alternate universe:
musicians are fucked. apparently, we can't look at other peoples copywritten music without 'taining' our ability to write original music.
everybody from bach to bon jovi is now in violation of copywright law. musicians have henceforth been instructed never to look at somebody elses music lest they be sued later for copying the notes and rhythms.
harumph. this is rediculous.
"Old man yells at systemd"
"Finally, this is very important: If you propose to continue working in the IT industry, and somebody offers you a look at the source, just say no. Remember - if you learn too much about the internals of Microsoft products, you may find yourself unable to work for anybody except Microsoft. Yike."
has anybody attempted to use the code analyzer that was developed for the SCO / IBM case. it would interesting to see if there were any similarities between MS code and the multitude of OSS code.
Why did I lurk so long before registering for a Slashdot account? I could have had a Slashdot ID of less than 100000.
Say, a retired programmer took a look at the leaked Windows source code then published a "code specification" that another (still employed) programmer could look and and then write a program to meet that specification. Technically, he never saw the source code, in fact, he need never even know that the "code specification" was inspired by the leaked Windows source. ...just thinking out loud, as it were....
.
.
A goal is a dream with a deadline
The expanded contents of the zip file is around the size of a single CD. This points to the contents being originally distributed from Microsoft on CD-rom.
Microsoft has made so much fuss about retaining control of the source code. In May 2002, under oath at the antitrust hearing Jim Allchin, group vice president for platforms at Microsoft, stated that, because the Windows operating systems contained inherent flaws, disclosing the Windows operating system source code could damage national security and even threaten the U.S. war effort.
It's going to be interesting if it is subsequently found that Microsoft itself has been distributing said source code over the internet in zip format.
By the way, In February 2003, Microsoft signed a pact with Chinese officials to reveal the Windows operating system source code. Bill Gates even hinted that China will be privy to all, not just part, of the source code its government wished to inspect.
Dispite gaining more favored trading status with the USA, there remains many embargos over technology transfers which could put the US at future risk.
Either Jim Allchin lied under oath, to prevent code revelation being any part of the settlement, OR the Microsoft corporation is behaving traitorously, by exposing national security issues to foreign governments.
The exposure of Microsoft source code put users at risk because of the inherent design and implimentation flaws built into the source code.
In comparison open source development practices enables open source distributions and users to evaluate the source code from the start. This forces developers to build in security from the early outset of each project or risk abandonment for more secure alternate solutions. End users can particpate in the development process.
They get paid for the first 40 hours in a week, then the other 60-70 hours is for the fun of it all.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Windows kernel gets the kernel GPL'd
How can a site so full of OSS supporters have so many people so ignorant of how software licensing works? Yes, if they were found to be infringing the GPL they COULD GPL the whole kernel, but that would be stupid. They would just pay damages for infringement and remove the GPL code from future releases. This "viral licensing" bullshit is so idiotic, I can't understand how it got started. I blame SCO.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
This seems to be a popular opinion, but it is false.
You are buying into the same FUD Microsoft is spewing about the GPL.
Just looking at the code does not "taint" you. There are plenty of ex-Microsoft employees who have looked at Microsoft source code and have then contributed to non-Microsoft projects (not just OSS, but closed-source from competing companies). Really, are you claiming that a coder that has seen Microsoft's code is legally impossible to employ except at Microsoft? What if some poor sap has seen both Microsoft's code and a competitor like Suns? They can't ever work on software again anywhere?
Conversely Microsoft hires people all the time that have looked at GPL code. They don't seem worried that these people are "tainted" despite the fact that their public announcements would seem to indicate that it is impossible for such people to work there.
The person/company in trouble is the one that made the code available. Apparently this is somebody at Mainsoft, who should be punished hard. This sort of behavior is extremely damaging to IT!
Guys, let me warn you, this is nothing to laugh about! DON'T TOUCH THAT STUFF! Two of my friends work in Motorola research laboratory. Yesterday one of the downloaded the code at home and then they both looked at it. One of them was lucky - his retina burned the second he saw the code. The second did not escape that easily. His eyes glued to the screen, his hands typing madly... the paramedics found him 20 minutes later clutching the mouse and writhing in agony. After 2 hours in intensive care he (or, rather what left of him) was sent home. Today, after they were not let into the office building, both of them got pink slips by courier mail.
A cousin of a girlfriend of my former classmate yesterday went to the university computer lab to print his essay. He catched a glimpse of some code on the screen and didn't even thought about it for a second. When he returned home, he logged on to sourceforge.net and before anyone could stop him, he tainted a dozen software projects there. Shit, two perfectly good Xeon servers had to be scrapped and replaced with clean machines in a hurry.
That's just crazy, this code is the strongest shit I ever saw... oh, fuck, forget what I just said - "the strongest shit I ever heard about and never saw". It's worse than the GPL, it taints your code so quickly you can't even notice that. PLEASE, FOR THE SAKE OF EVERYTHING GOOD IN THIS WORLD, DON'T DOWNLOAD THE CODE.
Copy this message and send it to all your friends! You need to warn them not to look at the code! POST IT ON FORUMS AND MESSAGE BOARDS! THIS IS AN EVIL PLOT TO TAINT ALL CODE IN THIS WORLD! DON'T LET THIS HAPPEN!
Future Wiki -- If you don't think about the future, you cannot have one.