Slashdot Mirror
Microsoft Warning Leaked Code Traders
An anonymous reader writes "Broadand Reports notes that Microsoft is now sending snail mail warnings to downloaders of the leaked source code. They're also apparently working in conjunction with several un-named peer to peer vendors to send out legal warnings to any users who search for the leaked code. The notice on Microsoft's website has been updated to reflect the new warnings."
[tin_foil_hat]
I think the title should have read "MS Warns Leaked Code TRAITORS" considering that the code probably got leaked from one of their own.
From the MS Notice page:
Customers running Windows XP Service Pack 1 or Windows Server 2003 who have installed all of the latest updates are not impacted
In other words: "Dear companies running on W2K, please pay for upgrades ASAP. We would like more money. Thanks."
[/tin_foil_hat]
Don't mess with Microsoft, they have the money and the power to track you down, even on Internet and through P2P networks. And they will, this is just an example and a warning.
I will never download the source code and you should better not try too. Anyway what's the point in seeing/having it?
I think people don't really understand what having windows 2000 SP1 source code spreading on internet really means. That's quite important and even if it's only part of the source code it's already enough for the first exploits to appear.
The author was kind enough to tell us about the first one, but I bet many others did find bugs and didn't report them because they are working on viruses and attacks using them.
Let's see what happens in the coming months. I'm already working on the switch from Windows 2003 Server to Linux in my company for this exact reason.
Iraq: war to save the U
http://www.sun.com/servers/entry/v20z/
is kazaa one of the vendors? is there anything they can do about emule or edonkey users?
;)
the latter seem to traffic especially in things like leaked source RARs, and since most of the central servers are overseas and operated independently (and 'overnet' seems truly peer to peer with no central servers), it would be tough to crack down on them, besides having a bunch of fake clients that harvest IPs. anyone know if they do this?
(i imagine the same concept would apply for bittorrent downloaders -- except BT relies on central tracking servers which would be comparatively easy to shut down.)
seems like a natural, uh, application, for the freenet project
ah well. it's kinda scary that even the largest/richest software co in the world can't stop the spread of their IP, and that it takes only one person.
-fren
"Where are we going, and why am I in this handbasket?"
Once its leaked on the Internet, you can't take it back. People WILL take a peek at it. If Microsoft really needs to be convinced, they should talk to Pam and Tommy :)
Dear Sir, Please, please, please don't look for more exploits in our code! We've got enough already to keep us busy for the next decade or so. Signed, Your pals at Microsoft.
Probably a package that weighs 5 pounds, doesn't open right, has about 2 sentences of actual use, and then crubmles while being read.
I don't try to be right, I just try to make people think
how are they able to know who's downloading the files from p2p network?
is that you big bro?
Well, now that Win 2K is not "SAFE" anymore, please get ready to shell out money for Longhorn...
(pun intended)
I thought the thing to do nowadays was to sue the pants off downloaders. Is M$ trying to play good guy warning downloaders rather than suing them?
...don't question it!!!
They're also apparently working in conjunction with several un-named peer to peer vendors to send out legal warnings to any users who search for the leaked code.
Oh my God, that's great.
Anyone want to suddenly start hopping on kazaa and posting spoofed search requests for "leaked windows 2000 code" which appear to be coming from the IP addresses of the White House, the Dennis Hastert re-election campaign, various randomly selected people, entire blocks inside of Time-Warner...
It could be like a p2p reverse honeypot.
Once a few thousand people start getting threatening legal notices from MS for something they didn't do, what happens next?
This has got to work even better than security through obscurity.
How did it leak?
Now do you understand why we need Freenet?
Does this mean that Windows is open source. Is it cool to use Windows yet?
But it was kinda buggy.
- - - If the sun is a star, why can't I see it at night?
While it may be illegal to steal source code that is privately held. I don't know that it is illegal to view it once it has been released. Perhaps someone has a more educated viewpoint. But this seems like a scare tactic without much legal standing.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
I was wondering why when I tried compiling it, it stopped halfway through and I heard Madonna's voice scream, "What the fuck do you think you're doing?"
I also reply below your current threshold.
Dear Peer-to-Peer user,
Please do not download our source code or we will be forced to sue you. We are not kidding, we will sue you. Seriously, we'll sue...
Sincerly,
Bill Gates
Reply
Dear Bill.
Please stop poluting the internet with your crappy source. Every time I search for porn now, I get coppies of some crappy pile of shit called winedows or something. Furthermore, don't even talk to me about frivilous litigation bub. I wrote that book.
Besides, your source leak is stealing my valuable press. How am I supposed to dump my stock if I can't pump it first.
P.S. Thanks for the license fees.
Yours in infamy,
Darl.
I am become Troll, destroyer of threads
Now that the source is out there, I wonder how long it will take for anonymous hackers to start submitting fixes to M$ for problems in the code that havent been detected yet. How long until independent
patches are available to make it more secure from Big Brother, and more stable.
Is this the beginning of the Kazaa-Lite-ing of windows?
... or just using the P2P networks, PeerGuardian can help. I reject about 250 requests per day on the Emule network from tracking companies. Here's about 40 minutes worth:
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:49:19)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:50:00)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:50:42)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:56:11)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:56:55)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:57:37)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:59:00)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:59:44)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:00:26)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:08:53)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:09:35)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:10:16)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:18:51)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:19:34)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:20:14)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:28:40)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:29:24)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:30:06)
You can get it from Methlabs.org. Windows only as far as I know.
What will happen when the Linux project servers for the version you use get breached. Or what if there are exploits that can't be fixed immediatly?
Switching off of Windows sounds great to me, as I really dislike using it, but your reasoning sounds a bit flawed. If it's because the software's buggy and prone to exploitation, great. But if it's just because some code got leaked.. and OSS software generally has all the code available all the time.. then your reasoning sounds a little flawed.
Any software will have flaws. It's inevitable. Knee jerk reactions too those flaws generally aren't a good idea though.
You're reading Slashdot. Of course you like Linux and pc hardware
From the M$ web site: "Microsoft source code is both copyrighted and protected as a trade secret."
Got that one half right:
1) yup it's copyrighted and you can't have the code.
(so far so good)
2) there are no legal protections for "trade secrets" --- it means nothing that the "trade secrets" were leaked other than it's a violation of 1)
I must have found one of these warnings - when I downloaded "Windows_source_code.zip", all it contained was a
"If you think you have things under control, you're not going fast enough." --Mario Andretti
Seeing that MS is sending out warning to those downloaders, it already knew who they are, thus it could be just a warning to those downloaders that if any exploits were out, they will be the first to be investigated.
Rock that crushes, Paper & Scissors that don't matter.
On Monday, February 16, Microsoft began investigating a reported exploit on versions of Internet Explorer allegedly discovered by an individual studying the leaked source code. This exploit is a known issue that Microsoft had discovered internally and addressed with the latest release of Internet Explorer -- Internet Explorer 6.0 Service Pack 1.
Um, don't usually like to argue semantics, but what was discovered was a security vulnerability (bug) in the code, not an "exploit".
Devising and revealing a method to take advantage of this problem (a virus, worm, bitmap) is an "exploit", right?
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
To sum up the article:
...taking a leak!
Microsoft can now sue you for...
<rimshot/>
.sig wanted. Inquire within.
No, not the Doom II port. I'm assuming this follows along the lines of a Microsoft PR implementation. It can't be seen sitting idly as the code gets swapped around. The 250K bounty trick has already been done, and the RIAA seems to be doing well on the "threaten/sue fileswappers" thing so why not jump in?
We've already come to the agreement that this code shouldn't be seen by anyone who is currently contributing or even could possibly in the future contribute to OSS.
The only thing MS stands to lose here is an influx of possible exploits caused by bad code. It's not the full source so it's not like it'll compile to something useful (i.e. piracy).
Maybe they SHOULD go after these folks...but as BGates said recently, hackers are good for MS software because hackers test/break systems, thus making MS improve. Which PR spin will win this one out?
For those of you still looking for the leaked source code here it is:
#include "windows.h"
#include "system_errors.h"
#include "stdlib.h"
#include "msdos_bugs.h"
char make_prog_look_big[1600000];
main()
{
if (detect_OS2())
freeze();
if (detect_cache())
disable_cache();
if (fast_cpu())
set_wait_states(lots);
set_mouse(speed, very_slow);
set_mouse(action, jumpy);
set_mouse(reaction, sometimes);
set_icons(UGLY);
print("Welcome to Windoze 3.11111");
if (system_ok())
crash(to_dos_prompt);
else
system_memory = open("a:\swp0001.swp", O_CREATE);
while(1) {
sleep(5);
get_user_input();
sleep(5);
act_on_user_input();
sleep(5);
if (rand() < 0.9)
crash(complete_system);
}
return(unrecoverable_system);
}
War isn't about who's right. It's about who's left.
The first companys named for inspection are google, sony playstation and Mac OS X.
I used to work for MacOSX, but they fired me. Now I work for Playstation.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
I just don't get it. No security breach. Not related to the SSI, nor GSP. Then how did it leak???? Psychics?
Bite my shiny metal... oops... Nevermind!
... because they put up an archive called "kernel-source-2.6.3.tar.bz2"
No one actually checked what it contained but blindly assumed it was windows. Heh. Funny world.
chris at darkrock dot co dot uk
http colon slash slash www dot darkrock dot co dot uk
A: Why oh why did I register with Insta-Trace?!?
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Holy crap, Microsoft can find your physical mailing address if you download their source code...
Does that mean those people I laughed at in high school for circulating that thing about Bill Gates sending you $100 for forwarding this email were RIGHT?!
Damn, now I wish I'd been stupid enough to send that thing on - I could use an extra hundred bucks.
In post-9/11 America, the CIA interrogates YOU!
It had a EULA shrinkwrapped to it that said "Upon opening this letter I am hereby agreeing to..." so I just tossed it in the trash. I guess I'll wait till one of the letters gets leaked online, then I can just download it.
i got one through my university about it through downloading it through bittorrent. They claimed i was distributing it and demanded they give up where i got it from as well as delete it and stop distributing. I explained i wasnt distributing it and they had no proof that i was only that i was connected to the bittorrent tracker. Oh well
The code is out, it wont come back.
There are hundreds and hundreds of sources in emule, and thousands have been downloading (5k requests the last 5 days). Not to mention irc, ftps, kazaa , winmx and the other stuff.
As an educated guess i would say that at least 50-100.000 people have the source currently on their harddisc.
Whoever wants it now has it....
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
We should respect MS copyrights just as we expect MS to respect GPL. Sure MS may be dirty, but we are better than them.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
If the leaked source code reveals any more Windows security issues, I'll just wait until Microsoft Corporation emails me an .EXE file patch.
;)
OK, now that I have my joke out (and I do realize your statement probably a joke as well) there are a few reasons to think this is bad.
1) If I find a bug that lets me execute code on a windows machine, the average hacker a) tells people about it gets it fixed because he has the best interest of MS and users at heart or b) exploits it for some notoriety or monetary gain. Even if 99% of people choose a), if any choose b), viruses and worms means everyone is affected. Sure, they could patch it, but slow patch adoption rates and slow patch creation rates (look how long the ASN1 patch took to get fixed) means any exploit has a long shelf life.
2) Somewhat related to 1) above, they said that if they are more secure because they keep the source guarded. It is no longer, people may start thinking it's less secure. Security through obscurity only works if the code is obscured.
3) From what I hear (haven't seen it) the code looks pretty amateur in places. MS is a huge company, and not a monolith. Some of the code will be low quality. They just plain look bad.
If peoples' ability to disseminate information serves as a message to corporations that their attempts to turn the US into a police state won't work, then I can live with that.
- First they ignore you, then they laugh at you, then ???, then profit.
Barn Door
Close
Oh wait.....
- - - - - - - - - - -
I am a programmer. I am paid to produce syntax not grammar. Deal with it.
There have been many security comparisons between Linux and Windows, and the conclusions have always been mixed. One reason is because of the scope of the included software - because it's "free" Linux distributions usually include the kitchen sink, so there are more packages to count security exposures in. Another reason is multiple counting - one exposure across multiple distributions. Yet another factor not well estimated has been the severity of the exposures.
But these security exposures have all been in an environment where Linux source was generally available for inspection, and Windows source wasn't. A corollary of this is that most of the Linux exposures have been proactively reported, prior to being exploited. With Windows that's not so clear.
In the future, there's not reason to expect Linux security exposures to change significantly, except through becoming a bigger target because of increased usage. But the fundamentals of bugs, bug reporting, bug fixing, and security haven't changed.
The future story for Windows is different now, because some source has become available. *Maybe* some people will begin proactive security work on the source, and *maybe* Microsoft will roll that work into fixes. But for certain, others wearing differnt color hats will be examining that code for security exposures, too.
The living have better things to do than to continue hating the dead.
That MS had contacted them about my IP address. Downloaded it Sat night, removed it less than 24 hrs later on Sun (I used EMule), next day the ISP phoned saying MS asked them for my details as I was sharing the source. ISP said they would not give them out without a court order.
Im in UK. I havent seen/heard of anyone else getting this (Happend to me on monday) suprised it took till today for it to be brought to light, must admit it makes me somewhat relived to see that their just warning about it, must say I was really $hitting myself at one point. Hell I dont even know C/C++ I was just curious to take a look.
I thought there's a CD or so worth of compressed code. You'd need a small font and/or a huge CD to get it to fit. Well, given the higher than average percentage of coders putting on XXXL t-shirts, you may have a shot.
Here you go:
#include <bsod.h>
#include <gigsofdlls.h>
int main (void) {
if ( 1 ) {
BSOD();
}
return 0;
}
After I get my network connection killed
X(7): A program for managing terminal windows. See also screen(1).
Print the source code and hang it to your wall. And every morning, before you go to work, make a deep promise not to write that kind of horrible crap! (Yes it's awful)
Copyrights might have been extended by Congress, but they can still lapse if they aren't defended comensurate to their value.
That's trademarks, not copyrights.
Gates: "Interesting Steve... What's this idea?"
Ballmer: "Well, suppose we leaked the 2K and NT4 sources on the Internet."
Gates: "I'm not sure I follow."
Ballmer: "Think about it. We've got stagnating revenue streams from companies who are still using NT4 and 2000. We've got people continually hacking our software. Are you seeing the connection here?"
Gates: "Sure, I get you: release the source code, so hackers can analyze it to find all the holes. We get free QA, and in the meantime, we can pressure our customers to upgrade to XP, because it's not vulnerable to these source code attacks. Thus, getting more money for us, from people who wouldn't have otherwise upgraded. Brilliant!"
Ballmer: "You're catching on. And hey, I just thought of an extra bonus! We can track down people who actually download the source code and sue them. That way, we get another auxiliary revenue stream from court, make ourselves look good by appearing to 'fight hackers,' and strengthen the hostile attitudes held toward open source software by linking them to our stolen source code! Another inch closer to having a lock-hold on the Supreme Court when they finally make the big decisions about the validity of intellectual property!"
Gates: "Why, this could have a favorable impact on the outcome of the SCO case, could it not?"
Ballmer: "Sure. Those stupid Linux fanboys and their 'take over the world' nonsense. They don't understand who they're playing ball with."
Microsoft says that it working with the FBI. How many DIY programmers could ever claim that they were getting help from the FBI to track down people who had pirated their software? This is an example of how intellectual property only exists to benefit the rich and powerful who can get the authorities to do their policing for them. Microsoft has the FBI. I guess the rest of us would have to resort to rent-a-cops and DIY cease-and-desist letters.
It looks like they have a fairly extensive IP block list. It shouldn't be too hard to get this list to work w/ IPtables.
My question -- will IPtables run "okay" with a few thousand block rules?
Evolution: love it or leave it
Here is some more code:
/* Microsoft Network Connectivity library */ /* For the court of law */
/* Standard Call, in
/* Delay */
/* in process.h */
/* Now
Subject: *** TOP SECRET MICROSOFT CODE ***
Project: Version - Windows 98
Microsoft marketing strategy (MARKET.EXE):
#include
#include
#include  ;
#include
#define say(x) lie(x)
#define computeruser ALL_WANT_TO_BUY_OUR_BUGWARE
#define next_year soon
#define the_product_is_ready_to_ship another_beta_version
void main()
{if (latest_window_version>one_month_old)
{if (there_are_still_bugs)
market(bugfix);
if (sales_drop_below_certain_point)
raise(RUMOURS_ABOUT_A_NEW_BUGLESS_VERSION);
  ; (while(everyone_chats_about_new_version)
make_false_promise(it_will_be_multitasking);
lie.h */
if (rumours_grow_wilder)
make_false_promise(it_will_be_plug_n_play);
  ; if (rumours_grow_even_wilder)
market_time=ripe;
say("It will be ready in one month);
order(programmers, stop_fixing_bugs_in_old_version);
order(programmers, start_brainstorm_about_new_version);
order(marketingstaff, permission_to_spread_nonsense);
vapourware=TRUE;
break;
switch (nasty_questions_of_the_worldpress)
case WHEN_WILL_IT_BE_READY:
say("It will be ready in", today+30_days," we're just testing");
break;
case WILL_THIS_PLUG_AND_PLAY_THING_WORK:
say("Yes it will work");
ask(programmers, why_does_it_not_work);
pretend(there_is_no_problem);
break;
case WHAT_ARE_MINIMAL_HARDWARE_REQUIREMENTS:
say("It will run on a 8086 with lightning speed due to"
" the 32 bits architecture");
inform(INTEL, "Pentium sales will rise skyhigh");
inform(SAMSUNG, "Start a new memorychip plant"
"'cos all those customers will need at least 32 megs");
inform(QUANTUM, "Thanks to our fatware your sales will triple");
get_big_bonus(INTEL, SAMSUNG, QUANTUM);
break;
case DOES_MICROSOFT_GET_TOO_MUCH_INFLUENCE:
say("Oh no, we are just here to make a better world for
everyone");
register(journalist, Big_Bill_Book);
when(time_is_ripe)
arrest(journalist);
brainwash(journalist);
when(journalist_says_windows95_is_bugfree)
  ; order(journalist, "write a nice objective article");
release (journalist);
break;
while (vapourware)
introduction_date++;
if (no_one_believes_anymore_there_will_be_a_release)
break;
say("It will be ready in",today+ONE_MONTH);
release(beta_version)
while (everyone_is_dumb_enough_to_buy_our_bugware)
&nbs p; bills_bank_account += 150*megabucks;
release(new_and_even_better_beta_version);
introduce(more_memory_requirements);
if (customers_report_installation_problems)
say("that is a hardware problem, not a software problem");
if (smart_customer_says_but_you_promised_plug_and_pla y)
ignore(customer);
order(microsoft_intelligence_agency, "Keep an eye on this
bastard");
if ( bills_bank_account>skyhigh && marriage>two_years )
divorce(woman_that_was_beatifull_when_I_married_he r);
wave(dollars, at_lusty_chicks);
marry(young_blond_virgin_with_big_boobies);
  ; devirginize(young_blond_virgin_with_big_boobies);
if (boobies_start_to_hang)
dump(young_blond_virgin_with_big_boobies);
&nbs p; if (there_is_another_company)
steal(their_ideas);
accuse(compagny, stealing_our_ideas);
hire(a_lot_of_lawyers);
wait(until_other_company_cannot_afford_another_law suit);
buy_out(other_company);
War isn't about who's right. It's about who's left.
I got two calls yesterday from my on-campus network administrator's office asking to speak to my room mate. This is odd because I believe he downloaded it through a DC++ connection, as he seems to avoid bittorrent for some reason. All they asked was that he removed the source from his computer, I don't think there were any other consequences. Anyone else have a similar experience?
I should not talk so much about myself if there were anybody else whom I knew as well. -Henry David Thoreau
...that the leak didn't come from a breach in security at either their network or the networks of any corporate or government partner. In short, it didn't come from anyone who has the source. Right.
They are also still toeing the line that it was code from NT and 2000. Conveniently omitting XP and Server 2003 from the list. Aren't those OSes built on the same codebase? Isn'y it possible that they are also potentially affected? Wouldn't want to scare people with our latest OSes, now would we? And for those that haven't upgraded (most businesses?), upgrading now looks safer than not.
Also of note in the release is that not just IE 5.5 and older are succeptable to the expoloit that was released, but non-SP1 IE6 as well.
What does concern me is how MS is running after those who are obtaining the leaked code. Is an FBI group standing over every P2P system, and then providing user information to MS? Please! Or is the media running multiple reports on behalf of MS, about those receiving warnings, while in fact this entire affair is a media stunt?
So....you're saying MS should just do nothing?
You know what?
I own a bought and paid for copy of NT4, 2K, XP, etc., so in a roundabout sort of way the source code is just another copy of what I already have. Ok, so it's in a slightly different form, but why is having WinSock source any different to having the compiled version? Providing I make no commercial or nefarious use of the source, I don't see a problem...
This sentence no verb.
nope, IPtables will probably crap out. Use NF-HIPAC which is basically a binary tree table instead of a linear one. I use it to classify everything going through my box as either local campus, Internet2, or general internet. I have around 5000 matches and it works great. Also the perl module NetAddr::IP and it's function NetAddr::IP::compactref is your friend; it takes a bunch of IP/masks and simplifies them down. It simplified my 9000 Inet2 networks down to 5000.
why Microsoft isn't so rabid about stopping the spread of Windows XP and 2000 ISOs on filesharing services...
-Jem
Trying to stop the source code is like throwing $20 bills from a manhattan balconey, and going down and trying to collect them all back.
Theres a great deal of ill feeling towards Microsoft, thanks to their annoying crashing OS, and anyone threatened with a lawsuit will be actually determined to send out the source code anonymously.
What I'm extremely interested in, is if someone has successfully compiled the code and tested it. I'm interested in knowing what parts of windows the code is from. Hopefully we get the kernel + binary execution segments so WINE is developed as well as SAMBA. I think as soon as we can run win32 binaries properly on Linux, along with at least directx8, linux will be a MUCH bigger competitor of both Microsoft and Apple.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
I don't have their code, nor do I want it. But I realize that even if every single Linux user/GPL supporter refused to look at it or download it, it would still spread like wildfire. People download stuff like this just to say that they have it. I have a friend who is somewhat of a "collector" of things like this. He has no programming background whatsoever, he just wants to say that he has it. (ironically, he is actually in school getting a law degree with a concentration in Intellectual Property)
The cat-genie is out of the bag-bottle.
My beliefs do not require that you agree with them.
Copyright cannot lapse per se, the right is unconditionally granted and there is no concept of abandonment (which you can do with patents and trademarks): however, if a copyright owner didn't take any action against infringements - when it knew that they were happening - it could be a good arguement that the owner has "allowed" an implicit license to come into effect. This is just a common legal principle of estoppel: if you passively consent to something, it becomes difficult to later turn around and retract.
Trust no one!
If the local state-run university my sons attends is any indication, everybody who wants a copy ALREADY has it!!
My son says that every computer science student he knows already has downloaded a copy and that students are eagerly trading copies among themselves!
I can't seem to find the gigsofdlls header file...
Now heres the thought-provoking question of the day:
If the leak was not caused by a network security breach, a physical security breach, a troubled-employee, or it's code sharing initiatives; how the hell was the code leaked? They said it wasnt network security, and it wasnt internal security (which takes away a physical security breach or a troubled employee), and it wasnt't its code sharing initiatives... Makes you wonder... how the hell did the code get out?
Answer this and get a cookie.
It depends.
If you live in a jurisdiction, which accepts private copying, then you are fine (downloading == making one copy of the work to your hard drive)
In some counties the source has to be legit (Denmark) or there's no notion of private copying (UK). In these places also downloading is illegal.
Well personally i find it pretty shitty that some corporation thinks it has the right to tell me what i can and cannot 'search' for. Microsoft, go fuck yourselves, you let the code out, its in the open, you cant make that go-away.
This comment does not represent the views or opinions of the user.
Customers running Windows XP Service Pack 1 or Windows Server 2003 who have installed all of the latest updates are not impacted
The use of the word "impacted" here is classic corpo-Pentagon-speak.
The correct word is "affected." For a person to be "impacted" has an entirely different meaning.
You'd think Microsoft would care about the distinction, since they are so full of shit.
But you can only call it "Civil Disobedience" if you're willing to face the consequences of your act (and not try to weasel out of it).
The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
Another inch closer to having a lock-hold on the Supreme Court when they finally make the big decisions about the validity of intellectual property!
Funny, but it's worth pointing out that the USSC is not going to be making any big decisions about the validity of intellectual property... the US Constitution explicitly provides Congress with the right to make IP laws and even provides a brief rationale for them.
What Congress should be looking at, though, is whether or not the current laws make any sense at all. What is really bizarre to me is this notion that you can keep something secret and yet still have copyright protection on it.
The original reasoning behind copyright as we know it (as opposed to the true original reasoning, which was about facilitating censorship by the British Crown) was to enable authors to retain limited control of their published works, in order to encourage them to publish. When you publish a book, the content is out there for the world to see and potentially copy; there's no way to publish a book and keep it secret at the same time, so some legal protections are necessary if we want to enable authors to control and profit from their work.
These "legal protections" are really limitations on what society is allowed to do with the work, in other words, freedoms we choose to give away, and the reason this is a good trade is because (a) it makes more material available now for people to read, learn from and build off of and (b) it ultimately puts more material in the public domain for anyone to use however they see fit when the copyright expires.
Patents are really the same idea applied to a different space: Getting the details of inventions published for everyone to read theoretically encourages more invention. With patents, there's a *requirement* that the details be published, because unlike a book, it often is possible to keep secret the details of a piece of machinery.
Even for copyrights, there is and always has been a sort of a requirement to publish -- under current law you cannot sue over copyright unless you have registered your work with the copyright office, and doing that requires you to submit a copy to them, placing it in the public record. Kind of. In the case of code, you only have to submit a few pages from the beginning and the end. The rationale behind copy registration was primarily to establish ownership, not to publish, because when all of this was set up publishing was just a given. Because that was the rationale, when code copyrights came along it was deemed too burdensome to deal with full printouts of the registered code (because they're really, really big) and, of course, the copyright office wouldn't have had any idea what to do with magnetic media.
So now we've arrived at a situation that cannot have been expected or planned by the designers of the system: You can obtain copyright protection on something that you never published and never have to publish, even when you go to court to enforce your rights. The "trade" is no longer a trade, because society no longer gets to benefit from seeing what it is giving you protection for. There's no requirement that the code *ever* be published, even after the copyright has expired (assuming current copyrights ever will expire).
In my opinion, it should only be possible to obtain protection for what you publish. If you want to keep your source secret and only publish binaries, fine. You get copyright protection for the binaries and you can use trade secret law to protect your source code -- but remember the caveat in trade secret law that once it's published it's no longer a secret, so you can only go after the person who gave it away the first time.
On the other hand, if you want the full protection of copyright law applied to your source code, then you have to publish the code, at least before going to court over it. Publish *all* of it. I don't think the US Copyright Office of 2004 will have any trouble at all understanding how to manage data delivered on a stack of DVD-ROMs.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
You forgot this line:
:-)
#include "bloatedregistry.h"
I really have another userid as well
From Kuro5hin...
I have something in common with Stephen Hawking...
Point #1: I don't think anybody in this thread has weighed in on whether facing consequences is or is not part of their plan.
Point #2: If someone chooses to break the law in an effort to cause change, what authority defines what "weaseling out of the consequences" is and its bearing on whether the term civil disobedience applies? Would Rosa Parks have been weaseling out if she'd accepted legal representation from a better attorney? Websters says that "civil disobedience" is:
I didn't notice anything in there regarding facing consequences or weaseling out. I wonder if the dictionary people are up to date.Point #3: What does it matter whether an illegal action gets to be called civil disobedience as long as the action has the desired effect?
If it will make anyone happy, then by all means people can invent a new term that categorically denotes breaking the law with the ultimate intent to increase freedom but with the specific proviso that the lawbreaker does not intend to face consequences. Then those same people can get busy debating just exactly what shall be deemed "facing consequences". Be sure to let us all know how it comes out, we'll be on the edges of our bus seats.
- First they ignore you, then they laugh at you, then ???, then profit.
Slashdot really needs a semi-permanent copyright lawyer as an editor or something to counter/correct/confirm all us ianal's
watch "the money masters" on google video
Taking something off of the internet, is like taking pee out of a swimming pool...
Once upon a time, people respected the law, and usually obeyed it. They respected police, and thanked them for doing a hard job and protecting the community.
Specifically, that was from 12:30 to 3:45 PM, October 24th, 1955.
Just in case anyone was curious.
Has anyone noticed that the RIAA has tried for two years to figure out how to connect an IP address to a snailmail address with out resorting to subpeonas, yet M$ did it in about 4 days? Has this not raised any eyebrows, made anyone look over their sholder, or consider buying a Mac, Unix, Linux, OS/2, anything not Microsoft box. In fact I'm probably putting myself at risk just by typing this. Oh crap, there here already...
Why doesn't anything interesting happen when I have mod points?
BTW, I tried to include more of the source, but Slashdot complained "Too many junk characters." :-) I wonder if that's indicative of the true source.
Dave
FPGA, Wireless, ASIC, Verilog, VHDL, HW, 10yr exp, Team Lead, Ottawa (More? Email above. slashdotusername=dgmartin98 )
Right, just like the **AA have been doing. I'm betting they have a comparable amount of money, and they're certainly willing to use legal muscle, but look where that's got them...
A more interesting spin I didn't see anybody mention yet is that if, as P2P music-sharing advocates constantly claim, it's legal to download and only illegal to distribute under US copyright law, then Microsoft's claims are unfounded (and probably incorrect legal advice -- oops). Alternatively, the P2P music-sharing advocates have been talking a crock all along, and are about to see a rather unfortunate legal precedent set from a surprising direction. Any takers?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Copy down the IP address of anyone who starts a multi-source download
Kill the download
Whois lookup
Letter to the ISP.
Of course if they're distributing it in that manner so that the hash codes match, does that qualify as them legally giving it away?
So has it made it onto Usenet yet?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Where does it say that a search is illegal.. Regardless of what i search for..
Possession of information is illegal in some cases.. Distribution is illegal in other cases.. But *searching*?
Screw them...
only scary part is that some p2p people are willing to cooperate with a entity that has NO LEGAL POWERS...
---- Booth was a patriot ----
So does this mean that if I go into a P2P program and do a search for "Windows 2000 Source", I am seeking to possess the sourcecode?
That would be a pretty big assumption by Microsoft!
The first thing I did when I heard the source had been leaked was to hop on my favorite P2P network and search to see how many people had it. I did _NOT_ download it. If, for whatever reason, I get a letter in the mail from Microsoft ( highly doubt it ), I will be so pissed off. I mean, what would be the next step? If someone does a Google News search for "Leaked Microsoft Source", they're attempting to locate a place to download it?
I'm activey downloading the code right now (I'm at 70 of 240M). I don't mind doing a bit of jail time to look at the code. I'm just curious. Is that a crime?
J.K. Weston
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
jkweston@microsoft.com
Tel: (425) 703-5529
** Feb 2004 **:**:** GMT
URGENT/IMMEDIATE ATTENTION REQUIRED
VIA ELECTRONIC MAIL
XYZ ISP COMPANY
123 SESAME ST
Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE CODE AT: ***.***.***.***
Date of Infringement: Detail below.
Dear XYZ ISP CO:
We have received information that one of your users as identified above by the SITE/URL ***.***.***.*** may have engaged in the un lawful distribution of Microsoft's source code for Windows 2000, and/or Windows NT4, by distributing and offering for download the se source code files via a peer-to-peer network.
Since you own this IP address, we request that you take appropriate action against the account holder under your Abuse Policy/Ter ms of Service Agreement.
We also kindly request that you forward this notice promptly to the user of the IP address listed above at the time and date stat ed.
To the user at ***.***.***.***:
The unauthorized copying and distribution of Microsoft's protected source code is a violation of both civil and criminal copyrigh t and trade secret laws. If you have downloaded and are making the source code available for downloading by others, you are violat ing Microsoft's rights, and could be subject to severe civil and criminal penalties.
Microsoft demands that you immediately (1) cease making Microsoft's source code available or otherwise distributing it, (2) destr oy any and all copies you may have in your possession, and (3) provide us any and all information about how you came into possessi on of this code.
Microsoft takes these issues very seriously, and will pursue legal action against individuals who take part in the proliferation of it source code. We look forward to your prompt cooperation. Should you need to contact me, I can be reached at the address abov e or at jkweston@microsoft.com.
Very truly yours,
By
J.K. Weston
CaseID: *****
They didnt goto court to supeona the information, how are they getting the home address of people so quickly?
... )
Is that even legal for them to do ( assuming they didnt get a court order.
---- Booth was a patriot ----
An infinite number of monkeys at an infinite number of keyboards....