Slashdot Mirror

← Back to Stories (view on slashdot.org)

32TB of Windows 10 Internal Builds, Core Source Code Leak Online (theregister.co.uk)

Posted by BeauHD on from the treasure-hunt dept.

According to an exclusive report via The Register, "a massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online." From the report: The data -- some 32TB of installation images and software blueprints that compress down to 8TB -- were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions.

104 of 201 comments (clear)

  1. 32TB? by ArchieBunker · · Score: 1

    Going to need a new storage array...

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
    1. Re: 32TB? by KGIII · · Score: 1

      It isn't that interesting. Save the space. They are mostly just builds from the Insider Program, according to the folks with the actual data.

      --
      "So long and thanks for all the fish."
    2. Re:32TB? by Anonymous Coward · · Score: 1

      Don't worry, reports say 31.9TB is just their "phone home" technology.

    3. Re:32TB? by Z00L00K · · Score: 2

      Going to need a new OS because now the malware creators have the ability to find yet undiscovered security holes and utilize them.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    4. Re: 32TB? by cyber-vandal · · Score: 4, Funny

      Better not use Linux or FreeBSD. I hear they let anyone look at the source.

    5. Re:32TB? by gweihir · · Score: 1

      They had that capability before. It may not even have been that much more effort. Reviewing source-code is time-consuming, demanding and expensive.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:32TB? by danomac · · Score: 1

      Or, oddly enough, the opposite might happen. Maybe someone will actually submit patches to fix all those bugs.

    7. Re: 32TB? by KGIII · · Score: 1

      This has now been verified by multiple independent parties.

      --
      "So long and thanks for all the fish."
    8. Re: 32TB? by KGIII · · Score: 1

      There doesn't actually appear to be any source code in the files. Multiple parties have gone over it. It's just Insider Program builds, some tools (that may be handy - as they are special debuggers I guess), and a whole mess of internal nightly builds.

      I haven't downloaded the files, but those who have checked it out are people that I'm inclined to trust - based on history. It's largely nothing. The debugging tools may reveal something and someone, with enough time, may be able to disassemble binaries that weren't public and find things that are different - which could, theoretically, find a bug - which could, theoretically, be exploited, which could, theoretically, be done by a malicious party.

      --
      "So long and thanks for all the fish."
    9. Re: 32TB? by Hylandr · · Score: 1

      It's false.

      Just the early preview versions.

      --
      ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
    10. Re: 32TB? by KGIII · · Score: 1

      That's what I said. ;-) Though two folks have said there's a proprietary debugger. I am not sure of the validity of that one.

      --
      "So long and thanks for all the fish."
    11. Re: 32TB? by ArmoredDragon · · Score: 1

      I'd be more interested in finding out what the telemetry data actually contains.

  2. Neat. by Anonymous Coward · · Score: 5, Interesting

    Maybe it tells us the secret to shutting down a laptop using ACPI in a way that doesn't drain the battery dead 2 hours after it "powers off" using Linux

    1. Re:Neat. by aliquis · · Score: 2

      Or why the machine can't wake up if I let it park the CPU in Windows 10 but it worked fine in Windows 8.1.

      (Phenom X4 9850 on ASUS 790FX board.)

    2. Re:Neat. by sound+vision · · Score: 1

      I have the same Phenom, with an Asus M2N-SLI Deluxe board. The BIOS has an option for "C1E support", which sounds similar to your "CPU parking" - turning it on makes the system fail to boot. I don't remember exactly where the failure happens, but it's before GRUB can bring up the boot menu.

    3. Re:Neat. by aliquis · · Score: 1

      I said CPU parking because I don't know the name of it.

      There's S1 and S3 and one is a a deeper sleep than the other and with the deeper sleep the CPU fan turns off as-well among other things but if I use that one then the machine can't be started without a cold reboot again. It used to work in Windows 8 but doesn't in Windows 10.

      M3A32-MVP Deluxe and .. yet another one is what I have.

  3. I know it was you Comey. Horrible. Horrible. by Anonymous Coward · · Score: 5, Funny

    Really very, very horrible. Really horrible. Very very not good at all, let me tell you. Leakers on any media, horrible. Don't watch that video.

  4. Oh no, security problems might be found! by Anonymous Coward · · Score: 5, Insightful

    Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide.

    You mean like.. BSD and Linux? Sounds like the way it should be -- the security by obscurity fad faded a long time ago.

    1. Re:Oh no, security problems might be found! by Anonymous Coward · · Score: 1

      security problems in Linux and BSD aren't usually found through source code analysis, they are found through crashes, fuzzing, errors etc. source code analysis is painful and slow by comparison though the source code can make generating the exploit once you have found the vulnerability much easier.

    2. Re:Oh no, security problems might be found! by vux984 · · Score: 1

      the source code can make generating the exploit once you have found the vulnerability much easier.

      That's an understatement.

    3. Re:Oh no, security problems might be found! by jimtheowl · · Score: 1

      They are certainly fixed by first going through an analysis of the offending code.

      But even though code analysis is painful and slow, it doesn't stop the OpenBSD people and others from doing some, historically demonstrating good results for their efforts.

    4. Re: Oh no, security problems might be found! by Bert64 · · Score: 3, Insightful

      "Many eyes makes bugs shallow" is not so much the point...
      Rather is having a level playing field for everyone, anyone can see the code, good and bad guys alike.

      With closed source *you* probably don't have the code and white hat security researchers probably don't have the code, but you have no idea who else (NSA and similar agencies, criminals etc) does. Chances are with closed source those who do have the code are more likely to have hostile motives.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    5. Re:Oh no, security problems might be found! by gweihir · · Score: 1

      Actually, it is not. In many cases the source will not help the attacker much or at all. It does make fixing a vulnerability a lot easier though.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:Oh no, security problems might be found! by skullandbones99 · · Score: 1

      sigh, SSL is NOT in the Linux kernel! SSL is a cross-platform userland open source project.

      Linux based distributions will include SSL userland components but SSL is not part of the Linux kernel. Just like gnome and KDE are not part of the Linux kernel but are included in Linux based distributions.

    7. Re:Oh no, security problems might be found! by K.+S.+Kyosuke · · Score: 1

      Did the SSL bugs have actually anything to do with Linux? I mean, besides the library supporting Linux as one of the systems it can run on.

      --
      Ezekiel 23:20
    8. Re:Oh no, security problems might be found! by jimtheowl · · Score: 1

      It is relevant for at least the following reasons:

      The OpenBSD project has a proactive approach to security https://www.openbsd.org/securi... with people who do what they do because they want to do it.

      The Windows model is perpetuate the need for patches so you can make the customer dependent on continuous releases. They never had any intent to procure a secure system and likely never will.

    9. Re: Oh no, security problems might be found! by thegarbz · · Score: 1

      Chances are with closed source those who do have the code are more likely to have hostile motives.

      Like the vendor.

    10. Re: Oh no, security problems might be found! by Brockmire · · Score: 1

      Most? Wow, you have no clue what you're talking about.

    11. Re: Oh no, security problems might be found! by Brockmire · · Score: 1

      Christ, I didn't quote "many" correctly. *palmface*

    12. Re: Oh no, security problems might be found! by gweihir · · Score: 1

      I actually have hands-on experience in this area. What the general public thinks and what actual experts know is often quite a bit different. This is one such case.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. old crap by Anonymous Coward · · Score: 1

    It seems they are just a heap of old builds, nothing top secret about them, most interim builds are only valid for a day or 2 till the next one. The Shared Source stuff while not publically available is hardly top secret either with hundreds if not thousands of organizations with it.

  6. Telemetry by OtisSnerd · · Score: 5, Interesting

    Maybe now we'll be able to find out what the telemetry actually sends back to MS and the three-letter agencies. It would also be nice for some to develop a way to completely kill it.

    1. Re:Telemetry by sound+vision · · Score: 1

      If MS gets away with it because of their market dominance, what's the reason that Apple gets away with it?

    2. Re:Telemetry by Anonymous Coward · · Score: 1

      Apple/Google got away with it because a phones were a new paradigm without preexisting standards for user control and spying and whatnot. They did shit you would never have been able to get away with on a PC a decade ago, but no one complained because it wasn't a PC (AOL had pioneered the 'walled garden' thing years before and was met with universal derision). Then once phones and their attendant privacy invasions became ubiquitous and the public had gotten used to the idea of being tracked and monitored 24/7, the opening was there to backport all the creepy shit to desktops and laptops. MS catches the most shit because they were the most brazen about it, but none is really any better than the others (except Linux, natch)

    3. Re:Telemetry by kelanos · · Score: 1

      Or another, equally likely, possibility is this is a controlled leak and it's meant to mislead us about the nature of the telemetry.

      But this isn't the full source is it? So probably we'll never know. But do we need to? The Corporate Plutocracy is attempting to destroy us all anyway. Until there is a movement against the state, nothing matters but survival.

      Standing by to be modded down by cowards who refuse to realize the implications of things like federally mandated education standards, mass surveillance, media consolidation, etc.

    4. Re:Telemetry by Razed+By+TV · · Score: 1

      Standing by to be modded down by cowards who refuse to realize the implications of things like federally mandated education standards, mass surveillance, media consolidation, etc.

      You must be new here.

    5. Re:Telemetry by thegarbz · · Score: 1

      If you want to know that just read through these 94 pages: https://docs.microsoft.com/en-...

    6. Re: Telemetry by allo · · Score: 1

      You, Sir, are the worst spy ever. rofl

      Are you now happy?

    7. Re:Telemetry by OtisSnerd · · Score: 2

      I've seen that list before, but I suspect that it's not complete. After all the forced upgrades, and all but pointing guns at their 'customers' to force them to upgrade, I wouldn't trust them to tell me the the color of the sky, let alone believe that the list they posted is complete.

    8. Re:Telemetry by Opportunist · · Score: 1

      The same. They are essentially in the Tablet market what MS is for Desktops. And the phone market they share with a company that's just as bad.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    9. Re:Telemetry by Rick+Schumann · · Score: 1

      Hear, hear!

    10. Re:Telemetry by oakgrove · · Score: 1

      An aside to this thread, as a child of the MS dominated 90s, I sort of dig Android being dominant on phones, Apple having tablets, MS having the desktop, and Linux more or less having servers with a healthy competition in each segment. It's not a perfect situation but it beats the shit of the bad old days when IE 6 was "the internet."
      >inb4 everything is just as bad as it ever was or worse

      --
      The soylentnews experiment has been a dismal failure.
    11. Re: Telemetry by allo · · Score: 1

      Maybe it's a name and he misspelled Rolf?

    12. Re:Telemetry by thegarbz · · Score: 1

      Interestingly the less complete the list is the less care about their collection. The more data that is collected the less likely any database makes sense. The less likely they are able to extract information from it. The less likely I am to be affected if someone dumped the database online.

    13. Re: Telemetry by Brockmire · · Score: 1

      There should have been a comma before "ever".

  7. OMG by bfmorgan · · Score: 1, Insightful

    Ooops!

    --
    I hope this caused some synapses to fire.
  8. "Many eyes" by gawdonblue · · Score: 1

    Security!

  9. Re:Top Secret? by gravewax · · Score: 1

    seems to Just be private/internal builds, nothing even remotely secret.

  10. Wait for it: Microsoft Intentionally Leaked It by DatbeDank · · Score: 1

    In an effort to get more people to probe Windows 10 and find software flaws as well as confirm they aren't completely stealing your data. It's like open sourcing your OS without really open sourcing it! /sarcsam

    1. Re:Wait for it: Microsoft Intentionally Leaked It by Anonymous Coward · · Score: 1

      they'll blame it on their migration to git as a way to tarnish linus' name, not the fact they used windows shit server 2k13 to host it on.

  11. Okay.... by SeaFox · · Score: 1

    /me goes to the store to get popcorn

  12. 32 TB? by PPH · · Score: 1

    How much is it if you skip all the #ifdef BUGS sections?

    --
    Have gnu, will travel.
    1. Re:32 TB? by haruchai · · Score: 5, Funny

      How much is it if you skip all the #ifdef BUGS sections?

      That compiles down to 640k, just enough for everybody

      --
      Pain is merely failure leaving the body
  13. Too bad by markdavis · · Score: 1, Insightful

    Too bad it STILL won't tell anyone what is actually on a machine when a binary MS-Windows is installed. You still won't know what back doors, spyware, weakened encryption, "telemetry" sharing, and extra code was injected for the governments. And good luck on building something you will be able to actually install and use. This breech is unlikely to help anyone but black hatters, looking for vulnerabilities.

    Meanwhile, grab distro Linux sources legally, see anything and everything you desire, and compile it and run it if you like.... it is actually DESIGNED to be compiled by people and groups who use it, if wanted.

    1. Re:Too bad by thegarbz · · Score: 1

      I don't know that on any other installation either. I simply trust that any vendor provides me a binary that matches its source code. I and 99.999% of the people using computers have zero ability to audit binaries against source code. And I'm willing to bet you've never done it for your OS too.

    2. Re:Too bad by infolation · · Score: 2

      The point is not a personal audit of every line of code, but a network of trust - code that is able to be audited by a network of known individuals who build trust in that code. GNU-Linux, and the code of free software, already relies on the notion of 'standing on the shoulders of giants' and the principle of an auditing process over time is no different. Auditors are motivated to work because they know their contributions build over time to a verifiable and trustworthy system.

      It is the complete lack of transparancy that impedes trust in Microsoft's code. Inspecting a code dump does not build trust because there is no incentive for 3rd parties to audit the dump. In the long term it cannot contribute to an open, auditable Microsoft code base.

    3. Re:Too bad by markdavis · · Score: 1

      +1 insightful
      I couldn't have worded it better if I tried.

    4. Re:Too bad by thegarbz · · Score: 1

      but a network of trust - code that is able to be audited by a network of known individuals who build trust in that code.

      Sorry but the benefit of a network of trust breaks down very rapidly when we actually look at how often projects actually get a security audit (you can probably count them on one hand) and how that audit has absolutely no relevance to the final binary that you download, not to mention the fact that by the time any audit process is finished you'll be very many commits behind.

      The level of trust I have for software ranks as follows: Closed source > Open source > Closed source which has reached monopoly status. That trust is entirely based on how much the vendor/developer needs the user.
      - Small closed source programs which are well funded have quality controls in place and still rely on the user to make money are least likely to have issues.
      - Open source is a crapshoot. The Linux Kernel gets all the thumbs up. An excellent example of things done right, but mostly because they have customers to please. A lot of the remainder is buggy shite. Gnome is an example of the shitstorm that is can be an open source project.
      - Closed source which has monopoly status has no incentive to ensure quality. Windows is a good example of that.

      I don't need complete transparency to have trust. Actually that is a completely backwards idea. If you need transparency then by definition you don't have trust.

  14. Security vulnerabilities? by GrahamWert · · Score: 1

    This just in: it appears that many terabytes of Linux and GNU source code have also been leaked to the internet. Anyone who has this information can scour it for security vulnerabilities.

  15. Time for OS/2 by martiniturbide · · Score: 1

    Who is leaking that source code??

    1. Re:Time for OS/2 by freeze128 · · Score: 1

      Who *WANTS* it?

    2. Re:Time for OS/2 by Yaztromo · · Score: 1

      Who *WANTS* it?

      I would, if it meant we could port SOM and the Workplace Shell to Linux.

      Yaz

    3. Re:Time for OS/2 by Z00L00K · · Score: 1

      Anyone that want a great upload quota on warez BBSes.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    4. Re:Time for OS/2 by drinkypoo · · Score: 1

      I would, if it meant we could port SOM and the Workplace Shell to Linux.

      You can make fvwm work like the workplace shell if you want. Why would you want SOM? You can get a real CORBA ORB if you want.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    5. Re:Time for OS/2 by drinkypoo · · Score: 1

      You can probably make fvwm *look* vaguely like workplace shell, but I highly doubt you can get it to function like the workplace shell.

      No, you can! You can even make it use inexplicable mouse button mappings, just like OS/2!

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  16. Re: Top Secret? by niftydude · · Score: 1

    Apparently "alpha/nightly build" = "top secret build" in super sensational hack journalist lingo.

    --
    You can never know everything, and part of what you do know will always be wrong. Perhaps even the most important part.
  17. Re:Reminds me ... by Bert64 · · Score: 3, Informative

    Then you should have redesigned the network such that the printers were not directly accessible to users, and they had to funnel data through a central print server which *does* log what was printed and by whom. Aside from the reason given (likely a severe violation of the company code of conduct), you get other benefits too like keeping (usually horrendously insecure) printers away from the user network, being able to tell who's printing copies of company data that might have leaked out, and keeping track of how much is being printed.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  18. How's that Windows Security? by mpapet · · Score: 1

    Hahahahahahaha!!!!

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
  19. This happened in the '90s by magusxxx · · Score: 1

    Some of the Windows code was released. It was downplayed. But everyone had a good laugh at the notes which were left in it like (language cleaned up and paraphrasing.): My personal favorite..."Why was this section added?" - "Because someone is doing something way above our pay grade." - "Take this out! It could be exploited" - "It's been two years, why is this still here?" - "This was put in for a reason. Don't take it out again." - "I removed it because It could be exploited!" - "I don't give a m***er f**k! As long as it's our exploit it stays in!"

    --
    Care killed the cat, but satisfaction brought it back.
    1. Re:This happened in the '90s by Z00L00K · · Score: 1

      Virtual memory logic was around before Microsoft even thought of it. Maybe you think of the alleged Unix source code issues related to SCO?

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  20. Betaarchive admin official statement by ark1 · · Score: 5, Informative

    https://www.betaarchive.com/fo...

    Seems The Register story may not be accurate, or if you prefer FAKE NEWS!

    1. Re:Betaarchive admin official statement by pslytely+psycho · · Score: 1

      Ah, shit, you just had to go and ruin a good story with fucking facts.
      Dammit.

      Seriously though, thanks. It is interesting to see just HOW FUCKING FAR OFF the claimed numbers are to the real numbers. I suck at math so I've no idea how many orders of magnitude they are off by, but it's fucking fantasy land for certain.
      32TB vs. 1.2GB and seems rather benign compared to the sensationalism.
      Thanks for putting things in perspective.

      Media and politicians, repeatedly shooting themselves in the foot repeatedly for our amusement and bemusement.....

      --
      Donald Trump, on a crusade to make Nixon look respectable
    2. Re:Betaarchive admin official statement by K.+S.+Kyosuke · · Score: 1

      The folder itself was 1.2GB in size, contained 12 releases each being 100MB. This is far from the claimed “32TB” as stated in The Register’s article, and cannot possibly cover “core source code” as it would be simply too small, not to mention it is against our rules to store such data.

      I though "too small" was Oberon's 12 kLOCs, but 1.2 GB or archives? Jevons' paradox at work right there...

      --
      Ezekiel 23:20
  21. In other news by somenickname · · Score: 1

    In other news, thousands of programmers appear to have gone blind and insane while screaming, "The Spaghetti! The Horror! It burns my eyes!"

    1. Re:In other news by fabioalcor · · Score: 1

      Oh no! This is the Spaguetti Monster of that church everyone thought was created for mockery, BUT NO, THEY WERE RIGHT ALL THIS TIME! WE'RE ALL DOOMED!!!

    2. Re: In other news by Ukab+the+Great · · Score: 1

      Is having 32 TB of Microsoft code the crime or the punishment?

  22. Irony by TheOuterLinux · · Score: 1

    Source code for Window$ leaks and people freak like it's going to be used for exploits. A little late for that, don't you think? Yet, Linux developers release their code intentionally as open source and typically, the complete opposite happens.

  23. How do you search multi terrabytes of source? by Latent+Heat · · Score: 1

    How do you find anything in thirty two or whatever number of terrabytes? Are their algorithms to search for certain patterns?

    1. Re:How do you search multi terrabytes of source? by gravewax · · Score: 1

      there isn't 32TB of source, I doubt there is even a gb. it is all just a bunch of private/alpha and prelease builds together with all the debug symbols etc.

  24. Re:Reminds me ... by CaptainDork · · Score: 1

    Disagree.

    Sure, printing porn is a termination offense, but the damage (offending sensibilities) vs ROI of your proposal is simply not there.

    --
    It little behooves the best of us to comment on the rest of us.
  25. In a surprising development to the business world by ZoomieDood · · Score: 1

    Microsoft has moved to the open source license model!

  26. Re:Reminds me ... by Sir+Holo · · Score: 1

    Then you should have redesigned the network such that the printers were not directly accessible to users, and they had to funnel data through a central print server which *does* log what was printed and by whom. Aside from the reason given (likely a severe violation of the company code of conduct), you get other benefits too like keeping (usually horrendously insecure) printers away from the user network, being able to tell who's printing copies of company data that might have leaked out, and keeping track of how much is being printed.

    Please explain how he could have implemented such a system after the fact.

    And moving forward... why? It sounds like a lot of effort and company money to waste just because the boss is a prude. . . It is a fire-able offense, but was likely one guy costing the company $10 a month in consumables. There are innumerable, more severely business-damaging offenses to be on the lookout for.

  27. Re:Reminds me ... by drinkypoo · · Score: 1

    No, it's true. Printers are often tragically insecure, especially Postscript printers but including many if not all kinds. It's daft to put them on the same network as anything else.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  28. Whew ! by harvey+the+nerd · · Score: 1

    A first glance of the headline, I was worried that they were insinuating that the 10.x builds toward toward Win 11 were in the neighborhood of 1 TB....

  29. Waste by Air-conditioned+cowh · · Score: 3, Funny

    What a horrific waste of valuable hard drive space.

  30. Use it to build a fucking non-updating distro by iamacat · · Score: 1

    Every time I try to use a Windows laptop that I keep for Steam/Oculus games, it needs to install updates, or has installed updates and lost my game progress, or asks me to adjust my privacy settings for Windows 10 whatever edition. With source, one can presumably build a non-nagging distro with working DirectX and live free of this crap?

    1. Re:Use it to build a fucking non-updating distro by dwywit · · Score: 2

      Start, run, services.msc
      Scroll to Windows Updates
      Right-click, stop
      Right-click, properties
      Select startup type, choose 'disabled', apply
      OK, close

      Happy now? Don't even need to reboot. Wow, didn't even need a command prompt to make that happen (although you could it that way if want to).

      You can visit wsusoffline once a month or so - at *your* convenience, to download and install updates. BTW, you should donate a dollar or three to the site if you find it useful (not my site, just a happy user).

      FWIW, mint and ubuntu also nag (albeit politely, and without forced reboots*).

      * you can find the reboot trigger in Window's 'Scheduled tasks' and change the parameters, including when to reboot.

      --
      They sentenced me to twenty years of boredom
  31. Leaking source code by callahan2211 · · Score: 1

    Did they give it to James Comey?

    --
    "There are no gods, no devils, no angels, no heaven or hell. There is only our natural world. Religion is but myth and
  32. Re:WARNING DO NOT SELL THESE TO PEOPLE by Z00L00K · · Score: 1

    2 years in prison is not very likely. In civilized countries you will get a deal instead.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  33. Relax... by Lussarn · · Score: 2

    Relax! Our most valuable and most secure operating system is out there for free! How am I suppose to explain that?

    I don't know... Say it was all part of the plan!

  34. Re:I know it was you Comey. Horrible. Horrible. by Z00L00K · · Score: 1

    What would be horrible would be if the Microsoft Certificate server was compromised allowing anyone to create certificates in the name of Microsoft using their private key.

    On the other hand - if that happened we wouldn't be told because it would compromise every Windows computer out there.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  35. Re:Top Secret? by Z00L00K · · Score: 1

    Not a Governmental Top Secret classification, just a company top secret classification.

    Just stating "Classified" doesn't indicate anything about the classification level. It can be classified as "Open" as well.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  36. Eagerly waiting by kelanos · · Score: 1

    For the real story to be mined out of this trove.

    I predict we will see that consumer and small business software is heavily back-doored while corporate software is less so.

  37. Winbeta themselves have refuted almost everything by Artem+S.+Tashkinov · · Score: 4, Informative

    Source

    The Register article has got BetaArchive a fair amount of attention this evening. They claim, and I quote âoe32TB of Windows 10 internal builds, core source code leak onlineâ.

    First of all let us clear up a few facts. The âoeShared Source Kitâ folder did exist on the FTP until this article came to light. We have removed it from our FTP and listings pending further review just in case we missed something in our initial release. We currently have no plans to restore it until a full review of its contents is carried out and it is deemed acceptable under our rules.

    The folder itself was 1.2GB in size, contained 12 releases each being 100MB. This is far from the claimed âoe32TBâ as stated in The Registerâ(TM)s article, and cannot possibly cover âoecore source codeâ as it would be simply too small, not to mention it is against our rules to store such data.

    At this time all we can deduct is that The Register refers to the large Windows 10 release we had on March 24th which included a lot of Windows releases provided to us, sourced from various forum members, Windows Insider members, and Microsoft Connect members. All of these we deemed safe for release to BetaArchive as they are all beta releases and defunct builds superseded by newer ones, and they were covered under our rules.

    If any of this should change we will remove these builds from the FTP and we will happily comply with any instructions to do so by Microsoft.

    With regards to the BBC article http://www.bbc.co.uk/news/tech... about two Britons that have been arrested following an alleged Microsoft hack, we donâ(TM)t believe there is any connection with this alleged âoeWindows 10 core source code leakâ.

    Update 09:58 GMT 24/06/2017 A spokesperson for Microsoft contacted The Register and said: "Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners."

  38. Re:Top Secret? by gweihir · · Score: 1

    This is just hyperbole. Basically no private company does "Top Secret". The maximum level is usually "Secret" and that is it.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  39. Really hope... by hcs_$reboot · · Score: 1

    Really hope Win 10 pure source code is way less than 1 TB, or that system is even more crappy than I thought, reusing old code as is, putting bandage on it to get something runable.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  40. Software freedom still missing by jbn-o · · Score: 1

    But the freedoms of free software are still missing. Having a snapshot of what Windows code looked like at one time doesn't grant one the freedom to improve that code, distribute (including commercially) that code (or a variant of that code), and thus control one's computer or help one's community by distributing improved code.

    --
    Digital Citizen
  41. Code can change (so can undocumented backdoors) by jbn-o · · Score: 1

    Until Microsoft changes the source code to do something else. That's the thing about source code: people alter it and make programs do different things, so we need the freedoms of free software to control our computers, help keep people honest, and treat each other ethically.

    --
    Digital Citizen
  42. Time for MS to give up and open a GitHub repo... by mi · · Score: 1

    Maybe, it is time for Microsoft to follow the NSA's recent example and just open-source their proprietary code...

    --
    In Soviet Washington the swamp drains you.
  43. Re:Time for MS to give up and open a GitHub repo.. by beuges · · Score: 1

    Here you go:
    https://github.com/Microsoft

  44. Is this a Git issue? They just switched. by filesiteguy · · Score: 1

    I know this may seem coincidental, but I recall MS just recently switched to Git for their source code. Wonder if one of their Linux servers were running unprotected.

    --
    The Kai's Semi-Updated Website Thingy
  45. Re:Probably a Compromised Linux Server by hcs_$reboot · · Score: 1

    And after digging deep into the 32 TB, what when they finally find out that the innermost GB is a Linux kernel...

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  46. Re:Reminds me ... by CaptainDork · · Score: 1

    I think you're adding a lot more to my example than is necessary for me to make my point.

    I'm simply stating that infosec doesn't nothing to address inside jobs.

    The guy who printed the porn did it from within the perimeter.

    It wasn't done by an actor from Romania.

    --
    It little behooves the best of us to comment on the rest of us.
  47. Re: Reminds me ... by Brockmire · · Score: 1

    Clever, the porn was yours!