Slashdot Log In
Windows 2000 & Windows NT 4 Source Code Leaks
Posted by
CmdrTaco
on Thu Feb 12, 2004 04:43 PM
from the making-the-rounds dept.
from the making-the-rounds dept.
PeterHammer writes "Neowin.net is reporting that Windows 2000 and Windows NT source code has been leaked to the internet. More on this as we hear it."
This discussion has been archived.
No new comments can be posted.
Windows 2000 & Windows NT 4 Source Code Leaks
|
Log In/Create an Account
| Top
| 2764 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
it's true (Score:5, Insightful)
(http://www.darkfallonline.com/)
I for one would love to peek around in this, more out of curiosity than any desire to actually do something useful with it.
So much for security through obscurity (Score:5, Interesting)
Re:So much for security through obscurity (Score:5, Interesting)
Source helps, but it isn't everything.
Does anyone else just get a tingly feeling seeing this article sitting on top of an article on Open Source being less secure because of it's openness?
It's a TRAP!!! /Adm. Ackbar (Score:4, Insightful)
(http://127.0.0.1:82/ | Last Journal: Monday September 26 2005, @01:53PM)
If you work on any Open Source project, DO NOT LOOK!
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Funny)
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Interesting)
Is there GPL code there?
Ask an auditing company to
diff NT4 2000 | grep -e yourcode
and get an answer.
I don't think they're playing SCO if they released just a part of it maybe but not the whole thing
No GPL - Lots of BSD (Score:4, Interesting)
They have copyright notices in the docs (Score:5, Informative)
Re:No GPL - Lots of BSD (Score:5, Informative)
Windows NT 3.1 was released in 1993, and replaced in 1994 by Windows NT 3.5, which was much smaller, much faster and used an MS-written TCP/IP stack (which was presumably smaller and faster than the BSD-derived Spider stack). The MS TCP/IP stack in NT 3.5 was then ported to Win9x for the release of Windows 95.
The lifetime of NT 3.1 was very brief, and during that brief lifetime, hardly anyone used it (because it was too big, too slow and there was no Win32 software), so the fact that its TCP/IP stack was BSD-derived is not really something to brag about.
Re:No GPL - Lots of BSD (Score:5, Informative)
(http://www.dufftech.net/)
open up a command window and type "strings c:\windows\system32\ftp.exe"
This will return:
Re:No GPL - Lots of BSD (Score:5, Insightful)
MS is naturally not opposed to using freely-available BSD code to achieve better interoperability with BSD/UNIX. MS Windows Services for UNIX, for example, includes a lot of modern BSD tools ported from OpenBSD. That's reasonable, of course, since it's supposed to provide a set of command-line tools familiar to UNIX systems administrators, and OpenBSD tools are known to be relatively good in terms of security.
Importantly, MS's porting of OpenBSD userland tools to Services for UNIX is also good for OpenBSD, because it helps to establish those tools as something of a standard. If hordes of MS users become used to the OpenBSD userland tools, they'll be much likelier to start using OpenBSD if they want a UNIX-like OS than to start using, say, Linux.
The common claim about the MS TCP/IP stack from open source zealots is that MS 'stole' the Windows TCP/IP stack from BSD because it couldn't write one of its own, which is of course complete nonsense. The handful of BSD tools in Windows are/were there to make it easier for UNIX users to access their systems from Windows. They're in no way critical to Windows as an operating system (in the way that, for example, a TCP/IP stack is).
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Funny)
#include
for( ; ; )
if(!stop) {
Many of these lines have been copied verbatim several thousand times. We do not want to, but are forced to sue Microsoft for unlicensed use of our intellectual property.
We will institute a licensing program called gplSource which will allow Windows users to obtain the legal rights to use our IP. This cost will be significantly discounted to early adopters.
Already at least three Fortune 500 companies have seen the validity of our claims and have paid these fees on a per-CPU basis to continue using Windows. While we cannot divulge their names, they do exist. Really!
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Funny)
(http://slashdot.org/)
We like Linux as it is. Reliable, stable, and fast. Copying Microsoft code in would jeopardize that. Never mind the IP issues. . .
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Funny)
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Interesting)
(http://www.myplugins.info/ | Last Journal: Tuesday January 13 2004, @08:30AM)
if (InbvIsBootDriverInstalled()) {
InbvAcquireDisplayOwnership();
InbvResetDisplay();
InbvSolidColorFill(0,0,639,479,4);
InbvSetTextColor(15);
InbvInstallDisplayStringFilter((INBV_DISPLAY_STRI
InbvEnableDisplayString(TRUE);
InbvSetScrollRegion(0,0,639,479);
}
It's worse than that! (Score:5, Funny)
Life is good. (Score:5, Funny)
And I have 5 Moderator points.
Today -- today, life is good.
Re:Life is good. (Score:5, Funny)
Re:Life is good. (Score:5, Funny)
Re:Life is good. (Score:5, Funny)
(http://www.loscreepers.net/)
Re:Life is good. (Score:5, Funny)
What, and ruin a perfect day?
Re:Life is good. (Score:5, Funny)
Do you have any idea how much that costs around this time of year?
Re:Life is good. (Score:5, Funny)
So your girlfriend reads
Re:Life is good. (Score:5, Funny)
Guy 1: "It's midnight, the windows source in leaked, we have 5 moderator point and our sunglasses on..."
Guy 2: "hit it"
Sorry, that image just popped into my head
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Funny)
(Last Journal: Sunday April 16 2006, @10:03PM)
If you work on any Open Source project, DO NOT LOOK!
Whoops! I looked. And now it's clear why Microsoft bought a license from SCO.
All these headers start with "Copyright, AT&T" and "Copyright, Regents of the University of California". I wonder what that's all about.
(For the more literal-minded Slashdot readers: no I haven't really seen the code. This is a cheap jab at Microsoft, implying their code is derivative of unix and linux code,)
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Insightful)
This is extremely good advice. I would go even further and say that if you would ever like to work on an open source project, don't look. The presence on a project of a person who had seen the Windows source could put the entire project at risk.
For a very practical example, consider Samba. If a person who had seen the Windows source were to contribute to Samba and it were later to come to light that the contributor had seen the Windows source, in the name of safety every piece of code that person contributed would have to be ripped out and replaced. Worse, to guarantee that there was no trace of taint, it would probably have to be replaced by people who had not only never been exposed to the Windows source, but who had also not seen the contributor's tainted code. In short, it would require the recruitment of people who had never worked on the project before, or even read the source. Finding those people would not be easy, to say nothing of the time and credibility that would be lost.
For that matter, even if you have legally seen the Windows source because Microsoft has provided it to your employer under their shared source program, the same taint would follow you. If your employer has access to Windows source and your job does not require you to see that source, do yourself a favor: don't look.
If you look at the Windows source, you at the least taint yourself WRT working on any project aimed at interoperability with Windows, and quite possibly on a much wider variety of projects than that.
In short, JUST SAY NO.
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Funny)
Wait a minute....
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Funny)
(http://qntm.org/ | Last Journal: Saturday May 06 2006, @09:26AM)
Viruses are well supported by their authors, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.
So, Windows is not a virus.
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Informative)
(http://www.n1ywb.com/ | Last Journal: Wednesday April 28 2004, @03:12PM)
I've seen the Windows CE source. Maybe I should never program again because MS could sue me! I think not.
PS No offence to homeopathics, I don't care what crazy shite you belive in.
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Informative)
1) You see some proprietary source, either legally or otherwise;
2) You later work on some open source project;
3) The copyright holder of the proprietary source in 1) looks at the open source project and decides that some sections of the code look strikingly similar to their own code. They further discover that you wrote or contributed to those sections. They call their lawyer. Now, it may well be a combination of "coincidence plus a limited number of ways to do X" that caused the similarity, but you're going to have to convince a judge and/or jury of that. The other side will have to convince them that you copied it. They've got the striking similarity plus the fact that you've seen their source. What have you got?
Now, since you've seen the Windows CE source, why don't you ask the Samba project if you can join, and tell them you've seen MS source code (whether legally or not doesn't matter; seeing it is all that matters) and see if they will take you on as a developer.
I bet they won't.
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Interesting)
(Last Journal: Tuesday December 12 2006, @07:54PM)
But, it happens all the time. ALL the time. You think the programmers at MS haven't poured through the Linux code? If what you say is correct, then Windows must be littered with Linux code just because they studied and learned something from it?
There's a line between reverse engineering and access to source code; but you're unlikely to prove something wasn't reverse engineered unless you copy and paste the code.
It may be unethical to use leaked MS code to improve your compatibility solutions, but with all the underhanded and generally nasty things corporations are doing, it's just more of the same..
And about your comment about the "IBM PC BIOS." Not even close. Proving that you copied a 256kbit bios is a lot easier then proving you used information learned from studying 50 lines of code out of 40GB...
Hey, I'm no saint in real life.. no need to be one online.
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Interesting)
The other thing is that MS would have to PROVE that you did see/use the source code. You can just say that you reverse engineered it.
Of course it is illegal to USE the source code. So if some wine guy goes and plops down a chunk of MS's source code into wine, then yes, that would be illegal. I am not sure if it would be illegal for some wine guy to look at the code and use some of that knowlege gained that is not under a patent in wine. Think about this. I can walk into a book store and read through a book. I can later write a book with that very same theme and I have not broken any copyright laws. What I cannot do is copy the book verbatim or distribute that as my own work.
I am under the impression that copyright laws do not prevent you from creating a work based on knowledge of another work. As long as you do not use the original work verbatim. I can go and create a movie called Planet Wars with a lead character named Duke SlyStalker based on a very similiar theme as Star Wars. I can write a book with a theme just like LOTR with trolls, hobbits, elves, dwarfs, etc. I can paint my own version of very famous paintings. I can make music that sounds like other popular music.
I don't see what legal case MS would have against someone who viewed their source code and made an application that used that knowledge, again, as long as their is not a patent covering what you are re-creating. The only way I can see MS having a legal case is if you signed an NDA with MS.
*Note*: I am not a lawyer and I can be completely wrong about copyright laws.
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Informative)
scripsit AstroDrabb:
IANAL either, but I've had to deal with copyright issues in academe. You cannot create a derivative work -- that is part of the copyright-holder's monopoly. You needn't use a single line of text verbatim for it to be considered a derivative work; a movie adaptation which mangles the plot and doesn't use any of a book's dialogue is still a derivative work. So would a translation into Mandarin or a children's version.
There are exceptions, I believe, for parody -- various Star Wars knockoffs (e.g., the Death Star Clerks animation) are apparently legal as parody. Otherwise, you can get into hot water with the kind of things you're talking about. You have to be able to convince a jury that your work is not derivative of the earlier copyrighted work or you are infringing.
The painting one is an interesting example, because most of the `famous' paintings one would be inclined to make works derivative of are not in copyright any more. And when it comes to music, pop all sounds alike anyway, so it would be pretty hard to argue that anything is derivative of anything else, unless it copied bars on end of melody or something.
Now, academic plagiarism and copyright infringement are not the same thing, but the rule-of-thumb I tell students about plagiarism still applies: If I read your work and I think ``Hmm, I've read this somewhere before,'' there's already a problem. There doesn't have to be verbatim copying of text. It might not be enough to convict, so to speak, but unwelcome attention has been drawn and a legal fight is a possibility.
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Insightful)
SCO's actions are based on a company with little revenue, little cash, and nothing to lose. Microsoft has everything to lose. Say what you will about Microsoft, but they didn't get to where they are today with silly moves like that.
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Informative)
(http://www.zerohex.com/)
The Reuter's article on Yahoo [yahoo.com] contains a number of inaccuracies that are clearly prejudicial, and are probably sourced within Microsoft.
It (the story) amounts to an obvious attempt to spin up a scenario that will lead ultimately to criminal prosectution of persons involved in Open Source. And the story being such an obvious attempt at spin doctoring could lead one to believe there is more going on here than one poorly written news story...
Apparently Gates & Co. have decided their civil case fronted by SCO is not quite strong enough, and are trying to establish criminal precedent in order that, whether the current SCO effort succeeds or fails, the next case will be criminal.
One could hope that the courts will develop enough tech skillz to determine that the line
showing up in both windoze and Linux code does not constitute proof of theft under some Gatesien system of jurisprudence
Examples of the (imo) prejudicial language in the story [emphasis mine]:
There is no evidence cited that the code is being "traded". It appears that it is being distributed, but I haven't seen any reports of it being exchanged for anything else. This is key, since the languaged used here implies a profit motive on the part of the alleged "traders"; necesary for the criminal prosectution because there is a need to establish that the code is worth a great deal...
This sounds like it came straight out of a Microsoft publicist. It is an emotional appeal statement, designed to imply a henious threat to the alleged victim, Microsoft (and by implication, SCO).
The statement is factually inaccurate, even as metaphore. Source code is a principle part of the products manufactured by most software companies, but expertise in the creation of source code is more properly the "lifeblood" of the company.
Of course, Microsoft is a bit challenged in the expertise dept, but that should be applied to "any software company"....
If it is indeed "illegal" for 3rd parties to post the sources, then why would the aforementioned "agreements" require threat of civil action? If it's illegal, there should be no need to lititgate. The threats would be of prosecution, not litigation.
Furthermore, the word "share" here is ridiculous. If you've ever looked at what it takes to get an NDA to look at M$ sources, there's no "sharing" to it. It's a business transaction, and it doesn't happen unless M$ gets the lions "share" of any potential benefit.
WTF? Well, admittedly I haven't written any "programs running on Windows" in quite a few years, but I no idea things had changed quite that much... [that's sarcasm in case you can't tell; the statement is just plain wrong]
Re:So much for security through obscurity (Score:5, Funny)
(http://www.masterslate.org/ | Last Journal: Monday February 16 2004, @05:50AM)
*time passes*
Due to the source code leak, Microsoft has delayed the release of the highly anticipated Windows 2000 till the fall of 2004.
*time passes*
Due to the source code leak, Microsoft has delayed the release of the highly anticipated Windows 2000 till the release of Half-life 2.
*time passes*
Duke Nukem Forever released...
Re:So much for security through obscurity (Score:5, Insightful)
Re:So much for security through obscurity (Score:4, Insightful)
Re:So much for security through obscurity (Score:5, Funny)
Re:So much for security through obscurity (Score:4, Funny)
(http://www.gnaa.us/)
Re:So much for security through obscurity (Score:5, Funny)
Re:So much for security through obscurity (Score:5, Interesting)
(http://www.tanningbeds.org/ | Last Journal: Sunday November 05 2006, @07:23AM)
Of course, MS would flip out, call it an exploit, and have the next patch uninstall it, since any patch for MS products that do not come from MS "can't be trusted". Another reason I like Linux more and more every day, not having to rely on a single company for patches.
Re:So much for security through obscurity (Score:5, Funny)
(Last Journal: Thursday April 21 2005, @12:15PM)
Not a very effective one, then. The key component - Windows Update - still fetches from the same place each time, and unless someone manages to fool that program into downloading from some other source, it's not a big problem.
The bigger issue here is the release of code that Microsoft may have licensed from third parties that they were not supposed to reveal, as well as the release of their own IP. I imagine someone's or some institution is going to be in a world of hurt if MS ever finds out who did it. Not terribly likely, but possible.
If it were me who did it, accidentally or on purpose, I'd be on a jet to some foreign country right now.
Re:So much for security through obscurity (Score:5, Informative)
(http://www.gudbier.org/~cps)
Re:So much for security through obscurity (Score:5, Insightful)
Mod Parent Up !! (Score:5, Interesting)
(http://www.grayssupport.com/)
Re:So much for security through obscurity (Score:5, Funny)
(http://slashdot.org/ | Last Journal: Thursday October 25 2001, @03:53PM)
Re:So much for security through obscurity (Score:5, Funny)