Slashdot Log In
Windows 2000 & Windows NT 4 Source Code Leaks
Posted by
CmdrTaco
on Thu Feb 12, 2004 04:43 PM
from the making-the-rounds dept.
from the making-the-rounds dept.
PeterHammer writes "Neowin.net is reporting that Windows 2000 and Windows NT source code has been leaked to the internet. More on this as we hear it."
This discussion has been archived.
No new comments can be posted.
Windows 2000 & Windows NT 4 Source Code Leaks
|
Log In/Create an Account
| Top
| 2764 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
it's true (Score:5, Insightful)
(http://www.darkfallonline.com/)
I for one would love to peek around in this, more out of curiosity than any desire to actually do something useful with it.
So much for security through obscurity (Score:5, Interesting)
Re:So much for security through obscurity (Score:5, Interesting)
Source helps, but it isn't everything.
Does anyone else just get a tingly feeling seeing this article sitting on top of an article on Open Source being less secure because of it's openness?
It's a TRAP!!! /Adm. Ackbar (Score:4, Insightful)
(http://127.0.0.1:82/ | Last Journal: Monday September 26 2005, @01:53PM)
If you work on any Open Source project, DO NOT LOOK!
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Funny)
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Interesting)
Is there GPL code there?
Ask an auditing company to
diff NT4 2000 | grep -e yourcode
and get an answer.
I don't think they're playing SCO if they released just a part of it maybe but not the whole thing
No GPL - Lots of BSD (Score:4, Interesting)
They have copyright notices in the docs (Score:5, Informative)
Re:No GPL - Lots of BSD (Score:5, Informative)
Windows NT 3.1 was released in 1993, and replaced in 1994 by Windows NT 3.5, which was much smaller, much faster and used an MS-written TCP/IP stack (which was presumably smaller and faster than the BSD-derived Spider stack). The MS TCP/IP stack in NT 3.5 was then ported to Win9x for the release of Windows 95.
The lifetime of NT 3.1 was very brief, and during that brief lifetime, hardly anyone used it (because it was too big, too slow and there was no Win32 software), so the fact that its TCP/IP stack was BSD-derived is not really something to brag about.
Re:No GPL - Lots of BSD (Score:5, Informative)
(http://www.dufftech.net/)
open up a command window and type "strings c:\windows\system32\ftp.exe"
This will return:
Re:No GPL - Lots of BSD (Score:5, Insightful)
MS is naturally not opposed to using freely-available BSD code to achieve better interoperability with BSD/UNIX. MS Windows Services for UNIX, for example, includes a lot of modern BSD tools ported from OpenBSD. That's reasonable, of course, since it's supposed to provide a set of command-line tools familiar to UNIX systems administrators, and OpenBSD tools are known to be relatively good in terms of security.
Importantly, MS's porting of OpenBSD userland tools to Services for UNIX is also good for OpenBSD, because it helps to establish those tools as something of a standard. If hordes of MS users become used to the OpenBSD userland tools, they'll be much likelier to start using OpenBSD if they want a UNIX-like OS than to start using, say, Linux.
The common claim about the MS TCP/IP stack from open source zealots is that MS 'stole' the Windows TCP/IP stack from BSD because it couldn't write one of its own, which is of course complete nonsense. The handful of BSD tools in Windows are/were there to make it easier for UNIX users to access their systems from Windows. They're in no way critical to Windows as an operating system (in the way that, for example, a TCP/IP stack is).
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Funny)
#include
for( ; ; )
if(!stop) {
Many of these lines have been copied verbatim several thousand times. We do not want to, but are forced to sue Microsoft for unlicensed use of our intellectual property.
We will institute a licensing program called gplSource which will allow Windows users to obtain the legal rights to use our IP. This cost will be significantly discounted to early adopters.
Already at least three Fortune 500 companies have seen the validity of our claims and have paid these fees on a per-CPU basis to continue using Windows. While we cannot divulge their names, they do exist. Really!
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Funny)
(http://slashdot.org/)
We like Linux as it is. Reliable, stable, and fast. Copying Microsoft code in would jeopardize that. Never mind the IP issues. . .
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Funny)
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Interesting)
(http://www.myplugins.info/ | Last Journal: Tuesday January 13 2004, @08:30AM)
if (InbvIsBootDriverInstalled()) {
InbvAcquireDisplayOwnership();
InbvResetDisplay();
InbvSolidColorFill(0,0,639,479,4);
InbvSetTextColor(15);
InbvInstallDisplayStringFilter((INBV_DISPLAY_STRI
InbvEnableDisplayString(TRUE);
InbvSetScrollRegion(0,0,639,479);
}
It's worse than that! (Score:5, Funny)
Life is good. (Score:5, Funny)
And I have 5 Moderator points.
Today -- today, life is good.
Re:Life is good. (Score:5, Funny)
Re:Life is good. (Score:5, Funny)
Re:Life is good. (Score:5, Funny)
(http://www.loscreepers.net/)
Re:Life is good. (Score:5, Funny)
What, and ruin a perfect day?
Re:Life is good. (Score:5, Funny)
Do you have any idea how much that costs around this time of year?
Re:Life is good. (Score:5, Funny)
So your girlfriend reads
Re:Life is good. (Score:5, Funny)
Guy 1: "It's midnight, the windows source in leaked, we have 5 moderator point and our sunglasses on..."
Guy 2: "hit it"
Sorry, that image just popped into my head
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Funny)
(Last Journal: Sunday April 16 2006, @10:03PM)
If you work on any Open Source project, DO NOT LOOK!
Whoops! I looked. And now it's clear why Microsoft bought a license from SCO.
All these headers start with "Copyright, AT&T" and "Copyright, Regents of the University of California". I wonder what that's all about.
(For the more literal-minded Slashdot readers: no I haven't really seen the code. This is a cheap jab at Microsoft, implying their code is derivative of unix and linux code,)
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Insightful)
This is extremely good advice. I would go even further and say that if you would ever like to work on an open source project, don't look. The presence on a project of a person who had seen the Windows source could put the entire project at risk.
For a very practical example, consider Samba. If a person who had seen the Windows source were to contribute to Samba and it were later to come to light that the contributor had seen the Windows source, in the name of safety every piece of code that person contributed would have to be ripped out and replaced. Worse, to guarantee that there was no trace of taint, it would probably have to be replaced by people who had not only never been exposed to the Windows source, but who had also not seen the contributor's tainted code. In short, it would require the recruitment of people who had never worked on the project before, or even read the source. Finding those people would not be easy, to say nothing of the time and credibility that would be lost.
For that matter, even if you have legally seen the Windows source because Microsoft has provided it to your employer under their shared source program, the same taint would follow you. If your employer has access to Windows source and your job does not require you to see that source, do yourself a favor: don't look.
If you look at the Windows source, you at the least taint yourself WRT working on any project aimed at interoperability with Windows, and quite possibly on a much wider variety of projects than that.
In short, JUST SAY NO.
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Funny)
Wait a minute....
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Funny)
(http://qntm.org/ | Last Journal: Saturday May 06 2006, @09:26AM)
Viruses are well supported by their authors, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.
So, Windows is not a virus.
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Informative)
(http://www.n1ywb.com/ | Last Journal: Wednesday April 28 2004, @03:12PM)
I've seen the Windows CE source. Maybe I should never program again because MS could sue me! I think not.
PS No offence to homeopathics, I don't care what crazy shite you belive in.
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Informative)
1) You see some proprietary source, either legally or otherwise;
2) You later work on some open source project;
3) The copyright holder of the proprietary source in 1) looks at the open source project and decides that some sections of the code look strikingly similar to their own code. They further discover that you wrote or contributed to those sections. They call their lawyer. Now, it may well be a combination of "coincidence plus a limited number of ways to do X" that caused the similarity, but you're going to have to convince a judge and/or jury of that. The other side will have to convince them that you copied it. They've got the striking similarity plus the fact that you've seen their source. What have you got?
Now, since you've seen the Windows CE source, why don't you ask the Samba project if you can join, and tell them you've seen MS source code (whether legally or not doesn't matter; seeing it is all that matters) and see if they will take you on as a developer.
I bet they won't.
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Interesting)
(Last Journal: Tuesday December 12 2006, @07:54PM)
But, it happens all the time. ALL the time. You think the programmers at MS haven't poured through the Linux code? If what you say is correct, then Windows must be littered with Linux code just because they studied and learned something from it?
There's a line between reverse engineering and access to source code; but you're unlikely to prove something wasn't reverse engineered unless you copy and paste the code.
It may be unethical to use leaked MS code to improve your compatibility solutions, but with all the underhanded and generally nasty things corporations are doing, it's just more of the same..
And about your comment about the "IBM PC BIOS." Not even close. Proving that you copied a 256kbit bios is a lot easier then proving you used information learned from studying 50 lines of code out of 40GB...
Hey, I'm no saint in real life.. no need to be one online.
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Interesting)
The other thing is that MS would have to PROVE that you did see/use the source code. You can just say that you reverse engineered it.
Of course it is illegal to USE the source code. So if some wine guy goes and plops down a chunk of MS's source code into wine, then yes, that would be illegal. I am not sure if it would be illegal for some wine guy to look at the code and use some of that knowlege gained that is not under a patent in wine. Think about this. I can walk into a book store and read through a book. I can later write a book with that very same theme and I have not broken any copyright laws. What I cannot do is copy the book verbatim or distribute that as my own work.
I am under the impression that copyright laws do not prevent you from creating a work based on knowledge of another work. As long as you do not use the original work verbatim. I can go and create a movie called Planet Wars with a lead character named Duke SlyStalker based on a very similiar theme as Star Wars. I can write a book with a theme just like LOTR with trolls, hobbits, elves, dwarfs, etc. I can paint my own version of very famous paintings. I can make music that sounds like other popular music.
I don't see what legal case MS would have against someone who viewed their source code and made an application that used that knowledge, again, as long as their is not a patent covering what you are re-creating. The only way I can see MS having a legal case is if you signed an NDA with MS.
*Note*: I am not a lawyer and I can be completely wrong about copyright laws.
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Informative)
scripsit AstroDrabb:
IANAL either, but I've had to deal with copyright issues in academe. You cannot create a derivative work -- that is part of the copyright-holder's monopoly. You needn't use a single line of text verbatim for it to be considered a derivative work; a movie adaptation which mangles the plot and doesn't use any of a book's dialogue is still a derivative work. So would a translation into Mandarin or a children's version.
There are exceptions, I believe, for parody -- various Star Wars knockoffs (e.g., the Death Star Clerks animation) are apparently legal as parody. Otherwise, you can get into hot water with the kind of things you're talking about. You have to be able to convince a jury that your work is not derivative of the earlier copyrighted work or you are infringing.
The painting one is an interesting example, because most of the `famous' paintings one would be inclined to make works derivative of are not in copyright any more. And when it comes to music, pop all sounds alike anyway, so it would be pretty hard to argue that anything is derivative of anything else, unless it copied bars on end of melody or something.
Now, academic plagiarism and copyright infringement are not the same thing, but the rule-of-thumb I tell students about plagiarism still applies: If I read your work and I think ``Hmm, I've read this somewhere before,'' there's already a problem. There doesn't have to be verbatim copying of text. It might not be enough to convict, so to speak, but unwelcome attention has been drawn and a legal fight is a possibility.
Re:It's a TRAP!!! /Adm. Ackbar (Score:4, Insightful)
SCO's actions are based on a company with little revenue, little cash, and nothing to lose. Microsoft has everything to lose. Say what you will about Microsoft, but they didn't get to where they are today with silly moves like that.
Re:It's a TRAP!!! /Adm. Ackbar (Score:5, Informative)
(http://www.zerohex.com/)
The Reuter's article on Yahoo [yahoo.com] contains a number of inaccuracies that are clearly prejudicial, and are probably sourced within Microsoft.
It (the story) amounts to an obvious attempt to spin up a scenario that will lead ultimately to criminal prosectution of persons involved in Open Source. And the story being such an obvious attempt at spin doctoring could lead one to believe there is more going on here than one poorly written news story...
Apparently Gates & Co. have decided their civil case fronted by SCO is not quite strong enough, and are trying to establish criminal precedent in order that, whether the current SCO effort succeeds or fails, the next case will be criminal.
One could hope that the courts will develop enough tech skillz to determine that the line
showing up in both windoze and Linux code does not constitute proof of theft under some Gatesien system of jurisprudence
Examples of the (imo) prejudicial language in the story [emphasis mine]:
There is no evidence cited that the code is being "traded". It appears that it is being distributed, but I haven't seen any reports of it being exchanged for anything else. This is key, since the languaged used here implies a profit motive on the part of the alleged "traders"; necesary for the criminal prosectution because there is a need to establish that the code is worth a great deal...
This sounds like it came straight out of a Microsoft publicist. It is an emotional appeal statement, designed to imply a henious threat to the alleged victim, Microsoft (and by implication, SCO).
The statement is factually inaccurate, even as metaphore. Source code is a principle part of the products manufactured by most software companies, but expertise in the creation of source code is more properly the "lifeblood" of the company.
Of course, Microsoft is a bit challenged in the expertise dept, but that should be applied to "any software company"....
If it is indeed "illegal" for 3rd parties to post the sources, then why would the aforementioned "agreements" require threat of civil action? If it's illegal, there should be no need to lititgate. The threats would be of prosecution, not litigation.
Furthermore, the word "share" here is ridiculous. If you've ever looked at what it takes to get an NDA to look at M$ sources, there's no "sharing" to it. It's a business transaction, and it doesn't happen unless M$ gets the lions "share" of any potential benefit.
WTF? Well, admittedly I haven't written any "programs running on Windows" in quite a few years, but I no idea things had changed quite that much... [that's sarcasm in case you can't tell; the statement is just plain wrong]
Re:So much for security through obscurity (Score:5, Funny)
(http://www.masterslate.org/ | Last Journal: Monday February 16 2004, @05:50AM)
*time passes*
Due to the source code leak, Microsoft has delayed the release of the highly anticipated Windows 2000 till the fall of 2004.
*time passes*
Due to the source code leak, Microsoft has delayed the release of the highly anticipated Windows 2000 till the release of Half-life 2.
*time passes*
Duke Nukem Forever released...
Re:So much for security through obscurity (Score:5, Insightful)
Re:So much for security through obscurity (Score:4, Insightful)
Re:So much for security through obscurity (Score:5, Funny)
Re:So much for security through obscurity (Score:4, Funny)
(http://www.gnaa.us/)
Re:So much for security through obscurity (Score:5, Funny)
Re:So much for security through obscurity (Score:5, Interesting)
(http://www.tanningbeds.org/ | Last Journal: Sunday November 05 2006, @07:23AM)
Of course, MS would flip out, call it an exploit, and have the next patch uninstall it, since any patch for MS products that do not come from MS "can't be trusted". Another reason I like Linux more and more every day, not having to rely on a single company for patches.
Re:So much for security through obscurity (Score:5, Funny)
(Last Journal: Thursday April 21 2005, @12:15PM)
Not a very effective one, then. The key component - Windows Update - still fetches from the same place each time, and unless someone manages to fool that program into downloading from some other source, it's not a big problem.
The bigger issue here is the release of code that Microsoft may have licensed from third parties that they were not supposed to reveal, as well as the release of their own IP. I imagine someone's or some institution is going to be in a world of hurt if MS ever finds out who did it. Not terribly likely, but possible.
If it were me who did it, accidentally or on purpose, I'd be on a jet to some foreign country right now.
Re:So much for security through obscurity (Score:5, Informative)
(http://www.gudbier.org/~cps)
Re:So much for security through obscurity (Score:5, Insightful)
Mod Parent Up !! (Score:5, Interesting)
(http://www.grayssupport.com/)
Re:So much for security through obscurity (Score:5, Funny)
(http://slashdot.org/ | Last Journal: Thursday October 25 2001, @03:53PM)
Re:So much for security through obscurity (Score:5, Funny)
Re:So much for security through obscurity (Score:4, Insightful)
IBM's legal team make Microsoft's look like first year law students. IBM's lawyers held the DoJ at bay for DECADES. Not even Microsoft are prepared to mess with IBM. The moment IBM called SCO's bluff SCO knew they were dead.
And if Microsoft could buy them with a month's revenue imagine what IBM could do. They are a little bit bigger than Microsoft you know...
I just think it's funny that IBM were everybody's worst enemy in the 70's and 80's, and now they are usually the ones doing the right thing by the industry.
Re:So much for security through obscurity (Score:5, Interesting)
So, all we need is an over-ambitious green-thumb attorney straight out of lawschool to discover this and bring it out in the open and force the hands of Microsoft and Sun to sue SCO out of existence over it so neither company "appears" guilty in the eyes of the SEC and class action lawsuit specialists. It could be the IT adaptation of the book/movie "The Firm."
If code is criminal, only criminals will have code (Score:5, Funny)
Now that was a very satisfying cliche re-use. I hope it was an original cliche re-use.
BTW the server seems ve-wy slow to-day. I think we were just Farked.
Re:So much for security through obscurity (Score:5, Interesting)
(Last Journal: Friday June 04 2004, @09:36PM)
Re:So much for security through obscurity (Score:5, Insightful)
It is wise to keep a low profile from a company that offers bounties to hunt people down.
Nobody wants to be sat on (Score:5, Insightful)
(http://www.icarusindie.com/)
It has nothing to do with morals. It's self preservation.
Most companies don't have the resources to kick the crap out of warez distributors. MS isn't one of those companies.
Ben
Windows is their baby (Score:5, Insightful)
(http://www.icarusindie.com/)
They can grin a bear it when some games are pirated. Why do you think they (try to) crush companies that make mod chips for the XBox? Some things are more important.
And this is the source code to Windows. This is NOT just another product.
Anyone who dares to host it will be sat on until they are dead. Hell hath no fury.
Claiming this is just another product shows your definit lack of ability to comprehend the scope of this leak and the importance of it to MS's bottom line.
The legal costs required to shut down warez sites over a game generally are more than the amount of the losses. The legal costs required to crush the fools who dare to host the Windows source comes nowhere near the potential losses due to the leak.
Ben
Re:So much for security through obscurity (Score:5, Informative)
SHORT THE STOCK? (Score:4, Insightful)
(Last Journal: Tuesday May 18 2004, @12:18PM)
It looks as though at the end of the trading day, MSFT did lose some value. [yahoo.com] If not short it, then maybe sell it, if only to pick up some deals later...
Re:SHORT THE STOCK? (Score:5, Informative)
Microsoft source code leak? Pfft, that's nothin... (Score:5, Funny)
The real question is, of course - (Score:4, Insightful)
Re:The real question is, of course - (Score:5, Insightful)
The short of it is: no "free" security updates a la linux, just more visible bugs to exploit.
Re:The real question is, of course - (Score:5, Funny)
(http://www.littlelui.de/ | Last Journal: Sunday June 22 2003, @05:38AM)
1. look at the linux source
2. find a mistake
3. send a patch to the maintainer.
4. PROFIT!!
B)
1. look at the windows source
2. find a mistake
3. ???
4. write a worm
5. get caught
6. JAIL=tEH_SuXX0rZZ!!!1!! lolomgrofl
Re:The real question is, of course - (Score:5, Insightful)
Because the Linux source code can be legally downloaded by the "good" guys, who go and fix the holes. OTOH, only the "bad" guys download the Windows source code (it's illegal to do so, you know), and they go and create exploits based on the holes.
Re:The real question is, of course - (Score:5, Insightful)
They can't do that, since the source code is open. That Edgar Allan Poe "Purloined Letter" story set the precedent. Nowadays, any self-repsecting investigator will check first the obvious, before checking the obscure stuff.
Re:The real question is, of course - (Score:5, Interesting)
first time in the sun for MS source (Score:5, Insightful)
Linux and other open source OS have had people looking at them for a long time. The people looking at the source of Linux are less likely to be a monoculture than the people at MS who are hired to look over software. In addition (uninformed speculation) more of the Linux people may have been black hats once - the less ordered (as in cubicle order rather than procedure order) system may be more amenable to some who fit a less monolithic background. Linux is thus likely to have been looked at by people who might once have looked to hack it and by people with a wider variety of skill sets. MS knows a lot about software, but their diversity in software knowledge and opinion is likely smaller than that of either their user set or of that of white hat hackers.
The other factor is that having the MS source without a licence is illegal - thus the people who are most likely to take advantage of the availability of the source are people without much respect for the license in the first place - black hats. Linux source can be viewed legally, and so is just as likely to be looked over by white hats as black hats (probably more likely, because of the population ratio of BH and WH).
In one of the Clancy books (I think "Debt of Honor"), he talked about secrecy being good for hiding information that someone doesn't want you to know - but that when it broke, the news would be much worse for that someone, and harder to control. That seems applicable here - only the news is directed almost exclusively to those who would do them harm.
Re:The real question is, of course - (Score:5, Insightful)
(Last Journal: Friday June 11 2004, @11:45AM)
Re:The real question is, of course - (Score:4, Insightful)
Re:The real question is, of course - (Score:5, Insightful)
(http://www.roma-victor.com/)
Because Microsoft's OS was, and is, designed and developed based on a principle of closed source. Generally speaking, with closed source development potential black hats can't see how you do things without significant reverse engineering. This gives the OS programmers a 'safe' framework to work within. So when that source later becomes available to the general public, it leaves the OS programmers facing a huge legacy of problems that should, in theory, never have become problems.
Linux was open source from the outset. Therefore it is designed and developed relying absolutely on the principle that it's secure because everyone has equal access to see how things are done.
Furthermore, if and when there are security holes then at least with OSS you can never be held to ransom by the people owning the source. i.e. "Windows 98 has this huge security hole and it's no longer supported - go buy Win2k."
Re:SHORT THE STOCK? (Score:5, Informative)
btshowmetainfo.py windows_2000_source_code.zip.torrent
btshowmetai
metainfo file.: windows_2000_source_code.zip.torrent
info hash.....: f03fc1e04869294d5644d3c8c5d0fb8f2d26aa59
file name.....: windows_2000_source_code.zip
file size.....: 213748207 (815 * 262144 + 100847)
announce url..: http://alge.nlc.no:6969/announce
maybe its that thing, atm 23 seeders, 239 downloading and it was created on 2/12/2004 11:16:13 PM, so looks good so far
knock yourself out
Re:SHORT THE STOCK? (Score:5, Interesting)
most ppl are downloading it to have something to brag about. others are just peeking at it for the fun of it, like me. just a few grep's showed some interesting things...
the file actually is the zip to the spreading files.txt
whats a little bit weird is a linux coredump at private/security/msv_sspi/core
it appears someone named eyala from mainsoft [mainsoft.com] used vim (VIM - Vi IMproved 5.6 (2000 Jan 16, compiled Mar 7 2000 12:18:07)) on a redhat x86 box under xfree86/kde on a w2k sp1 sourcefile, well until the box ran out of memory...
Here is a Torrent link ... 200MB download (Score:5, Informative)
(http://www.myspace.com/j1tt3ryb1t)
I haven't finished downloading this, but it's 200MB in size, has 944 peers!
The tracker is the same one you have listed:
http://alge.nlc.no:6969/announce
The hash is also the same.
Tracker (dead.) (Score:5, Informative)
Anyway, at least 1000 people got it down, so it shouldn't be too hard for some of them to make a new torrent. But I'm definetly not going to host it anymore.
--
alge of flauna
http://alge.nlc.no/
Re:SHORT THE STOCK? (Score:5, Funny)
Why do I predict that? Simple: The Stock Market's reality is the exact opposite of Slashdot's reality
Proof? One word: SCO
Semi-slashdotted? Here's the text... (Score:5, Informative)
This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.
We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.
Please do not post any links/screenshots/hints or anything to do with the source code outbreak. Discussion is allowed but we will not condone people spreading this source code.
(The rest is just the comments, you know, crap like you get on /.)
Re:Semi-slashdotted? Here's the text... (Score:5, Funny)
"There seems to have been a slight problem with the database. Please try again by pressing the refresh button in your browser."
Refresh, you say? Oh-kay...
That quote is from four years ago (Score:5, Informative)
Here's an official current MS quote + more news (Score:5, Informative)
"The rumor regarding the availability of Windows source code is based on the speculation of an individual who saw a small section of un-identified code and thought it looked like Windows code. Microsoft is looking into this as a matter of due diligence," a company spokesman said. "If a small section of Windows source code were to be available, it would be a matter of intellectual property rights rather than security." - from Eweek [eweek.com].
Also see ZDNet [com.com], InternetNews [internetnews.com] and Google News [google.ie]
Re:So much for security through obscurity (Score:5, Interesting)
(http://f1-facts.com/)
Blaster was the biggest worm - ever. And it worked only on NT, not on 9x...
That Windows 2000 (or NT or XP) is "more secure" than Windows 98 has been repeated so often that most people started to believe it, even though the security track record shows the reversed situation.
Re:So much for security through obscurity (Score:5, Insightful)
(Last Journal: Tuesday November 19 2002, @01:47AM)
Coincidently, this is also one of the key reasons that there are more worms/virii released that target Windows than Mac or Linux - why target Mac or Linux when you can target Windows, with many, many times more users?
Re:So much for security through obscurity (Score:5, Funny)
(Last Journal: Friday December 05 2003, @04:54PM)
Is that true? Can you prove it?
For years after Windows 95 came out, there were more Windows 3.1 systems than there were Windows 95 systems. Why is this?
It's probably for the same reason that there are more dead people than live people.
Re:So much for security through obscurity (Score:5, Interesting)
(http://www.mit.edu/~yandros/)
Perhaps your personal experience in server rooms has misled you about the HUGE number of Win9x installations on user desktops?
Re:So much for security through obscurity (Score:5, Funny)
(http://www.littlelui.de/ | Last Journal: Sunday June 22 2003, @05:38AM)
what my first thought was:
Because every idiot skr1pt k1dd13 and their lam0r grandmother can code winDOZE viriii, but only 1337 H4XX0rZ can ownzor teh LiNuX and MaC BoXxEn!!!1!!
how it should be phrased:
Successfully designing, implementing and deploying a worm/virus targetting the aforementioned "alternative" platforms Linux and/or Apple would - although being a much more complex undertaking and promising less quantifiable success (for example, infected hosts) than targetting the Microsoft Windows platform - could strengthen the Programmer's social status amongst his peers.
how it should be phrased on slashdot:
Frist psot!
Re:So much for security through obscurity (Score:5, Funny)
I have noticed some viruses for linux. One was just a script and it recommended that the indivdual chmod a+x and then run it. The other one you had to type gcc -o virus virus.c and then run the resulting binary in order to get it to work. And then there was that one where it wanted to load a module but it couldn't because modules weren't supported on that kernel, although it did try for
Then there was that one that installed an irc backdoor:
JOIN #ddos# vrfx
MODE lamer +i
MODE #ddos# +nts
23:14 < lamer HTTP server listining on poort: 999 root dir: c:\ Address http://X.X.X.X:999/
Oh, wait. that last one was a Windows thing. But those other ones. Look out. They'll do some nasty things. I mean, it takes a bit of work to get them running. But once you do. Look out. They're dangerous!
Re:So much for security through obscurity (Score:5, Insightful)
The reason there are more worms on win2k/XP than the 9x series is because the 9x series doesn't DO anything. Win98 doesn't have "UPNP" or "Remote registry", or "windows messaging" or any other fancy services to speak of. Usually its all that crap (which is on by default!) that becomes the portal for worms. 2k/XP are a more powerful OS than 9x, which makes them inherently more dangerous. And now that more and more people are moving that way, of *course* chaos was going to break out, just as countless people predicted 4 years ago.
it wasnt leaked!!! (Score:5, Funny)
It was done intentionally!!! (Score:4, Insightful)
Re:it's true (Score:5, Funny)
Re:it's true (Score:5, Insightful)
(http://rixstep.com/)
Linux has had the advantage of being checked, line for line, from the beginning. NT was an estimate 16 million lines of code; 2K three times that much. That's a lot of code.
I think what people will see, most for the first time, is exactly how bad the coding is in Redmond. This will cause some laughter, and some shock. I think they'll find that parts of the NT kernel were strangely well-written, coming as they did from David Cutler's 'tribe' and the DEC Prism project on which NT was based. On the other hand, I think they will find that other parts, such as the GDI, were horribly written.
And it's all good, IMHO: eEye and Guninski and others have been able to give us a bit of a picture of how bad things are there, but we'll finally be able to see with our own eyes.
It won't be a pleasurable experience.
Re:it's true (Score:5, Interesting)
Seems a bit of a stretch to thing 'soft would have given all of these organizations the complete source tree. If they did, then I am far more amazed the source wasn't leaked a long time ago. It's a bit hard to believe 'soft licensed the entire build tree to anyone.
Makes a pretty good headline, though.
Re:it's true (Score:5, Funny)
(Last Journal: Thursday November 11 2004, @05:39AM)
:: prediction :: (Score:5, Interesting)
(Last Journal: Tuesday May 18 2004, @12:18PM)
Re::: prediction :: (Score:5, Interesting)
(http://mistersanity.blogspot.com/ | Last Journal: Tuesday May 29 2007, @04:42PM)
I was going to say the first thing anyone competent in C/C++ who gets their
hands on the code ought to do (providing they don't need to take a hands-off
approach due to, say, the need to be able to legally write competing OS code)
would be to post English descriptions anonymously to usenet, describing the
way NTFS works, especially the parts that are not currently well-understood.
No source code snippets, just stuff like "it appears that such-and-such
information about each file is stored and updated whenever it changes in three
places: at offset blah in the file header info, and
about NTFS, so any fs jargon that leaked into that sentence may not be accurate.
But you get the idea of the kind of thing I mean.)
Then somebody else could take that information and implement a compatible
filesystem in a clean-room fashion.
IANAL, but from what I've read on slashdot, there's apparently at least a
vague possibility the resulting code might be legal. Though, one should
consult legal counsel before spending significant time on such a project.
Re::: prediction :: (Score:5, Funny)
IANAL, but from what I've read on slashdot...
This is good stuff
MS giving source code to countries (Score:5, Interesting)
(http://oberwiki.net/ | Last Journal: Wednesday May 05 2004, @02:06AM)
Re:MS giving source code to countries (Score:5, Insightful)
Re:MS giving source code to countries (Score:5, Insightful)
(http://www.adrianbaugh.org.uk/ | Last Journal: Wednesday December 17 2003, @07:58PM)
Re:it's true (Score:5, Insightful)
(http://moonbase.rydia.net/)
I hope you weren't planning on ever contributing to any Open Source projects after doing that. If it's later demonstrated that you had access to the W2K source and contributed vaguely similar code (even by accident) to a project, it could have severe repercussions for that project.
I doubt Microsoft would leak it deliberately, but this does open the door to a whole SCO-esque can of worms from now on.
Re:it's true (Score:5, Insightful)
(http://www.darkfallonline.com/)
As much as I'd love to peek around in this, I won't risk it.
Re:it's true (Score:5, Insightful)
Re:it's true (Score:5, Funny)
(http://www.notacult.com/ | Last Journal: Thursday March 07 2002, @11:05AM)
However, if someone should glance upon the evil known as win2k source, I hear that are some mystical perl monks who can cleanse your soul.
Re:it's true (Score:5, Insightful)
(Last Journal: Friday November 30, @04:45PM)
And here lies one of the most basic problems of copyright. Nobody can see the other's code...to build on and possibly improve. Everybody has to learn what is already known by themselves. That slows down the whole developement process to a virtual standstill. I think this whole copyright mess has probably set us back anywhere between 50 and 200 years. This applies to all human work, not just computers.
Re:it's true (Score:5, Insightful)
(Last Journal: Friday February 21 2003, @08:57PM)
I agree that a lot of reinvention has to go on, but I think you exaggerate the effects of not being able to reuse code. To begin with, people tend to forget the steep learning curve required if you choose to reuse code as opposed to rolling your own.
Case in point: Microsoft started nearly from scratch (licensed a simpler browser, IIRC) with IE, at around the same time Netscape decided it was unable to maintain its aging source code. IE overtook Netscape 4 in terms of quality (despite illegal bundling) over a few years. We cannot know if Netscape could've survived if they kept maintaining their 4.x browser, but it's pretty clear that Microsoft wasn't moving slowly at all.
Apple then did the same years later, starting with KHTML (generally considered inferior to Gecko), and within a pretty short time has a really polished Safari browser. It's not as maximally compatible as some of the more established browsers, but it's probably 90% of the way there within a year or two of development.
In fact, the projects that truly move at a glacial pace tend to be the free software projects. Sourceforge is full of these projects, gasping for attention, despite disclosing full source code. In the commercial world, when you throw money at a problem, code gets written from scratch pretty quickly.
MOD PARENT UP (Score:5, Interesting)
That said, I'd love to get hold of the dll code that does the equivalent of a window manager in X. How cool would it be to swap out a dll on the Windows box at work and have a completely custom windowing environment?
Re:MOD PARENT UP (Score:5, Insightful)
(http://www.j-san.net/)
Re:MOD PARENT UP (Score:4, Insightful)
Nope? - didn't think so.
The only way I can think of doing it is using hardcore hook stuff. Having the code would be *much* easier.
Re:MOD PARENT UP (Score:5, Informative)
Steven V.
Re:it's true (Score:5, Insightful)
Re:it's true (Score:5, Insightful)
You're assuming the law will be applied fairly and evenly.
Re:it's true (Score:5, Interesting)
In Microsoft's closed source world it would have been tough to know if someone had included code that was similar to something they had seen in the Linux ( or any other opensource) codetree. It will be interesting, if this windows code release (escape?) proves true, if any suspicious code is found.
Re:it's true (Score:5, Interesting)
(http://tjw.org/)
114 07-26-00 02:17 win2k/private/inet/urlmon/compress/gnumakefile
0 11-18-01 14:24 win2k/private/inet/urlmon/compress/gzip/
3627 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/api.c
1978 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/api_int.h
639 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/common.h
871 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/comninit.
3927 07-26-00 02:17 win2k/private/inet/urlmon/compress/gzip/crc32.h
Last time I checked gzip was licensed under the GPL. Although, it could be a totally re-written version of gzip or something else named gzip I guess.
Re:it's true (Score:5, Informative)
(http://pharr.org/matt/)
http://www.gzip.org/zlib/zlib_license.html [gzip.org]
version 1.2.1, November 17th, 2003
Copyright (C) 1995-2003 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
Jean-loup Gailly jloup@gzip.org
Mark Adler madler@alumni.caltech.edu
*/
Oh, no! I Looked! (Score:5, Funny)
(http://www.dragonswest.com/ | Last Journal: Monday November 05, @07:35PM)
100 GOSUB 7000 ; * Load stuff
110 GOSUB 900 ; * Show windows logo
120 GOSUB 20000 ; * Prompt for operator login
130 GOSUB 32000 ; * Fill half of memory with DLL's
140 GOSUB 16000 ; * Time waster loop
Re:Oh, no! I Looked! (Score:4, Funny)
(http://www.ox.compsoc.net/~glyn)
200 GOSUB 38000 ; * Profit
SCO Code in Win2000 (Score:5, Funny)
Re:SCO Code in Win2000 (Score:5, Interesting)
Of course, this lawsuit is based on the AT&T Unix which "Classic SCO" got from Novell, not from Xenix, but... well, there's a lot of mixed up stuff here.
Re:SCO Code in Win2000 (Score:5, Informative)
(http://rixstep.com/)
This is totally untrue. What happened was that Microsoft bought a compiler from Lattice which they retrofitted for Unix, and a source code licence from AT&T, but Microsoft did NOT, I repeat did NOT, work on that source code themselves.
That source code was given to Santa Cruz, who 'developed' Xenix from that.
And I am sorry, but the very thought that the dim-witted Microsofties would have 'written' their own Unix? Sorry, but that is just too laughable.
That is a MYTH (Score:5, Insightful)
(http://jm-smith.com/)
IANAL but I do read Groklaw, and from what I understand copyright restricts the act of copying (duplicating). You can study someone's implimentation of something as much as you like, then go impliment something similiar yourself. As long as you do not copy the code verbatim you are not in violation of copyright law.
Otherwise, no student would be able to code having once looked at examples in a text book
The problem is, of course, proving one implimented the code oneself and did not in fact crib the whole thing from someone elses code, and the greater the similiarity (for code of sufficient complexity
In any event, it is a myth that, simply by looking at, or even studying, one set of code one is somehow "tainted" and unable to contribute to another, competing project, be it free or proprietary. To violate copyright law one must copy, not just receive inspiration from.
Re:That is a MYTH (Score:5, Interesting)
(http://www.mypalmike.com/)
Yes, but then, wouldn't reading the publically available patents be a problem?
The answer to this is, of course, yes. I used to work at a major game developer which strictly forbid us to read any patents. This policy wasn't just something you might read in the fine print of the employee manual: there was a mandatory-attendance presentation on the subject. The argument was that if a single employee read a particular patent, the whole company is legally tainted by that knowledge. Even though it's not supposed to matter, knowledgeable infringement apparently makes for a stronger case in the courts than coincidental infringement. So, if I read patent X, and another employee working on the other side of the planet unknowingly infringes on X, a case can be made that they actually knew it., because the company knew it as a whole. How could they prove I read it? There could be a server log that shows my PC was at that url at uspto.gov. Crazy stuff.
-_-_-
The dirty room and the clean room (Score:5, Informative)
(http://myatomic.com/ | Last Journal: Sunday November 19 2006, @12:31AM)
As long as you do not copy the code verbatim you are not in violation of copyright law.
Copying of nonliteral elements is actionable infringement. That's why many reverse engineering firms have two separate teams: one to describe a piece of copyrighted code and another to implement it.
In any event, it is a myth that, simply by looking at, or even studying, one set of code one is somehow "tainted" and unable to contribute to another, competing project, be it free or proprietary. To violate copyright law one must copy, not just receive inspiration from.
Try telling that to the estate of George Harrison, who lost in Bright Tunes v. Harrisongs. It's possible to copy without knowing you're copying, and it's still infringement.
Re:That is a MYTH (Score:5, Insightful)
> I hope you weren't planning on ever contributing
> to any Open Source projects after doing that. If
> it's later demonstrated that you had access to
> the W2K source and contributed vaguely similar
> code (even by accident) to a project, it could
> have severe repercussions for that project.
IANAL but I do read Groklaw, and from what I understand copyright restricts the act of copying (duplicating). You can study someone's implimentation of something as much as you like, then go impliment something similiar yourself. As long as you do not copy the code verbatim you are not in violation of copyright law.
What you're saying about copyright is correct; but that probably isn't what MS would come after you (and your open source project) for. It'd be patent and trade secret violations.
That said, I don't know whether the unauthorized release of code would invalidate subsequent trade secret claims. On one hand, it seems crazy to lose trade secret protections because of an illegal or unauthorized act; OTOH, it seems crazy to call something a secret that, well, isn't. Maybe someone who is a lawyer can discuss.
patents and trade secrets. (Score:5, Insightful)
eric
How it can go wrong (Score:5, Interesting)
(http://www.dragonswest.com/ | Last Journal: Monday November 05, @07:35PM)
Re:That is a MYTH (Score:4, Informative)
Correcting myself . . .
> from what I understand copyright restricts the act
> of copying (duplicating). You can study someone's
> implimentation of something as much as you like,
> then go impliment something similiar yourself.
> As long as you do not copy the code verbatim
> you are not in violation of copyright law.
What you're saying about copyright is correct;
[ snip ]
No, it isn't, and I don't know why I said it was. Too much crack today or something. The law on derivative works would make this not true, at least according to my understanding of Brad Templeton's 10 Big Myths about copyright [templetons.com].
Re:That is a MYTH (Score:5, Informative)
(http://www.intelligentblogger.com/ | Last Journal: Monday August 27, @11:47AM)
(IANAL and this is not legal advice. Go talk to PJ. At least she's a paralegal.)
Re:That is a MYTH (Score:5, Funny)
(Last Journal: Tuesday February 12 2002, @01:07PM)
It was only a matter of time before people started saying this....
-Derek
Re:That is a MYTH (Score:5, Informative)
Also, because the act of copying is incredibly hard to prove unless you are dealing with a complete moron, it is not necessary under the law today for a copyright plaintiff to actually prove the act of "copying." Generally speaking, it is sufficient for them to prove "access" to the copyrighted work and "substantial similarity" between the two works. There is tons of case law on this stuff.
Re:define "derivative", please (Score:5, Informative)
17 USC 101 [cornell.edu] defines a derivative work as:
That really cleared things up, didn't it?
But seriously, my point was that what the parent was stating as an absolute is actually untrue. You can be guilty of copyright infringement even if you dont "copy."
Re:IAAL??? (Score:5, Funny)
My god, this is simply not possible - man, this is
Well, I believe the latter must be the case. Be more careful on your next post, OK?
Re:IAAL??? (Score:5, Funny)
Re:it's true (Score:5, Funny)
If it's later demonstrated that you had access to the W2K source and contributed vaguely similar code (even by accident) to a project, it could have severe repercussions for that project.
I seriously doubt that having looked at that crappy code, anyone would want to duplicate it in even a vague way. At best it would provide an example of what not to do
Re:it's true (Score:5, Interesting)
There are probably paranoid governments who have teams who do this just this kind of work just to make sure those fabled NSA back doors in either are or aren't windows.
That leads to a fascinating question (Score:5, Interesting)
(http://www.ocean7motel.com/ | Last Journal: Monday May 07 2007, @07:50AM)
When you find them.... (Score:5, Funny)
Re:it's true (Score:5, Funny)
Morbid curiosity perhaps. Considering the amount of backward compatibility in there, and the generations of tools and code frameworks used over the past decade and longer, I would expect the Windows code to be a BLOODY MESS. In fact it would probably be amusing to just grep for comments--"what does the next line do?!" or "what the h3ll were we thinking?!"
Re:it's true (Score:5, Funny)
(http://calum.org/)
15
fw calum $ grep -ir " fuck"
40
fw calum $ grep -ir " crap"
98
Should I have been doing this on the company firewall? Probably not.
Re:it's true (Score:5, Funny)
[from drivers/usb/spca50x.c, a usb camera driver]
* Function compares two strings.
* Return offset in pussy where prick ends if "prick" may penetrate
* int "pussy" like prick into pussy, -1 otherwise.
*/
static inline int match(const char* prick, const char* pussy, int len2)
{
int len1 = strlen(prick);
int i;
const char* tmp;
for (i = 0; i len2)
return -1;
if (!strncmp(prick, tmp, len1))
return i + len1;
return -1;
}
To get around stupid slashdot filter:
# mportant Stuff: Please try to keep posts on topic.
# Try to reply to other people's comments instead of starting new threads.
# Read other people's messages before posting your own to avoid simply duplicating what has already been said.
# Use a clear subject that describes what your message is about.
# Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
# mportant Stuff: Please try to keep posts on topic.
# Try to reply to other people's comments instead of starting new threads.
# Read other people's messages before posting your own to avoid simply duplicating what has already been said.
# Use a clear subject that describes what your message is about.
# Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Interesting Neowin comment (Score:5, Interesting)
Just my opinion / thoughts.
1) The software that builds and compiles Windows is very complex I doubt anyone could turn the source into a working system easily. Maybee it would be possible to compile certain parts. Plus even if you could it would take hours if not days to go through the process.
2) I don't see how this will let anyone find any obvious flaws, microsoft have software that does this all the time. I'm not saying its not a security risk but its not as simple as the journalists make out - as always.
3) This exact same scare happened about 7 years ago, I remember they were selling the source to NT4 at a local market on CD, doubt it was the real source code."
Re:it's true (Score:5, Interesting)
private/shell/applets/welcome/html/webapp.cpp:
private/shell/shell32/copy.c:// want to fuck with.
private/shell/shell32/util.cpp:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
private/shell/shell32/util.cpp:// around the fucking peice of shit compiler we pass the last param as an void *instead of a LPITEMIDLIST
private/shell/shell32/util.h:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work
private/shell/shell32/util.h:// around the fucking peice of shit compiler we pass the last param as an LPVOID instead of a LPITEMIDLIST
private/windbg64/debugger/tl/remote
private/windows/media/avi/verinfo.16/verinfo.
private/windows/shell/co
Re:it's true (Score:5, Funny)
grep -ir " shit" windows_2000_source_code/*
private/inet/wininet/urlcache/conman.cxx:// BUGBUG - DON'T DO THIS SHIT.
private/shell/ext/netplwiz/mnddlg.cpp:
private/shell/win16/commctrl/ctl3d.c:
private/windows/media/avi/avicap/capdib.c:
private/windows/media/avi/avicap.16/capdib
private/windows/media/avi/avicap.io/capdib
private/windows/media/avi/msrle/rle.c:
Re:it's true (Score:5, Interesting)
(http://www.grayssupport.com/)
The code varies greatly in style and how it's put together. The MSMQ code where I spent most of my time when I worked at MS support is just friggin brilliant and a real joy to debug. I can't say that about everything (IE
Re:it's true (Score:4, Funny)
(http://slashdot.org/ | Last Journal: Sunday September 09, @05:43PM)
Speaking of torrents, anybody got one?
Re:it's true (Score:5, Funny)
Rakshasa
this could be really bad (Score:5, Insightful)
(http://g27.org/)
Re:this could be really bad (Score:5, Insightful)
(http://www.wirewd.com/wh/)
The interesting part is the difference between Win2k and Linux. In both cases now, the black hats have access to the source code. However, there are more white hats who have access to the Linux codebase, which will make for some interesting long-term implications.
This also has the potential to solve the NSAKEY contriversy once and for all and provide some interesting insights into how Windows works. I'm wondering if, through the use of countries with more flexible copyright systems, it would be possible to document interesting attributes and then pass them back to WINE and other open-source folk.
Re:this could be really bad (Score:5, Insightful)
Re:it's true (Score:5, Interesting)
The links circulated very fast and the servers started slowing and slowing down and then they died. The first ones did manage to get all the stuff. I envied them because I managed to get only couple megabytes.
It seemed real. Very real. Someone had broken into their development servers, stuffed the stuff to the web servers and escaped with it all.
There was some small mention about it on the Slashdot too but I couldn't find it right now. It seems the Microsoft was able to really sweep that one under the carpet. I wonder how.
There are people around with self compiled Windows XP copies, trust me. I envy them. I would gladly remove some features and tweak couple edges I am not now allowed to. Even though it would be a HUGE task.
So the now leaked source codes to NT/2k are mostly just boring and obsolete.
Re:it's true (Score:5, Funny)
People were milling about in the room, I finally took the dive and made a couple of prank calls for pizza. Some other guys managed to get the US up to def con 4. I envied them because I managed to get only arrested.
It seemed real. Very real. Someone had broken into the potting shed, stuffed a key to the nuke room under a bush and escaped with it.
There was some small mention about it on the Drudge too but I couldn't find it right now. It seems the government was able to really sweep that one under the carpet. I wonder how.
There are people around with the phone number still, trust me. I envy them. I would gladly make the call to nuke France. Even though it would be a HUGE task.
So the now Brittany Spear's leaked cell number is mostly just boring and obsolete.
Re:it's true (Score:5, Funny)
(Last Journal: Thursday November 11 2004, @05:39AM)
Re:it's true (Score:5, Interesting)
(http://slashdot.org/ | Last Journal: Wednesday March 10 2004, @11:39PM)
The base stuff is probably 4 GB.
Re:it's true (Score:4, Insightful)
(http://www.vafrous.com/)
How does one take a quick peek to see such a file is circulating?
Open Source (Score:5, Funny)
New Licensing Model (Score:5, Funny)
What, no GPFL? (Score:5, Funny)
(Last Journal: Tuesday October 22 2002, @12:56AM)
Re:Open Source (Score:5, Funny)
Re:Open Source (Score:5, Funny)
Re:Open Source (Score:5, Insightful)
Server problems ALREADY... (Score:5, Informative)
(Last Journal: Wednesday August 25 2004, @08:43PM)
Later isn't going to work, since the server was down even before it hit the Slashdot front page. I empathize with their server.
I did, however, managed to grab the news blurb (but not the, at that point, 214 comments) from the intermittent front page:
Torrent, anyone?
Re:Server problems ALREADY... (Score:4, Informative)
(Last Journal: Wednesday August 25 2004, @08:43PM)
It's allegedly from the file "windows_2000_source_code.zip."
(Who knows if it's real, as it's too early to tell, probably)
Files with interesting names... (Score:4, Interesting)
(http://siliconjesus.info/ | Last Journal: Wednesday February 07 2007, @02:04PM)
0 11-18-01 14:23 win2k/private/genx/windows/inc/mobileq-apache.eml
0 11-18-01 14:23 win2k/private/genx/letter to children - 2.eml (*)
0 11-18-01 14:23 win2k/private/inet/mshtml/btools/bin/words of wisdom from dennis.eml
0 11-18-01 14:23 win2k/private/inet/mshtml/build/ppcmac/ship/unix.
0 11-18-01 14:23 win2k/private/inet/mshtml/build/ppcmac/documentat
506 07-26-00 02:12 win2k/private/inet/mshtml/gnumakefile
64276 07-26-00 02:13 win2k/private/inet/mshtml/tools/mips/utils/sed.ex
Plenty of gnumakefile entries throughout...
Also - directories for ppc / ppcmac / alpha / mips
Could this be OFFICE 2000 instead of Windows 2000?
* - WTF?
Re:backups (Score:5, Funny)
(http://slashdot.org/)
This is probably old hat now, but....
Real men don't do backups, they just pack their files into windows_2000_source_code.zip and post them to their website.... with torrent links...
Re:Server problems ALREADY... (Score:4, Funny)
MOD PARENT DOWN, IT'S NOT FUNNY...
my eyes must be getting old (Score:5, Funny)
(Last Journal: Friday September 10 2004, @12:41PM)
Re:Server problems ALREADY... (Score:4, Interesting)
(http://google.com/)
I hope some bright I.T. reporter will write a story about how "Linux source code leaks" are not a security issue, but part of the development process, making Linux safer than Windows. I mean, if the Windows source is so full of bad code and bad design that releasing it represents a threat to national security (Jim Allchin's words), while Linux has always had its source code freely published -- it standsto reason that Open Source software is of higher quality.
Re:Server problems ALREADY... (Score:5, Insightful)
How big are these files? I would expect the size of these tarballs to be comparable to Linux Kernel + GNOME + Mozilla + misc userland/bundled equivilents. If they are unexpectedly small (like less than a gig for W2K), then they are probably a hoax.
Re:Server problems ALREADY... (Score:5, Funny)
(http://www.birnamdesigns.com/ | Last Journal: Sunday October 05 2003, @05:23PM)
Argh! Trying to get rid of images of naked NeoWin people thinking about ramifications....
What now? (Score:5, Funny)
(http://www.unsanity.org/)
"We fix bugs in 24 to 40 hours, much faster than OSS."
Re:What now? (Score:5, Interesting)
Re:What now? (Score:5, Insightful)
Now? Improve emulators! (Score:4, Interesting)
(http://www.plone.org/ | Last Journal: Monday January 05 2004, @04:45PM)
Besides, there are several obfuscating methods designed to hide the logic of the original code. They can be used to actually copy the code to the emulator (if the copied piece will work there). After that it would be hard to prove anything even in the open source.
Disclaimer: IANAL, but anyway, personally I would not feel guilty having W2K source code and using it to improve WINE. Because I think that the algorithms is a part of the math, which existed always even before humans came here. A programmer just discovers the piece of math and express it using one or another language. The gravity doesn't belong to Newton, the math formula that describes the gravity neither. Only the fact of discovery of gravity math description belongs to Newton, just for references. Only the fact that programmer wrote the code belongs to the programmer (or the employer), not the code itself. Just to refer in the report to the boss why one was so busy all the day. Getting the source code from Microsoft is not stealing - it's learning. There is nothing wrong in learning.
Re:Now? Improve emulators! (Score:5, Insightful)
(http://www.covenantspice.com/)
And CDs should not be copyrighted because they did not invent the photon used to read it.
If you take this to its logical extreme, any file is simply an extremely large digital number (millions of bits). How do you copyright a number? So it is then not possible to copyright ANY digital work.
Hmmm... (Score:4, Funny)
(http://www.uberm00.net/ | Last Journal: Monday January 19 2004, @09:27PM)
Seriously, this should be pretty interesting. I wonder how many bugs are ACTUALLY in the NT kernels...
Re:I'll believe it when I see it. (Score:5, Informative)
They focus primarily on windows tech, and have a knack for breaking stories about Windows- leaked builds of future versions, beta builds of service packs, etc. Whoever runs the site is well connected in Microsoft.
Re:I'll believe it when I see it. (Score:5, Informative)
(http://carlstrom.com/)
Microsoft gave a talk at usenix: Windows A Software Engineering Odyssey [usenix.org]
This slide [usenix.org] indicates the full source is 50gb and took a week to setup and 2 hours a day to update.
That implies to me that people could have the whole source but it would huge.
Slide 24 talks about their new perforce [perforce.com] based system that only takes 3 hours to setup and 5 minutes to update.
Re:I'll believe it when I see it. (Score:4, Funny)
No wonder, with half a meg of memory [usenix.org]
Re:I'll believe it when I see it. (Score:5, Informative)
(Last Journal: Thursday January 15 2004, @06:55PM)
The odds of getting the full source: experience. (Score:5, Interesting)
This is incorrect.
Its funny how people build up ideas in their heads about what its like in a large corporation, somehow like a hollywood movie with lots of people with dark shades and guns ala "The Net".
No, inside Microsoft is a lot more like "Office Space" and anybody with motivation could get the entire source with little trouble.
Re:There is no evidence listed (Score:5, Funny)
A member of the Slashdot cult has admitted he has stolen the source code to Microsoft's Windows XP operating system. PickyH3D is the handle the low-karma hacker used when bragging of his accomplishment to the world. He has also issued a challenge to Microsoft's legal team with the statement that "there is no evidence". More on this as we hear it.
What's the big deal? (Score:5, Funny)
Re:Torrent? (Score:5, Funny)
(Last Journal: Wednesday February 16 2005, @02:50AM)
emerge win2000
Re:Torrent? (Score:5, Funny)
ACCEPT_KEYWORDS="~x86" emerge win2000
Re:Torrent? (Score:5, Funny)
TAR!? BZ2?! What the hell? That's not ZIP!!!!
For those that need more proof (Score:5, Interesting)
(http://www.asmallorange.com/)
See win2k/private/ntos/ for kernel stuff (Score:4, Informative)
(http://dreamlayers.blogspot.com/)
Re:See win2k/private/ntos/ for kernel stuff (Score:5, Informative)
I lived for years with full source access at a MS partner company.
Example of what's missing is the file systems (only the file system recognizers seem to be there, not the file system), the entire device driver tree, storage drivers, etc. Most of the core kernel functionality is there though, if pre-service pack levels.
Re:For those that need more proof (Score:5, Interesting)
(http://eksploder.mine.nu/blog)
win2k/private/inet/urlmon/iapp/gnumakefile
win
win2k/priv
(and so on - many, many instances)
on the other hand, a few funny files:
win2k/private/inet/xml/xml/tokenizer/dll/
win2k/private/inet/xml/xml/dso/letter to children - 2.eml
and VERY interesting:
win2k/private/ntos/w32/ntuser/kerne
Re:For those that need more proof (Score:5, Interesting)
(http://www.iki.fi/plaa/)
win2k/bsc/.glimpse_filenames_index
etc.
Huh? What's with the "."? Are they using Unix?
win2k/private/inet/mshtml/src/site/download/png
win2k/private/inet/mshtml/src/site/download/zl
win2k/private/inet/mshtml/src/site/download/j
win2k/private/inet/urlmon/compress/gzip/
(AFAIK nothing illegal in using these, but interesting to know. Maybe the gnumakefiles are for these and similar?)
win2k/private/ntos/rtl/boot/i386/cv - vered mazafi.eml
win2k/private/shell/wontfix.txt
win2
win2k/private/shell
win2k/private/shell/cpls/appw
Interesting...
win2k/private/shell/ext/viruschk/
win2k/privat
Wha?
At least that list looks pretty damn convincing... If that list is a hoax its a pretty damn well made one.
Re:GNU make users? (Score:5, Interesting)
(http://vcf.sf.net/)
There have been articles on the web describing alot of their NT build process. They do use command line builds. They originally wrote a custom version control system, but now use something else (not Visual Source Safe, I think perforce, or perhaps they created anotehr system). I believe, if memory serves, that they had a custom make tool, but they may now use nmake, which is the make tool that's distributed with their commerical dev tools.
I recall the article did mention the use of perl for parts of the custom build scripts.
As a long time windows programmer, frankly, this stuff looks made up. Clever, amusing, but ultimately it seems like a hoax. If this is all the proof we have, then I'm afraid it's a bit pathetic!
Also there appear to be duplicate headers, repeated in various directories that I'm almost positive would end up screwing the compile process in a real build. Also, another thing is that, if their distributed files with VC6/7 are indicative of their internal naming, they stick to a strict 8.3 naming scheme, and make note of this in their documentation (don't remember *where* it was that I read it, but it was MS docs, and I remember being surprised by it). Another thing, again assuming that the files distributed with VC6/7 are a good model, their files tend to be all UPPERCASE! For example, here's a listing from their includes in for VC6:
-rwx------+ 1 Administ None 21912 Apr 24 1998 ACCCTRL.H
-rwx------+ 1 Administ None 27863 Apr 24 1998 ACLAPI.H
-rwx------+ 1 Administ None 3735 Apr 24 1998 ACLCLS.H
-rwx------+ 1 Administ None 747 Apr 24 1998 ACLSID.H
-rwx------+ 1 Administ None 269 Apr 24 1998 ACSMGTC.H
-rwx------+ 1 Administ None 267 Apr 24 1998 ACSSVCC.H
-rwx------+ 1 Administ None 833 Apr 24 1998 ACTIVECF.H
-rwx------+ 1 Administ None 1111 Apr 24 1998 ACTIVEDS.H
-rwx------+ 1 Administ None 39805 Apr 24 1998 ACTIVEX.MAK
-rwx------+ 1 Administ None 3794 Apr 24 1998 ACTIVEX.RCV
-rwx------+ 1 Administ None 2053 Apr 24 1998 ACTIVEX.VER
-rwx------+ 1 Administ None 68013 Apr 24 1998 ACTIVSCP.H
-rwx------+ 1 Administ None 17845 Apr 24 1998 ACTIVSCP.IDL
-rwx------+ 1 Administ None 3402 Apr 24 1998 ADDRLKUP.H
-rwx------+ 1 Administ None 18946 Apr 24 1998 ADMEX.H
-rwx------+ 1 Administ None 10051 Apr 24 1998 ADMINEXT.H
-rwx------+ 1 Administ None 2827 May 31 1998 ADOID.H
-rwx------+ 1 Administ None 343678 Jun 19 1998 ADOINT.H
-rwx------+ 1 Administ None 135222 Jun 2 1998 ADOMD.H
-rwx------+ 1 Administ None 14127 May 31 1998 ADOMD.IDL
-rwx------+ 1 Administ None 5083 Apr 24 1998 ADPTIF.H
-rwx------+ 1 Administ None 1133 Apr 24 1998 ADS.ODL
Re:For those that need more proof (Score:5, Funny)
AT LAST! The secret to beating Solitaire... This could perhaps be the most significant event of our times!