Microsoft Warning Leaked Code Traders 833
An anonymous reader writes "Broadand Reports notes that Microsoft is now sending snail mail warnings to downloaders of the leaked source code. They're also apparently working in conjunction with several un-named peer to peer vendors to send out legal warnings to any users who search for the leaked code. The notice on Microsoft's website has been updated to reflect the new warnings."
Traders or Traitors? (Score:5, Interesting)
I think the title should have read "MS Warns Leaked Code TRAITORS" considering that the code probably got leaked from one of their own.
From the MS Notice page:
Customers running Windows XP Service Pack 1 or Windows Server 2003 who have installed all of the latest updates are not impacted
In other words: "Dear companies running on W2K, please pay for upgrades ASAP. We would like more money. Thanks."
[/tin_foil_hat]
Re:Traders or Traitors? (Score:4, Informative)
Plenty of other vendors do, too. Plus plenty of third party developers who work on windows. Not every component in there was developed in house, after all. I remember a time when RealPlayer was part of the package, Real must have had some source back then.
Re:Traders or Traitors? (Score:5, Insightful)
Re:Traders or Traitors? (Score:5, Funny)
Re:Traders or Traitors? (Score:5, Funny)
"Here kitty kitty.....
get back in this bag you little F---ing Batstard"
Re:Traders or Traitors? (Score:5, Funny)
Re:Traders or Traitors? (Score:5, Funny)
Sounds like a good start for a mini-series....
Re:Traders or Traitors? (Score:5, Informative)
The leak came from a Microsoft partner, Mainsoft [mainsoft.com]. The partner's access to Microsoft source was given long before Microsoft started their "shared source" program.
BetaNews has the details [betanews.com].
OT - Re:Traders or Traitors? (Score:5, Funny)
Customers running Windows XP Service Pack 1 or Windows Server 2003 who have installed all of the latest updates are not impacted
The use of the word "impacted" here is classic corpo-Pentagon-speak.
The correct word is "affected." For a person to be "impacted" has an entirely different meaning.
You'd think Microsoft would care about the distinction, since they are so full of shit.
Re:Traders or Traitors? (Score:5, Insightful)
Remember a while back when it came out that a group of hackers had compromised MS's internal network and had access to it for over a month. At the time they admitted it they denied that the group obtained access to the source code. Of course they would deny it regardless of the truth or whether or not they knew. Basic damage control.
So say in the interest of avoiding getting too much attention directed at them, perhaps they waited until now to release what they found.
Just a thought, but it seems as reasonable as their assertions.
Re:I Dare You: +1, Patriotic (Score:5, Funny)
#include <bsod.h>
#include <gigsofdlls.h>
int main (void) {
if ( 1 ) {
BSOD();
}
return 0;
}
Re:I Dare You: +1, Patriotic (Score:5, Funny)
I can't seem to find the gigsofdlls header file...
Re:Traders or Traitors? (Score:5, Funny)
kazaa, bittorrent, emule/edonkey? (Score:5, Insightful)
the latter seem to traffic especially in things like leaked source RARs, and since most of the central servers are overseas and operated independently (and 'overnet' seems truly peer to peer with no central servers), it would be tough to crack down on them, besides having a bunch of fake clients that harvest IPs. anyone know if they do this?
(i imagine the same concept would apply for bittorrent [bitconjurer.org] downloaders -- except BT relies on central tracking servers which would be comparatively easy to shut down.)
seems like a natural, uh, application, for the freenet project
ah well. it's kinda scary that even the largest/richest software co in the world can't stop the spread of their IP, and that it takes only one person.
-fren
Re:kazaa, bittorrent, emule/edonkey? (Score:5, Interesting)
Not scary at all. I'd say it is a good thing that not even one of the most powerful forces on this planet can stop information from spreading across the web. Information wants to be free, remember?
Re:kazaa, bittorrent, emule/edonkey? (Score:5, Insightful)
I can't believe that Microsoft is actually threatening to "send out legal warnings to any users who search for the leaked code." Even SEARCHING for it? Please bite me.
According to Jigle, over 1,600 people are currently sharing the source on the edonkey network, which is quite a lot when compared to the average file (including pr0n vids).
--
law (Score:5, Insightful)
If peoples' ability to disseminate information serves as a message to corporations that their attempts to turn the US into a police state won't work, then I can live with that.
Re:law (Score:4, Informative)
Orrrrrr you could go through VALID channels and work for reform of intellectual property laws. Because as it stands now, if you trade in MS's intellectual property, it's WELL within their legal rights to come after you.
If you don't like it, do something about it. Something BESIDES breaking the law anyway because it suits you and hiding behind "civil disobedience".
Re:kazaa, bittorrent, emule/edonkey? (Score:5, Insightful)
It's rather unfortunate that people like yourself base your morals on what papa gub'ment tells you they should be.
Re:kazaa, bittorrent, emule/edonkey? (Score:5, Insightful)
Odd that, that on a community website, people don't have a problem with attacking those known to be actively hostile to the general public, yet they seem to stick up for projects which consist of lots of normal people giving their time freely for the benefit of society.
You'd have thought that we should teach people to believe whatever the lawmakers tell them to think. After all, if something is illegal, it must be immoral.
Re:kazaa, bittorrent, emule/edonkey? (Score:5, Insightful)
You can break the law if it's disobedience against Microsoft, RIAA labels, Disney or any other mean big business.
Thanks to precisely the "big business" you refer to, the idea of "do it because the law says so" has lost any meaning. Once upon a time, people respected the law, and usually obeyed it. They respected police, and thanked them for doing a hard job and protecting the community.
Now, people look at the law as a neverending set of snares that can catch even the most "upright" among us, for things that no one in their right mind considers an actual crime; at the same time, big business routinely engages in activities that even the most "ethically challenege" among us considers an abominable abuse of people and "the system", without committing the least misdemeanor. People consider police mere thugs, officially carrying out the whims of our megalomaniacal AG, and unofficially engaging in far more nefarious activity (rape, torture, extortion, "abuse of position", etc), which their "Policeman's Bill of Rights" makes exceedingly difficult to catch them at, let alone punish them for.
Possession of a joint will get you a heavier sentence than DUI, yet the government responds by requiring breathalizers in new cars.
Downloading a song worth less than $5 leads to a $150,000 fine (payable via bankruptcy or a "mere" $3k extortion rackett that even several of our corrupt state SCs have called fradulently misleading, since it doesn't prevent later suit by the actual copyright holders).
I could go on, but I don't want to start ranting, and those two seem the most relevant to recent Slashdot posts.
Basically, society no longer cares what the "law" says, because more and more people realize that the "law" says whatever the Honorable Senator from Disney wants it to say. Using it to defend your position compares well to using a pool of sewage runoff to take a bath in - You don't actually accomplish your goal, and you come out smelling like shit.
Once upon a time ... (Score:5, Funny)
Once upon a time, people respected the law, and usually obeyed it. They respected police, and thanked them for doing a hard job and protecting the community.
Specifically, that was from 12:30 to 3:45 PM, October 24th, 1955.
Just in case anyone was curious.
Re:kazaa, bittorrent, emule/edonkey? (Score:5, Insightful)
If you ask me, the fact that the legislators are considering the Orwellian and moronic concept of a car breathalyzer shows that there is no deterrent against drunk driving, but of course, why bother to enforce existing law when you can simply pass new ones?
If the U.S. Constitution were written today, it would be 12000 pages long and be understandable by only three people in the world, two of whom would be driven insane and the other would kill himself out of frustration. It's wonderful that the law of the U.S. could be spelled out simply enough to fit on the back of a cereal box. It's a travesty that U.S. law has become so complex no person could ever understand it all, leave alone be able to obey it all. We are all criminals, and when someone in the government wants to get you, they simply need to figure out what obscure, byzantine law you are ignornantly breaking and proceed to enforce it.
Re:kazaa, bittorrent, emule/edonkey? (Score:5, Insightful)
from http://www.gnu.org/philosophy/why-free.html
Re:kazaa, bittorrent, emule/edonkey? (Score:5, Insightful)
The civil rights movement was about protest, peaceably, against laws that were widely seen as unjust. So is this. If you feel a law is wrong, disobey it -- as long as no one else actually gets harmed -- and be prepared to suffer the consequences, but make sure that your experiences get widely publicized as examples of how laws are used to justify things that morally seem wrong.
Change takes time (a lot happened during the civil rights movement) and a lot of people went to jail for what they did, but in the end, the protests worked. Just because the issues aren't as, er, black and white (pun semi-intended!) doesn't mean some level of comparison isn't valid.
If no one protests when bad laws are passed, then not only will those bad laws stay on the books but even more bad laws will be passed in the future since it can be 'gotten away with' by those who want to push said laws through.
Re:kazaa, bittorrent, emule/edonkey? (Score:5, Insightful)
Yes, you're on SLASHDOT. When you're HERE, you may notice that people support Linux and the Mac (thanks to OS X) and don't really like MS. That's OUR culture.
Over on the Microsoft-Zealot boards, you'd notice that they support Microsoft's law-breaking as "smart business", while they attack the GPL as communist, a cancer, etc. Don't try to convince us to "play nice" with the people who are trying to kill us, please. Because *they're* not going to play nice, and any "sympathy for the devil" we adopt will end up with us dead.
Best threat of all (Score:5, Funny)
Can't take it back (Score:5, Funny)
Re:Can't take it back (Score:5, Funny)
Re:Can't take it back (Score:5, Funny)
can I be modded funny too?
Re:Can't take it back (Score:5, Funny)
Yeah, it's like that old pool analogy:
Putting something in the Internet is like peeing in a swimming pool. You just can't take it back.
I can see the letter now (Score:5, Funny)
MS Snail Mail (Score:5, Funny)
Re:MS Snail Mail (Score:5, Funny)
silly question (Score:5, Insightful)
is that you big bro?
Re:silly question (Score:5, Informative)
Now that the source code is leaked, MS will probably get a lot safer, with all those hackers and crackers exploiting their bugs and thus revealing them ;-)
Warnings? (Score:5, Interesting)
Re:Warnings? (Score:5, Interesting)
No matter the text of the letter, the implication in recieving a snail mail vs. an e-mail is obvious: "WE KNOW WHO YOU ARE AND WHERE YOU LIVE, MOFO!"
Re:Warnings? (Score:5, Funny)
THAT IS PERFECT. (Score:5, Funny)
Oh my God, that's great.
Anyone want to suddenly start hopping on kazaa and posting spoofed search requests for "leaked windows 2000 code" which appear to be coming from the IP addresses of the White House, the Dennis Hastert re-election campaign, various randomly selected people, entire blocks inside of Time-Warner...
It could be like a p2p reverse honeypot.
Once a few thousand people start getting threatening legal notices from MS for something they didn't do, what happens next?
Nothing like security through lawyers. (Score:5, Insightful)
Wait. (Score:5, Funny)
Re:Wait. (Score:5, Funny)
I used to have the compiled code (Score:5, Funny)
I'm skeptical (Score:5, Interesting)
Re:I'm skeptical (Score:5, Insightful)
Re:I'm skeptical (Score:5, Insightful)
This is roughly the same as picking up a set of photocopies you see sitting on the curb. Copywritten or not, you haven't done anything wrong by picking them up, as you didn't violate the author's copyright.
The person who made the copies is violating the copyright (originally two words, godamnit!) not the person who picked them up.
This is one of the issues with the RIAA going after Recipients, rather than Source.
If I buy stolen goods at a garage sale, and the cops find me, they take them away and give them back to the owners. They arrest the thief, not the poor sucker who bought the goods.
I'll at least give Redmond credit for issuing warnings rather than subpoenas. Though "Searching for phrase != downloading files I shouldn't have access to."
Re:I'm skeptical (Score:5, Informative)
1. Distribute it
2. Use parts of it as your own
It is not illegal to:
1. Possess a copy of it
2. Read the code
3. Think about what you have read
4. Talk about what you have read
now it makes sense (Score:5, Funny)
I was wondering why when I tried compiling it, it stopped halfway through and I heard Madonna's voice scream, "What the fuck do you think you're doing?"
MS warnings in the mail (Score:5, Funny)
Please do not download our source code or we will be forced to sue you. We are not kidding, we will sue you. Seriously, we'll sue...
Sincerly,
Bill Gates
Reply
Dear Bill.
Please stop poluting the internet with your crappy source. Every time I search for porn now, I get coppies of some crappy pile of shit called winedows or something. Furthermore, don't even talk to me about frivilous litigation bub. I wrote that book.
Besides, your source leak is stealing my valuable press. How am I supposed to dump my stock if I can't pump it first.
P.S. Thanks for the license fees.
Yours in infamy,
Darl.
For those sharing the source... (Score:5, Interesting)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:49:19)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:50:00)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:50:42)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:56:11)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:56:55)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:57:37)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:59:00)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:59:44)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:00:26)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:08:53)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:09:35)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:10:16)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:18:51)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:19:34)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:20:14)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:28:40)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:29:24)
Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:30:06)
You can get it from Methlabs.org. Windows only as far as I know.
That is a slick tool.. haven't heard of it before. (Score:5, Interesting)
My question -- will IPtables run "okay" with a few thousand block rules?
ms warning (Score:5, Funny)
I must have found one of these warnings - when I downloaded "Windows_source_code.zip", all it contained was a
exploit is a known issue? (Score:4, Informative)
Um, don't usually like to argue semantics, but what was discovered was a security vulnerability (bug) in the code, not an "exploit".
Devising and revealing a method to take advantage of this problem (a virus, worm, bitmap) is an "exploit", right?
The Leak Source (Score:5, Funny)
#include "windows.h"
#include "system_errors.h"
#include "stdlib.h"
#include "msdos_bugs.h"
char make_prog_look_big[1600000];
main()
{
if (detect_OS2())
freeze();
if (detect_cache())
disable_cache();
if (fast_cpu())
set_wait_states(lots);
set_mouse(speed, very_slow);
set_mouse(action, jumpy);
set_mouse(reaction, sometimes);
set_icons(UGLY);
print("Welcome to Windoze 3.11111");
if (system_ok())
crash(to_dos_prompt);
else
system_memory = open("a:\swp0001.swp", O_CREATE);
while(1) {
sleep(5);
get_user_input();
sleep(5);
act_on_user_input();
sleep(5);
if (rand() < 0.9)
crash(complete_system);
}
return(unrecoverable_system);
}
I don't get it! (Score:5, Funny)
I just don't get it. No security breach. Not related to the SSI, nor GSP. Then how did it leak???? Psychics?
Re:I don't get it! (Score:4, Funny)
Someone got kicked off their ISP... (Score:5, Funny)
No one actually checked what it contained but blindly assumed it was windows. Heh. Funny world.
Re:Someone got kicked off their ISP... (Score:5, Interesting)
Re:Someone got kicked off their ISP... (Score:5, Interesting)
It's no joke:
Subject: [linux-elitists] Microsoft goes after Linux kernel downloaders?
Date: Mon, 16 Feb 2004 20:15:28 -0600
I went trolling, and it seems I caught the biggest fish of them all.
When the story about the MS leak appeared on Slashdot this past week,
I thought I'd have a bit of fun. A post entitled "Kernel source here,"
which pointed to a torrent of Linux 2.6.2, was all it took to hook
about a thousand would-be NT and 2000 source downloaders.
"You can find the build applications and such with Google already."
I trickled the torrent out at about 1k/s for the first few hours, then
let it go full-speed once we'd crossed over 600 active
participants. Let 'em all have the punchline at once.
Imagine my surprise when my DSL stops working this morning, I call my
provider, and I learn that I've been accused of copyright
infringement. I argued that I was doing absolutely nothing wrong, and
they turned service back on. After I asked to see the accuser's email,
they forwarded the below. Sure enough, it's a bona fide valentine from
MS Legal:
J.K. Weston
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
jkweston@microsoft.com
Tel: (425) 703-5529
14 Feb 2004
URGENT/IMMEDIATE ATTENTION REQUIRED
VIA ELECTRONIC MAIL
[My ISP]
Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE
CODE AT: [one of my IPs]
Date of Infringement: Detail below.
Dear [My ISP]:
We have received information that one of your users as identified
above by the SITE/URL [My IP] may have engaged in the unlawful
distribution of Microsoft's source code for Windows 2000, and/or
Windows NT4, by distributing and offering for download these source
code files via a peer-to-peer network.
Since you own this IP address, we request that you take appropriate
action against the account holder under your Abuse Policy/Terms of
Service Agreement.
The IP they chose wasn't the tracker, it was a system participating as
a torrent peer. This makes me wonder if there are a thousand other
P2P Linux 2.6.2 downloaders enjoying MS' Feb 14 love.
Now, admittedly I was just asking for it by hinting at something that
might offend the big giant. Still, it took them three or four days to
issue this letter. In the meantime, shouldn't they have been able to
find someone capable of cracking open a
question of how a leaked CD fits into a 32m file?
__________________________________________
Q: How do they know the snail addy of web users? (Score:5, Funny)
$100 for forwarding this email... (Score:5, Funny)
Does that mean those people I laughed at in high school for circulating that thing about Bill Gates sending you $100 for forwarding this email were RIGHT?!
Damn, now I wish I'd been stupid enough to send that thing on - I could use an extra hundred bucks.
I got a letter from Microsoft today... (Score:5, Funny)
It had a EULA shrinkwrapped to it that said "Upon opening this letter I am hereby agreeing to..." so I just tossed it in the trash. I guess I'll wait till one of the letters gets leaked online, then I can just download it.
Too little too late... (Score:5, Insightful)
There are hundreds and hundreds of sources in emule, and thousands have been downloading (5k requests the last 5 days). Not to mention irc, ftps, kazaa , winmx and the other stuff.
As an educated guess i would say that at least 50-100.000 people have the source currently on their harddisc.
Whoever wants it now has it....
Stop trading MS codes (Score:5, Insightful)
Re:Stop trading MS codes (Score:5, Insightful)
Don't go to their level. Be better.
Yadda yadda yadda (Score:5, Insightful)
I don't have their code, nor do I want it. But I realize that even if every single Linux user/GPL supporter refused to look at it or download it, it would still spread like wildfire. People download stuff like this just to say that they have it. I have a friend who is somewhat of a "collector" of things like this. He has no programming background whatsoever, he just wants to say that he has it. (ironically, he is actually in school getting a law degree with a concentration in Intellectual Property)
The cat-genie is out of the bag-bottle.
Horse (Score:4, Funny)
Close
Oh wait.....
NOW they tell me :( (Score:4, Funny)
My message from Microsoft (Score:5, Informative)
Inside Microsoft... (Score:5, Funny)
Gates: "Interesting Steve... What's this idea?"
Ballmer: "Well, suppose we leaked the 2K and NT4 sources on the Internet."
Gates: "I'm not sure I follow."
Ballmer: "Think about it. We've got stagnating revenue streams from companies who are still using NT4 and 2000. We've got people continually hacking our software. Are you seeing the connection here?"
Gates: "Sure, I get you: release the source code, so hackers can analyze it to find all the holes. We get free QA, and in the meantime, we can pressure our customers to upgrade to XP, because it's not vulnerable to these source code attacks. Thus, getting more money for us, from people who wouldn't have otherwise upgraded. Brilliant!"
Ballmer: "You're catching on. And hey, I just thought of an extra bonus! We can track down people who actually download the source code and sue them. That way, we get another auxiliary revenue stream from court, make ourselves look good by appearing to 'fight hackers,' and strengthen the hostile attitudes held toward open source software by linking them to our stolen source code! Another inch closer to having a lock-hold on the Supreme Court when they finally make the big decisions about the validity of intellectual property!"
Gates: "Why, this could have a favorable impact on the outcome of the SCO case, could it not?"
Ballmer: "Sure. Those stupid Linux fanboys and their 'take over the world' nonsense. They don't understand who they're playing ball with."
What's wrong with copyright law (Score:5, Interesting)
Another inch closer to having a lock-hold on the Supreme Court when they finally make the big decisions about the validity of intellectual property!
Funny, but it's worth pointing out that the USSC is not going to be making any big decisions about the validity of intellectual property... the US Constitution explicitly provides Congress with the right to make IP laws and even provides a brief rationale for them.
What Congress should be looking at, though, is whether or not the current laws make any sense at all. What is really bizarre to me is this notion that you can keep something secret and yet still have copyright protection on it.
The original reasoning behind copyright as we know it (as opposed to the true original reasoning, which was about facilitating censorship by the British Crown) was to enable authors to retain limited control of their published works, in order to encourage them to publish. When you publish a book, the content is out there for the world to see and potentially copy; there's no way to publish a book and keep it secret at the same time, so some legal protections are necessary if we want to enable authors to control and profit from their work.
These "legal protections" are really limitations on what society is allowed to do with the work, in other words, freedoms we choose to give away, and the reason this is a good trade is because (a) it makes more material available now for people to read, learn from and build off of and (b) it ultimately puts more material in the public domain for anyone to use however they see fit when the copyright expires.
Patents are really the same idea applied to a different space: Getting the details of inventions published for everyone to read theoretically encourages more invention. With patents, there's a *requirement* that the details be published, because unlike a book, it often is possible to keep secret the details of a piece of machinery.
Even for copyrights, there is and always has been a sort of a requirement to publish -- under current law you cannot sue over copyright unless you have registered your work with the copyright office, and doing that requires you to submit a copy to them, placing it in the public record. Kind of. In the case of code, you only have to submit a few pages from the beginning and the end. The rationale behind copy registration was primarily to establish ownership, not to publish, because when all of this was set up publishing was just a given. Because that was the rationale, when code copyrights came along it was deemed too burdensome to deal with full printouts of the registered code (because they're really, really big) and, of course, the copyright office wouldn't have had any idea what to do with magnetic media.
So now we've arrived at a situation that cannot have been expected or planned by the designers of the system: You can obtain copyright protection on something that you never published and never have to publish, even when you go to court to enforce your rights. The "trade" is no longer a trade, because society no longer gets to benefit from seeing what it is giving you protection for. There's no requirement that the code *ever* be published, even after the copyright has expired (assuming current copyrights ever will expire).
In my opinion, it should only be possible to obtain protection for what you publish. If you want to keep your source secret and only publish binaries, fine. You get copyright protection for the binaries and you can use trade secret law to protect your source code -- but remember the caveat in trade secret law that once it's published it's no longer a secret, so you can only go after the person who gave it away the first time.
On the other hand, if you want the full protection of copyright law applied to your source code, then you have to publish the code, at least before going to court over it. Publish *all* of it. I don't think the US Copyright Office of 2004 will have any trouble at all understanding how to manage data delivered on a stack of DVD-ROMs.
Stomp out IP (Score:5, Insightful)
Not Just P2P (Score:4, Informative)
Makes you wonder... (Score:4, Interesting)
-Jem
It is a massive right-wing conspiracy... (Score:4, Funny)
Trust no one!
Makes you think... (Score:5, Insightful)
Now heres the thought-provoking question of the day:
If the leak was not caused by a network security breach, a physical security breach, a troubled-employee, or it's code sharing initiatives; how the hell was the code leaked? They said it wasnt network security, and it wasnt internal security (which takes away a physical security breach or a troubled employee), and it wasnt't its code sharing initiatives... Makes you wonder... how the hell did the code get out?
Answer this and get a cookie.
Interesting evaluation of the source code (Score:4, Interesting)
From Kuro5hin... [kuro5hin.org]
Microsoft is Big Brother (Score:5, Insightful)
Here's one way MS could find P2P users (Score:5, Insightful)
Copy down the IP address of anyone who starts a multi-source download
Kill the download
Whois lookup
Letter to the ISP.
Of course if they're distributing it in that manner so that the hash codes match, does that qualify as them legally giving it away?
So has it made it onto Usenet yet?
Re:Don't mess with MS (Score:4, Funny)
if this is true, then why haven't I gotten my $245 [snopes.com] from Bill yet? I forwarded that email to a zillion friends, waited two weeks, and still no check.
Re:Don't mess with MS (Score:5, Funny)
Re:Don't mess with MS (Score:5, Insightful)
I have the power to track people through P2P, too. I've found people in my apartment complex on the networks. I've even met a few friends that way. Too bad that doesn't mean that I'm a multi-billion dollar company.
Please note, it is absurdly easy to track people on the networks. It is not indicative MS power, or their legal muscle.
As for seeing & having it, one major point is that you CAN. What was once taboo is now freely available (sorta), and people are reveling in like. To draw a completely inaccurate parallel, it's like the sexual revolution of the 70s/80s in the US.
Otherwise, I agree with your post.
Re:Don't mess with MS (Score:5, Interesting)
Ultimately, like the parent said, it's the taboo that makes it interesting. If Microsoft had just posted the code on its website, I might not even be interested, but all the effort they're exerting has attracted my attention.
Bad Reasoning (Score:4, Insightful)
Switching off of Windows sounds great to me, as I really dislike using it, but your reasoning sounds a bit flawed. If it's because the software's buggy and prone to exploitation, great. But if it's just because some code got leaked.. and OSS software generally has all the code available all the time.. then your reasoning sounds a little flawed.
Any software will have flaws. It's inevitable. Knee jerk reactions too those flaws generally aren't a good idea though.
Re:Bad Reasoning (Score:4, Interesting)
Past security comparisons between Linux and Window (Score:5, Insightful)
But these security exposures have all been in an environment where Linux source was generally available for inspection, and Windows source wasn't. A corollary of this is that most of the Linux exposures have been proactively reported, prior to being exploited. With Windows that's not so clear.
In the future, there's not reason to expect Linux security exposures to change significantly, except through becoming a bigger target because of increased usage. But the fundamentals of bugs, bug reporting, bug fixing, and security haven't changed.
The future story for Windows is different now, because some source has become available. *Maybe* some people will begin proactive security work on the source, and *maybe* Microsoft will roll that work into fixes. But for certain, others wearing differnt color hats will be examining that code for security exposures, too.
Re:Bad Reasoning (Score:5, Insightful)
Of course there are flaws in OSS too, but there's a much greater chance the good guys will find them first.
Re:Don't mess with MS (Score:5, Funny)
That, and the whole stolen-intelllectual-property thing.
That said, while they are certainly within their rights, it seems to me like the cat's outta the bag. They won't be able to stop the real malicious types, the virus writers and pirates, so they may as well save their time. For that matter, they'd released enough source to governments and researchers that it was bound to happen sooner or later.
Re:Don't mess with MS (Score:4, Funny)
"shit" 577 times
"BUGBUG" 7462 times
having your source code stolen and released on the net for others to read...
priceless.
But seriously, if i had the source (which i don't) and a whole bunch of free time, I'd go through it line by line and find all the errors and post up a patches page and send it over to Microsoft so that they could fix it. Too bad they don't have the balls to just say it's out in the open and ask the community to read it over and fix it for them
Re:Don't mess with MS (Score:5, Insightful)
Isn't it interesting that after a few days of access to the source code, exploits are appearing for obvious bugs; yet MS have had the source code available to themselves for years but still managed to neither find nor fix these same obvious problems.
Note also that in the past, lack of access to the source hasn't prevented the *ahem* occasional exploit being developed anyway.
Re:Don't mess with MS (Score:4, Funny)
To learn how to cheat at Solitaire?
Re:Don't mess with MS (Score:5, Insightful)
Just maybe there is a difference between an open development process, like OpenBSD, where incremental changes are examined before becoming part of the production code and dumping on the web hundreds of meg of source of a finished product which has an installed base of millions. Open source OS's get security from having many people looking at code submissions and the opportunity to find and fix dangerous bugs before they are exploited. Making a bunch of Windows source code available on the net does neither of these things.
Re:Don't mess with MS (Score:5, Interesting)
Here is the real crux of the problem. You are pointing at the wrong thing.
It is not whether the source is open and available that makes it insecure or more secure.
It is whether the soruce was developed as open source. It matters that all those eyeballs were watching while the source was being written. Taking a buggy closed source program and suddenly opening the source simply means that all of the bugs will be discovered, and exploited. Developing a program as open source means that those security problems often don't live long enough to reach a release. Even when they do, they are patched rapidly.
In fact, it simply may say more about the users or "administrators" than the availability of source. Remember the Bind 8 vulnerability? Remember how many servers run Bind 8? Remember how fast everything was upgraded all over the planet? Remember <Microsoft virus of the week>? Remember how many servers were vulnerable to that? Remember how slowly those vulnerable servers were upgraded? Even when the fix was available before the exploit? Now which of these two widely used software program vulnerabilities caused a huge upheavel affecting society as a whole?
Re:Freenet (Score:5, Insightful)
And Slashdotters STILL don't understand why so many people and companies perceive that most traffic on P2P networks involves either porn, infringed music/movies/software.
Suggestions like in the parent post do no favors for establishing legitimacy for P2P netowrks.
I used to work for Mac OS X (Score:4, Funny)
I used to work for MacOSX, but they fired me. Now I work for Playstation.
Re:Leaked on Purpose? (Score:4, Funny)
CFO: Yeah, we put $100,000 in 10-year T-bonds yesterday...
Re:You people are missing an important point. (Score:4, Informative)
That's trademarks, not copyrights.
Re:You people are missing an important point. (Score:4, Informative)
Copyright cannot lapse per se, the right is unconditionally granted and there is no concept of abandonment (which you can do with patents and trademarks): however, if a copyright owner didn't take any action against infringements - when it knew that they were happening - it could be a good arguement that the owner has "allowed" an implicit license to come into effect. This is just a common legal principle of estoppel: if you passively consent to something, it becomes difficult to later turn around and retract.
Re:Copyright and GPL (Score:4, Funny)