
The Impact on Open Source of Stolen Microsoft Code 388
Cabal writes: "I recently came across this article on Linux Journal. It discusses some of the more interesting legal ramifications of the theft of Microsoft's source code that I hadn't even thought of and it's effect on open-source projects. Basically, it's saying don't go near any code claiming to be stolen from MS, and with good reason, including quotations from the Samba project. Check it out, it's a good read."
Re:Microsoft failed to take proper care (Score:2)
Computer crime investigations can be expensive. Let's say we are spending $XXX on trying to find whoever broke into Microsoft's system. Who are they likely going to find? A couple of high school students with no special skills: they apparently used a well-known exploit.
That money could have gone to catching some violent criminal, or helping people with drug rehabilitation, or any of a number of purposes that would improve the lives of thousands of people.
On the list of social priorities, the crime that has been committed against Microsoft is very low: it has virtually no consequences to anyone (other than Microsoft's PR and marketing), and the people who perpetrated it are unlikely to be a threat to anyone.
You can't realistically defend yourself with a gun against someone who is reasonably skilled with a gun; if you try, you assume a huge risk. Defending yourself against an E-mail virus, however, exposes you to no risk at all and has almost no cost.
And that's the reason why I would like to see our police going out on the streets tracking down gun toting criminals. OTOH, tracking down some "script kiddies" won't make my life or anybody else's life any safer. It won't even restore anything to Microsoft. All it does is waste a lot of money that could have been spent better.
Whether Microsoft can claim IP once in court is an entirely separate issue from whether the police or legal system should make any significant effort in tracking down the people who broke in.
However, while it is popular in some circles to try to invent new forms of IP protection, reality is that it's not clear they actually have much IP protection. There are really only four major forms of IP: copyrights, patents, trade secrets, and trademarks. Only trade secrets would seem to apply here (possibly copyrights, but they don't contaminate). And the legal reality is that trade secrets need to be protected carefully in order to receive any legal protection.
Its an interesting theory. (Score:3)
Would it be at all feasible, from a law perspective, to counter-sue Microsoft for *NEGLIGENCE* in protecting their so-called trade secrets?
Wouldn't it be possible to make the argument that since Microsoft *allowed* the source code to get out into the public domain, they are responsible for their own mess, and thus use that as a basis to dismiss any court cases that would be enacted based on this conspiracy theory.
It seems to me that this argument could be made fairly strongly - as is the case with trademarks - if you do not protect it, you do not deserve the right to exclusivity, and thus there would be no basis for damages should the code be 'used' elsewhere?
Can anyone with a strong legal background comment on the feasibility of this issue? It would seem to me that something like this could be argued in any case against Microsoft for this purpose.
Re:How can you know? (Score:2)
Besides that, anyone who is a good enough programmer to contribute to any serious OSS project should be a good enough programmer to recognize code from an MS product (the fact that it's bloated and sucks should be a hint). Also, code posted with no license whatsoever should be pretty suspect.
-B
I had a similar thought last night... (Score:2)
Oh, yeah, and we heard about this days after it was anounced that Excel and Word 2000 now work in WINE. Very interesting...
I have said often that if I could just get Outlook to run in linux, I'd have no use for an MS OS. Guess someone overheard.
Re:Plan (Score:2)
whilst the MS defence is based on trade secrets. Utterly incomparable
from the legal point of view.
Re:Why you'll never see their source in the wild.. (Score:2)
Not true. For example, a system that runs on a mainframe is accessed via a tn3270 program running under Windows NT. Hack that and you can install a keyboard sniffer and remote control app and get everything you need to get into that non-Microsoft system that the bank runs...
Re:How can you know? (Score:2)
I agree. There will be open source types who will use this code in a project regardless and in the end it will hurt us because microsoft will have access to the OSS source code of that project. The maintainer, on the other hand, may not have access to MS source code and won't know the difference until it's too late. So, should the maintainer get the illegal MS code to check against software submitted or should he sit blindly and assume the programmer submitting code is honest. This is a serious catch-22 here and it makes you wonder if there is a conspiracy behind the "stolen" code. Either way, OSS programmers have to be on red alert. A serious can of worms has been opened here and it could impact projects like SAMBA, WINE, or Win4Lin. Programmers of the aforementioned projects need to be cautious of anyone submitting a reverse engineering breaktrough of a Windows API.
I do want these projects to succeed by any means, however, the use of MS code will come back and bite them in the butt if they are not careful. Many of anti-MS types were happy that MS got cracked, but I have mixed feelings. The timing of the crack is too perfect - Samba TNG was formed recently which promises to implement primary domain controller type services. Could Microsoft be planning evil or is this coincidence? If you do find the code, be very careful and be smart. As much as I'd like these guys to look at the code, laugh at the bugs, and reverse engineer it, cheating will only cheat the users of free software somewhere down the line. MS has enough money to file some serious lawsuits against people they feel have used their code and in the end good projects like WINE or SAMBA will be forced underground.
All paranoia! (Score:2)
Well, DUH (Score:3)
stolen items include (Score:5)
1. Bill Gates' credit card details
2. Source code for Bob
3. Cheat list for Solitaire
4. Online application form for donations from the Bill and Melinda foundation
5. Wish list for enhancements to MS-DOS 3.3
6. Complete set of MP3s of Steve Ballmer rocking out
7. Original code for Linux
8. Discarded Office Assistants including Penfield the crazy Judge and Linus the toad
9. Contents of Bill's desktop trash folders for the last five years
10. Contact details for Bill's personal stylist
Do we know what actually happened yet? (Score:2)
But I've heard/read nothing definitive. The whole thing screams 'inside job' to this clueless luser.
For easy karma, does anyone have facts?
For example, how did the crackers get around the (OpenBSD?) firewalls?
Re:Its an interesting theory. (Score:2)
Of course, the code is still copyrighted, but you have fair use exemptions, specifically research, to argue about there.
This is NOT sound legal advice, it was given to me off the cuff by a lawyer who gave up IP work a couple years back. Still worth a thought.
Re: Big Bad MS Lawyers (Score:2)
Even if M$ were to loose, it would still take another three to ten years to split them up.
As for the whole "$$$ for the better lawyer" story, what do you think has been the major problem for the DECSS case? Judges who don't get it and lawyers who can talk circles around the truth.
There are plenty of cases where a criminal went free because of the quality of their lawyers. Standard Oil was bigger and badder than M$ can ever dream of being and made Bill Gates look like a Saint. It took years to even touch them, but not until JDR's personal fortune was 2% of the entire US Economy.
The "Teflon Don" escaped justice time and taime again, and OJ walked away a free man.
These are all because of lawyers and the US legal system. It has nothing to do with what is right and wrong, but who has the best legal team. Anyone who really thinks the "truth will set you free" or that anything other than money runs the nation is a sad individual with no concept of reality who might as well believe in Santa Calus.
Re:The difference between plagiarism and knowledge (Score:2)
//rdj
Contamination Overblown. (Score:2)
I don't buy that whole "contamination" thing. If contamination exists then: Anybody who's ever used MFC is contaminated, because it comes with proprietary MS source code. Conversly, anybody who's ever patched gcc is a GPL violator unless they release all their work under the GPL.
Unless Open Source projects start showing up with large swaths of code containing things like DWORD and LPVOID, I don't see how MS could prove anything.
Oh no! I've just released the secret of DWORD and LPVOID! I'm doomed!!!
Microsoft failed to take proper care (Score:4)
Microsoft has to take reasonable care in protecting valuable trade secrets. It is clear that they haven't. Even if they believe that their E-mail client has sufficient security, if they believe their source code is as valuable as it is, it should reside on a more protected part of the network. Microsoft is merely trying to avoid responsibility for their product defects and for their poor security policies.
It is an outrage that the taxpayer now even has to foot the bill for trying to track down people who took advantage of security defects in Microsoft products. That would be like GM selling cars with no locks and then claiming it's the taxpayer's responsibility to find all the stolen cars.
It is still good advice for open source projects to stay away from any Microsoft source, legally or illegally obtained. But don't get suckered into believing that Microsoft has any ethical claims: they were negligent. And, objectively, they ought not to have any hope of legal success either--they should fix their products instead and stop shifting the cost of their defective products onto law enforcement and, ultimately, the tax payer. As long as they can get away with shifting cost and responsibility onto others, they will have no economic incetives to fix their software or procedures.
Re:FJLSDJFKS:LJ (Score:2)
Be certain: these events did not transpire without a reason. Microsoft wants to control your computing experience from the ground up and will do whatever it can do to further that end.
--
Re:If windows source is released, (Score:2)
Assumption is the mother of all fuckups. Have you ever seen the Microsoft source code?
And... have you never seen open source code that is beyond crap?
Just because you can't read it, it doesn't mean it's badly written. Try seeing an implementation of a COM subsystem that is easy to read.
Re:Hacking the old IBM PC (Score:2)
Re:Plan (Score:2)
If you emailed the linux source code to the Windows developers at MS, I don't think you could prevent them from working on proprietary software even if you could prove that they saw GPL'd code, so I don't think MS can prevent you from working on free software just because you saw proprietary code.
Not funny. (Score:2)
Re:How can you know? (Score:2)
Also I think at the current moment with the nature of the OSS movement if legal action was taken against the project someone would carry on
the project after it has had a injunction against it etc.. I mean just look at DeSSC code that has been distriuted so many ways. ie this
How many software distributions are there that publish DeCSS? None.
The catch to the MS stuff is that if Samba were to get MS' code, they'd mostlikely obfuscate it in such a way that it'd be hard to prove it legally. As for MS' intellectual property rights, I say screw them. They're a monopoly; they thrive on not allowing other systems to network easily with them.
Re:Let me get this straight... (Score:2)
Anyone? Anyone?
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
No evil plot - they're scared shitless (Score:2)
We gotta make sure nobody looks at that code, especially those hackers. I mean, they're smart, they'd know what we were doing. Threaten to sue all of them? No, that would look bad, we've got enough bad press already. How about this: let's scare them into not looking at it. Spread the word that even looking at this code would threaten their ability to work on any free software projects in the future. That should scare anybody smart enough to figure what's in there.
DeCSS has been posted (Score:3)
If someone decided to post some key code to windows here, would it be kept on the server? How many nanoseconds would it take before 200,000 lawyers shut the site down?
How far will slashdot go?
What If The Tables Are Turned? (Score:3)
Maybe their 'innovative' re-invention of symlinks and mapping drives to directories was based on GPL'd code.
Prolly not, but I say it was just a random thought I had.
Re:An interesting reversal of fortunes. (Score:5)
To be honest, I had this smug feeling about the whole deal until I read the article. This is really an unfortunate situation. More importantly, it touches all of us, since anyone who tries to reverse engineer an API from MS is going to get painted with the haxor brush. The MS code isn't even that good. I only hope that they don't use this as an excuse to begin a litigious assault on the Open Source movement. Sustained lawsuits attacking key applications will slow development, and could influence virtually everything we do.
One thing this means for us is this: concentrate in your source trees, now more than ever, on modularity. Any time a chunk of code becomes suspect, we should be able to isolate and replace it until the dispute is resolved.
On another note, it would probably be a good idea for people in the Open Source community to alert the FBI to anything we might hear about who may be responsible for this. While I don't like MS, the courts will punish them for their monopoly, and the marketplace will punish them for their close source methodology. To not assist whereever appropriate will leave us open to accusations that our community is filled with criminals and warez d00dz.
Besides, the sooner this is put to rest, the sooner we can dispel the myth that MS source code is actually valuable in the first place...
I don't know.... (Score:2)
Am I being paranoid^H^H^H^H^H^H^H^Hconcerned that MSs "theft" could be their carefully orchestrated, poorly disguised effort to discredit/destroy Open Source through oppresive application of litigation?
OK to look at code -- MS has screwed itself (Score:5)
What's going on? Well, it seems like MS's PR department has been working hard to downplay the attack. Notice how the informant shifts over time from an unnamed "Microsoft engineer" to Balmer to MS's "corporate security officer." I assume that what happened went like this: 1) a mid-level MS engineer leaked the real story to the press, 2) PR (Balmer) steped in for damage control, and finally 3) PR propped up a puppet with a written script to try and kill the issue.
The thing is, the strategy may backfire on MS. Now, they can't claim that open source developers are pirating their code. They've already gone on record saying no MS code exists in the wild. Which means that if you happen upon the source to Office, you are free to look at it, since MS has already declared that that code does not exist.
Heh.
I understand, but.... (Score:2)
feh!
Re:Microsoft failed to take proper care (Score:2)
It's not an outrage, it's just good ole plain business as usual, sucking-up for croporate welfare.
For years, GM shifted the deadly burden of it's blatantly unsafe cars onto the back of "bad drivership" and "poor road design", until they were exposed as the frauds they are.
--
Americans are bred for stupidity.
Lawyers: a question about "tainting" (Score:2)
On the other hand, does the person who reads this review have any obligation not to use the info? It seems to me that there's no copyright OR trade secret protection for a method that you came across this way. Unless MS has patented the particular method, you SHOULD be free and clear.
Lawyers? Thoughts?
I, however, am most interested in just how bad the code is. I'd love to look at it, not because I think they have any good ideas, but because I want some humor in my life
Re:Let me get this straight... (Score:2)
Re:I don't know.... (Score:2)
Since the theft has occured and is in public, it brings to light a lot of questions regarding the security of NT (I'm assuming that their servers are NT). A MS loss.
If Microsoft says that they are using *nix servers to discredit *nix hackers, then it is basically an open admission that *nix is a better server solution than NT. Again, a MS loss.
Opressive application of litigation? They would only be able to go against the perpetrators of the crime and anyone using the stolen code. The rule of thumb for
Discredit Open Source? MS surely sees Open Source as a threat to their business model, but to pull a stunt to discredit open source is a bad PR campaign. A few years ago, Open Source did not have respect or legitimacy from the "corporate" community, but with IBM throwing some muscle behind Open Source, it now has legitimacy from the business community. Forget the arguments regarding Open Source code being rock solid and around for a long time, the historical perception of Open Souce - from the perspective of the "corporate" community - is that it was just a bunch of software hacked out by every Tom, Dick and Harry. Now that some big corporate plays are getting behind Open Source, it is only beginning to see widespread respectibility from the suits.
Re:Here I am being paranoid... (Score:2)
An interesting reversal of fortunes. (Score:4)
It is hard to imagine that something that could look so good on the surface (Microsoft getting totally 0wned) could be so bad for the Free Software Movement. Now potentially any open source project that has anything to do with Microsoft interoperability is open to a law suit. At the very least, it will make accepting contributed code into the CVS tree more difficult.
It has been said that one of the fundamental damages that security breaches cause is not only the loss of data, but the loss of the integrity of data. It is unfortunate that this loss of integrity has to spread to other victims that have basically nothing to do with Microsoft.
When did the rules on trade secret change? (Score:3)
Well, I DON'T understand something about this, and the flap surrounding it:
As I understood it, a trade secret is GONE once the secret is out of the bag. The holder of the secret has an action ONLY aginst the person who improperly exposed it - either after stealing it, or in violation of a valid confidentiality agreement - and perhaps anyone in collusion with that person. (Collusion would be things like hiring him to steal it, or giving him some benefit in return for a copy you knew to be stolen. Downloading it from an open internet site would not be collusion.)
Since when is there an action against anyone found using part of a FORMER secret that is now widely distributed? Since when is there NOT a big-time countersuit and other legal grief for anyone who brings such a bogus suit?
Yes, you can sue anyone for anything. Yes, if you have enough lawyers you can cause anybody a lot of trouble. But you can't just use your money and the court system to make life hell on any random person or company you don't like. You have to have a palusible case. If you knowingly bring a bogus suit you're on the hook big-time - both civilly and (if you're blatant and unpopular enough) criminally.
Has the deCSS case broken the legal system THAT badly?
More @ Salon (Score:2)
http://www.s alo n.com/tech/log/2000/10/27/microsoft_crack/index.h
----
Using the same reasoning... (Score:2)
I'm serious. The fact that the source was stolen should not matter. Maybe accessing the MS source code would prevent you from claiming a "clean room implementation", but not from working on OSS at all.
Just another idea... what if GPL'd code is found in Windows. I'd like MS being sued (by FSF?) over copyright infringement.
How can you know? (Score:3)
Re:I don't know.... (Score:2)
ssshhhh. What was that sound?
Does this mean... (Score:2)
*cries*
Masturbation Scare Tactics Applied to Stolen Sourc (Score:2)
Prolly should of been AC for this one.
Re:What If The Tables Are Turned? (Score:5)
@(#) Copyright (c) 1983 The Regents of the University of California.
All rights reserved.
There's no way to generate this string from running the executable itself, it's only viewable in a hexeditor.
MS == C++, usually (Score:2)
In view of the possibility of OSS being contaminated with closed-source code, the use of a diversity of languages being used in OSS development is not just a good policy, it may end up affording some legal protection. Not being subject to the same forces of mindless conformity that prevail along the corporate C++/Java/VB axis, we ought to take advantage of it.
--
Re:Microsoft failed to take proper care (Score:2)
Microsoft seem to have gotten people to believe that being infected by an E-mail virus is kind of like being the victim of a robbery at gunpoint--something they can't do anything about.
Sure you can do something about that; you can carry a weapon yourself. Does this mean when you go to the tax-salaried police about it, you should be turned away for your lack of responsibility?
That would be like GM selling cars with no locks and then claiming it's the taxpayer's responsibility to find all the stolen cars.
Again, your leap in logic astounds me. GM doesn't sell cars without locks, but plenty of people don't lock their cars, and some of these unlocked cars become stolen. Taxpayer money goes towards tracking these stolen unlocked cars, and rightfully so . . . Whatever the circumstance, the criminal carries 100% of the responsibility for any crime, the victim 0%.
Regardless of your opinions about the practices of the victim or the quality of the property, this is theft. A crime has been committed, and Microsoft has both ethical and legal claims. If they can prove that stolen code was used in someone else's project, they will win in court. Not because they're Microsoft, or the judge is stupid, but because they are the victim of a crime.
Re:How would QAZ work (Score:2)
you mean it's hard to hide 1000 *.vb files
heh
Does the reverse engineering two-step work here? (Score:2)
Re:I don't know.... (Score:3)
Exactly, the benefits of implementing gpf-like functionality (better crash-dialog functionality) into kde or, for the gnome folk, gnome.
Seriously, though, I know not what the true story is, but I'm sure there are many reasons Microsoft might execute such and infinately many reasons why they would not have. And, by the way, we don't even know what, if, or exactly how much code was stolen.
Maybe this is another case of a hard drive being misplaced behind a copy machine, anyways.
Microsoft has invested MANY millions of dollars into their software -- something they obviously don't want to lose -- against your theory. With all the funky legal stuff going on in recent years, I must say if Microsoft hasn't used this vehicle, you are first, in my book, to give ideas to those who will ;-)
Re:How would QAZ work (Score:2)
Let me get this straight... (Score:3)
Re:What If The Tables Are Turned? (Score:2)
That doesn't mean you'll find the code from BSD lifted wholesale in there, but a search of the Windows or NT source would probably turn up a little intellectual property theft.
Besides the network code, I'd look at the "Compress" attribute for files, the PostScript drivers, the POSIX "compatibility" sub-system, IIS, Internet Explorer (since it's based on the Spyglass browser), ftp client, telnet, and some of the networking services (DHCP, RCP). You all could probably name other likely candidates for GNU/BSD code lifts.
Of course Windows Me has its particular code tree, so who knows what's there. There was also the mass exodus of Apple programmer to Microsoft in the 90s. So if you developed at Apple in the last 15 years, you might be able to find some of your own work in the source for various Microsoft products. Remember "Video for Windows"?
Not that other companies don't do this too. Apple's Disk Copy utility makes disk images which are basically tar balls. Probably a little borrowing there, but it's convenient if you run Linux on your Macintosh.
Re:Who's afraid of Big Bad Bill? (Score:3)
But they don't have to. Just pick one or two high-profile members of the group, and target them. As soon as everyone else in the project finds out what's happening, the project is dead. It may not be possible to eradicate all OSS projects, but a few well-delivered blows could seriously cripple most of the useful stuff out there. Besides, MS would likely only target those things that pose a threat to them. I doubt that they'd go after anyone working on vi, for instance.
Question: When has Microsoft ever shown fear of any entity??? This is part of the reason they're perpetually in trouble with DOJ/FTC/etc...
Re:trade secrets mean... (Score:5)
__
Plan (Score:5)
Sounds strange? Think about the following reasons. We've seen many times previously that MSFT avoids admitting their own mistakes for as long as they possibly can. It takes them awhile to warn the public about known bugs or exploits in their various software products. Yet, in this case of the stolen source, they were seemingly very willing to let the press know about the break-in and apparent theft of the source code.
Now that it is public knowledge that some MSFT source code has been stolen, imagine what it does for free/open-source development. Because of this, the FSF and other maintainers of free/OSS software now have to take extra measures to ensure that the code is free of any potential influence of the supposed 'stolen code'. This takes time, effort, and will generally serve to slow-down the development open-source software projects. A big 'plus' for MSFT.
Also, suppose someone posts snippets of the 'Forbidden Source' to various newsgroups, like the public postings of DeCSS and MSFT's kerberos additions to slashdot. Or, say, someone emails some of this code to the kernel mailing list directly. Now, nearly the entire team of linux developers, among other projects, has seen the 'forbidden source'. IANAL, but MSFT could possibly use the fact that they saw the 'forbidden source' as justifications that now they're now privy to MSFT's proprietary software models. They may use this fact to either sue future developers, or inhibit future development of such projects. Both of these things are bad for OSS/free software, and are good for MSFT.
This may sound like some grand paranoid conspiracy theory and doomsday scenario, but as someone posted to LinuxToday, "Just because you're paranoid doesn't mean they're NOT out to get you."
Re:This recommendation should be extended (Score:2)
How much of gcc is in msc? (Score:2)
Now if someone just had time to prove that some of the code was lifted it could be quite interesting.
And here I thought .... (Score:2)
Re:Who's afraid of Big Bad Bill? (Score:2)
Not only that, but even in high profile cases, just seeing source code or even signing an NDA does not disqualify you from working in the same area. Many consultants work for many companies in the same domain. Heck, Microsoft themselves hires engineers away from competitors.
The opensource/freesoftware worlds are currently dominated by fussy little hairsplitters who have spent far too much time working on their licenses. The licenses are important, don't get me wrong, and somebody needed to work on them. But usually, when your lawyer is done you send him home, because lawyerthink is not the best for running things.
Also, one should take the caution against knowingly passing illegal copies of anything around, not because the ideas would taint you, but the crime might.
I have (non-MS) sources, am I disqualified? (Score:2)
Am I therefore prohibited in using my personal knowledge to benefit open source software? Do I have to seek Compaq's permission to release open source software?
On a wider note, as I work with closed source software all day as part of my normal job, does this also disqualify me participating in OSS projects? I don't think so, because if it did, a lot of people on the linux kernel credits list would be in trouble for a start.
What if any Microsoft programmers, who have presumably legally seen sources, joined an OSS project? Would Microsoft be able to stop them? The possibility for nasty legal precendents is rather alarming.
Re:I don't know.... (Score:2)
Re:Microsoft failed to take proper care (Score:2)
Re:Do we know what actually happened yet? (Score:2)
Comment removed (Score:5)
Re:Open Source or Privacy: choose one (Score:2)
Pretty cool idea, almost blow-my-mind insightful, although not quite...
I'm hoping that the problem isn't quite is grim as you portray it. You show it as a very computer "If A, then must not have B" thing going on here..... I'm thinking that it might be possible to balance the two if you add in a third element, something that sooo many people seem to be lacking these days... just a touch of common sense.
Really, take it on a case-by-case issue. Yes it sometimes sounds good to make huge generalizations and sweeping "always" and "never" statements, but it's often better to look at specific occasions. Examples:
Well, enough said. Yes, you can't clamor for both privacy and open source at the same time, fair enough. However, a balance can be maintained where you say "Yes, MS has rights to privacy if they want, but I have the right to say I like open source and want to go out and make Linux, but I myself have the right for privacy when it comes to certain aspects of my personal life".... i.e. I believe in free source code, but not necessarily big brother and telescreens and every bit of info being "free".
Enough inane conspiracy theories, already! (Score:5)
Conspiracy theory #1 - Microsoft faked it
Come on. Microsoft does not possess an oracle that tells them things like "if you fake being hacked, your stock will stay high, people will not abandon your products (quite the possibility at the server end), and you'll get lots of clout in drafting new anti-hax0r legislation". And if you don't have that kind of oracle, you're not going to go out and pretend that you got hacked so that you can score some political points against the free software movement.
They stand to lose far more business from 10% of their potential server market shifting to Sun/IBM/whoever (or deciding to stay with Sun) than they stand to gain from slightly helping the cause of some vague, unenforcable laws directed at reverse engineering.
Yes, Microsoft will try to get as much advantage as they can from this. That's no suprise.
Conspiracy theory #2 - Free software people did it
If free software types (or supporters of same) were behind it, don't you think that someone would have seen the sources on freenet or some random ftp site by now? Or at least heard a couple of well-substantiated stories to that effect? ("I saw a huge tarball called microsoft-sources.tar.Z on ftp://....").
Far more likely, it's either some script kiddiez, who probably didn't even get it together to the point where they could get the source in any useful form, or some low-level industrial espionage people who are discreetly shopping around their product to various shady firms.
Incidentally, if it's the latter case, I wouldn't anticipate seeing the source showing up anywhere for free; why would the people who stole the source for profit give it away for free?
Interesting parallel in music world (Score:2)
Alternative explanation (Score:2)
1. Breach is first detected, everyone is in a panic and assumes the worst.
2. After a little checking it turns out not to be as bad as they thought at first.
3. After careful analysis of logs, including the version control management logs it turns out that no modification took place and only a minor future product has been downloaded.
----
You people are kidding, right? (Score:2)
Re: (Score:2)
Part of Microsoft's plan to destroy Linux (Score:3)
Six months from you you'll see the SAMBA and WINE teams being sued. M$ will win because the judges know nothing about computers and M$ money can buy the best lawyers.
Oh well. I've been meaning to look at BEos for a while now anyway.
What about a Chinese Wall approach? (Score:2)
Not *quite* the same thing (Score:2)
But I never claimed that MS did this on purpose.
I'm just presenting one possible way in which they can recover their "losses" (real or perceived).
Source was only "viewed", not "downloaded" (Score:3)
Anyone understand what that statement is supposed to mean at all? How can they know that the source was ``only'' viewed? If the cracker was viewing the code, then copied-and-pasted out of his xterm/browser/whatever, then he has a permanent, downloaded copy! I suspect the use of these words is an attempt to fool non-technical people.
Re:What If The Tables Are Turned? (Score:2)
Oh, come on... (Score:2)
Good lord you're paranoid!!! Seek professional help!
You've never heard of just throwing out an idea to see what discussion it generates? I don't believe I ever stated that "this is what I firmly believe."
It's just an idea, people. If you can't handle the thought of discussing strange and wacky concepts, you need to read some other website.
Re:What If The Tables Are Turned? (Score:2)
Re:Plan (Score:2)
I think the old "in dubio pro reo" applies here, so MS would have to prove:
1) the code(fragment) was really developped by MS before the break in.
2) the code was stolen from their website during the break in (according to latter MS statements it took them only a few minutes to discover the intruder)
3) the code has been read by a developper
4) the code could not have been created independly of MS code and is worthy of protection as a trade secret.
If any court choose to make it to easy for MS anyone could cite this case as a reference and sue MS because some of their developpers surely looked at open-source code and choose not to honour the GPL when adapting some functionality to their OS.
Also this would set an ideal precedent where any software-firm could sue the whole competition by claiming that some of their source code leaked. I think any decent judge would consider these facts before coming to a hasty decision. And even MS lawyers should hesitate to give the competition that big of a weapon if the case is used as a precedence against MS.
Imagine, just set up a little software business, claim to be hacked and that part of your ingeneous solutions crept up in MS programs. If it even permits to temporarily halt MS shipping out products (imagine delaying Windows ME by half a year with such a scheme) the damage would be more than anything MS could gain using this scheme against others.
Mod up!!!! (Score:2)
Re:Alternative explanation (Score:2)
Give me a break. A guy goes undetected on MS's network for 3 months and he can't modify a versioning log?
--
Why you'll never see their source in the wild... (Score:4)
No, it sounds like these puppies were real pros. If I was running a master criminal organization, stealing source to Microsoft code would be the best way to evaluate weaknesses in their code and use that quietly to hack into the world's biggest companies and banks undetected and run off with billions. Or how about hacking into foreign government intranets to get their secrets? Remember that this code has not received a critical eye looking at it with the intent to covertly break into it.
There are real risks to the world going to 100% Microsoft solutions. It's like royal families inbreeding in medieval times. It ain't good and it's getting worse.
Just think, your entire company may be Microsoft on the desktop, but at least the back ends are still something else. But soon no more. To leverage those nifty Active Directory benefits you need to move your DNS, LDAP, and Kerberos services to Windows 2000. Then you'll start to see the real benefits of moving that web server to IIS and e-mail to Exchange 2000.
The real thing to fear here is what's going to happen behind closed doors outside of Redmond...
I just don't understand the logic in trusting corporate and often national security interests running software you are unable to audit written by a private company whose only concern is maximizing their revenue and market share.
Re:An interesting reversal of fortunes. (Score:2)
No. It is your job to punish them for their monopoly. The courts have no authority to do so. It's this kind of attitude - expanding and extending the reach of government - that allows Microsoft and others to file spurious and anticompetitive lawsuits against (theoretically) any Free Software project because of this incident. You can't have it both ways.
M$ could just call "Foul" on everything... (Score:4)
...just to be on the "safe" side.
Consider. Free project GNUFoo comes out which competes with Microsoft Active FUBAR 2000. If it looks popular, M$ can just state that "there's a possibility that our proprietary source code influenced this design," and instantly GNUFoo is dropped like a hot potato.
Now, there's none of M$'s code in GNUFoo, but the FSF and the GNUFoo programmers now have to prove that, because in the Real World you are presumed guilty until proven innocent, and even then you're still guilty of looking guilty.
And in the years that it takes to satisfy the courts that GNUFoo is guilty of nothing but competing against The Man, the project will slowly grind to a halt. By the time GNUFoo is cleared of wrongdoing, M$ will have released their next project, and GNUFoo will be useless because it's so outdated.
Re:Hacking the old IBM PC (Score:2)
I remembered the story from a PBS documentary years ago. (Circa 1995) and must have messed up on the company name.
Of course, the point wasn't about the company, but the whole idea of having one team hack the product and the other design a new one based on what they learned.
Who's afraid of Big Bad Bill? (Score:4)
Obviously MS have an excuse to sue if one person looks, but where's the harm in everybody looking? After all, the Windows programmers have had access to every piece of code ever relased under the GNU Public License since 1984! What I'm saying is based on the hypothetical that Windows source is / will be generally available, but then that's what all the don't-look-don't-touch hysteria is based on too.
On the offchance this is the case, why should one free software programmer fear litigation for implementing something that MS also implemented? What's to stop the programmer of some major open source software taking the opportunity to scrutinise Windows for appropriated ideas from GPL code? Obviously no free software programmer would be idiot enough to cut and paste Windows code, so if we're arguing on the stealing of `ideas' from code, and code from both sides is available for scrutiny, surely lawsuits could fly both ways?
I can see why the Samba / Wine people might be more wary than most but MS would have a very hard time grinding all international free software devleopment to a halt just because windows_src.zip turned up on a few FTP sites.
maybe it was microsoft (Score:2)
I know maybe this sounds a little parynoid, but with the past history of this company I think that anything is possible with them. They are a moralless company that sees nothing but there profits. They say that they listen to there users and that there users want more features and don't care about security. That is a load and they know it.
On another hand, if Microsoft cannot secure there OWN software system and there network security is that crapy, do you really wnt ot be runnign that software? I mean really who leaves the source code to the OS connected to a system that is connected to the internet. Oh that's right they created that pptp crap and forgot to put security in in.
Microsoft gives new meaning to VPN, Very Public Network!
I don't want a lot, I just want it all!
Flame away, I have a hose!
Re:How can you know? (Score:2)
They could accuse them of obtaining the stolen source and using the knowledge they learned from it to advance the project.
As far as I can tell, one lawsuit against a project like this could have the thing shut down. OSS projects don't have too many financial resources to fund a legal battle.
Re:Part of Microsoft's plan to destroy Linux (Score:2)
Re:Conspiracy Theory (Score:2)
To:Linus Torvaldes[Torvaldes@transmeta.com]
From:Billy Bob [bill-b@notmicrosoft.com]
Subject: Kernel Patch.
blah blah blah (insert MS code here).
Or worse yet sending it to the kernel mailing list, tainting all the relevent people in one fell swoop? Even if MS doesn't do it, there are plenty of people out there with nothing better to do than try to fuck up other people's day.
Fist Prost
"We're talking about a planet of helpdesks."
Did M$ know of, aid or abet it? Dunno... (Score:3)
Do I think that this will slow down the OpenSource community in the least... No!
Secrecy is a double-edged sword. Any Linux distro could be entered into public record without a ripple. In fact that might be a good idea to do so now in preparation for any potential eventuality.
But I don't see M$ dragging their APIs and source code into court for the public record anytime soon. That's what they would have to do to even allege with intent to procecute against anyone for supposedly stealing any of their code.
They would have to identify the code and prove it came from them and the only way to do that is by bringing their own code to court and doing so in such a way as to prove the code repository had not been tampered with since the discovery of the break in.
Then M$ would have to argue that it could not possibly have come from any other source but their code. All a developer has to do is keep a clear paper trail of what ideas come, as they come, and the very plausibility of the defense would dispell any allegation M$ might make.
Making those allegations is a great deal more difficult than you think... Basically, M$ has a choice that I doubt they'd ever make even when their backs were against the wall.
If you live in secrecy, you can't step into the sunlight too quickly. I think we're safe from an open source M$ for a long time to come.
Re: Big Bad MS Lawyers (Score:2)
Thank you. You defeat in this debate has been noted.
"If you can not attack his logic and reasoning, attack his spelling. Loudly"
Re:What If The Tables Are Turned? (Score:2)
%cd
%strings -a -f * | grep "Copyright " | grep -v Microsoft
asycfilt.dll: Copyright (C) 1995, Thomas G. Lane
avicap.dll: Copyright
avifile.dll: Copyright
commdlg.dll: Copyright
compobj.dll: Copyright
ctl3dv2.dll: Copyright
ddeml.dll: Copyright
dmadmin.exe: 2.70 Copyright (C) NEC Corporation 1985,1995
dmio.sys: Copyright (C) 1996 VERITAS Software Corporation. ALL RIGHTS RESERVED.
dosapp.fon: Copyright
drwatson.exe: Copyright
dxmasf.dll: Copyright (C) 1996, Thomas G. Lane
dxtmsft3.dll: Copyright (C) 1996, Thomas G. Lane
finger.exe: @(#) Copyright (c) 1980 The Regents of the University of California.
fontext.dll: Copyright 1988-1991 Adobe Systems Inc.
ftp.exe: @(#) Copyright (c) 1983 The Regents of the University of California.
gdi.exe: Copyright
gpkrsrc.dll: Copyright (c)1996 VeriSign, Inc. All Rights
gpkrsrc.dll: This certificate incorporates by reference, and its use is strictly subject to, the VeriSign Certification Practice Statement (CPS), available at: https://www.verisign.com/CPS-1.0; by E-mail at CPS-requests@verisign.com; or by mail at VeriSign, Inc., 2593 Coast Ave., Mountain View, CA 94043 USA Tel. +1 (415) 961-8830 Copyright (c) 1996 VeriSign, Inc. All Rights Reserved. CERTAIN WARRANTIES DISCLAIMED and LIABILITY LIMITED
gpkrsrc.dll: This certificate incorporates by reference, and its use is strictly subject to, the VeriSign Certification Practice Statement (CPS), available at: https://www.verisign.com/CPS; by E-mail at CPS-requests@verisign.com; or by mail at VeriSign, Inc., 2593 Coast Ave., Mountain View, CA 94043 USA Tel. +1 (415) 961-8830 Copyright (c) 1996 VeriSign, Inc. All Rights Reserved. CERTAIN WARRANTIES DISCLAIMED and LIABILITY LIMITED.S
h261_32.ax: Copyright
h263_32.ax: Copyright
infosoft.dll: Copyright [c] 1995 INSO Corporation
keyboard.drv: Copyright
krnl386.exe: Copyright
lzexpand.dll: Copyright
mciavi.drv: Copyright
mciole16.dll: Copyright
mciseq.drv: Copyright
mciwave.drv: Copyright
mei32api.dll: (C) Copyright IBM Corp. 1992, 1995
mei32api.dll: (C) Copyright IBM Corp. 1993
micross.ttf: Copyright
micross.ttf: USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN
mmsystem.dll: Copyright
mmtask.tsk: Copyright
modern.fon: Copyright
mouse.drv: Copyright
msacm.dll: Copyright
msawt.dll: Copyright (C) 1995, Thomas G. Lane
msihnd.dll: Copyright (C) 1996, Thomas G. Lane
msttssyn.dll: (c) Copyright 1993-1997
msvideo.dll: Copyright
mwblw32.dll: (C) Copyright IBM Corp. 1997 all rights reserved. US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
mwcnam32.dll: Mwave Software. (c) Copyright IBM Corp. 1994-1997. All Rights Reserved. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Licensed Material - Property of IBM.
mwcpyrt.exe: IBM Copyright Notice
mwrcov16.exe: Borland C++ - Copyright 1994 Borland Intl.
mwwtt32.dll: (C) Copyright IBM Corp. 1994 to 1997 all rights reserved. US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
netapi.dll: Copyright
nslookup.exe: @(#) Copyright (c) 1985,1989 Regents of the University of California.
ntvdm.exe: (C)Copyright Insignia Solutions Inc. 1987-1992
ntvdm.exe: 1.2 5/24/91 Copyright Insignia Solutions Ltd.
offfilt.dll: inflate 1.0.4 Copyright 1995-1996 Mark Adler
ole2.dll: Copyright
ole2disp.dll: Copyright
ole2nls.dll: Copyright
olecli.dll: Copyright
olesvr.dll: Copyright
os2.exe: Copyright (C) Rational Systems, Inc.
pax.exe: Copyright (c) 1989 Mark H. Colburn.
pax.exe: Copyright (c) 1989 Mark H. Colburn.
pmspl.dll: Copyright
pngfilt.dll: i inflate 1.0.4 Copyright 1995-1996 Mark Adler
rcp.exe: @(#) Copyright (c) 1983 The Regents of the University of California.
rsh.exe: @(#) Copyright (c) 1983 The Regents of the University of California.
script.fon: Copyright
shdoclc.dll: Unix version contains software licensed from Mainsoft Corporation. Copyright (c) 1998-1999 Mainsoft Corporation. All rights reserved. Mainsoft is a trademark of Mainsoft Corporation.
shell.dll: Copyright
sound.drv: Copyright
spcmdcon.sys: 2.70 Copyright (C) NEC Corporation 1985,1995
storage.dll: Copyright
sysedit.exe: Copyright
sysedit.exe: Copyright
system.drv: Copyright
tahoma.ttf: USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN
tahomabd.ttf: USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN
tapi.dll: Copyright
tcarc.sys: Thomas-Conrad ARCNET/TCNS Miniport Driver for NDIS 3.0, (C) Copyright 1990-94 Thomas-Conrad, Inc., All Rights Reserved, 1.10.0.0(950620)
thumbvw.dll: Copyright (C) 1996, Thomas G. Lane
timer.drv: Copyright
toolhelp.dll: Copyright
typelib.dll: Copyright
user.exe: Copyright
ver.dll: Copyright
vga.drv: Copyright
vgaoem.fon: (c) Copyright Bitstream Inc. 1984. All rights reserved.
vgaoem.fon: (c) Copyright Bitstream Inc. 1984. All rights reserved.
vgaoem.fon: Copyright
vgx.dll: 4,f deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
vgx.dll: f,f inflate 1.1.3 Copyright 1995-1998 Mark Adler
webvw.dll: Copyright (c) 1998 Hewlett-Packard Company
webvw.dll: Copyright (c) 1998 Hewlett-Packard Company
wfwnet.drv: Copyright
wifeman.dll: Copyright
winhelp.exe: Copyright
winhelp.exe: Copyright
winnls.dll: Copyright
winsock.dll: Copyright
winspool.exe: Copyright
wow32.dll: RQuickBooks for Windows Version 2. Copyright 1993 Intuit Inc. All rights reserved.
wowdeb.exe: Copyright
wowexec.exe: Copyright
xenroll.dll: USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN
xiffr3_0.dll: Copyright (C) 1995, Thomas G. Lane
Sympathy for Goliath (Score:3)
Now, here's another thought. If the Linux community were behind this, we'd be unimaginable idiots every last one of us. Linux is so much more than Windows could ever hope to be. If you look at the track record of Microsoft and bugs, it don't look pretty. They have 7 service packs for Windows NT 4 (1,2,3,4,5,6,6a)
Though, I wouldn't mind someone stealing the source code for DirectX 7.0 and developing it over to Linux. *drool* I'd love to play Final Fantasy VIII under Linux. (And, for my legal sake, that is not a serious statement, though it would be a dream to play games of that magnitude under Linux. Of course I could just hope that Linux and Sony somehow combine forces and make a new distribution called Sony Linux or something...)
This breakin at Microsoft also says something for off-site workers. As a consultant, at times I do work off-site, and I see some interesting effects in the worst case. Since the intruders appeared to the security logs as employees simply working off-site, security overlooked them for three months. For three months the intruders worked, doing only God knows what. (Like I said, there's been no real definitive proof to surface yet except for allegations about what "might have" and "could have" and "appears to have happened"...) But I still think this might produce some chilling and overly restrictive corporate policy changes on working off-site.
I'm betting that nothing really serious did happen; I'd bet that the intruders only want to sit down and see how long it would be before someone noticed. In three months, you could cause all sorts of chaos for Goliath in his own camp. Blow out a few torches, bring down the mainframes, format a few servers, knock out corporate E-Mail, shut down all the domain controllers. (That latter one would be VERY interesting, believe me.) Maybe I'm wrong; maybe something serious did happen (not that a break in of this size isn't already something serious in and of itself)... I just want proof before I start my panic run. (Which, for me, consists of about 2 minutes of hyperventilating. *grin*)
Enough rambling...
Send bug fixes to MS... (Score:2)
- Isaac =)
Hacking the old IBM PC (Score:2)
And thus the IMB clone of the PC architecture was born.
If they hadn't taken these precautions they would have been sued into oblivion by IBM and all PCs would be IBM PCs to this very day.
Take the high road, guys... (Score:3)
Here's the chance to publicly say "even if it was offered to us, we wouldn't take it." That kind of corporate-espionage B.S. belongs to a totally different world. Open Source is a philosophy, let it live and or die on its own two feet and by its merits.
Showing the world the kind of class that Microsoft never had and never will should ratchet the public image of slashdot types way up, and counteract those stupid and offensive "hi! I'm the fat black hacker guy who has your credit card!" commercials...
Re:How would QAZ work (Score:4)
Frankly, I'll be surprised if they got anything more sensitive than a newer build of Whistler.
--
Re:How QAZ works (Score:3)
[...] W32.HLLW.Qaz.A was first discovered in China in July of 2000. W32.HLLW.Qaz.A is a companion virus that can spread over the network and also has a backdoor that lets a remote hacker connect to and control the computer via port 7597. Since the virus does not have the ability to spread to computers outside the network, the virus might have originally been spammed out by email.
Sorry, no. (Score:5)
Who said anything about an open port?
I'm sorry, but to a determined hacker, no firewall in the world will be able to stop a properly-written trojan.
First, you're assuming that the trojan simply opened a telnet port and waited for connections (al-la backorifice) - a firewall (or more correctly packet filter) would solve this, but there are LOTS of other ways a trojan could have operated.
Let's look at some of the other ways to get in from the outside (Just off the top of my head):
The bottom line is that packet filters aren't the final solution to security - they are certainly a part of any good security plan, but relying solely on them won't protect you from someone who really wants into your network.
trade secrets mean... (Score:5)
In a nutshell,(TM) I thought that once a trade secret slipped out, it was no longer protected by law. Can someone who IS a lawyer comment on this? Is it true that it doesn't matter HOW a trade secret is divulged?