Microsoft Source Follow-Up 1090
shystershep writes "It's official. Microsoft admits that 'portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet.' No more details, although it seems clear that it is only a portion of the code. Microsoft is, naturally, downplaying its impact, while everyone else is busy speculating about how serious this could get." A lot of you apparently haven't read yesterday's story. An investigation of the code is already underway.
Source of the leak (Score:5, Informative)
I wonder what the final MS press release will name as the cause. "Evil Linux Hackers", perhaps?
BBC Q&A (Score:5, Informative)
Microsoft has said that this represents about 15% of the total source code for the operating system. It is not enough to recreate the operating system.
Re:So the question is (Score:5, Informative)
Re:source out on the open (Score:3, Informative)
Re:Of course! (Score:2, Informative)
Yet if you read yahoo news, they acctually mention that the amount of souce code that was "released" was acctually closer to 650meg. you can read it here [yahoo.com].
making todays statements mostly obsolete, or just re-hashes of older comments (wow its already a re-hash, noi pun intended)
wu-ftpd vulnerability strikes again! (Score:2, Informative)
Clues to the source code's origin lie in a "core dump" file, which is left by the Linux operating system to record the memory a program is using when it crashes. Further investigation by BetaNews revealed the machine was likely used by Mainsoft's Director of Technology, Eyal Alaluf."
Wow, Microsoft's first source code leak in history came from running Linux. And they traced it because Linux's core files make forensics trivial!
I'm betting there's a lot of folks in Redmond right now saying: "who the hell decided to put Windows code on a Linux box?!!!"
P.S. Eyal is screwed, right?
Re:source out on the open (Score:5, Informative)
Source was Mainsoft - and from a Linux machine (Score:5, Informative)
Mainsoft specialise in cross-platform development, enabling devlopers to develop using MS tools for deployment on *nix. Interestingly, for the conspiracy theorists, their previous mentions [slashdot.org] on /. date from 2000 and center around rumours that they were porting Office and IE to Linux. More news on the leak from Internetnews.com [internetnews.com] and The Register [theregister.co.uk].
The code is said to be W2k-SP1.
Re:So the question is (Score:4, Informative)
The Windows 2000 code is a 203MB chunk that expands to about 600MB - enough to fill one CD.
Microsoft has said that this represents about 15% of the total source code for the operating system. It is not enough to recreate the operating system.
What's vague about this ? I agree they don't say WHICH 15%, but it's clearly win2k they are talking about.
Re:Lesson for the kids out there (Score:4, Informative)
Re:Swearing? (Score:5, Informative)
43
$ grep -Hirn " shit "
14
And one occurrance of "piss". There're more, but I''m not spending more then a minute on this.
Windows developers do not read GPL source (Score:2, Informative)
'Independent invention' generally does not happen in the domain of copyrighted works -- if the developers of B have never read the source of A, or anything derived from A, it's pretty sure that B will not look like A. Thus, if Microsoft's employees and contractors follow their policy, then no Windows code will look like any GPL code, ever.
What about the .eml files? (Score:5, Informative)
Re:So the question is (Score:5, Informative)
The Kiss of Death (Score:3, Informative)
Re:Is there any GPL Violating Software in it? (Score:5, Informative)
If they're using GPL code, yes. They already use open source code, and admit it freely - however, it's licensed under the BSD license, and hence can be distributed in closed source systems.
(Someone correct me if I'm completely wrong, but I think that's right).
Re:So the question is (Score:3, Informative)
I agree the form is of a joke, but the message is the more important part:
So remember folks, don't download it, or look at it, or attempt to build it! It is evil, and answers only to the hand of The Dark One.
Unfortunately, sending one copy to the fires of
Re:Open != Secure? (Score:2, Informative)
In theory, open-source should be more secure because it can be fixed by anyone. This leaked-source cannot be fixed by anyone but Microsoft, but can be exploited by anyone.
Re:a favourite from tweakui.h (Score:1, Informative)
Re:You Should Not Be Cheering (Score:3, Informative)
When would people stop this bullshit ? This has been answered by many. I would repeat it . Why there is more vulnerability/attack against IIS than Apache ? why track record of IIS is worse than Apache? I am not saying that bigger install base is not a reason for microsoft to be targetted more. But its just ONE OF THE MANY reasons and not the prime one even.
Re:source out on the open (Score:3, Informative)
You can [everything2.com]. The first part, at least.
More details on the Linux machine analysis... (Score:5, Informative)
DOWNLOAD IT HERE (Score:1, Informative)
Re:Security through obscurity? (Score:3, Informative)
If they can't even trap and raise errors correctly I can't begin to imagine what a mess some of that code must be like inside.
Re:Winsock API Included. (Score:4, Informative)
Re:Winsock API Included. (Score:5, Informative)
Of course there are. This source code leak came from a company who ports Windows software to Unix.
Re:alternate universe (Score:2, Informative)
Music and literature are art. Code is not art, despite what many think. Its not subject to the same rules. Its more than just copyrights; its patents, trade secrets, et al. Look into Source code and free speech. Wikipeida [wikipedia.org]provides an interesting read about source code and free speech.
THAT old saw again. (Score:5, Informative)
The judge is such a case is unlikely to order MS' codebase GPLed. MS would have to either put out a sanitized patch for the code in question or pay the developers for an alternative license. The exact circumstances of the case would determine what if any punitive damages MS would have to pay in addition to recompensating the developers.
MS would have the OPTION of making the entire contaminated codebase GPLed to satisfy the license but I doubt they would take that option. They could do it for the FUD value but since the aggrieved FOSS project wouldn't accept that as a settlement, MS would just have to do something else. Imagine that! A FOSS project could rule out an MS product being GPLed to PREVENT harm to a project or FOSS in general.
Re:More FUD within FUD? (Score:4, Informative)
What would the Microsoft source code be doing on a Linux machine? Mainsoft ports applications from Windows to Unix, not Linux. IE and WinAmp are two examples that they've ported.
Umm.. did we not click on our links today? The article linked to has a big, fat link to the MainWin product page [mainsoft.com] which states, in part:
I think it's certainly safe to assume that they were compiling on a box.
Re:Winsock API Included. (Score:1, Informative)
Eyal Alaluf! http://www.mainsoft.com/images/exec_profiles/Eyal
So much for "Security through Obscurity" (Score:4, Informative)
First, just because you can see the code does not make a product less secure (in theory anyway). With Open Source Software, everyone can see the code and find flaws, but anyone can also submit a patch to fix the flaws.
With this Microsoft source code, anyone can find flaws and security issues, but NO-ONE would dare to send Microsoft a patch in fear of litigation.
Re:You Should Not Be Cheering (Score:3, Informative)
Yay for ignorance! Alive and well on Slashdot!
Quick! Give me an answer as to why the juciest targets are almost all running Linux/BSD/Unix but a bunch of crappy Windows machines with no strategic value what-so-ever are the constant victims of widespread, non-spam worms and viruses (I'll give benefit-of-the-doubt to Windows in the case of spam worms because of the need for wide deployment which makes Windows the perfect target)?
Oh, you can't give me an answer? That would be because no matter how hard you try, Windows is a homogenous environment with minimal control given to the system owner, whereas the *nix philosophy of piece-mealing a system means it's difficult to find well-maintained *nix systems that are reasonably similar such that a single exploit would work effectively across all of them. This is something *nix figured out 25 years ago. It's something Microsoft is just beginning to understand and incorporate into things like Win2003.
Oh, and of course there's always the fact that Windows is built on an inherently flawed philosophy of consumer marketability above all other concerns. Translation: If you care about network security, Windows sucks. Deal with it. Stop making unsubstantiated, lame brain excuses that don't even have so much as anecdotal evidence to support them. I'm tired of making excuses for it. Again and again Microsoft has proven that they can't be trusted when security is of any concern at all. If you can't recognize the pattern they developed over the last 15 years for themselves, that's YOUR problem, but don't bring your apologizing attitude over to Linux which has a pretty damn good track record.
I'll bet MY bottom dollar on all of THAT, thank you very much.
Re:This may sound crazy, but M$ would likely gain. (Score:1, Informative)
Won't be much time differential anyway... (Score:1, Informative)
Re:Entertainment value of media "experts" (Score:5, Informative)
It should be noted that the Didio quote as since been removed from that article, but here it is for those who missed it. Don't ever forget this one, this is straight from Yankee Group [yankeegroup.com] and they should not be allowed to get away with it without a public apology IMHO:
"With the open source community, there are a large percentage of tinkers and 'ankle biters' who are trying their hand at hacking. Some are even communicating with each other. So it only takes one or two of these groups sharing information to be able to pull something off. When you have this type of passion, it's hard to fight because these people are like virtual suicide car bombers."
Is this people you'd want to buy services of? I don't consider myself "PC" in the least, but this is so fucking wrong and off the track it's not funny.
Re:A question about source and product size (Score:2, Informative)
Microsoft does have its own proprietary file compression format called ".CAB" file that can hold amazing amount of stuff. I don't know what the ratio is, though.
But since all their work is closed-source, we are ultimately speculating.
Re:Entertainment value of media "experts" (Score:5, Informative)
Media Relations and
General Inquiry
Kim Vranas
Director of Marketing
kvranas@yankeegroup.com
Voice: 617.880.0214
Fax: 617.210.0014
MainSoft statement (Score:5, Informative)
Statement to the Media Regarding Microsoft Source Code Leak
Mainsoft has been a Microsoft partner since 1994, when we first entered a source code licensing agreement with Microsoft. Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognize the gravity of the situation.
We will cooperate fully with Microsoft and all authorities in their investigation
We are unable to issue any further statement or answer questions until we have more information.
From Mike Gullard, Chairman of the Board, Mainsoft Corporation
Re:Traces back to Mainsoft? (Score:3, Informative)
Re:Winsock API Included. (Score:5, Informative)
Statement to the Media Regarding Microsoft Source Code Leak
Mainsoft has been a Microsoft partner since 1994, when we first entered a source code licensing agreement with Microsoft. Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognize the gravity of the situation.
We will cooperate fully with Microsoft and all authorities in their investigation
We are unable to issue any further statement or answer questions until we have more information.
From Mike Gullard, Chairman of the Board, Mainsoft Corporation
MS is getting what they signed on for (Score:2, Informative)
It is impossible for every company to be unhackable and have every developer be moral and ethical. We already discussed that programmers leak confidential information about abused welfare children, Apple system APIs, and that large companies like Valve can get hacked and lose the source to a video game with huge development costs. Isn't it safe to say that the leak of this source is innevitable. I would be really interested to see if a lawyer could prove that this is an innevitable incedent and MS should have assumed a liability like this would occur. What were the minimum req. of the code repository and network security?
The other side of the coin is that MS can sue Micro**** that leaked the code for the 3 years of support on W2k that they are going to be at risk with over possible security threats because any hack can now create breaches in security, with the ability to see where buffer overflows are created in the code and such.
Re:alternate universe (Score:4, Informative)
Re:alternate universe (Score:3, Informative)
In the realm of natural language, there are literally thousands of ways to express similar ideas. Music is slightly more limited, but still has at least hundreds (if not thousands) of valid permutations for melodies within the same key.
A good programming language may give you as many as three or four different ways to do the same basic thing. You might wind up with a couple dozen different useful algorithms for the same function, but probably only one or two will emerge as clearly superior in speed, stability, and flexibility.
Therefore, it is far, far easier to "accidentally" duplicate code than a song. And it still happens in music... people hear a song, and then a while later subconsciously imitate it when creating their own music. They may have it come back to them in a dream and never realize that it's based on something that already exists. And copyright cases have been lost over such things.
Market predicts it? (Score:3, Informative)
But just looky at the MSFT [barchart.com] chart, specially if compared with the S&P 500 chart plot [barchart.com] for the same period.
MSFT has dived a whole 10% in one week.
Yes, it's nothing as obvious and strong as the September 10th mini-crash, but leaked sources don't exactly mean the same as the world as we know it being under attack.
Just clicky the charts.
This Sentence From The Investigation: (Score:2, Informative)
BWAHAHAHAHAHAH!!!! They're using a Linux box to write Windows-compatible code? Or maybe it's their CVS server?
My real question is:
Has anybody examined the Windows code to see HOW BAD IT IS? I mean, with all those 24-year-old Windows programmers Bill hires, I'd like to see the code quality.
Re:Is there any GPL Violating Software in it? (Score:3, Informative)
Is one person going to take all of the heat and "find" all of the GPL code, or would the courts rule that it was inadmissable as evidence or something?
Re:Windows developers do not read GPL source (Score:3, Informative)
Re:alternate universe (Score:4, Informative)
Gah! I know it's OT, but I can't stand it anymore!
The legal protection for creative works is copyright, as in the right to copy. A work that's protected by copyright is said to be copyrighted
Someone whose job it is to write advertising material and press releases, which writing is commonly called "copy" in those businesses, is a copywriter. Such copy isn't said to be "copywritten", but merely "written". There's no such word as "copywritten".
Someone whose occupation it is to create a thing is called a "wright", as in "wheelwright" or "playwright". (No, not "playwrite". Yes I know that plays are written down, but that's not what we say.) "Wright" here is related to the past tense "wrought", which we almost never hear nowadays except as an adjective, as in "wrought iron". There's no such thing as a "copywright".
Thiests & Science (Score:3, Informative)
What the theists say (and what you claim in your last paragraph) is true. BUT 99% of science is like that. The vast majority of science is THEORIES (not laws; not facts). You cannot really "prove" many things. For instance, can you prove that the radiation and light emitted by the sun is due to nuclear reactions occuring within the sun? Not really. We have never gotten through the surface (any probe will melt long before it gets through the surface). All we have are theories. For all we know, there might be some aliens living in the center of the sun might be responsible for relasing the radiation and heat.
Can you prove that the techtonic plates underneath the surface of the earth causes earthquakes? Not really. It's just a theory. It's based on our best understanding.
Can you prove that matter is made up of particles? Not really. It's all based on indirect observation and theories. The way things are going, it might even be so that particles don't exist*; all you have are strings. Strings cannot be "proven" but that seems to be our best theories right now (actually, strings haven't been widely accepted yet; however, I expect them to be accepted within 20 years).
The same thing goes for theories relating to biology. Yes, you cannot prove the theory of evolution, natural selection, or anything like that. But that's our best models.
So the point that you are making (i.e. need to emphasize appearance) is totally irrelevant. Stricly speaking, 99% of science is appearance. If you follow the path of science, the theist argument of "evidence" is moot--because you hardly ever prove anything (even observational evidence can be wrong). If anything, the theists will disagree EVEN if someone observed it. After all, theists still don't support the view that the universe is billions of years old (religion says a few thousand (Christianity) to a few million (hinduism)--all wrong).
FOOTNOTE:
* By particles not existing, I'm referring to the view that everything in the universe is composed of strings (re: superstring theory; M-Theory). What we thought of as particles are the results of the oscillation of the strings. NOTE: I'm not a scientist but that's my understanding of it.
Sivaram Velauthapillai
Re:You Should Not Be Cheering (Score:1, Informative)
Working torrent for NT source (Score:2, Informative)
windows longhorn source code (Score:1, Informative)
edonkey/overnet url:
ed2k://|file|windows longhorn build 4008 source code (partial ).rar|1357906140|dba2a19a3c822837ad6ade3b7f178862
I don't know of any torrents. If anyone finds one, please reply to this post with details.