The Windows 2000 source code is pretty much public anyway, all the top Computer Science departments in Universities already have it. As well as other companies allied with MS.

It probably leaked from one of those companies, only takes one disgruntled employee to copy some files and put them on a P2P.

On the point of Windows source code finding its way into open source projects:

I would be very surprised if anyone does this. It just wouldn't make any sense to try to compile Windows source under Linux. Most of the Windows source is littered with calls to Windows API calls (and so on and so on). How could you hope to get this to compile without implementing all those functions?

The best way to use this to your advantage is to extract a design from the source and write your own version. Would the resultant code really be subject to copyright? Everything I've read up until now refers to copy and paste of code as a violation of copyright. I've not read anything referring to the copyright of the IDEAS in the Windows source code.

Unless someone can prove otherwise, I think the whole notion of Microsoft using the leaked source as a weapon against open source is pure hype.

Has anyone here actually READ the Windows source code??!!!

Nicely said Peter. The bottom line is that we have two approaches to security to consider. The open source approach is based entirely on the quality of the code. The more people who "see" the code, the more "secure" it becomes.

Then we have the shared source approach where security by obscurity" is the rule of the day. Only a privileged few are selected to "see" the code. The operative equation being the fewer people who "see" the code, the more secure it is. One things for sure, the code that was released does not qualify as quality code. Over at Slashdot they're laughing their asses off. So perhaps it's a good thing Microsoft is careful in their selection of marketplace "winners" and "losers". Otherwise "shared source" would be everywhere, if only for the entertainment value.

In their first quarter filing last year, Microsoft stated that one of their more difficult revenue challenges was to upgrade over 350 million Win9x installs to XP. (USAToday has put the number at 400 million.) They realize that they can't maintain their growth rate based on new users. The installed base has to be churned. Once churned, revenue stability is assured by new licensing schemes and a cascading design of interlocking interfaces and interdependencies that bolt next generation collaborative computing features across an entire stack of XP servers, desktops, applications, devices, frameworks, and developer tools. Want to use the latest greatest features in MS's XP only Office System? You'll need XP Server 2003, XP Sharepoint, XP Collaboration Server, XP ......

From a marketing point of view, Microsoft has to ask themselves the basic questions as to what compels the installed base, the great monopoly, to upgrade? Killer applications that demand more horsepower is one reason. Seriously improved features and dramatically increased stability in existing products is another. (Indications are that existing, all ready paid for features are good enough, and over the years of marching on the costly upgrade treadmill, users have accustomed themselves to unstable performance.) A third reason would be improved security. A fourth would be a corollary to improved security. The end of life withdrawal of critical security patches.

We've already seen that EOL (end of life) plans can be changed and juggled to pacify an oft angry and increasingly demanding user base. The great herd that makes up the Microsoft monopoly is determined to move at their pace, on a time table that meets their needs. Not the needs of Redmond's quarterly reports.

Rightfully jaded and cynical after years of witnessing a veritable crime wave of reprehensible and often illegal business practices, i find it hard to see this recent release of source code, intended or not, as anything but an opportunity for MS to churn the installed base of over 350 million users. And for Microsoft, this opportunity comes none to soon. Before this year is out, an alternative Linux solution will attain desktop friendly consciousness. The battle for the great herd will be joined.

~ge~

The source code leakage has prompted some bizarre responses which I'd like to consider.

Firstly, the source code would have been leaked from one of the many hand picked ISVs that MS has chosen to reveal their source code. Would this have been done for reasons of ideology? By someone who secretly harbors pro OS source views? Yes, sure.

Secondly, MS hasn't shown any tolerance for Free/Open source software nor any company that competes in the same market. The "Halloween Documents" indicate how fundamental to MS is their hostility to Open Source. Their subsequent strategies aimed at pouring scorn and vitriol on GPL are further evidence of this. I think it naive to suggest that the source code leak will make life tougher for the Open Source community.

Thirdly, the idea that the leak was part of some sophisticated conspiracy designed by MS is nutty. The core of NT, Win2k, 2003 and Longhorn is the same. They all share the basic design conceived by David Cutler (the same guy that designed VMS). Longhorn will have lots of new code but it will still have lots of the 2003 code in there. DWORDs may become QUADWORDs and Win32 will not be the native API but much of the logic will remain the same. The idea that MS are throwing away the NT source code base implies that Longhorn will be entirely new -- it isn't, consult the beta reviews.

Fourthly, it is not true that all of the MS OS were designed for the desktop. There were two distinct streams of development in Redmond until quite recently. These were the MS-DOS/Windows 1-3.1/Windows 9x/ME group on the one hand and the NT 3.1/4/2000/XP/2003/Longhorn group on the other. NT was designed as a server OS, as was 2000. The desktop versions of these are merely feature limited versions of their server counterparts.

Fifthly, the leak will effect security in a quantitative rather than an qualitative manner. We already have a steady, regular stream of defects being discovered and exploited. The availability of source code will only increase the frequency with which exploits are discovered. The good reverser can do quite well with the PE files, only its a rather labor-intensive process. The source code will make the hackers job easier, more pleasant. The hacker will still need to perform disassembly but only to check that source code hasn't changed.

Sixthly, both Linux and BSD -- two Open Source OSs -- are used in trusted, security critical settings. If the leak is a disaster for security it would only because the emperor indeed has no clothes. Security by obscurity -- which is what those in moral panic are implicitly appealing to -- is a poor form of security, as amply demonstrated by the many hackers and reversers that don't have the source code.

Seventhly, I feel that the fear that the leak will threaten the /detente/ between MS and Open Source is entirely imaginary. MS hasn't, doesn't and never will have any tolerance for Open Source. MS is a nasty company. Bill Gates is no different from the robber-barons that featured in the early stages of North American capitalism. Microsoft behaves as all monopolies behave.

Eighthly, MS selectively releases its source code to ISVs. In this manner it picks winners, it decides which MS OS third-party developer wins in the apparently "free market". The truly independent ISV that develops system software for the MS OSs is at a distinct disadvantage. This is fundamentally unfair.

Ninthly, MS have behaved in a most odious and unconscionable manner towards end-users, MS certification holders, ISVs, developers, administrators and competitors. Are they not deserving of this disaster? Am I the only one that has tired of their games, scheming and hubris?

Pe

I don't believe any open source developer had anything to do with the code leak, but I just hope that none get it thrown in their faces, either. We all need the key Linux/Gnu/Open____ community to be able to say they've never even been near the stuff (unlike, alas, the user side of the Windows desktop) even if such exposure was against their will.

Remember that the Macintosh source was released several years back. It had no effect on Linux, although we can't verifiably say the same about some development teams in Redmond. If anyone inserts thais buggy batsh!t code into Linux, it will probably be someone from the SCO group.

Just for myself, though, I have a gnawing curisoity. I don't want to see any of the executable code, though, just the comments. There just might be stuff in there that would make the BOFH look tame.

I just discovered linux a year and a half ago. Open office, the rest is history, I'm not a rocket scientist, actually a "housewife" with some college, very little computer related and the computer was as big as a piano!
Tis sad that something is threatning my little fat penguin buddy. I believe for one that microsoft may have done this supposed source code leak (why now??) deliberately in an effort to squelch any growing support for open source. Let's face it, software isn't a car---no parts we have to buy but a computer to write code on and some cds to burn it on and we have our own little software factory. Problem is someone has/had a monopoly on most of the os in the world at one time. When a monopoly is threatened we know what happens usually. Commercials haven't helped microsoft, neither have shows, press conferences or whatever else they have tried.......... Open source is not a monopoly, it is the opposite, even though some of it is proprietary the code is still free that was free, that is the gist of the license or constitution if you will.
I compared this supposed slip of code earlier in a mailing list to Nazi Germany, not as serious perhaps but nobody believed our dear old friends/relatives from Germany could be dealing underhandedly at that time either.
I believe a better comparison may be the Revolutionary War, basically we are tired of being taxed for the priviledge of using our own machines to do new and wonderful things. Windows xp on this machine probably cost microsoft $5.00 perhaps $10, I know it was not too much more because upgrades were available for the miserable few that had windows ME for $34.00. Windows xp home is still around $100 as are most of the other os, even the ones that will be useless soon (planned obsolescence) 98, ME, 2000, and why will they be useless?? Because they have security loopholes and since microsoft has the code no one could figure out what had been breached when a virus did strike except microsoft. Without support for these os they will be sitting ducks for the virus writers and hackers of this world. In no way am I advocating the leak of the code. Sharing would have been nice at some level??

During conflicts all sorts of horrible stories are perpetuated upon the other side in the name of propoganda. I thought I was being paranoid about the supposed "leak" but others evidently feel as I do, and after the supposed attack upon SCO by a linux user (or a Russian, take your pick), the number of companies coming forth with plans to adopt linux as at least an alternate os and develop drivers for the os, the burgeoning number of people who are even aware that there are alternatives to windoze, -----what makes more sense than microsofts code gets released?? Will they use it for the good of mankind and say what the hey, we can still make a profit if we open it up?? I seriously doubt it. Will they use it to their advantage in the battle against linux and the various mac os?? It would surprise me if they didn't.
What has linux done wrong?? I can't recall stealing source code, I have enough problems with automating my start up preferences. I just hope everyone realizes how ridiculous it is to first lump virus writing on a group of people and then to even think that a bunch of underpaid people who have a consuming hobby to develop programs and os and give them away mostly for the pure joy of developing them and using them and then doing it again, would even think about stealing source code?? Yes it's attractive, does it do any good?? No, it can be tainted very easily now, will probably cause cross platform development to come to a standstill now at the very least. At the worst it will be turned into a propoganda campaign against the open source world or some open source code will be in the ms code and they will try to claim it as their own. Which is just about like me trying to get paid for running my mouth.
We linux people would just like things to be free and easy, or at least affordable, I just bought a mac, can I network with xp?? Nope, because it's xp home. Have to upgrade surprise surprise. I tried networking linux and windows xp, linux could see the shares on xp home just fine, xp wouldn't even recognize there was something knocking @ it's network door. Windows xp home is rather a bigoted os in that it only conects to windows xp home happily, I'm no newbie but gave up on a parallel connection with windows 98. I ask you, which is the superior operating system?? One that offers multiple platform connctivity or one that is built on isolationism and world domination?? or was that Britin circa 1776 or Germany circa 1939??
Liz

Damn those guys in Redmond are clever! Unethical, but oh so clever!

The facts are that Microsoft's entire product line was developed for a personal computing architecture. Clearly they are having problems moving from the vision of their early roots to that of a networked world. Microsoft systems are inherently insecure the moment they connect to any kind of network because they were designed for a different purpose. Maybe when all the talking about Longhorn ends, and the new architecture is finally released, Microsoft will be able to transition the user base to a truly network platform. But that's a ways off. And there are so many quarterly reports to be filed in the meantime.

The truth of this dilemma proves itself on a near weekly basis at incredible cost to the great monopolized herd of Windows users.

So if they can't "fix" the fundamental design flaws of their pc oriented architecture, the marketing masters of Redmond had to come up with perception fix. With this strategic leak of source code, Microsoft can now shift the "blame" to open source evil doers. It's brilliant!

Instead of the great herd blaming Microsoft for selling them shoddy products, that they are unable (or unwilling) to "fix", Microsoft can now point at evil free grazing robbers who have no respect for intellectual property (i.e. shoddy, half baked, woefully insecure and hap hazardly constructed software products that should never be connected to a network without the cover of a enormously precautious shell).

We all know Microsoft has two very big problems. One is security. The other is convincing an angry user base of over 450 million users to upgrade to the next generation of profitable products. When it comes to basic product features, the great herd is quite satisfied with the applications and systems they've already paid for. Except for one thing - security! They're mad that the products Microsoft sold them are so susceptible to misuse and abuse of all sorts. Susceptible the moment they connect to other computers.

So the challenge for Microsoft is to get out from under taking the heat, er, responsibility for their products, while shifting the blame to the only meaningful competition left standing. And do it in a way where the great herd finally accepts the bottom line engorging argument that the only way to resolve the security problems of end of life Windows systems is to upgrade enmass.

Of course Microsoft will officially downplay the "security" concerns about the released code, while putting the blame on open source evil doers who have no respect for intellectual property rights. The tech press has already taken the bait. We are guaranteed that from this day forward there will never, ever, be a MyDoom type story in the press that doesn't reference the release of this code as the problem. Security pundits and techsperts of all sorts are already preparing their power points and bulletin templates with this soon to be boilerplate message.

It's brilliant. The strategic release of this code paves the way for moving the installed base. It is exactly the woeful insecurity of those 450 million plus legacy Windows systems that will provide the impetus for force marching the great herd to the tightly bolted Windows XP Stack, rife with patent restricted interfaces, and yearly subscription licenses. A whole new generation of lock in, perfected at the expense of the only meaningful competition left standing - open source communities.

It's brilliant! It's end game.

~ge~

YOU DONT HAVE ANY SENCE IN SECURITY IN TODAYS WORLD.NOW THE TECHNOLOGY IS SO HIGH THAT YOU CAN MAKE SOFTWARE OF YOU OWN YOU ARE NOTHING MICROSOFT I WILL TAKE THE REST OF THE SOURCE CODE FROM YOU I AM DAM SURE ABOUT IT I WILL . BE WARE OF HACKERS HE IS IN YOUR SYSTEM THE IS NO WHERE TO HIDE . WE ARE COMMING . IT IS THE END OF THE MICROSOFT

No. MS can NOT change its primary personality it had from the very beginning. Which means they will DEFINITELY try to sue the pants off every developer who brings the L*nux-MS-Interoperability a little bit further. Claiming that every single char in his source code were originally MS's for decades.
MS fights on war grounds they know the best. An this is out of the coders' boxes and into the lawyers' libraries and into the courts.
Oh no.