decoration decoration

When you want to know more...
For layout only
Site Map
About Groklaw
Legal Research
ApplevSamsung p.2
Cast: Lawyers
Comes v. MS
Gordon v MS
IV v. Google
Legal Docs
MS Litigations
News Picks
Novell v. MS
Novell-MS Deal
OOXML Appeals
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v Novell
Sean Daly
Software Patents
Switch to Linux
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.

Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal

User Functions



Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

No new stories

COMMENTS last 48 hrs
No new comments


hosted by ibiblio

On servers donated to ibiblio by AMD.

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Friday, February 13 2004 @ 06:18 PM EST

I saw some fine articles on copyright and patent law by Dennis S. Karjala, who is Jack E. Brown Professor of Law, at Arizona State University's College of Law, and because this is his area of expertise, I asked him if he would explain for Groklaw's readers what issues there might be for programmers who see the leaked code even inadvertently and what the impact of this leak might be on Microsoft's code. He graciously agreed. Here is his explanation. Thank you, Professor Karjala. UPDATE:Note that Steven J. Vaughan-Nichols is urging programmers not to look at the code.


Media reports say that portions of Microsoft's source code for Windows have leaked and found their way onto the internet. Is this now an opportunity for would-be cloners of Windows to find out how it really works and make their own, let us assume noninfringing, operating systems that are Windows compatible? Or would any such attempt be a violation of Microsoft's copyright or trade secret rights, subjecting such a competitor to suffer the legal wrath of Microsoft's litigation teams?

Without knowing more of the facts, the answer could be, "Both." To the extent that source code is now being widely distributed over the internet, horn book trade secret law would say that Microsoft has lost its trade secret rights (although it may have a claim for damages against the leaker). The code is simply not a secret any longer, notwithstanding Microsoft's best efforts (let us assume) to keep it so.

Copyright, however, poses a different problem. Every transfer of the code on the internet, and indeed every use of a computer to look at the code, involves making a technical "copy." Courts have fairly uniformly held that such technical copying - made necessary by digital technology - infringes Microsoft's exclusive right to reproduce the work in question (here, the Windows source code, a literary work). Absent fair use, anyone who causes his or her computer to put the code onto the screen (or to print out the whole version) is subject to all of the draconian remedies of copyright.

On the other hand, it is still not yet an infringement of copyright simply to read an infringing copy of a work (unless perhaps you break through a technological measure designed to control access to it, which would invoke the DMCA). If someone, without any involvement by you, prints out a copy of the source code and sends it to you, or if you just happen to find such a copy lying around somewhere, reading that copy does not infringe any Microsoft copyrights. (Conceivably, if someone has independently called the document to the computer screen and you happen by and read it after it has been stored in RAM, you are equally in the clear.)

Depending on how far the distribution goes, it seems to me likely that both of these scenarios will take place. Whether Microsoft will go after the infringing ones, especially after infringing hard copies become widely available for noninfringing study, is difficult to predict. But this is in any event unlikely to stop development by others working from illegally made copies that they had no part in making. If that is the case, this event may actually lead to a lessening of Microsoft's strong grip on the PC operating system market.

Copyright 2004, Dennis S. Karjala
Jack E. Brown Professor of Law
College of Law, ASU


The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq. | 379 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: kpl on Friday, February 13 2004 @ 07:06 PM EST
It's been said before, when M$ source code has been<br>
stolen, or leaked, and I echo it: I wouldn't touch it<br>
with a ten foot pole, why? It taints me for future<br>
coding jobs. It may have been RMS or ESR who said<br>
this prevously, I can't recall now. If you're a coder<br>
and you are presented with the opportunity, do yourself<br>
a favour, don't!!!<br>

mv sco /dev/null

[ Reply to This | # ]

I am sorry guys, I am posting it everywhere but I want this one to be noticed.
Authored by: roman_mir on Friday, February 13 2004 @ 07:12 PM EST
I am sure that all of you would agree that the free software community has been facing some bad publicity since the entire SCO incident started about a year ago. I am also sure that when the SCO goes away another publicity stunt will be performed by some other corporation or an entity that could potentially cause more trouble. An earlier article on /. reminded us that there are other dangers that could stall the development of free software projects - an illegally distributed application source base can become the next battlefield for the free source community. Whether this source code could be distributed with an intent to contaminate is not the issue, the issue is that it is important to convey the message to the public that this community does not want to contaminate its source code with proprietary software. We know that the Linux kernel for example is maintained by a group of people who would never want to be faced with the problem of proving in the court of law that their creation is really their own code. What about other projects? How many lawsuits are comming towards this community? I do not know that. But I understand that some preventative measures should be taken, some measures that will clearly display that this community wants free software and free software will not be stolen from other source bases.

How can this be ensured and how can it be easily shown in a court of law that this community takes copyright issues seriously? One way that I see is to set up a server that runs the comparator by ESR against any new submission to any open source project against any code released either by mistake on with malice by a closed source vendor.

This will help to identify copyright problems before they arise. Of course to have a proprietary source code base on this server would probably be illegal in itself but it is unnecessary to have the proprietary source code, all that is needed is a set of hash-keys that identify that source code.

How could this work? A copyright protection server (CPS) would have hash-keys supplied by different vendors of software that falls into various categories and the free software projects are also divided into these categories. Let's say there is a free software project that deals with image manipulations. The CPS would run a hash-key generator on the new code submission and then would compare the generated keys with the keys supplied by Adobe or other companies specialized in image manipulations. Of-course the closed source companies would have to run the hash-key generators on their code and supply their keys, and someone has to tell them to do that, but if it is done right then the following would happen:

1. The Free Software community would have better protection from inappropriate code submissions. 2. This can be publicised and shown that the Free Software community takes their work seriously and goes to the great length, much more than any corporations to make sure that their code is Free and free of inappropriate submissions. 3. In a court of law this can be very useful, it shows good faith on the part of the free software community. 4. This would make it easier to also figure out whether the closed source vendors are misusing GPLed software :) 5. This makes a nice project that can be commercialized (with all the lates IP propaganda and lawsuites.) 6. This hopefully will prevent many possible infringement claims.

Well, this is just a thought, but I think this kind of verification will become part of reality at some point in the future, given more lawsuites.

Any thoughts, comments, suggestions, ideas?

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Friday, February 13 2004 @ 07:13 PM EST
It seems disengenious to talk about reading and copying as if they were
different, when in fact for computers (certainly web browsers) they are
effectively synonymous. Similarly, if someone reads something, and then manages
to recall it, they have a copy in their own head. (Perhaps we should all be
sued for having produced copyright violating copies of those obnoxious
advertising jingles that stick in your head.)

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Friday, February 13 2004 @ 07:19 PM EST
I do not buy it, not at all.

Songwriters are not "tainted" because they've listened to the radio,
gone to concerts, or even, downloaded songs from the internet.

Novelists are not "tainted" because they've read books, visited
libraries, or even looked over someone else's shoulder while they were writing.

Tell me again what makes programming fundamentally different from those
professions? And how does that jibe with "equal protection" doctrine?

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: phrostie on Friday, February 13 2004 @ 07:24 PM EST
Best to just stay way from it.
then it is a non issue.

Oh I have slipped the surly bonds of DOS
and danced the skies on Linux silvered wings.

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Jude on Friday, February 13 2004 @ 07:27 PM EST
I can't help but wonder if this "leak" wasn't deliberately engineered,
in the hopes that some of that code would find it's way into FOSS projects.
Microsoft could then pull a McBride, and I'll bet they wouldn't go off
half-cocked like Darl did.

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: sam on Friday, February 13 2004 @ 07:30 PM EST
Microsoft did this on purpose while claiming error using some supposedly old
depreciated code hoping that some of it finds its way into linux so that they
can FUD another cloud on Linux. See, SCO ain't doing so well and longhorn is
still aways off.

What's a tinfoil hat?

[ Reply to This | # ]

Seriously, why would we WANT it?
Authored by: Anonymous on Friday, February 13 2004 @ 07:42 PM EST
Linux has gotten along just fine until now without needing to refer to copies of
Windows NT or Windows 2000 source code.

Even open-source projects whose primary aim is Windows compatibility (eg, SAMBA)
didn't need to refer to the original source.

My vote is, don't touch it, don't make copies of it, don't even raise any remote
potential issues. We don't need it.

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Friday, February 13 2004 @ 07:51 PM EST
I don't expect the leaked code to help developing
Windows alternative any faster. I did not see it, but
the probability are pretty low.

On the other hand, it would probably make some security
hole exploited faster, but then again it is unlikely it
will be noticeable, due to the current pattern of Windows

[ Reply to This | # ]

Technical copying: this contradicts what we have been saying
Authored by: Anonymous on Friday, February 13 2004 @ 07:52 PM EST
If we apply that rule to the SCO "end users are liable" statement we
come to a different conclusion than we had been reaching. Users who simply run
the software are making copies in RAM and the processor cache. They are making
copies on the system bus. They are making copies onto the hard drive from the
CD. Assuming SCO's copyrights were legal (for the sake of argument), that their
work was in the Linux kernel, and that the users didn't have a license from SCO
(ignore the GPLed releases from SCO for the sake of argument) they would be
infringing on SCO's copyrights.

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: tshead on Friday, February 13 2004 @ 08:01 PM EST
Long-time-reader, first-time-poster ...

With all of the advice being given ("don't touch it with a 10 ft
pole", etc) it's interesting to reflect on how much more "viral"
the MS code is than GPL'd code, que no?


[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Friday, February 13 2004 @ 08:05 PM EST
What I'd like to see is someone in a country that MS has no authority (Russia,
small island countries), document all of this. Then these documents passed
around like candy. An analysis of the code would not be illegal.

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Friday, February 13 2004 @ 08:11 PM EST
Isn't it just a tad "coincidental" that just as SCO is about to go
under, and Novell, IBM, RedHat and my cat are after them, SCO's partner M$
introduces a "leak"?

[ Reply to This | # ]

Copying by reading?
Authored by: Anonymous on Friday, February 13 2004 @ 08:19 PM EST
Sorry, IANAL nor American; but why the difference between reading on a computer
screen and reading from paper?

The article seems to me to say that reading on screen constitutes copying.
Doesn't that make reading copyrighted articles on a web site illegal?

[ Reply to This | # ]

Misses the point: Its the security model
Authored by: John Goodwin on Friday, February 13 2004 @ 08:20 PM EST

The code leaked is not particularly useful for development. Primarily, it is
Win2k SP1, a *service pack* (subset of code bugfixed in that release), and most
of the source trees are stubbed out because they didn't have code touched,
presumably. A lot of stuff is there, a lot isn't (I looked at the file manifest
that is widely circulated--a legal derivative of the copy now clearly identified
as illegal to
distribute. It has dates, file names, and sizes.)

It appears to me from file dates that the tree has been tampered with to add
random emails in illogical places.
These e-mails, which have many duplicates, were all added around the same date
the tree was compiled (Nov 18/19 2001). All the source itself, as well as .EXE
and .DLL files, is from 7/2000.

The e-mails are wierd. Maybe it's some sort of code or something, but its not a
"clean tree". Maybe it is there to slander the persons who's CVs are
spammed (common Israeli name). Who knows what it is? It looks like an overlay
of several things, we know not what. I would be very suspicious of it as
"evidence" of anything but malice. I do not believe it is a snapshot
of Microsoft stuff--not even a dirty one with some development builds.

Most of the interesting stuff is likely to be in the .doc files, of which there
are 45s, and as we all know .docs have fingerprints and binary info
galore--edits and what not.

Win2k SP1 was primarily about automated updates. If there is an immediate
security impact, it will be there.

But really, what does it matter if all windows code ever written is leaked on
the net? Probably do good for it to be open source, as far as security is
concerned. Microsoft can join the revolution and call it good thing. RMS can
congratulate them on taking a baby step in the right direction and nothing
substantive will change. It will happen anyway one day, no matter what law
abiding citizens or convicted monopolists do.

I think the file manifests can put to rest the idea Microsoft released this. As
I've said before, they believe in security through obscurity, so why would they
release details of their automated update system as a way to test the waters?
There are better things to release if the goal is to taint Open Source--SMB
protocol or some such. This stuff is mostly the Explorer shell with a touch of
obsolete kernel and some net code and XML. No drivers or anything really low
level. Pushing the market towards DRM or driving upgrades is more reasonable,
but this still doesn't look like the vehicle for that.

ERGO from these points-- most of the impact will not be the release, but how
Microsoft responds to future security challenges. As Torvalds has pointed out,
the info is not really all that useful, though (I add) it might mean that less
able hackers might take a crack at it, those who can read C but not disassembly.
Or technically inclined journalists who like to fact check. But after 3 years
the trail and smoking guns will be quite cold. This is old stuff.

But the security model!

If Microsoft has open source (even partial) but closed builds, they will not be
able to keep up. This release doesn't change that--they are in that position

So the only interesting factor is Microsoft's security model. DRM and
Palladium? Closed builds with open source? Embrace open source? I bet the pick
the first, but this doesn't change that--this thing is inevitable and they
picked it when they picked Shared Source. They must have known that.

Closed builds and closed source is a non-starting model. We can already
disassemble. There is no closed source. Now there is even less than none.

[ Reply to This | # ]

Can a computer be tainted and then sued?
Authored by: Anonymous on Friday, February 13 2004 @ 08:28 PM EST
There could be a solution to the problem.

Say someone setup a computer and load open source code
and close source code in it without looking at them. Then
run something like ESR's comparator against both codes.
It can be done regularly to monitor new code submitted.
Reject or investigate any code which matches in any way.

Even though the computer is definitely tainted, but can
MS sue a machine?

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: fmouse on Friday, February 13 2004 @ 08:48 PM EST
Maybe it's because I don't work for a corporate IT company, but the whole issue
of whether or not I've "seen" this code or that code, and how that
affects my "employability" or my ability to contribute to open source
projects, strikes me as a prime-time excursion into the world of legal
absurdity. It ranks right up there with corporate drug testing of employees.
Have we really come this far from the reality of the human condition in these

I insist, and will always insist that any code I write be judged on its merits
and its content. If it infringes anyone's IP, let this be determined from an
examination of the content of the code, not from what I happen to have seen or
not seen in the course of satisfying my curiosity about the world, which is
strictly a private matter.

If the law disagrees with me on this, then the law needs to be brought into line
with what's right and reasonable in human experience.

[ Reply to This | # ]

Not much to worry about
Authored by: Anonymous on Friday, February 13 2004 @ 08:50 PM EST
I don't see how this exposing of wecret sauce code could have much affect on any
other operating systems. Many of functions are coded in a way that would be
difficult to transpose directly for much purpose in higher class operating
systems. everyone knows that windows code is slapped together with chewing gum
and tape and barely meets the requirements of it use. I never sank to the level
of a bottom feeder and copied anyones code becauxe thats the same grade of
ethics as someone who cheats on tests. Now I know that our society has been
congratulating those who really can't take a punch without crying to their
mommy, but I can't see any open source programmer worth their weight who would
consider pirating MSwindows code. Now, perhaps the reverse is true and this
revealed code shows that microsoft has stolen ideas from the open source
community!!!! This I could see happening! Bill and his merry band of creative
idea thieves have been capable of this in the past...

[ Reply to This | # ]

On the other hand...
Authored by: Anonymous on Friday, February 13 2004 @ 09:05 PM EST
It is going to be interesting how much code is original work and how much comes
from other sources or origins. Maybe it is even a Linux OS disguised!!!.

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Tomas on Friday, February 13 2004 @ 09:07 PM EST
First off, I have absolutely NO interest in the Microsoft code (I'm not a programmer, I've never been an MS Windows user, and all my machines are a "Microsoft Free Zone").

BUT, wouldn't my seeing only roughly 670MB of Windows 2000/NT code be simply "Fair Use" since the whole thing is roughly 40,000MB (40GB)?

Just a thought ... :^)

[ Reply to This | # ]

Is it even possible to reform our IP laws to make sense anymore?
Authored by: Anonymous on Friday, February 13 2004 @ 09:16 PM EST
With regard to our schizophrenic IP laws, I remember vaguely somebody saying
"America is in that awkward stage. It's too late to work within the
system, but too early to shoot the bastards."

How long is it going to be before victims of our IP laws shoot the bastards?

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Friday, February 13 2004 @ 09:36 PM EST
Microsoft could do a regular check using some sort of code comparison program of
wine contributions against their leaked code, and then when they deem there is
sufficient money in the pot (ie sufficient matching code), they sue codeweavers
(who have incorporated the offending wine code in their codebase) and put a few
well deserverd (</sarcasm>) bucks back in their pocket.

[ Reply to This | # ]

A programmer seeing copyrighted works does not "polute" the programmer!
Authored by: Anonymous on Friday, February 13 2004 @ 09:43 PM EST
Karjala's statements contradict your earlier statements, PJ, regarding advice to
for programmers to not look at other copyrighted works.

The "clean room" strategy is undertaken under the advice of legal
council to "kill any possibility" of a programmer "copying"
code from other code, even if by memory.

It's an EXTREME LEGAL STRATEGY, not a law.

If the code is obviously not a copy then it's ok to look at other works and
write something new. This is the case no matter who writes the programs in
question. If it were not then a majority of programmers would effectively be
barred from their trade earning an income.

This also applies to the whole controversy of working for an employer writing
program X and then after leaving writing program Z which might be in the same
business domain. This is perfectly safe to do as long as you didn't take the
source code with you.

As for the idea of "copying from memory" pieces of program X into the
new program Z wouldn't this be permitted under "fair use"? It would
seem so as long as you don't take too much. How much is too much?

Copyright protection is not patent protection.

What about the "structure" of programs?

If you "translate" a program from one langauge into another are they
really the same program? Some lanaguages require a major tansformation in order
to express the original program in. How far does one have to transform it till
it's different? Obviously if one is copying from the original files this is one
level and quite another if from memory or a specification.

What if a programmer writes the specification from memory and then writes the
new version from the specification? Is this copying? Where are the limits?

What about "algorthms"? They are not "copyrightable",
although they might be "patentable" under current laws and practice by
the patent office.

If a programmer writes down the algorithmic flow as a specfication and then
writes a new program, in the same or different programming language, where are
the boundaries?

I think that we need to quickly and incisively cut through the
"misconceptions" of the "clean room" solution. There are
many other solutions. Programmers are authors. The programs they write are
"literature" and works of art. One primary way that programmers share
knowledge by reading and writing programs. Fair use applies to computer

Please find the best and the brightest legal minds who have experience in this
area and let's have at it!

[ Reply to This | # ]

My guess how it got out
Authored by: Anonymous on Friday, February 13 2004 @ 09:53 PM EST
I have NOT seen the code, and do NOT want to.

I have seen comments suggesting it contains email, some garbled stuff, as well
as some code of Windows 2000 vintage. I will assume these comments are correct,
but I can't confirm they are.

How could the code get out?

Plausible theories:

1. Hacking into MS's servers

2. Inside job

3. Other

If it was 1 or 2, would you expect the stuff to be garbled? I think, not.

Therefore I go with 3. Other.

My guess is therefore that MS threw out some old PCs - and then somebody got the

And somebody recovered them, and managed to recover some stuff of the (damaged?)

You would expect garbling, missing bits, and other stuff thrown in, if somebody
say recovered a disk, which had no or missing FAT table.

I guess this based purely on reports that:
(a) It's garbled and partial
(b) It is contains other stuff like email
(c) It is somewhat older code

Incidentally I worked for a company that had as a customer a very high security
defense business.

That customer, had PCs welded down, floppy drives welded shut, and would
*completely* destroy PCs when they were disposed of.

Given that they would *completely* destroy PCs, there was clearly a fear that
data might be recovered if they didn't.

Now I have no idea what MS do with old PCs, but I'm not sure if they have the
same kinds of measures in place as the defense business that I refer to.

[ Reply to This | # ]

Authored by: Anonymous on Friday, February 13 2004 @ 10:08 PM EST
I don't normally think in terms of conspiracy theories. However, stories
are saying that the leak came from

Now guess what mainsoft does? they port windows programs to unix. And what huge
software company is, we can be sure, very, very unhappy they are doing that? and
note that by an amazing coincidence, they are the same company whose code was
leaked to the web. and doesn't that give the big company an excuse to take the
source code away from mainsoft, so it can't port windows programs to unix

Am I suggesting that a certain unnamed company leaked its own source code onto
the web, and made it look like mainsoft did it? Well, I would if they had ever
done anything illegal or unethical before.

[ Reply to This | # ]

  • theory - Authored by: Philip Stephens on Friday, February 13 2004 @ 10:51 PM EST
    • theory - Authored by: Anonymous on Sunday, February 15 2004 @ 07:40 PM EST
Programmer tainting
Authored by: valdis on Friday, February 13 2004 @ 10:18 PM EST
Looking at the code would be a Bad Idea all around...

Allchin testified under oath during Microsoft's anti-trust trial that the Windows code was so ugly that if you read it, you'd have to roll a D20 to see which Elder God showed up from R'lyeh to suck your intestines out your left ear.

Having Microsoft lawyers show up to talk to you about a tainted project would be only slightly worse....


[ Reply to This | # ]

Forrester Research on BBC
Authored by: Anonymous on Friday, February 13 2004 @ 10:52 PM EST
Regarding code leak:

"Ultimately it's not that big a deal, except from a reputational point of

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Friday, February 13 2004 @ 10:58 PM EST
Okay, excuse me for my bigotry, but why would I have any interest in copying
Microsoft code? From what I can determine as a user (involuntarily) of
Microsoft products I believe that they are essentially well marketed [stuff].
If I
wanted to learn from Microsoft I would look at their monopolistic business
practices. That seems to be where they are most successful.

Their software certainly isn't up to my standard.


[ Reply to This | # ]

Authored by: Anonymous on Friday, February 13 2004 @ 11:05 PM EST
We ( have been working for many years to create a Free
Windows-compatible operating system, much in the way that GNU/Linux is a
UNIX-compatible operating system. I view this leak as a very tricky situation,
and our project's policy is that we do not allow contributions from programmers
who have seen the MS code.

This policy springs from a combination of theoretical legal arguments and the
practical reality of what we are trying to accomplish. While I wouldn't presume
to speak for them, it is my understanding that the Wine project has a similar

It's unfortunate for us that the code has leaked. Whereas before, we could
claim reasonably that none of us have ever seen the code due the the fact that
MS jealously guarded it, I fear that now we may simply not be believed, project
policy notwithstanding. This turn of events has done nothing but make our jobs
more difficult.

In case the 10,000 legal questions raised by this leak do not make it obvious
enough: we (the USA) need to seriously re-think our intellectual property laws.
Technology presents too many new cases that the existing laws aren't prepared
to deal with.

ReactOS Kernel Coordinator

[ Reply to This | # ]

Here is an idea.
Authored by: Anonymous on Friday, February 13 2004 @ 11:06 PM EST
Clearly printing out the source for NT more than once is a bad idea. The rain
forests are screaming just having me think about it.

How about we print it out and scan it in as a PDF file and distribute that -:)

No PJ please don't delete me, it can't be an illegal idea, it must be a good
idea, SCO have done it.

[ Reply to This | # ]

150% more downtime with Windows 2000
Authored by: rss on Friday, February 13 2004 @ 11:29 PM EST
The question remains unanswered. Why would any Open Source developer want to
look at MS code?

Even Microsoft sponsored "independant consultants" like IDC finds it
hard to ignore the facts - so instead they cloak it in technologically obscure
jargon. (IDC TCO study,

"For most workloads, Windows servers experienced higher downtime, with an
average availability of 99.995%, compared with Linux, at 99.998%."

Although the difference in availability seems negligible - in terms of downtime
these figures confirm what almost everybody who has worked with the two OS's
knows - that with Windows you have 150% more downtime than with Linux. And that
is "official folks" - tested by IDC and paid for by MS (although these
figures seem to flatter Windows in my opinion.)

The GUI interface on Linux systems (Xfree86) is just so much more stable and
secure than any Win version I have seen.

Perhaps it is good idea to look at the Win code so that you can learn *how not*
to write a GUI environment?

[ Reply to This | # ]

Dennis S. Karjala, Esq.
Authored by: Anonymous on Friday, February 13 2004 @ 11:39 PM EST
He doesn't happen to have an account here, does he?

Just wondering.

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Saturday, February 14 2004 @ 02:13 AM EST
I agree. It's absurd to think that you could not produce OOS code anymore if you
have seen "the code".
Every programmer have seen so much code during his/her carier and it doesn't
make him/her not free to do his/her work.
What is the difference with Windows code?
There is not really any standing point in that!
Think about life outside programming. Mechanical inventions are available to
examine. So is music etc.. You just are not allowed to copy. Seeing and
understanding is a right.

Why the leak now?
Could it be that there really is some direct copies (GPL code) hiding in that
Is this a way to bring this in the light whe SCO seems to loose the case?
If SCO has no (not adequate) ownrship into UNIX would MS licence from SCO be
What about Services for Unix then?

Don't get too paranoid!

[ Reply to This | # ]

How can we define copying?
Authored by: davcefai on Saturday, February 14 2004 @ 03:21 AM EST
I think we need to look at some specifics, rather than generalities.

In the "material" world, how many ways are there to make a hinge? No
matter what variations one dreams up, most, if not all, hinges work the same way
- there is essentially only one solution the the problem of hanging a door.

Similarly, in programming, there are many occasions where, essentially, there is
only one way of doing something. For example, to extract the date part of a
datetime one finds the space and then takes the part to the left of this to be
the date.

psn%=instr$(" ",datetimefield)

So, if I do this (and I do, often) am I infringing somebody's copyright? After
all they did it years before me. Do I have to obfuscate my code? Is there a
point to doing so?

If I were the first person to do this in BASIC, could I be accused of copying
from somebody who did it in C?

Now put the above 2 lines into a data logging application.

This would go: Read 8 values from the machine being logged. Extract the date
from the datetime. Store the date and the 8 numbers in a SQL database.

I can just about guarantee that most implementations of this (about 10 lines of
code) would be similar enough to give a copyright lawyer visions of Paradise.

Fingerprints need 10 matching points to be a valid identification. What can be
the equivalent in comparing code?

If the FOSS community is gearing itself up for future litigation then this
question needs to be addressed,

No, I don't have the answer but I don't think that comparing hash signatures is
going to work. Change the names of a couple of variables. Add a couple of
"useless" lines like x=x and the hash signatures will differ although
the "real" code is copied.

I think that this needs to be sorted out BEFORE the next attack by an
intellectual property parasite.

[ Reply to This | # ]

FSF international
Authored by: Anonymous on Saturday, February 14 2004 @ 03:38 AM EST
Reading what i am reading days after days on graklaw and some of the idiots
things thats implies

the US laws on copyrights, i think the FSF must do a favor to the world
community and become as

soon as possible a worlwide organisation placing the gnu project under
international laws well

recognized. So far Yes there is a FSF europe and FSF from India. It must be A
FSF international

as is the IOC (International Olympic committe), standing may be in the same
place (Switzerland)

and pleading to be recognize by the Unesco, UNO and so on as a non profit, human

organization. And the FSF in Boston be said as FSF of North America. So an
injunction of any kind

here in the US will not implicate the rest of us around the world.

[ Reply to This | # ]

The Code, worth a peek?
Authored by: Anonymous on Saturday, February 14 2004 @ 03:38 AM EST

Dennis Karjala's comments help illustrate how so many people have overreacted to the Microsoft code leak. He points out that copyright violations only occur when an unauthorized copy is created, not when one is simply perused. People who claim that any viewing of code somehow "taints" programmers from any future work on FOSS projects forget to cite precisely which IP laws or regulations cause this to happen, since the act of viewing is itself not a violation. Reproducing code essentially similar to that found in copyrighted work would always be dangerous and subject to enforcement, whether a programmer had read the copyrighted source beforehand or not. One could argue that viewing the copyrighted source prior to creating a new implementation is one way to help ensure that inadvertant similarities are minimized.

Programmers view copyrighted source code all the time, including copyrighted code under the GPL and other open source licenses. Under the scenario given by people warning of the "tainting" problem, virtually all software could never be distributed because it could all be construed to be derived from many different sources viewed by the author at some time in the past. Many of those different sources would naturally have incompatible licenses. Clearly the above scenario is unrealistic and unworkable.

It is even conceivable that problems with FOSS developers being hit with enforcement actions over the copyrighted material can be reduced by having larger numbers of people be intimately familiar with the code in question. In that way inappropriately copied sections could be quickly identified and removed from projects where it might be a problem. Telling all people to stay away from the code only increases the likelihood that an inadvertent or malicious contribution might not be detected in a timely manner.

Dealing with the circumstances of today means that simply ignoring availability of the code is not a completely satisfactory defense against copywrite claims. The code is already out in the wild and being widely disseminated. A copywrite defense based on never having been exposed to source which has become pervasive might be difficult to prove and sound somewhat unconvincing, even if completely true.

The important point is that programmers cannot become "tainted", and should not face greater risk of enforcement actions from simply looking at source code. As long as the product of their programming efforts continues to be original, actions which are not illegal and which help them remain on the right side of the law should not be discouraged.

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Saturday, February 14 2004 @ 05:17 AM EST
Some points I didn't see yet.

1) I am told by someone who knows someone who knew someone the MSFT sources were
actually taken a couple of years ago at least. I have no way to know if this is
true, but the guy that told me is certainly reliable.

2) Reverse engineering is a venerable discipline. It has been done before that
one team 'gets dirty' with the competing product, and writes a clean
specification for its function, which contains no code from the competing
product but instead is a very specific human-language recipe for crating a
compatible product. Then a second team uses the spec to cook up a fresh
implementation without ever seeing the dirty stuff.

3) The DMCA and EUCD both have get-outs for work which is for
'interoperability'. I really am no lawyer but I would say there is a very
strong possibility that Wine could use the two group method safely to duplicate
any APIs they currently have trouble with.

4) I saw MSFT quoted on the BBC as fretful about "their technologies"
being used by unauthorized people now... what a joke. There's no functionality
in Windows 2000 that is not done better already by open code. The problem has
been making other implementations work well with the closed Windows methods.

5) This opening of the code is nothing more than should have been forced on MSFT
by the DOJ.

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Saturday, February 14 2004 @ 05:49 AM EST
Circumventing access controls is legal under the DMCA, it just isn't lawful to
so as a member of an ad hoc group. You cannot share your methods with others

[ Reply to This | # ]

How to prove never having seen the sources?
Authored by: fbeer on Saturday, February 14 2004 @ 05:57 AM EST
Sorry if I may have overlooked it, but what I'm missing in this
discussion is: How can one ever PROVE to NOT have or have had
access to those sources?

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Saturday, February 14 2004 @ 05:58 AM EST
It is public knowledge that M$ thinks that the best security measure
is achieved via close source. Security through obscurity. What are
they going to do now?

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Saturday, February 14 2004 @ 06:13 AM EST
Anyone that might possibly need or want to look at this
source code to actually impliment something similar in
function to windows: no need, just wait a couple

As you wait, people who have no interest in actual coding
will be writing up wite papers. You can then safely look
at the white papers.

It would be like reading someone's book report on a famous
novel, and thinking, "hey, that's a cool idea; I've never
read that book, but I'd like to write a story similar to
that; I'll write one!"

[ Reply to This | # ]

one night when I was really tired from computers
Authored by: pyrite on Saturday, February 14 2004 @ 08:32 AM EST
sit around in an environment where you have to deal with administering computers
until you can't keep your eyes open; or perhaps start a regular meditation
routine; or whatever you like. It's really important sometimes to do nothing.

The open source community doesn't have to do anything. To prove anything. We all
deserve due process.

Due Process is step number one. The first rule.

You don't need more than that.

Speak your mind! Don't back down.

[ Reply to This | # ]

Wrong Conclusion
Authored by: Anonymous on Saturday, February 14 2004 @ 08:32 AM EST
If that is the case, this event may actually lead to a lessening of Microsoft's strong grip on the PC operating system market.

I have a problem with the last line in the article. It sounds to me like the author believes the quality of the code has anything to do with Microsoft's "strong grip on the PC operating system market" when in fact it has little at all to do with it. It is their marketing, lock-in, and strong arm business tactics with PC vendors and large corporate end users that has given them the "strong grip". The operating system has little to do with it. I mean it is proven inferior to many other operating systems out there on a daily basis.

I am not one of the core kernel developers so I can't say how they feel about it but I have done a little kernel hacking and have written many applications and I for one have absolutely no interest in looking at any Windows code. I am willing to bet that if you ask most any developer they might tell you the same thing. It's possible that seeing the right section of code could help the wine developers but in my experiece OOS developers strive to do what is right, unlike people who have visions of dollar signs dancing in their heads (SCO, Microsoft, etc).


[ Reply to This | # ]

Does Windows contain code belonging to others?
Authored by: Anonymous on Saturday, February 14 2004 @ 08:41 AM EST
While SCO claims IBM is releasing their IP to the world+dog, does anyone have
any doubts about our good neighbor MS? I would not be a bit surprised to find
out that MS has illegally "borrowed" other peoples code for inclusion into their
own products...

[ Reply to This | # ]

Programing vs. Singing and other copywritten media
Authored by: shadowman99 on Saturday, February 14 2004 @ 09:45 AM EST
I saw a question raised on /. and thought I would raise it here for a more
informed opinion. I tried to find the original /. post but could not, so I'll
need to paraphrase here:

Why is it that if a programmer works on program A he should not be allowed to
study code from program B? With some of the logic I have seen applied to this
arguement a musician should not be allowed to listen to anybody else's music,
for fear they will be tainted and influenced. Painters should not go to art
gallerys because they will see the work of others. Authors should not read books
by other authors, because they might unintentionally copy blah blah blah....
this get pretty silly in a hurry.

So why is programming different? Why is it understood elsewhere that knowledge
is gained by studing the works of others, even if that work is not directly
copied, but not in the field of computer programing.

Why - legally- should software development be any different?

(No spelling Nazis.)

[ Reply to This | # ]

What part of the Windows 2000 code base was copied?
Authored by: Anonymous on Saturday, February 14 2004 @ 10:21 AM EST
I have read articles here and elsewhere about this issue but I think the big
question is exactly what is on the loose? According to what I have read,
approximately 600 MB of source code out of 40 GB of the total source code for
Windows is now floating around on the Internet. I also understand the code in
question came from one of Microsoft's partners who works with Unix-Windows
operability. Since we know that only a fraction of the entire Windows code base
is now on the loose, can we make any assumptions about what is in these files
and the implications to FOSS?

1. I do not think Microsoft is going to give any partner access to more code
than they need to accomplish the task at hand. Now the question is, which part?
2. Since the partner was working with Unix interoperability, could this be low
level code dealing with kernel interactions, etc? Is there a need for code
dealing with NTFS - maybe.
3. APIs for application development, ie Wine. Would Unix interoperability need
code in this area?
4. APIs for high level development such as desktop, and other GUI intereactions
- not likely.
5. Yes, Microsoft could argue at some point that this code could taint FOSS but
even if someone were so inclined, I do not see how the amount of code released
could be used to build a complete Windows replacement.
6. Maybe Microsoft could later "arrange" the release of more code so
they could make a better case - just kidding.

I am not a system level programmer, so I might have forgot something here.
Anything I forgot to add? Other ideas?

[ Reply to This | # ]

Authored by: Anonymous on Saturday, February 14 2004 @ 11:10 AM EST
As many people said already, the Linux community does not need any MS code,
legal or not legal. Period. Those who stole-leaked the MS code could be doing so
to allow hackers and virus-designers to more effectively attack PCs running
Windows. For sure, Microsoft has created many enemies around themselves. But
Linux coders must refrain from touching it. No more potential SCO-like lawsuits

[ Reply to This | # ]

They seem to have traced the leak
Authored by: davcefai on Saturday, February 14 2004 @ 11:31 AM EST
The Register has it all at

For those of you who don't regularly read the register, please bear in mind they
they have a tongue-in-cheek approach to news.

[ Reply to This | # ]

The Microsoft Code Leak - Paranoid Idea
Authored by: brother_sand on Saturday, February 14 2004 @ 12:21 PM EST

Is anyone else thinking that this is a setup? Let's say MS lifted some GPL'd
code a little while back (say some of the TCP/IP stack stuff) and put it into
some flavor of Windows. Then, when that code is "accidentally"
released they make the claim, a couple of monthes down the line, that the code
in the Linux distro is actually stolen from them. Remember, as SCO has
demonstrated, the accusations do not have to be true. The goal is FUD. They
have the wherewithal to paint the entire Free Software community as pirates
regardless of truth. Maybe I'm getting way too paranoid but we do seem to be
living in an age where if you have enough cash you can make up any story you
like and go to court with it. They don't have to win, they just have to scare
the uninformed decision makers of companies and give a plausible excuse to
lawmakers who are taking graft. Thoughts?


[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Alioth on Saturday, February 14 2004 @ 06:14 PM EST
Anyone remember the film "Time bandits"? At the end? When
the kid tells his parents not to touch the thing in the
toaster oven because it's "pure evil", and when they do,
they both get blown away?

Well, this is how I view the source code. Don't touch it.
It's like the lump of pure evil in the toaster oven.

[ Reply to This | # ]

OT - for those in need of blood pressure boost
Authored by: Anonymous on Saturday, February 14 2004 @ 07:18 PM EST
check out this

[ Reply to This | # ]

Don't Forget about Patents
Authored by: k12linux on Saturday, February 14 2004 @ 10:58 PM EST
If you use an idea from MS code to implement something which MS has a patent on,
then you could be muddying things up a bit for yourself or the project.

- k12linux

[ Reply to This | # ]

Microsoft slight of hand
Authored by: k12linux on Saturday, February 14 2004 @ 11:43 PM EST
Did anyone notice that MS's statements seem to imply that the only problem is
that other OSes might copy code. But not to worry since it's incomplete.

What about their long-standing security through obscurity FUD? They've long
claimed that Linux is less secure since the source is available. But what about
MS's source now that it's available to a cracker.

Source availability works in Linux's favor respecting security. Crackers may
have an easier time finding holes. However, thousands of white-hat hackers have
the same oportunity and they often will add a fix to Linux. MS isn't in the
habbit of accepting patches from outsiders.

MS just had a big exposure of their code to those who might want to use it
against them. This big increase in exposure doesn't come with an increased
ability to find and repair holes by MS staff.

If FUD is true about source code visibility hurting security, then Windows is
now in a much worse security position than Linux. If this FUD isn't true, then
Linux was never at any disadvantage in the first place.

Either way, this leak is bad for MS in the Linux security vs Windows security

- k12linux

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Saturday, February 14 2004 @ 11:45 PM EST
People like the author of this article are simply dangerous. I don't mean
dangerous to open source in particular, I mean dangerous in general. It's
precisely this sort of attitude of militant ignorance that led to the worst
atrocities mankind has ever known.

[ Reply to This | # ]

The Microsoft Code Leak - Accident or not?
Authored by: Anonymous on Sunday, February 15 2004 @ 12:02 AM EST

You know, I can't help but wonder whether this code leak might have been
engineered. Consider for a moment the implications of a code leak of the more
secure parts of the NT/2000 OS kernel. Now, I'm not saying that this was what
was leaked, I don't know, I'm not sure MS has even suggested what code was
leaked, but consider for a moment what might happen if that were the case. NT
and Win 2000 would be immediately considered compromised. Most corporate and
government customers, especially those locked into the MS path would be left
with one option, upgrade to XP immediately or live with the liability of using
an OS considered to be insecure.

Now, I'm not suggesting this might be the case, but what if Microsoft are just
itching for a reason to dicontinue support for NT and 2000, just as they have
done with 98 & ME? This would be a golden opportunity to blame the evil
hackers of the world for something that they'd probably quite like to happen,
but can't do because it'd be about as popular as SCO suing an end-user.

Imagine all those XP upgrade fees, perhaps even with a special one time discount

</conspiracy theory hat mode>

(BIAAITP - But I Am An Information Technology Professional)

[ Reply to This | # ]

Looking at this the wrong way
Authored by: revoltn on Sunday, February 15 2004 @ 01:04 AM EST
Tin foil hats off for a moment ...

Rather than see this as a conspiracy of M$ or such, why not look at it as a
chance to see if M$ has actually copied GPL code into Windows ?

This could be a good thing, rather than a bad thing. Although there is that
sticky point of having to view/copy the code in order to perform the tests.

What would the legal ramifications be if there was source code found to have
been purloined from GPL'd code ?
. the code is now public
. you would have to copy / read the code

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Sunday, February 15 2004 @ 06:12 AM EST
The code is relatively worthless to bother with, it's all bubble gum, spit and
toilet tissue paper. A lot of it seems to have been butchered already. Must have
passed through a few hands already before it got posted. I'm inclined to believe
the leak was done by a low level employee. Not for nefarious reasons. Probably
for not thinking clearly reasons. I'd be embarrassed if I were microsoft not for
the security reasons but for the quality of the code used.
If redmond ever jumps into the free software/open source waters, it ought to
ditch its current OS's and start with a clean slate. they have a habit of naming
their projects after colorado ski resorts/bars the upper management teams visit
on their retreats. if MSFT ever goes open source, I recommend they call their
next project BAANG after the Baang Cafe and Bar. redmond going open source would
be like an a-bomb over the proprietary landscape.

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Anonymous on Sunday, February 15 2004 @ 05:49 PM EST
In an article on, "FBI on case of stolen Windows source code" .

Two things come to mind.

1> Microsoft pushed for tougher anti-counterfeit legislation in Washington
the same day the code was leaked.

"The announcement of the leak came on the same day Microsoft pushed in
Washington for tougher anti-counterfeit legislation in the United States and
worldwide, saying pervasive pirating of computer software was hurting the

2> Users may now have to spend $200 to upgrade to XP because W2000 can no
longer be certified secure. Microsoft has been frustrated that more people and
companys have not switched to XP.

[ Reply to This | # ]

And the security fallout is starting already...
Authored by: valdis on Sunday, February 15 2004 @ 07:18 PM EST
Today, somebody posted to the full-disclosure mailing list a vulnerability found by looking at the source.

Pretty stupid whoops in the code, pretty easily exploitable. Only thing saving us is that IE6 seems to have been fixed for this particular hole.

[ Reply to This | # ]

Product Satisfaction
Authored by: Anonymous on Monday, February 16 2004 @ 01:48 PM EST
I haven't viewed "the code", and don't intend to. I have heard word on the
street (other sites) that a lot of the comments are laced with explicatives and
derogatory comments about various things such as the compiler. Granted, this is
just hear say, and I can't back it up, but it does lead me to believe that they
may not actually enjoy making their product. It's more like work to them. A "do
enough to get by", "well, that's good enough" sort of environment.


Yeah, we all get frustrated, but the comentary I see in OSS has never
contained "F" and "S" words.

[ Reply to This | # ]

The Microsoft Code Leak & China?
Authored by: Anonymous on Monday, February 16 2004 @ 09:27 PM EST
Wasn't there a press release about Microsoft Showing the source code for Windows
to the Chinese Government because they were conserned about back doors into the
system that the NSA may have had? Has anyone pointed out that possible route for
the source code leak? China is where most of the large scale counterfit
software/dvd/videos come from. Why not the leak for Windows source?

[ Reply to This | # ]

The Microsoft Code Leak - Some Possible Implications, by Dennis S. Karjala, Esq.
Authored by: Chameleon on Tuesday, February 17 2004 @ 09:24 PM EST
I would like to make a fairly simple and straight forward point, irrespective of
where this leaked code is from (patch/core etc), the D in R&D should have
performed sufficient testing and analysis to close security holes.

Given that M$ R&D budgets would make a small to medium sized country weep
there can be no excuse for this code being any sort of problem, period.

Amateurs built the arc whilst professionals built the Titanic. Charles Faulkner

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )