Now Microsoft confirms but says it isn't massive:
Microsoft spokesman Tom Pilla said in an interview with The Associated Press that some incomplete portions of the Windows 2000 and Windows NT4 source code had been "illegally made available on the Internet."
According to one security expert, it's about a CD's worth:
The 203MB file contains the code that appears to be from Microsoft's enterprise operating system, but the code is not complete, said Dragos Ruiu, a security consultant and the organizer of the CanSecWest security conference, who has examined the file listing. . . .
The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday would be only a fraction of the full code base . . .
Original Article:You probably heard that Slashdot has a story that there may have been a massive leak of code from Windows 2000 and NT. Microsoft denies it.
Groklaw normally doesn't report rumors, but in this case, it seems appropriate to say something early. If there is such a leak, I hope nobody looks at this code. Not one peek.
Here's why, taken from Franklin Pierce's "Copyright for Computer Authors" by Thomas G. Field, Jr. on avoiding copyright infringement:
As discussed earlier, copyright gives owners the exclusive right, for example, to reproduce protected subject matter (such things as ideas and facts being excluded). Sometimes a question arises as to whether a second, similar work was copied or independently created. If the person creating a second work had access to the original work and the works are virtually identical, copying is likely to be presumed even if the chance of access is remote. Anyone looking at this code could bring to an end any opportunity to contribute to FOSS software in the future.
That's just copyright issues. Copyright isn't the only issue. Patents, trade secret, it's just a minefield. I hope the rumor is false, but if it isn't, please speak to your attorney and to FSF prior to even thinking about looking at such code.
And that isn't even addressing the Big Lie issue, with proprietary software companies trying to convince the world that open source coders are dying to steal software and use it to "attack" companies. Exhibit A, Ms. DiDio. If I put my tinfoil hat on, I'd wonder if this "leak" was deliberate, judging by the speed with which the PR machine went into gear, predicting that this leak will lead to such problems. Here is an example of what I mean, an article blatantly setting forth that open source leads to foul play the very same day the story of the MS "leak" occurs. It has the smell of an organized campaign, but I hope not. For now, let's just hope it didn't happen in the first place.
As for an increase in security problems, I think that might be hard to achieve. Microsoft has announced more security problems, one of which it took them half a year or so to fix. Some
say it's the worst yet. The headline in the LA Times [sub req'd] says it all: "Peril in Microsoft's Laxity." In other words, Microsoft appears well able to achieve world records for security problems all on its own.
So much for security through obscurity.
Gartner's has an interesting report too. It seems a lot of customers are not upgrading:
Microsoft's controversial software licensing scheme has delivered little value and many users will not renew their agreements when they expire this year, according to Gartner.
The analyst estimates that 30 per cent of contracts with Microsoft's biggest customers for the Software Assurance (SA) maintenance programme will be up for renewal in the next six months.