Comment by skissane - Hacker Neue

skissane May 26, 2025 parent

Microsoft owns GitHub, and GitHub is crawling with Windows source code leaks… and I’m wondering it anyone at Microsoft really cares? Is it possible they’ve even made an intentional decision just to ignore it?

If it were an Oracle source code leak, I expect they’d have a crack team of lawyers suing people 24x7 until it was all gone… maybe that’s why there haven’t (to my knowledge) been any Oracle source code leaks (I vaguely remember one of Solaris, but that wasn’t such a clearcut case since IIRC it was mostly previously open sourced code)

Well, it wouldn’t surprise me if some unfriendly intelligence agency somewhere had succeeded in stealing some of it, but if they have, they are unlikely to release it publicly

AStonesThrow May 27, 2025

When I started college in 1989, my Pascal programming class used a cluster of AT&T 3B2 systems running SVR3. I poked around those systems like crazy over the course of two quarters. I don't remember if there was any significant source code exposed to unprivileged users.

During the mid-90s, the Unix Wars were raging and Unix System Labs was suing U.C. Berkeley over the intellectual property of Unix source code. Unix had been written at AT&T Bell Labs, but Berkeley had licensed and forked their own, based on improved networking code, and by this time it was ready to run on i386 systems. In fact, USL had borrowed back some BSD code, allegedly without crediting them. Berkeley had been busy removing AT&T code and replacing it, so they could relicense BSD Unix.

USL, part of AT&T (but later purchased by Novell), contended that Berkeley could not easily make a "clean room implementation" of any kernel code or device drivers, if those programmers had read or worked with original AT&T source code. They told the courts (and journalists) that the programmers might be tempted to reproduce proprietary Unix code, consciously or subconsciously, and therefore, these programmers were permanently "Mentally Contaminated" and Berkeley should not be allowed to continue distributing BSD [BSDi] Unix.

https://en.wikipedia.org/wiki/UNIX_System_Laboratories,_Inc.....

So when I attended Usenix LISA in 1994, this 3-year lawsuit was at a fever pitch, and someone on the convention floor had manufactured large buttons for attendees to wear, proudly proclaiming "MENTALLY CONTAMINATED", and all the admins and systems programmers had a good laugh about the absurdity of trying to keep a lid on proprietary source code by policing everyone who's ever seen one of its files.

joshuaissac May 27, 2025

This type of restriction is still applied to contributors to the ReactOS project, in that contributions are not accepted from those who have seen any leaked Windows source code or have worked for Microsoft.

userbinator May 28, 2025

From those who claim to, to be precise.

jsheard May 26, 2025

> Microsoft owns GitHub, and GitHub is crawling with Windows source code leaks… and I’m wondering it anyone at Microsoft really cares?

Even weirder is that GitHub hosts all of the tools for activating (i.e. cracking) modern versions of Windows and Office as well. Microsoft really doesn't care.

adiabatichottub May 26, 2025

Why should they? They have bulk licensing deals with PC OEMs and large organizations. They've already got the big money. J. Random Hacker building a PC isn't even a rounding error to them.

michaelmrose May 27, 2025

Quite right in fact limited weak copyright protection helps retain marketshare that might be lost otherwise especially when that weak protection in fact costs little real revenue.

aspenmayer May 27, 2025

It looks even smarter from the MS side when you think of all the threat intel that they gather from pirated Windows installs that can be used as a baseline to compare legit installs against.

userbinator May 27, 2025

Also, they still get the ad revenue and telemetry if you pirate Windows and otherwise leave it stock.

...of which the tools to disable that invasiveness are also on GitHub, so maybe they just care more about maintaining marketshare.

FuriouslyAdrift May 27, 2025

Microsoft's current business is its cloud services, not Windows. Windows is just an onramp to their SaaS subscriptions.

rzzzt May 27, 2025

MS offers (or offered back in the day of Win2000 and XP) access to source code for governments, system integrators and academic institutions as part of its Shared Source Initiative:

- https://en.wikipedia.org/wiki/Shared_Source_Initiative#Overv...

- https://news.microsoft.com/source/2002/02/21/microsoft-annou...

skissane OP May 27, 2025

And it is pretty clear that’s where most or all of these leaks actually came from, not from within Microsoft. e.g. the NT4 and 2000 leaks apparently came from Mainsoft

I don’t know the current status of those source code access programs but I believe at least some of them are still in effect. IIRC, to stop the Chinese government from dumping Windows, they had to give them source code access, but I believe they are planning to dump it anyway, they see relying on US proprietary software for their government operations as too big a risk

This item has no comments currently.