[HN Gopher] Windows XP leak confirmed after user compiles the le... ___________________________________________________________________ Windows XP leak confirmed after user compiles the leaked code into a working OS Author : headalgorithm Score : 243 points Date : 2020-09-30 16:57 UTC (6 hours ago) (HTM) web link (www.zdnet.com) (TXT) w3m dump (www.zdnet.com) | 1MachineElf wrote: | XP compiled but would not run due to missing programs. Server | 2003 would run because it's source was complete. Am wondering now | if the XP code could be made to run by using parts of the Server | 2003 code. | gjsman-1000 wrote: | Actually, only somewhat. One of the "tricks" to get the whole | thing to build was to replace some of the missing files with | production, already-compiled versions from Windows. | | Thus, even though a few files are missing, you just need to | include the few official missing ones, and the thing boots. | Lammy wrote: | Seems likely. Someone who has seen the actual source would have | to confirm, but my understanding from back in "the day" was | that Server 2003 was based on the XP SP0 tree, but that XP SP2 | and later were re-based on the Server 2003 tree as part of the | security focus of SP2. | space_ghost wrote: | The Windows build environment uses Perl? | anaisbetts wrote: | Yep. Windows has been largely built, at least until the Win8 | Era, via `make` and `perl`. What a world. | Sohcahtoa82 wrote: | Doesn't surprise me. | | What else are you going to use? Batch? Python certainly hadn't | caught on yet in the late 90's when XP was being written. | | In 2013 when I was interning for a company making an audio | driver for Windows, we used Perl to run our builds. While I | hate Perl, it does make it real easy to run an executable and | analyze its output. | space_ghost wrote: | I suppose it shouldn't surprise me, I'd just expect Microsoft | to eat a little more of their own dogfood. | qz2 wrote: | This was fairly normal at Microsoft for years. Even the first | .net framework (rotor) used Perl as a build system and worked | on Unix systems. | user5994461 wrote: | Makes sense. XP was released in 2002 and took years of work | before the release. | | A good chunk of languages we take for granted today did not | exist at that time, or were in the very first release. Perl | came out in 1987, it was quite the thing in the late 90s. | muterad_murilax wrote: | > XP was released in 2002 | | 2001, actually. | secondcoming wrote: | The Symbian build system was Perl too. | HarryHirsch wrote: | Doesn't the Linux build system use perl as well? | pantalaimon wrote: | Not anymore | rkeene2 wrote: | Not really. I created and maintained a Linux distribution, | and while Perl was sometimes used it was almost never | strictly required (i.e., it was for documentation or | something that really would have been better if the release | maintainer had already generated....). This covers a few | hundred packages, like gcc, binutils, glibc, linux, core- | utils, util-linux, flex, ... | | Notable, also, is that I didn't compile perl for my Linux | distribution because perl's configuration system is terrible | (there's an out-of-tree patch to make it less terrible, | though). | HarryHirsch wrote: | That's right. Flex and bison is required, but no perl. No | idea where that notion came from. | kasabali wrote: | Developer scripts (checkpatch etc.) are written in perl, | though it's not required for builds. | HarryHirsch wrote: | Probably beats python and the continuous version idiocy - | Python 2 vs Python 3, 3.7 vs 3.9 &c, p.p. If you have | throwaway scripts in a startup, fine, but unacceptable | when you are maintaining an OS that all the world relies | on. You wonder - what does Dr Hipp use for sqlite? Never | looked into that build system! | snazz wrote: | https://www.sqlite.org/draft/howtocompile.html | | There's some tcl involved. | NationalPark wrote: | Perl has its own version naming problem. But there's no | reason to think it would be any more stable or secure | than Python, which is in the critical path of all sorts | of things (not just "throwaway scripts in a startup"). | timw4mail wrote: | Last I knew, OpenSSL required perl to build. | 1vuio0pswjnm7 wrote: | Still does. | | What about Git? Last I knew, it required Perl to build. | rootw0rm wrote: | i just built nginx yesterday, and i needed perl for at | least a couple of the static modules i added... | cbsks wrote: | According to the Linux kernel documentation: "You will need | perl 5 and the following modules: Getopt::Long, Getopt::Std, | File::Basename, and File::Find to build the kernel." | | https://github.com/torvalds/linux/blob/2324d50d051ec0f14a548. | .. | | That was added 11 years ago(!!) so it may be out of date. | Daviey wrote: | https://github.com/torvalds/linux/search?q=perl | movaps wrote: | Nope, it's a combo of makefiles (GNU flavour I think) and C | called Kconfig. | vb6sp6 wrote: | You were expecting vbscript? | | There are tons of examples like this. My favorite is Apple | using windows xp to make and test iphones | https://www.businessinsider.com/apple-uses-windows-xp-in-iph... | iwasakabukiman wrote: | I've never understood this type of "gotcha!" that always gets | trotted out when a company uses another company's product to | develop their own. | | If all of the debugging, testing and factory management tools | are standardized on Windows - why rewrite them if you don't | need to? It seems like a waste of resources. | | (This isn't limited to Apple or even technology companies. It | applies to tons of businesses.) | saagarjha wrote: | Last I heard, Apple uses Linux for bringup of their silicon | in addition to-and sometimes even before-XNU. | space_ghost wrote: | Honestly, yes. And based on your username I'm surprised you | weren't as well. ;) | vb6sp6 wrote: | vbscript is awesome :P | umvi wrote: | Someone should take the source for the old xp mspaint and spruce | it up a bit to support for transparency and zooming with | scrollwheel. | joombaga wrote: | Fun fact about the zoom in old mspaint: It gave you the options | for 1x, 2x, 6x, and 8x zoom. But if you clicked one of the | pixels directly below 8x you get a hidden 10x zoom. | | I miss easter eggs. | wilhil wrote: | That sounds like a bug! | | Easter egg to me is a flight simulator in Excel or pinball in | word etc.! | h2odragon wrote: | At this point, a "free to use" license for XP or better yet win2k | up to win7, would be worth it for m$ for the PR and goodwill. | | "you can get it if you want it" is just lame. | | m$ should, ideally, bite the bullet and do a (stripped if need | be) source release of what they can, explain what they can't | release. Everyone will then benefit from the relief from worry | and lack of friction things like emulation and software | archeology and etc will gain. | beervirus wrote: | Plenty of that code is still (one assumes) in use in Windows | 10. Why make it easier for someone to find a zero-day? | vbrandl wrote: | By that logic, you can't use any open source software... | Bancakes wrote: | You can, but it's your problem if you don't stringently | configure SELinux and have clear policies for yourself. If | you use Linux like Windows thinking it's more secure, and | run everything with 'sudo' "Just to make sure it doesn't | crash or pop an annoying prompt.", you're worse off. | [deleted] | Someone1234 wrote: | They should release software with known security problems, that | they have said they won't be fixing? Please no... Botnets are | large enough as-is. | | Plus a lot of people under-estimate the cost and difficulty in | releasing the source code of previously proprietary software. | You don't just slap it onto Github and everyone goes home, you | often need a team of lawyers to look at third party licensing | and go through the code file by file looking for potential | liabilities. | | Code that started out open source software has to narrow third | parties to only specific licenses/waivers. Code that has for | tens of years been closed source may contain licensed source | code (e.g. decoder libraries) that they don't own the license | to publish for just one example. | cycloptic wrote: | >They should release software with known security problems, | that they have said they won't be fixing? Please no... | Botnets are large enough as-is. | | The source code has already been leaked, and I would bet that | malware authors have no problem with acquiring it illegally. | While security researchers working within the law may not be | able to look at it at all. The current situation does a lot | more to help botnets than it does to help honest customers. | | >Plus a lot of people under-estimate the cost and difficulty | in releasing the source code of previously proprietary | software. You don't just slap it onto Github and everyone | goes home, you often need a team of lawyers to look at third | party licensing and go through the code file by file looking | for potential liabilities. [...] Code that has for tens of | years been closed source may contain licensed source code | (e.g. decoder libraries) that they don't own the license to | publish for just one example. | | I'm sorry, I just have no sympathy for the trillion dollar | company that trapped themselves in restrictive license | agreements and then wants to cheap out on lawyers. It is | entirely a problem of their own making, and I would expect | them to pay to fix it. | anticensor wrote: | Strip those parts then. | vb6sp6 wrote: | sounds like a security nightmare | sumtechguy wrote: | MS outsourced/bought a lot of stuff so they may not have a | clear line of release it without a bunch of legal work. | Something like that can be done I am sure. But the cost would | be decently high. | | Also some interesting portions of the OS are under a 'view but | do not touch' license already. Such as MFC, ATL, and the CRT | and others. Depending on which SDK or Visual C++ you grab you | can get whole examples of interesting bits of the code. I know | for example one of the fun ones is the pipes screen saver code | is an example in one of the Visual C++ disks (5.0 I think). I | recompiled it years ago to make every joint a teapot and the | hard one to find was the bend. | mook wrote: | I was under the impression that at least the CRT part was | fine to modify. At least, Firefox used to ship a custom | version with jemalloc, I think (with the necessary patches | checked in as ed scripts so that they could avoid having the | original source in the repository). | easton wrote: | Why wouldn't they just release Windows 10 instead? They don't | "need" the money (because any self-respecting IT department | that has a modicum of budget will pay for Microsoft 365, where | they almost give away the Windows licenses and support, or have | a SA license), so the only people still really buying Windows | are home users with their laptops. Enthusiasts could maybe | submit pull requests, and they could get rid of even more in- | house dev/QA staff. It's the latest version of the kernel, so | new drivers work. And they are still patching it. | | The real money is in Azure/Office/MSSQL anyway. | ThrowawayR2 wrote: | Even if somehow the leaked XP code were legitimized, it | wouldn't do anybody much good since the driver model has | changed significantly since XP and none of the hardware OEMs | are going to go back to producing XP compatible drivers again. | Kuraj wrote: | > m$ | | What is it, 2000? | tus88 wrote: | I wonder what percent of Win10 matches this code...I am guessing | about 90%. | sschueller wrote: | I thought Windows 7 was a significant rewrite. | monocasa wrote: | Vista was, yeah. 7 was mainly cleaning up Visa. | [deleted] | Causality1 wrote: | Fascinating. I would love for there to exist a fully-patched | version of XP to run on classic computers. | monksy wrote: | So when will we start getting pull requests against it? | gjsman-1000 wrote: | If it was ever put on GitHub, Microsoft would take it down | instantly. I don't think anyone would get away with filing a | PR. | | At the same time though, that would be hilarious. Someone is | going to do it just so they can claim that they were the first | person unauthorized by Microsoft to ever file a PR on | Windows... | monksy wrote: | It's probably already in github ;) (MS owns github) | LockAndLol wrote: | It doesn't have to be hosted on Github. Gitlab can run in I2P | so it's possible to do all the development in the darknet. | | Not sure how big the repo would be though... | ohgreatwtf wrote: | all we need now is a neural network that generates code that does | the same thing but looks different | ohgreatwtf wrote: | all we need now is a neural network that can look at source and | generate new code that does the same thing but differently | dang wrote: | We changed the url from | https://www.bleepingcomputer.com/news/microsoft/windows-xp-a... | to what appears to be the original source. | tus88 wrote: | But not the original sauce. | Kuraj wrote: | I'm very tempted to look up and download that bundle, but it | sounds like something that could potentially cause me _a lot_ of | legal problems. | akerro wrote: | Overall it's 46Gb, a few thousands of IPs were downloading it | the day it was released. | duskwuff wrote: | The majority of that torrent was junk -- something like 20 GB | of Microsoft's (freely available) patents downloaded from the | USPTO, a couple of DVD rips of documentaries tangentially | related to Microsoft (like Revolution OS), and a bunch of | wacky conspiracy videos downloaded from YouTube (Bill Gates | 5G nanoprobe vaccines, etc). | | All of the actual content was available elsewhere as much | smaller downloads. In particular, the Windows 2000 and XP | leaks are distributed as a single 3 GB archive ("nt5src.7z"). | crakenzak wrote: | boot up a VPN and download the torrent. | znpy wrote: | It's a pity no one has leaked the msn server and client source | code yet. I loved it so much when I was a teenager. | rzzzt wrote: | Michael MJD has a video on Escargot, which hosts a server | instance that knows how to talk to clients using the MSN | protocol (official clients need to be modified, however, so | connection attempts don't go to the now defunct servers): | https://youtu.be/yrvNyvFwCJg | | Source code is available at https://gitlab.com/escargot-chat . | Fabricio20 wrote: | This just made my day, I was having some nostalgia on windows | xp last week and was pretty sad MSN wouldn't open. | | Thanks for sharing, will look into it! | peterburkimsher wrote: | I set up a local Escargot server for chatting with homestay | family kids aged 6 and 9 (too young for having their own | email accounts). | | They had a LOT of fun with the fonts and animations, dancing | pigs and that kind of thing. | | The trouble is, Escargot is a real pain to set up. | Certificates need to be patched into the hosts file every 30 | days. The server must run on Windows 7 x64. The Windows XP | client never worked for me; only on Windows 7 x32 and Windows | 10. | | If I were able to run an Escargot server from my MacBook Pro, | that would make it a whole lot more fun. In practice it takes | me hours just to set it up, while they'd rather be playing. | derefr wrote: | > official clients need to be modified, however, so | connection attempts don't go to the now defunct servers | | Presuming they don't use any form of encryption (and I think | that's a safe assumption for that era), one could keep the | clients official, while routing the packets themselves using | a virtual Ethernet driver (or via software-defined routing, | if the relevant copy of Windows is running in a VM.) | boardwaalk wrote: | Using hosts.txt or a local DNS server seems simpler. | parliament32 wrote: | You just need a destination NAT. One liner in iptables, not | sure what the MS equivalent would be. | znpy wrote: | this is unbelievable, thank you!! | culopatin wrote: | Having extensively used MSN in the early 2000s, I bang my head | every time I use Skype at work. How could they make such a | terrible IM app after having made MSN? I just don't get it. | brnt wrote: | I used Zone.com, not just for gaming but just chat too. Never | got used to that newfangled MSN. Remember the UI to this day | too. | [deleted] | vbezhenar wrote: | Having used Skype before MS bought it I think the same. | | I remember when our office was cut from Internet. Many people | did not notice, because Skype kept working like nothing | happened. | 1023bytes wrote: | I wonder what impact this will have on ReactOS | google234123 wrote: | Most informed people have correctly guessed that the ReactOS | devs have used the old windows research kernel leak in their | development. | devthrowawy wrote: | Honestly it would be dumb not to. ReactOS is basically a toy, | why take what they're doing so seriously? | ironmagma wrote: | ReactOS has always taken a "we will rebuild anything from | complete ignorance of the source" approach, precisely because | of the legal liabilities. They are so good at it though, that | people at Microsoft have actually claimed that the developers | must have source code access. | ed_elliott_asc wrote: | I had windows source code access (read) about 2005 but | because of that I am not allowed to contribute to ReactOS | even today. | debian_lover wrote: | Contribute anonymously | akerro wrote: | Is that part of your NDA? | saagarjha wrote: | No, this is something ReactOS does themselves: | https://reactos.org/project-news/reset-reboot-restart- | legal-... | belltaco wrote: | >that people at Microsoft have actually claimed that the | developers must have source code access. | | Source? | | Arent decompilers and disassemblers pretty good today anyway? | concernedctzn wrote: | Legally they can't even use those, React does a totally | blackbox reimplementation | soganess wrote: | Wait, pardon my ignorance, but isn't a decompiler | required for the kind of work they do at react? | | Person A's Job: | | - Decompile shit. | | - Then write down the names of the functions with (1) | input, (2) output, (3) a description of what person a | think the code is doing (4) any side effect / | preconditions / post conditions they can deduce. | | Person B's Job: | | - Take the spec created by person A and write code. | | while(missingFunctionality.hasNext): goto Person A's Job | saagarjha wrote: | It is and the split between person A doing the first part | and person B doing the second part is important in a | "clean room" reimplementation in the US. | rootw0rm wrote: | decompiler vs. disassembler is an important distinction | here | opencl wrote: | A lot of stuff is based or observing the Windows | functionality in a debugger, or Microsoft's API | documentation. | dosshell wrote: | A source: https://news.ycombinator.com/item?id=20341022 | phoe-krk wrote: | Same as Wine: none, since they are required to be 100% black- | box reimplementations. No one who contributes to Wine is | allowed to even look at the original Microsoft source code. | Sohcahtoa82 wrote: | Don't you mean black-box reimplementations? White box would | mean they have access to and use the source code. Black box | means they don't. | phoe-krk wrote: | Thanks; fixed the original post. | aloknnikhil wrote: | Curious, how do they enforce this? Or is it just assumed in | good faith? | Bancakes wrote: | While I haven't seen such a case, I can imagine a mailing | list 'leaking' with posts like "like the trick Windows did | for fast_malloc()" and such, then being summoned. | pmarin wrote: | https://en.m.wikipedia.org/wiki/ReactOS#Internal_audit | [deleted] | prepex wrote: | We're allowed to talk about this now? As soon as the leak | happened last week I posted a torrent and the HN mods took it | down in less than 15 minutes. | lostgame wrote: | There is a massive difference between discussion and posting of | direct links to torrents of said materials. | gjsman-1000 wrote: | Sharing the Torrent Link puts HN at legal risk. You are only | allowed to share commentary, not original torrent links. | ramshanker wrote: | I got "Sorry, you don't have permission for that!" | duskwuff wrote: | This is an ongoing, infuriating Twitter bug. Reload the page | and it'll show up properly. | whyfy wrote: | "Video unavailable This video is no longer available due to a | copyright claim by Microsoft Corporation." | iso8859-1 wrote: | It's basically just blogspam reporting that a YouTuber named | NTDEV posted two videos. His build of Win2003 was successful: | https://www.youtube.com/watch?v=bO0daYbti5g | | I hope your company firewall does not block YouTube. | gjsman-1000 wrote: | Now's your chance everybody: Someone has uploaded the source code | to GitHub, no torrent needed now. If you want to be the first | unauthorized person to ever file a PR against Windows, you have | the opportunity. | TomJansen wrote: | Not really true, there was a Windows XP repo on the darkweb | already | qwerty456127 wrote: | Hopefully this is going to boost ReactOS and Wine development. | dosshell wrote: | How would this help in a clean room implementation? | saagarjha wrote: | Perhaps if it spreads wide enough it will cease to be | considered a trade secret. | chabad360 wrote: | One man reads the code and writes docs based it. Everyone | else reads the docs. | gjsman-1000 wrote: | Whoa. I thought when that was leaked, that there would be no way | it would be able to compile or, well, run without Microsoft's | extensive and extremely complicated build setup. What an | accomplishment. | derefr wrote: | I believe Microsoft's internal build toolchain was part of the | leak. Looks like the particular tool used wasn't part of the | centralized CI system, but rather one intended to be used to | time how long builds take (guessing: intended to be run on the | developer's workstation as a pre-checkin checklist step, in | order to avoid committing code that bloats CI build-time?) | mdriley wrote: | Heh, nope, `timebuild.pl` is the canonical entrypoint for an | "official" Windows build, and has been for a very long time. | It's a hideously elaborate dependency resolver and task | runner that is responsible for tying together all the various | build steps necessary to create an installable OS. | | refs: | https://web.itu.edu.tr/~dalyanda/mssecrets/other/Startup.htm | In order to perform these operations, execute the following | command from within a razzle window, whose current directory | is %sdxroot%. * perl tools\timebuild.pl | | https://careers.microsoft.com/us/en/job/869511 | Experience with "Timebuild", razzle, and the Windows build | system | iso8859-1 wrote: | Which build of Perl is used inside Microsoft? ActiveState? | Strawberry? | saagarjha wrote: | That job description is strange to me-how could they ask | for experience with an internal tool? Is it just a | filtering mechanism to hire ex-Microsoft employees? This | seems like an Apple job posting asking for experience with | XBS, or an Amazon one asking for Brazil familiarity-unless | this has been published in some form to the public, like | Google and Facebook have done? | | > #gamingjobs | | Heh. Someone needs to tell Microsoft recruiting to dial | back the "fellow kids" :P | cartoonfoxes wrote: | Seems perfectly legitimate to me. Returning, former | employees, are a thing. | bri3d wrote: | Most large companies, for various legal, policy, and | compliance reasons, require job requisitions to be posted | externally in order to be posted for internal hiring and | vice versa. This job listing is probably intended to make | an internal hire. | iso8859-1 wrote: | But why not list it as a "required" qualification then? | This way, people will apply because they think it isn't | necessary. | throwaway0a5e wrote: | Because some middle manager is likely filling out a web | form with zero regard for accuracy because it's just a | formality they already have someone in mind and HR is | gonna bin all the resumes anyway. | ghaff wrote: | People will apply anyway because so many requirements | aren't. | | Also, people do boomerang to companies they've worked at | before. | thisisnico wrote: | I've seen companies list x number of requirements and | hire someone that doesn't meet any of the "requirements". | easton wrote: | They do it if there is a candidate(s) internally they | want to hire, but HR requires (either because of laws or | internal policy) that they also look for outside | candidates. The outsiders won't pass the screening | because they don't have experience with the required | tool, and the team gets to hire the person they wanted | anyway. | crmd wrote: | That's exactly what it is. I worked at IBM many moons | ago, and at one point was asked to create a list of job | requirements that would ensure I was provably the only | person in the world who met the constraints. Big | companies are weird, man. | TeMPOraL wrote: | It's also how procurement works in the public sector. | Either of their own, or with a help of an external | consultant, public sector workers will create a set of | requirements that are tailored to fit a particular | desired supplier, with a bunch of extra bullshit | requirements thrown in so that _technically_ allows other | competitors, and doesn 't look obviously illegal. | saagarjha wrote: | I wonder if you can still apply if you're managed to sus | out the requisite experience through reverse | engineering... | R0b0t1 wrote: | Depends, some places only want to count experience if it | can be linked to hours you billed. | Nextgrid wrote: | How would this comply with the law if an external | candidate would have no chance to pass anyway (due to | work experience required with an internal tool not | available to the public)? | | Wouldn't posting a job that an external candidate has no | chance of obtaining still violate the intent of that law? | ponker wrote: | There can be external candidates with that qualification. | In general the standard is "Bona Fide occupational | qualification" which means that you have a legitimate | reason for the requirement. For a college hire this would | likely not suffice ... you can teach a college hire what | they need to know. For the engineering director running | the project it very well might be. | yodsanklai wrote: | Incidentally, a bunch of people outside Microsoft had | access to these tools (e.g. academics). | vlang1dot0 wrote: | Who outside of Microsoft is going to have experience with | the Windows build system? | | Is this like recruiters looking for 20 years of Go | experience lol? | [deleted] | unixhero wrote: | I am far from a Microsoft zealot. But this is damn awesome. | blibble wrote: | maybe someone will finally port Pinball to X64, given MS didn't | seem capable (at least in the time allotted) | | https://devblogs.microsoft.com/oldnewthing/20121218-00/?p=58... | mappu wrote: | It's not true, though, a 64-bit pinball binary is included on | the Windows XP 64-bit media. | | I had posted this on the Old New Thing comments at the time, | but comments on all old posts were lost in the blog transition. | quietbritishjim wrote: | Here is the original post with comments: | | https://web.archive.org/web/20190108095105/https://blogs.msd. | .. | Lammy wrote: | Which XP 64-bit release? (IA-64, x86-64, both?) | carabiner wrote: | I keep thinking about this. | anticensor wrote: | There are huge changes to numeric code needed as some floating | point calculations were borderline working. | soylentcola wrote: | Are you talking about "3D Pinball"? Looking around it seems to | be available for later versions of Windows (but I didn't look | into the details of whether it's a port or something else). | sebazzz wrote: | Surely it can be run in compatibility mode on modern Windows? | GranPC wrote: | I think the Pinball source code was not included in the leaks, | possibly because it was developed by an external company. | aap_ wrote: | It's included in the the NT 3.5 leak. | EamonnMR wrote: | It was developed by Maxis I believe. | sli wrote: | Correct. It was a single table, or at least a version of | it, from a Maxis pinball game called Full Tilt! Pinball. | | https://en.wikipedia.org/wiki/Full_Tilt!_Pinball | Fabricio20 wrote: | 3D Pinball can at least run on modern windows, literally just | copy-paste from Windows XP and it will run. | | They don't make software like they used to! /s | 0df8dkdf wrote: | what about MS Paint? There is a bug in there were you can draw | with the background DVD video. Would love to have that | bug/feature. | CodesInChaos wrote: | Isn't that just one particular color close to black serving | as mask for the dvd renderer overlay? | holidayacct wrote: | The Russian government compromised Microsoft in early 2000 and | the source code for windows 2K XP and 2003 were all leaked on | usenet over a decade ago. Why is this news? | fourseventy wrote: | I came here to say that as well... | muterad_murilax wrote: | I am not aware of any earlier publicly documented attempts to | build XP from leaked sources. | SSLy wrote: | >Why is this news? | | Because the more general public (for a certain degree of | generality) apparently didn't know about this until this week. | Usenet is now seen mostly as a device for good ol' piracy. | dilyevsky wrote: | I suspect msft provides sources (for audit) to governments all | over the world if they want the contract. | thrownaway954 wrote: | everyone working on ReactOS must be drooling right now, though | they can't even peek at the source without risk of going through | another audit. | crazypython wrote: | Is ReactOS allowed to read documentation written by people who | read the source code? | appleflaxen wrote: | It's dependent on the jurisdiction, but in the US: yes | McGlockenshire wrote: | Back in the day, IBM published technical documentation (and | assembly source? It's been a while) on the 5150 Personal | Computer BIOS. The first PC clone BIOSes were created by having | a team re-document how the BIOS worked from IBM's docs, and | then having an entirely separate team create new code from that | documentation. | | How useful would this technique be to the ReactOS and Wine | teams? Are there things that they don't know how to make work | correctly that this source leak could help them with? | fizixer wrote: | I learnt about this technique in Triumph of the Nerds[0] long | time ago. | | [0] https://www.imdb.com/title/tt0115398 | rzzzt wrote: | They are doing this (clean room implementation) right now, | and very-very-very thoroughly trying to avoid coming in | contact with source code leaks in any shape or form: | https://reactos.org/wiki/Audit | thrownaway954 wrote: | They were called red books ;) i loved reading through them | even though i didn't know assembly and often the content was | waaaaaaaay over my fragile little mind. | | https://en.wikipedia.org/wiki/IBM_Redbooks | google234123 wrote: | The windows research kernel has been leaked for more than a | decade. It's actually quite clear that ReactOS has been taking | a look. | EvanAnderson wrote: | I have nothing to do with ReactOS, but I've heard this | allegation made many times on HN, but I have yet to see | anyone point to a hard example. Some of the allegations | relate to symbol names, but Microsoft has leaked private | symbol names in the past[1]. | | [1] https://kobyk.wordpress.com/2008/10/29/oops-microsoft- | privat... ___________________________________________________________________ (page generated 2020-09-30 23:01 UTC)