The source code for Windows XP SP1 and other versions of the operating system was allegedly leaked online today.
The leaker claims to have spent the last two months compiling a collection of leaked Microsoft source code. This 43GB collection was then released today as a torrent on the 4chan forum.
This is a massive leak of old code, and other than Windows XP, it also includes Windows Server 2003 and various versions of MS-DOS and Windows CE. One of the funnier tidbits we’ve already learned from the leak is that Microsoft was working on a Mac OS X Aqua theme for Windows XP, probably just to see if they could.
I doubt much of this code will be useful to any serious projects, since no serious developer working on things like ReactOS or Wine will want to be found anywhere near this code. That being said, individuals, tinkerers, and those crazy people still making community-updated builds of Windows XP will have a field day with this stuff.
I don’t know that it’s useful either, but could help security researchers retroactively search for backdoors.
It makes me wonder what people would do with it if it was a current version of windows that got leaked.
I suppose the ReactOS developers will be quite happy though!
I’d expect that ReactOS developers are very annoyed, because leaks like this make it harder for them to ensure none of Microsoft’s work makes its way into ReactOS. One volunteer with good intentions is all it would take for the entire project to get sued into non-existence.
No, interesting to understand why their code should work but doesn’t and check into the leak only to find out there was ‘anti competition caveats and cheats’.
Brendan,
The inverse is possible too, microsoft may be infringing on other people’s source code too. To be absolutely clear I don’t know of any specific incident, but to the extent that some developers do copy code and microsoft has hired lots of developers over the years, it’s statically probable that there’s some of that in windows. That said, it’s probably next to impossible to find without incriminating clues (aka “This code copyright 1995 Sun microsystems”).
I can’t be bothered to download a 43GB archive, but if anyone does I am curious if there’s any comments referring to microsoft’s competitors in the source code.
Possibly; but I’m not sure who they’d copy code from (OS/2? No, that was half Microsoft’s anyway. VMS? Unlikely. CP/M? Maybe if it was MS-DOS. Linux? The leaked code is before WSL got introduced so..); and Microsoft have their own annoying conventions (e,g, burying C/C++ types under their own types, like “LPVOID” because a “void *” is just too sensible, and “DWORD ” because “uint32_t” is too new and “u32” isn’t 80×86 enough) that’d make copying code hard.
Of course if Microsoft were caught “borrowing” someone else’s code, they’d probably just laugh and throw a few million $$ at it. ReactOS can’t do this. Heck, if I remember right, about 15 years ago they shut the whole project down for a year to do a full audit just because they suspected there might be a little “borrowed” code (without any accusation or any evidence that there was).
Brendan,
I was thinking more along the lines of an operating system’s ancillary functions, such as zip file decompression or something like it that’s kind of generic in nature. Sometimes employees tasked with solving a problem will take a shortcut by swiping the code from elsewhere rather than writing their own from scratch. Anyways, I think it’d be extremely hard to find specific examples unless they left searchable comments identifying a foreign origin.
I agree, the only way this would help ReactOS is if Microsoft decides that they might as well open source the code and so it becomes legally open source.
What’s the over/under of how long it will take someone to figure out how to build XP or WS 2003 from this source code.
No offense I doubt even Reactos wants it as they have more modern code. Then again who wants code from 10 years or more ago?
ReactOS is created through clean-room reverse engineering. That means that all reactOS source is written from scratch, using publicly available documentation and research. This is a legal reason, as even looking at the MS source code can imply that compatible code is a derivative of the original copyrighted code, and not independently written code.
This is actually a terrible thing for ReactOS, as MS derivative code could make its way into the ReactOS source base, and open them up to lawsuits.
No offence to reactos, but this code kind of actually works.
Software patents do not last forever, and most of this stuff would have been filed long long before 2003 and I presume in most jurisdictions the patents have a 20 year shelf life.
While the code itself might not be useful, it’s more than very useful for a group like ReactOS when designing compatible solutions.
Secondly, there is risk for both the likes of ReactOS going forward and for MS looking back. MS would be hoping that none of that original OS code is found to be derivative of Unix or Netware, etc., etc..
”’While the code itself might not be useful, it’s more than very useful for a group like ReactOS when designing compatible solutions.
cpcf not useful at all to projects like Reactos or wine. Problem is copyright law. Leaked source code is a stolen copyright work. Copyright is valid for 70+ years so its not expired. You based what you are doing on a stolen copyright work what you make is a derivative work because you could not have made it without the theft right. So what ever work you make based on leaked windows source code effectively is copyright infringement against Microsoft.l Yes Microsoft legally can sue anyone using anything based off that leaked source code even if none of Microsoft code is there in the work that gets distributed.
Yes its a very different thing to apply a disassembler to copy of Windows you bought and write documentation how it works that then Reactos/Wine developers can use because there was no stolen copyright work.
Stolen copyright work really changes the rules.
Not at all, copyright must not be confused with knowledge.
To be derivative it has to use / reuse some of the code, be it a function or a label, the knowledge contained in the copy isn’t covered by copyright. Your free to solve those same problem as many ways as you can imagine.
Lawyers will of course argue differently, but that is more about deep pockets than a concept in law. They want copyright to be retrospectively like buying a book, you pay before you read, but software copyright is not like that, it’s pay before you use.
It’s a bit like file formats, anybody is free to read them and do what they like with the knowledge and data contained therein, you gain all the knowledge in the container from reading it but you can’t write it without permission!
cpcf the problem is “Misappropriation” part of laws this alters when item you are using technically has not been acquired legally. The work being stolen automatically has full Misappropriation.
https://en.wikipedia.org/wiki/Misappropriation_doctrine
Building a foundation on a Misappropriated work is path to legal doom.
https://en.wikipedia.org/wiki/Son_of_Sam_law
You are not legally allowed to profit from a crime.
–To be derivative it has to use / reuse some of the code, be it a function or a label, the knowledge contained in the copy isn’t covered by copyright.–
One problem here the this allowance of copyright are nuked by Son of Sam and Misappropriation doctrine for a stolen/leaked work. Stolen/leaked works moves you out of copyright law defines and into criminal/felony defines. Son of Sam changes derivative big time its a derivative if you used any knowledge from the leaked/stolen work when Son of Sam is in play because you cannot profit in anyway from a crime. Yes the knowledge itself comes protected when you acquire illegally.
USA Copyright law does not prevent Son of Sam and Misappropriation doctrine from being applied in copyright cases in the USA in cases of stolen or leaked intellectual property.
–They want copyright to be retrospectively like buying a book, you pay before you read, but software copyright is not like that, it’s pay before you use.–
This by case example does not case when the work is stolen.
Lets say someone signs NDA with Microsoft to see windows source code then documents what they signed and publishes their written documentation. Yes Microsoft can taken them for breach of NDA but the work they produced would be legal to base on because there was no stolen/leaked works. This completely changes if they leak the source code they got access to under NDA. You are legally not allow to profit from leaking/thief.
To give you a more real example. You go into a book store you steal a book you proceed to write a new book based on what you learnt from that stolen book. Now you get caught are you legally allowed to keep any profits from the book you wrote in that case. Son of Sam says absolutely no. Misappropriation doctrine says no. Now it comes who does the money for that book go it the Copyright law comes into play the book author who book you stolen comes the one due the money.
Leaked/stolen source is playing with a very legally dangerous item.
oiaohm,
Both you and cpcf make valid points, however the thing is that while we can spout legal theories all day long and lawyers can throw them at the wall in court…at the end of the day the practice of law is anything but absolute. It’s sort of a crap shoot that comes down to which court handles the case and the legal rebuttal by the opposing legal team could be stronger. There’s just no certainty of winning because courts can and do issue inconsistent verdicts and there’s always uncertainty when going to trial even assuming all the facts are known going in. Upper courts can even change decades of legal precedent.
At least patents are generally expired, but on the other hand reactos is on shakier ground today than when it started due to the new issues with API copyrights. It sucks but even though they’ve taken great lengths not to copy the implementation, as a clone they could be sued for copying the API. I don’t believe a react-os lawsuit would benefit microsoft right now; it would be bad press plus there’s no money there. Still, if it came to pass, nobody knows who would win for sure. The case could even set new precedents of it’s own. I’d be very concerned over react-os’s ability afford legal representation in what could be a long drawn out legal battle, It could easily escalate to millions in corporate legal fees every year.
I have no comment on the source code leak it self. However. That “Aqua Theme” that can they were working on. I think it was avaliable for download somewere in the mid-00’s. I perfectly remember having a theme that was downloadable from somewere that you were able to install like any other piece of software.
There was a few “Aqua” themes for Windows XP created by 3rd parties. I think the big deal here, is that Microsoft themselves developed one.
I had to dig around, as I have not used it since Win7 was released….
The theme that I remembered, was not Aqua theme or anything Apple-copy-lookalike. The name was Royale, and was created by Microsoft. There were a couple of other themes avaliable for download as far as I remember, created by MS as well. It is just so many years ago, and I went through Win7 and switched to Linux in 2016. Hard to remember things correctly, and good that stuff can be googled. 🙂
I’m not entering the debate about theft, because well it’s theft, but the knowledge that comes out of theft is a different matter, like wikileaks.
As for copyright, we do not pay the professors or lecturers who taught us to code or solder any commission, the knowledge they imparted , which perhaps itself came from a book earns no income from us or any other student, yet all our work is fundamentally derivative of it all.
When I read my Calculus text as a refresher the problem I then solve owes nothing to the authors.
In this way organisations like ReactOS can benefit from the knowledge exposed in that theft, without doing anything illegal. It’s fundamentally what Open Source is all about, knowledge!
But I do wonder, is it theft or is it a whistle-blower, both I suppose? Ultimately, I can mostly see harm coming out of this and it that respect it’s no good, but some will benefit.
This is kind of like when the Amiga workbench source leaked. Projects like AROS got a little nervous, as they wouldn’t want copyrighted code into the project. Funny thing about that though is there would definitely be parts of it that’d be unusable, as I think workbench is mostly assembly and C, and at least the assembly bits wouldn’t do much good as they’d be written for 68k processors.
But really, everyone is talking about ReactOS and mention Wine, but sounds like MS-DOS is also in this bundle? I saw this video about AARD earlier today https://www.youtube.com/watch?v=TIfNIWn2Ad4 How’s that for older Microsoft? What about FreeDOS? I mean there are a lot of open source projects attempting to recreate Microsoft’s software.