Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > MS stolen source code

Reply
Thread Tools

MS stolen source code

 
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      11-11-2004
Wasnt there meant to be some melt down caused by this? something about
how it was going to be sloppy code full of security holes and back doors?

maybe it was clean and tidy?

Did I miss something in the news?
 
Reply With Quote
 
 
 
 
Mr Scebe
Guest
Posts: n/a
 
      11-11-2004

"Matthew Poole" <(E-Mail Removed)> wrote in message
news:cn0fb4$dju$(E-Mail Removed)...
> In article <(E-Mail Removed)>, "Dave - Dave.net.nz"

<(E-Mail Removed)> wrote:
> >Wasnt there meant to be some melt down caused by this? something about
> >how it was going to be sloppy code full of security holes and back doors?
> >
> >maybe it was clean and tidy?
> >

> The concensus was that it wasn't particuarly tidy. Even some comments
> about MS hating the OSS model because it would mean their sloppy coding
> would see the light of day.


Ah the haters and wreckers rear their ugly heads. And what do you base this
on, softcock? All the reports i have read say that the code was well
written, and a lot considering how many applications it had to deal with.
For example:
http://www.kuro5hin.org/story/2004/2/15/71552/7795

"Quality
Despite the above, the quality of the code is generally excellent. Modules
are small, and procedures generally fit on a single screen. The commenting
is very detailed about intentions, but doesn't fall into "add one to i"
redundancy.
There is some variety in the commenting style. Sometimes blocks use a // at
every line, sometimes the /* */ style. In some modules functions have a
history, some do not. Some functions describe their variables in a comment
block, some don't. Microsoft appears not to have fallen into the trap of
enforcing over-rigid standards or universal use of over-complicated
automatic tools. They seem to trust their developers to comment well, and
they do."

While the article is not all praise, it does provide a valuable insight into
how MS codes it's operating system, and as an extension, why that operating
system works so well.


--
Mr Scebe
Losersh always whine about their 'besht'.
Winnersh go home and **** the prom queen".
~Sean Connery in "The Rock"


 
Reply With Quote
 
 
 
 
Matthew Poole
Guest
Posts: n/a
 
      11-11-2004
In article <(E-Mail Removed)>, "Dave - Dave.net.nz" <(E-Mail Removed)> wrote:
>Wasnt there meant to be some melt down caused by this? something about
>how it was going to be sloppy code full of security holes and back doors?
>
>maybe it was clean and tidy?
>

The concensus was that it wasn't particuarly tidy. Even some comments
about MS hating the OSS model because it would mean their sloppy coding
would see the light of day.

>Did I miss something in the news?

It's hard to tell. One MS vulnerability looks much like any other.
It's not like they've been getting away unscathed on the security front,
but nobody's going to say that they found a vulnerability by looking
through the code because they would then be admitting having been in
posession of the code.

--
Matthew Poole Auckland, New Zealand
"Veni, vidi, velcro...
I came, I saw, I stuck around"

My real e-mail is mattATp00leDOTnet
 
Reply With Quote
 
Brett Roberts
Guest
Posts: n/a
 
      11-11-2004
"Matthew Poole" <(E-Mail Removed)> wrote in message
news:cn0fb4$dju$(E-Mail Removed)...
> In article <(E-Mail Removed)>, "Dave - Dave.net.nz"
> <(E-Mail Removed)> wrote:
>>Wasnt there meant to be some melt down caused by this? something about
>>how it was going to be sloppy code full of security holes and back doors?
>>
>>maybe it was clean and tidy?
>>

> The concensus was that it wasn't particuarly tidy. Even some comments
> about MS hating the OSS model because it would mean their sloppy coding
> would see the light of day.
>
>>Did I miss something in the news?

> It's hard to tell. One MS vulnerability looks much like any other.
> It's not like they've been getting away unscathed on the security front,
> but nobody's going to say that they found a vulnerability by looking
> through the code because they would then be admitting having been in
> posession of the code.
>
> --
> Matthew Poole Auckland, New Zealand
> "Veni, vidi, velcro...
> I came, I saw, I stuck around"
>
> My real e-mail is mattATp00leDOTnet


I love that fluffy "the consesus was" comment, if I tried that sort of thing
I'm sure the FUD Police would come down on me like a ton of bricks
Just to set the record straight, Microsoft source code is made available to
a wide variety of academic institutions, OEM's, governments, developers and
customers via the Shared Source initiative and others.

As for "the security front" you might be interested to know that YTD there
have been 18 security advisories for Windows Server 2003 Enterprise Edition,
84 for RedHat Enterprise Linux AS3, 20 for OpenBSD and 159 for Debian. This
is freely-available data from Secunia www.secunia.com (and no we didn't pay
for it)

Brett Roberts
Microsoft NZ


 
Reply With Quote
 
Chris Hope
Guest
Posts: n/a
 
      11-11-2004
Brett Roberts wrote:

> "Matthew Poole" <(E-Mail Removed)> wrote in message
> news:cn0fb4$dju$(E-Mail Removed)...
>> In article <(E-Mail Removed)>, "Dave - Dave.net.nz"
>> <(E-Mail Removed)> wrote:
>>>Wasnt there meant to be some melt down caused by this? something about
>>>how it was going to be sloppy code full of security holes and back doors?
>>>
>>>maybe it was clean and tidy?
>>>

>> The concensus was that it wasn't particuarly tidy. Even some comments
>> about MS hating the OSS model because it would mean their sloppy coding
>> would see the light of day.
>>
>>>Did I miss something in the news?

>> It's hard to tell. One MS vulnerability looks much like any other.
>> It's not like they've been getting away unscathed on the security front,
>> but nobody's going to say that they found a vulnerability by looking
>> through the code because they would then be admitting having been in
>> posession of the code.
>>
>> --
>> Matthew Poole Auckland, New Zealand
>> "Veni, vidi, velcro...
>> I came, I saw, I stuck around"
>>
>> My real e-mail is mattATp00leDOTnet

>
> I love that fluffy "the consesus was" comment, if I tried that sort of
> thing
> I'm sure the FUD Police would come down on me like a ton of bricks
> Just to set the record straight, Microsoft source code is made available
> to a wide variety of academic institutions, OEM's, governments, developers
> and customers via the Shared Source initiative and others.
>
> As for "the security front" you might be interested to know that YTD there
> have been 18 security advisories for Windows Server 2003 Enterprise
> Edition, 84 for RedHat Enterprise Linux AS3, 20 for OpenBSD and 159 for
> Debian. This is freely-available data from Secunia www.secunia.com (and no
> we didn't pay
> for it)


Well let's see now, we'll have a look at some of these security advisories
for RedHat Enterprise Linux AS3 shall we?

Red Hat update for mysql-server. Hmm, this isn't part of Linux but is a 3rd
party database server. I'm betting that security advisories for Windows
don't include MSSQL Server (or MySQL for that matter, which will run on
Windows as well as Linux and other Unix based systems).

Red Hat update for xpdf. Again, an additional 3rd party application, this
one for viewing pdfs. Probably not something you'd even install if you're
using it as a server.

Red Hat update for gaim. Instant messaging software. Again, you probably
wouldn't install this.

Red Hat update for openoffice.org. Office application software. Again, you
probably wouldn't install this.

I am not going to argue either way whether I think MS/Linux/OpenBSD etc is
more secure, but you have to be wary of statistics like this when you are
comparing apples with oranges. Windows (apples) comes with server software
only (nothing wrong with this of course) so the security advisories only
deal with this. A Linux distro (oranges) comes with dozens/hundreds of 3rd
party applications for doing just about everything, and these may or may
not be installed when you set the it up. I know I wouldn't be setting up
xpdf, openoffice or gaim on my RHEL AS3 server if I were using it for
serving files or websites etc, so these vulnerabilities would not affect
me.

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/
 
Reply With Quote
 
Brett Roberts
Guest
Posts: n/a
 
      11-12-2004

"Chris Hope" <(E-Mail Removed)> wrote in message
news:1100217523_14698@216.128.74.129...
> Brett Roberts wrote:
>
>> "Matthew Poole" <(E-Mail Removed)> wrote in message
>> news:cn0fb4$dju$(E-Mail Removed)...
>>> In article <(E-Mail Removed)>, "Dave - Dave.net.nz"
>>> <(E-Mail Removed)> wrote:
>>>>Wasnt there meant to be some melt down caused by this? something about
>>>>how it was going to be sloppy code full of security holes and back
>>>>doors?
>>>>
>>>>maybe it was clean and tidy?
>>>>
>>> The concensus was that it wasn't particuarly tidy. Even some comments
>>> about MS hating the OSS model because it would mean their sloppy coding
>>> would see the light of day.
>>>
>>>>Did I miss something in the news?
>>> It's hard to tell. One MS vulnerability looks much like any other.
>>> It's not like they've been getting away unscathed on the security front,
>>> but nobody's going to say that they found a vulnerability by looking
>>> through the code because they would then be admitting having been in
>>> posession of the code.
>>>
>>> --
>>> Matthew Poole Auckland, New Zealand
>>> "Veni, vidi, velcro...
>>> I came, I saw, I stuck around"
>>>
>>> My real e-mail is mattATp00leDOTnet

>>
>> I love that fluffy "the consesus was" comment, if I tried that sort of
>> thing
>> I'm sure the FUD Police would come down on me like a ton of bricks
>> Just to set the record straight, Microsoft source code is made available
>> to a wide variety of academic institutions, OEM's, governments,
>> developers
>> and customers via the Shared Source initiative and others.
>>
>> As for "the security front" you might be interested to know that YTD
>> there
>> have been 18 security advisories for Windows Server 2003 Enterprise
>> Edition, 84 for RedHat Enterprise Linux AS3, 20 for OpenBSD and 159 for
>> Debian. This is freely-available data from Secunia www.secunia.com (and
>> no
>> we didn't pay
>> for it)

>
> Well let's see now, we'll have a look at some of these security advisories
> for RedHat Enterprise Linux AS3 shall we?
>
> Red Hat update for mysql-server. Hmm, this isn't part of Linux but is a
> 3rd
> party database server. I'm betting that security advisories for Windows
> don't include MSSQL Server (or MySQL for that matter, which will run on
> Windows as well as Linux and other Unix based systems).
>
> Red Hat update for xpdf. Again, an additional 3rd party application, this
> one for viewing pdfs. Probably not something you'd even install if you're
> using it as a server.
>
> Red Hat update for gaim. Instant messaging software. Again, you probably
> wouldn't install this.
>
> Red Hat update for openoffice.org. Office application software. Again, you
> probably wouldn't install this.
>
> I am not going to argue either way whether I think MS/Linux/OpenBSD etc is
> more secure, but you have to be wary of statistics like this when you are
> comparing apples with oranges. Windows (apples) comes with server software
> only (nothing wrong with this of course) so the security advisories only
> deal with this. A Linux distro (oranges) comes with dozens/hundreds of 3rd
> party applications for doing just about everything, and these may or may
> not be installed when you set the it up. I know I wouldn't be setting up
> xpdf, openoffice or gaim on my RHEL AS3 server if I were using it for
> serving files or websites etc, so these vulnerabilities would not affect
> me.
>
> --
> Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/


Are they part of the default install ?


 
Reply With Quote
 
tatties
Guest
Posts: n/a
 
      11-12-2004

"Brett Roberts" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...

>
> I love that fluffy "the consesus was" comment, if I tried that sort of
> thing I'm sure the FUD Police would come down on me like a ton of bricks
> Just to set the record straight, Microsoft source code is made
> available to a wide variety of academic institutions, OEM's, governments,
> developers and customers via the Shared Source initiative and others.
>
> As for "the security front" you might be interested to know that YTD there
> have been 18 security advisories for Windows Server 2003 Enterprise
> Edition, 84 for RedHat Enterprise Linux AS3, 20 for OpenBSD and 159 for
> Debian. This is freely-available data from Secunia www.secunia.com (and no
> we didn't pay for it)
>
> Brett Roberts
> Microsoft NZ
>


You and your marketers persist in deceptively comparing security advisories
for a base install of Windows Server 2003, to the security advisories of a
full linux distribution such as Debian containing 8700 packages. RHEL is
proportionately a smaller distribution with less packages.

You know this, so I would have to accept you are doing this on behalf of
your company in order to deceive us.
As a Microsoft customer this gives me no confidence in your integrity


 
Reply With Quote
 
Brett Roberts
Guest
Posts: n/a
 
      11-12-2004
"tatties" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Brett Roberts" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>
>>
>> I love that fluffy "the consesus was" comment, if I tried that sort of
>> thing I'm sure the FUD Police would come down on me like a ton of bricks
>> Just to set the record straight, Microsoft source code is made
>> available to a wide variety of academic institutions, OEM's, governments,
>> developers and customers via the Shared Source initiative and others.
>>
>> As for "the security front" you might be interested to know that YTD
>> there have been 18 security advisories for Windows Server 2003 Enterprise
>> Edition, 84 for RedHat Enterprise Linux AS3, 20 for OpenBSD and 159 for
>> Debian. This is freely-available data from Secunia www.secunia.com (and
>> no we didn't pay for it)
>>
>> Brett Roberts
>> Microsoft NZ
>>

>
> You and your marketers persist in deceptively comparing security
> advisories for a base install of Windows Server 2003, to the security
> advisories of a full linux distribution such as Debian containing 8700
> packages. RHEL is proportionately a smaller distribution with less
> packages.
>
> You know this, so I would have to accept you are doing this on behalf of
> your company in order to deceive us.
> As a Microsoft customer this gives me no confidence in your integrity
>


Actually it was the BSD one I found the most interesting as their strategy
is effectively one of minimising attack surface area by minimising what gets
installed.


 
Reply With Quote
 
Brett Roberts
Guest
Posts: n/a
 
      11-12-2004
"Allistar" <(E-Mail Removed)> wrote in message
news:tbTkd.947$(E-Mail Removed)...
> Brett Roberts wrote:
>
>>
>> "Chris Hope" <(E-Mail Removed)> wrote in message
>> news:1100217523_14698@216.128.74.129...
>>> Brett Roberts wrote:
>>>
>>>> "Matthew Poole" <(E-Mail Removed)> wrote in message
>>>> news:cn0fb4$dju$(E-Mail Removed)...
>>>>> In article <(E-Mail Removed)>, "Dave - Dave.net.nz"
>>>>> <(E-Mail Removed)> wrote:
>>>>>>Wasnt there meant to be some melt down caused by this? something about
>>>>>>how it was going to be sloppy code full of security holes and back
>>>>>>doors?
>>>>>>
>>>>>>maybe it was clean and tidy?
>>>>>>
>>>>> The concensus was that it wasn't particuarly tidy. Even some comments
>>>>> about MS hating the OSS model because it would mean their sloppy
>>>>> coding
>>>>> would see the light of day.
>>>>>
>>>>>>Did I miss something in the news?
>>>>> It's hard to tell. One MS vulnerability looks much like any other.
>>>>> It's not like they've been getting away unscathed on the security
>>>>> front, but nobody's going to say that they found a vulnerability by
>>>>> looking through the code because they would then be admitting having
>>>>> been in posession of the code.
>>>>>
>>>>> --
>>>>> Matthew Poole Auckland, New Zealand
>>>>> "Veni, vidi, velcro...
>>>>> I came, I saw, I stuck around"
>>>>>
>>>>> My real e-mail is mattATp00leDOTnet
>>>>
>>>> I love that fluffy "the consesus was" comment, if I tried that sort of
>>>> thing
>>>> I'm sure the FUD Police would come down on me like a ton of bricks
>>>> Just to set the record straight, Microsoft source code is made
>>>> available
>>>> to a wide variety of academic institutions, OEM's, governments,
>>>> developers
>>>> and customers via the Shared Source initiative and others.
>>>>
>>>> As for "the security front" you might be interested to know that YTD
>>>> there
>>>> have been 18 security advisories for Windows Server 2003 Enterprise
>>>> Edition, 84 for RedHat Enterprise Linux AS3, 20 for OpenBSD and 159 for
>>>> Debian. This is freely-available data from Secunia www.secunia.com (and
>>>> no
>>>> we didn't pay
>>>> for it)
>>>
>>> Well let's see now, we'll have a look at some of these security
>>> advisories for RedHat Enterprise Linux AS3 shall we?
>>>
>>> Red Hat update for mysql-server. Hmm, this isn't part of Linux but is a
>>> 3rd
>>> party database server. I'm betting that security advisories for Windows
>>> don't include MSSQL Server (or MySQL for that matter, which will run on
>>> Windows as well as Linux and other Unix based systems).
>>>
>>> Red Hat update for xpdf. Again, an additional 3rd party application,
>>> this
>>> one for viewing pdfs. Probably not something you'd even install if
>>> you're
>>> using it as a server.
>>>
>>> Red Hat update for gaim. Instant messaging software. Again, you probably
>>> wouldn't install this.
>>>
>>> Red Hat update for openoffice.org. Office application software. Again,
>>> you probably wouldn't install this.
>>>
>>> I am not going to argue either way whether I think MS/Linux/OpenBSD etc
>>> is more secure, but you have to be wary of statistics like this when you
>>> are comparing apples with oranges. Windows (apples) comes with server
>>> software only (nothing wrong with this of course) so the security
>>> advisories only deal with this. A Linux distro (oranges) comes with
>>> dozens/hundreds of 3rd party applications for doing just about
>>> everything, and these may or may not be installed when you set the it
>>> up.
>>> I know I wouldn't be setting up xpdf, openoffice or gaim on my RHEL AS3
>>> server if I were using it for serving files or websites etc, so these
>>> vulnerabilities would not affect me.
>>>
>>> --
>>> Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/

>>
>> Are they part of the default install ?

>
> I'm pretty sure it would install what you tell it to install. I've never
> installed Redhat before, but have Mandrake and Gentoo (both many times)
> and
> you always have the option of what to include/exclude.
>
> Allistar.


Yes, it's the same for most software I guess however I would venture that
the majority of installations (60% ? 80% ?) of any software are default
installs.


 
Reply With Quote
 
Allistar
Guest
Posts: n/a
 
      11-12-2004
Brett Roberts wrote:

>
> "Chris Hope" <(E-Mail Removed)> wrote in message
> news:1100217523_14698@216.128.74.129...
>> Brett Roberts wrote:
>>
>>> "Matthew Poole" <(E-Mail Removed)> wrote in message
>>> news:cn0fb4$dju$(E-Mail Removed)...
>>>> In article <(E-Mail Removed)>, "Dave - Dave.net.nz"
>>>> <(E-Mail Removed)> wrote:
>>>>>Wasnt there meant to be some melt down caused by this? something about
>>>>>how it was going to be sloppy code full of security holes and back
>>>>>doors?
>>>>>
>>>>>maybe it was clean and tidy?
>>>>>
>>>> The concensus was that it wasn't particuarly tidy. Even some comments
>>>> about MS hating the OSS model because it would mean their sloppy coding
>>>> would see the light of day.
>>>>
>>>>>Did I miss something in the news?
>>>> It's hard to tell. One MS vulnerability looks much like any other.
>>>> It's not like they've been getting away unscathed on the security
>>>> front, but nobody's going to say that they found a vulnerability by
>>>> looking through the code because they would then be admitting having
>>>> been in posession of the code.
>>>>
>>>> --
>>>> Matthew Poole Auckland, New Zealand
>>>> "Veni, vidi, velcro...
>>>> I came, I saw, I stuck around"
>>>>
>>>> My real e-mail is mattATp00leDOTnet
>>>
>>> I love that fluffy "the consesus was" comment, if I tried that sort of
>>> thing
>>> I'm sure the FUD Police would come down on me like a ton of bricks
>>> Just to set the record straight, Microsoft source code is made available
>>> to a wide variety of academic institutions, OEM's, governments,
>>> developers
>>> and customers via the Shared Source initiative and others.
>>>
>>> As for "the security front" you might be interested to know that YTD
>>> there
>>> have been 18 security advisories for Windows Server 2003 Enterprise
>>> Edition, 84 for RedHat Enterprise Linux AS3, 20 for OpenBSD and 159 for
>>> Debian. This is freely-available data from Secunia www.secunia.com (and
>>> no
>>> we didn't pay
>>> for it)

>>
>> Well let's see now, we'll have a look at some of these security
>> advisories for RedHat Enterprise Linux AS3 shall we?
>>
>> Red Hat update for mysql-server. Hmm, this isn't part of Linux but is a
>> 3rd
>> party database server. I'm betting that security advisories for Windows
>> don't include MSSQL Server (or MySQL for that matter, which will run on
>> Windows as well as Linux and other Unix based systems).
>>
>> Red Hat update for xpdf. Again, an additional 3rd party application, this
>> one for viewing pdfs. Probably not something you'd even install if you're
>> using it as a server.
>>
>> Red Hat update for gaim. Instant messaging software. Again, you probably
>> wouldn't install this.
>>
>> Red Hat update for openoffice.org. Office application software. Again,
>> you probably wouldn't install this.
>>
>> I am not going to argue either way whether I think MS/Linux/OpenBSD etc
>> is more secure, but you have to be wary of statistics like this when you
>> are comparing apples with oranges. Windows (apples) comes with server
>> software only (nothing wrong with this of course) so the security
>> advisories only deal with this. A Linux distro (oranges) comes with
>> dozens/hundreds of 3rd party applications for doing just about
>> everything, and these may or may not be installed when you set the it up.
>> I know I wouldn't be setting up xpdf, openoffice or gaim on my RHEL AS3
>> server if I were using it for serving files or websites etc, so these
>> vulnerabilities would not affect me.
>>
>> --
>> Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/

>
> Are they part of the default install ?


I'm pretty sure it would install what you tell it to install. I've never
installed Redhat before, but have Mandrake and Gentoo (both many times) and
you always have the option of what to include/exclude.

Allistar.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Stolen any proprietary code lately...? Sailor Sam NZ Computing 6 12-23-2009 11:23 PM
Tracking Stolen Cisco switches ? fourlightson.nntp@gmail.com Cisco 4 10-11-2005 02:49 PM
M$ Lookout stolen control of my FF links.... Kneewax Firefox 2 10-27-2004 04:48 PM
Cisco IOS stolen? Karsten Fischer Cisco 37 06-04-2004 08:22 PM
Stolen certificates. Fareeduddin Ahmad Microsoft Certification 1 09-02-2003 04:27 AM



Advertisments