back to article Heaps of Windows 10 internal builds, private source code leak online

A massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online. The data – some 32TB of official and non-public installation images and software blueprints that compress down to 8TB – were uploaded to betaarchive.com, the latest load of files provided just earlier …

  1. kain preacher Silver badge

    Is this an accident ?

    1. Anonymous Coward
      Anonymous Coward

      trip or fall, maybe they could get compensation?

      1. kain preacher Silver badge

        Hmm slip and fall scam.

      2. Nezumi
        Facepalm

        Been involved in a massive source code leak that wasn't your fault?

        Then you could be entitled to...

        ...Ridicule, you muppets.

    2. Daggerchild Silver badge

      It's the latest ransomware. If this gets installed on your computer it will save all of your important data in an impenetrable format, making it almost impossible to get it out.

      I believe in some cases you even have to pay a subscription just to retain access to your data.

      1. Doctor Syntax Silver badge

        "If this gets installed on your computer it will save all of your important data in an impenetrable format, making it almost impossible to get it out."

        It also opens up your computer to being spied on, advertised to and updated & rebooted at inconvenient times.

    3. TechnicalBen Silver badge
      Black Helicopters

      If I was a conspiracist...

      I'd say that it was a fake "accident" with stripped back doors/snooping code removed to "prove" there was none there in the first place. ;)

      But I'm not, so I'd assume this was someone getting a bit too Snowden for one reason or another.

      1. h4rm0ny

        Re: If I was a conspiracist...

        This code is already available to governments and other big, security-conscious clients. So your Conspiracy Theory wouldn't hold up.

        1. oldcoder

          Re: If I was a conspiracist...

          Unless they were the ones putting it in.

          Nothing says Microsoft released that code to their "partners" anyway.

    4. This post has been deleted by its author

    5. Anonymous Coward
      Anonymous Coward

      I wonder if the crime scene is also covered in lipstick. Pigs were called in, after all.

      1. bombastic bob Silver badge
        Trollface

        "I wonder if the crime scene is also covered in lipstick. Pigs were called in, after all."

        my guess is that the pigs SAT on the lipstick. Micro-shaft isn't known for putting lipstick on the OINKY end [as a brilliant El Reg commenter once pointed out]

    6. Anonymous Coward
      Anonymous Coward

      "Anyone who has this information can scour it for security vulnerabilities"

      So that's a good thing OSS fans keep telling me. In between rebuilding their LAMP web servers because they were hacked yet again...

    7. John Sanders
      Linux

      Is this an accident ?

      @kain preacher

      Who cares? it is not as if you can use the code to improve anything or to create your own product. maybe this is useful for learning about the innards of windows? Something that has been possible for 20+ years if not more?

      No one cares. oh yeah pirates and people who write malware may do.

      Nothing to see here, move along.

  2. ma1010 Silver badge
    Coat

    In the news today...

    Satya, in his never-ending quest to make Windows more Linux-like (embrace, extend, extinguish, after all), has decided to open-source parts of Windows 10!

    1. Ellier

      Re: In the news today...

      Technically, it's the best news we will get all year - if you are a Windows user.

      1. Pascal Monett Silver badge

        Re: "Technically, it's the best news we will get all year"

        Not really. The people who will be scrutinizing this code the most are the scum who will use what they learn to craft more efficient malware. This is going to cause so much pain down the road . . .

        1. Ellier

          Re: "Technically, it's the best news we will get all year"

          You completely miss the reason why I say this. I'm for linux, more and more as time wears on. Microsoft has made some really horrible moves of late - did you even see Windows 8? I did, and it was complete garbage. What I am hoping this does is bring us closer to linux getting the driver support it deserves. I could tell you a story about a laptop upgrade to Windows 10 that failed miserably due to a graphics driver, but I digress. The point is, linux needs to unify, not segment, and this event could be the catalyst. I'm just hoping to get the application and driver support in linux that I get in Windows. By far, it is the best news I've gotten this year - one step closer to an unfragmented linux culture.

          1. Updraft102 Silver badge

            Re: "Technically, it's the best news we will get all year"

            Hm, yes, I saw Windows 8.... seeing it now, as a matter of fact!

            Obviously, it's a disaster as far as OOBE, but so is 10... but 8 (and by that I also mean 8.1 for the purposes of this message) can be made quite nice with things like Classic Shell, Old New Explorer, and Metro Killer in a way that 10 cannot. Metro was largely "tacked on" the outside of a Win32 core, and it's relatively easy to wall it off and live completely in the Win32 part. With MS removing more and more Win32 functionality and adding it to UWP, you can't do that on Windows 10.

            Once all the de-dumbification of Windows 8 is done, you get an OS that allows the user control over updates, doesn't spy on you (same caveats as with Windows 7 about those telemetry updates MS pushed out), doesn't have advertising in it, doesn't uninstall your stuff without permission, doesn't install Candy Crush or other apps without your permission, doesn't change your drivers without permission, doesn't nag you endlessly to use their crappy Edge browser... things that we used to take for granted as being baseline-level expectations for OS behavior are now "features."

            The best part of 8 is that it gets security updates for six more years. That's a very long time in computing, of course. By then, Windows as we know it may not even exist... or maybe MS will have seen the light and given us something that doesn't try to be a crappy phone and a PC at the same time. Whatever the outcome, that's six more years that a Windows user gets without being subjected to Windows 10.

            Six years is more than enough time for the irrational exuberance over Satya Nadella's inane vision and how "innovative" Microsoft is now to come crashing back to reality (including their stock prices). As long as the stocks are up, they're not going to change direction, but everything about the current stock prices of MSFT screams "bubble." It's a lot of sizzle and not a lot of steak.

            1. Anonymous Coward
              Anonymous Coward

              Re: "Technically, it's the best news we will get all year"

              Thanks, still running a couple of 8.1 installs and I never thought there would come a day when I would recognise 8.1 as "Shit but nothing campared to later builds".

            2. Wayland Bronze badge

              Re: "Technically, it's the best news we will get all year"

              Where is the best place to start for "de-dumbification of Windows 8" because that sounds like my next Windows?

              The open sourcing of Windows could provide us with a Fork and a better version of Windows.

              1. Kiwi Silver badge
                Coat

                Re: "Technically, it's the best news we will get all year"

                The open sourcing of Windows could provide us with a Fork and a better version of Windows.

                Oh, Windows is pretty well forked already...

  3. Novex
    Pirate

    Ooooh, goody...

    ...can we get at the bits of code that do the telemetry and forced updates and REMOVE THE F*****G THINGS so we get the OS we users actually want!?

    ;)

    1. King Jack
      Happy

      Re: Ooooh, goody...

      One can hope.

    2. Anonymous Coward
      Anonymous Coward

      Re: Ooooh, goody...

      How would any of the Windows source code give sensible users the OS they actually want?

      1. Destroy All Monsters Silver badge

        Re: Ooooh, goody...

        How would any of the Windows source code give sensible users the OS they actually want?

        You are too sensible for these parts. Begone!

        Does the leak include versioned file? Much fun can be had in checking coding hotspots.

    3. Anonymous Coward
      Anonymous Coward

      Re: Ooooh, goody...

      "can we get at the bits of code that do the telemetry and forced updates and REMOVE THE F*****G THINGS"

      Instructions on how to stop forced updates and hack out the other nasty bits are all over the webernet. You could have had the system running the way you like it at any time.

    4. largefile

      Re: Ooooh, goody...

      No one on this thread is "we users!" You folks are all a bunch of computer geeks who hate Microsoft and have zero bearing on any reality other than your own. Few people in the world want a stripped down OS that doesn't update drivers, software and security. Reading your posts is my tech comedy hour.

      1. Kiwi Silver badge
        Trollface

        Re: Ooooh, goody...

        Few people in the world want a stripped down OS that doesn't update drivers, software and security

        Actually, most people in the world hate updates. They slow the system down (on Windows, seldom noticeable on Linux), most people get along well with their existing drivers, same for their existing software (especially when said update means learning how to do things again, or features they use being removed), and most only "care" about security because of those who do their darndest to make them see sense.

        Besides, the only "security" updates from MS in recent years have been the ones that break the networking or brick the machine so it can't get online. All the rest is just their usual bug-ridden filth.

      2. Novex

        Re: Ooooh, goody...

        Few people in the world want a stripped down OS that doesn't update drivers, software and security.

        Duh. it's not about NOT updating stuff, it's about having control of the updating instead of it being MS who just forces out updates as if PCs were XBoxes (which I have no problem with getting 'auto' updated due to the limited uses such gaming consoles are used for). PCs are tools of the trade and need to remain functionally capable of what the user needs them to do and without loads of adverts getting in the way. Had MS created a suitable, stable, secure version of Win 10 for small business and professional users (who all have confidential stuff to deal with in the shape of their business accounts) then this problem would simply go away.

  4. Anonymous Coward
    Anonymous Coward

    Long File Path support

    Great !

    Can a decent programmer - not a Microsoft minion, obviously - please get this code and add the Long File Path support to File Explorer that it has been missing for ooh, a couple of decades ?

    1. TheDarkFreak

      Re: Long File Path support

      It already exists, since Anniversary Update. Set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1, reboot system.

      Microsoft's been trying to get that added for years. Every time they try it, they get tons of reports from enterprise customers that it breaks <insert-important-and-private-internal-app-here>.

      1. Kiwi Silver badge
        WTF?

        Re: Long File Path support

        It already exists, since Anniversary Update. Set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1, reboot system.

        So.. You have to futz around with the registry to get something that should've been there by default at least 20 years ago?

        Microsoft's been trying to get that added for years. Every time they try it, they get tons of reports from enterprise customers that it breaks <insert-important-and-private-internal-app-here>.

        Yet other systems have had it a lot longer, without said issues...

        1. Updraft102 Silver badge

          Re: Long File Path support

          Developers of other systems don't concern themselves with backwards compatibility as much. Linux seems to make a hobby of breaking backwards compatibility.

          1. Kiwi Silver badge

            Re: Long File Path support

            Linux seems to make a hobby of breaking backwards compatibility.

            [citation needed]

          2. bombastic bob Silver badge
            Thumb Down

            Re: Long File Path support

            "Linux seems to make a hobby of breaking backwards compatibility."

            boooo. shows what YOU know. just because you SAY it doesn't make it TRUE. That's especially the case for HARDWARE compatibility. You know, like running Linux on a 17 year old Toshiba laptop...

            1. Updraft102 Silver badge

              Re: Long File Path support

              I pretty obviously wasn't talking about hardware compatibility.

              Linux devs change APIs with great regularity without any concern for backwards compatibility, and that's a pretty well-known thing. I can run ten year old binaries on Windows without issue now; on Linux, you're lucky if you can do that with binaries a third of the age. Don't let your Linux fanboyism blind you to the deficiencies of Linux; the problems it has can't be overcome by pretending they do not exist. There's little hope for Windows, but Linux at least can evolve in the right direction (and generally it is, if slowly).

              In Linux, the typical dev attitude is that since the source code is available for the program in question, it doesn't matter if the APIs change, just recompile it with whatever is the newest version of gcc, Xorg, what have you (often systemd, to the chagrin of many). That's great if you're the kind of person who can recompile things at will and if the program in question is actually open source, but those two things are not always going to be true, particularly if Linux is ever going to exist in significant numbers on the desktop. It certainly doesn't work with things like proprietary video drivers from AMD and nVidia, with their binary blobs that prevent drivers a few years old from working with recent distros. A lot of older GPUs don't have Linux drivers newer than that, so you either run the open source driver (often slow and lacking in features, including power management on laptops) or use a distro release that's several years old.

              The idea that requiring users to recompile their programs 'cause we done just broke all the APIs again isn't compatible with the way regular people use computers. As a niche hobbyist OS, that kind of thing is fine, but if the idea is to compete with Microsoft head to head on the desktop, it's not going to fly. Linux is going to have to work with closed-source precompiled binaries if they want to get any traction on the desktop. Precompiled binaries that people have to pay for means they are going to want to keep using them for years; no one wants to pay hundreds of dollars for a program (precompiled binary, as is the norm with closed-source) only to have it go out of date in six months because the APIs it relies on have changed because reasons.

              1. Kiwi Silver badge
                Mushroom

                Re: Long File Path support

                Linux devs change APIs with great regularity without any concern for backwards compatibility, and that's a pretty well-known thing. I can run ten year old binaries on Windows without issue now; on Linux, you're lucky if you can do that with binaries a third of the age

                That's the best part of your post. It's utter crap, and the rest descended quickly into something even worse, not worth reading further. And I seldom find a post so rubbish I stop reading.

                Considering the number of articles on here in recent times about MS updates killing software because incompatible, the posts from coders about how much MS changes the goalposts (one in this very thread) - at least some of whom work for well known programming firms, and the general cries for help the web over about stuff that doesn't work anymore since the user updated Windows, and the great many articles and posts about people stuck with XP because they cannot run a more modern version of Windows again due to significant changes in the way things are handled, well you'll see your post for what it is. 2 words, one being the male form of bovine and the other being what the neighbours dog left on the back lawn.

                As to that "recompile" bullshit you post.. Last time I compiled software on Linux, it was a program I was writing (in Pascal) to fix a problem in Windows (something went and added a number in brackets to ever filename in a folder, eg winlogon.exe became winlogon(25446).exe ). I don't know when I last compiled something for Linux but it can't have been since 2007. I do believe I've done it but not sure what or why. (ftr I just caught the phrase out of the corner of my eye, couldn't be bothered reading more becuase it's 1990's MS shill lies)

                Icon - what should be done to MS HW, while they're have a party for all their fanbois.

                1. Kiwi Silver badge
                  Facepalm

                  Re: Long File Path support

                  Icon - what should be done to MS HW, while they're have a party for all their fanbois.

                  Don't ya just love how you spot a typo 9 hours after the post?

                  That was supposed to read MS HQ!

              2. oldcoder

                Re: Long File Path support

                You can ALWAYS install the older libraries if you need them for compatibility.

                You can't do that with Windows.

          3. Dazed and Confused

            Re: Long File Path support

            > Developers of other systems don't concern themselves with backwards compatibility as much.

            HP-UX had this issue before Windows was an OS. It simply made it a mount option and long filenames quickly became the default, but the option of limiting filename lengths existed for customers who suffered from old applications which didn't handle them.

          4. oldcoder

            Re: Long File Path support

            Actually Linux backward compatibility is much better than Windows.

            After all POSIX has existed for about 20 years, and software from UNIX going back to 1985 still works.

            Hardware compatibility is better too.

          5. JulieM Silver badge

            Re: Long File Path support

            Linux does not have binary compatibility as a design goal. You might be expected to recompile software from time to time, and even edit Source Code in extreme cases (such as when a library function goes from "deprecated" to "removed"). Distributors will do all this for you, of course; and package management software will deal with multiple things having to be changed at once.

            The alternative is to leave dangerous subsystems in place, just so old software will still work without being tweaked to suit a more modern OS, but which then leave the OS vulnerable to malware .....

            1. This post has been deleted by a moderator

        2. Ken Hagan Gold badge

          Re: Long File Path support

          "Yet other systems have had it a lot longer, without said issues..."

          These other systems have issues of their own. For one thing, they almost certainly don't run <insert-important-and-private-internal-app-here>. If that's not important to you, go ahead and run other systems, but you can hardly blame Microsoft for supporting their existing customers.

          Actually the registry hack isn't safe. For 25 years, MS have promised developers that a 260-character buffer will be able to accomodate an arbitrary path. If you quietly raise that limit, all that happens is that end-users suddenly find that the filename they type is not the one that actually gets used by the program. At best, that's a bug. At worst, it is a security hole.

          As an alternative to the registry hack, where developers have taken the trouble to support longer paths safely they can advertise that in the program's manifest. Users will then get the benefit where it is safe and be protected with legacy behaviour where it would not be safe. (Please note, however, that if your program uses a standard file open or file save dialog, you are potentially hosting arbitrary Explorer extensions, so you can't honestly write that manifest entry.)

          And on a completely different tangent, 260 characters is over three lines of text. If your paths are longer than this paragraph, I'd say you were using the filename to write a short abstract of the document contents, which is an abuse of the metadata.

          1. Kiwi Silver badge

            Re: Long File Path support

            "Yet other systems have had it a lot longer, without said issues..."

            These other systems have issues of their own. For one thing, they almost certainly don't run <insert-important-and-private-internal-app-here>. If that's not important to you, go ahead and run other systems, but you can hardly blame Microsoft for supporting their existing customers.

            Actually they will. I have a number of <insert-important-and-private-internal-app-here> on my systems, usually small scripts to automate jobs I'm to lazy to do via typing a couple of command lines or things where I'd rather not have to remember/look up what I am supposed to be doing again. And I don't do Windows. Well not very often anyway.

            Actually the registry hack isn't safe. For 25 years, MS have promised developers that a 260-character buffer will be able to accomodate an arbitrary path. If you quietly raise that limit, all that happens is that end-users suddenly find that the filename they type is not the one that actually gets used by the program. At best, that's a bug. At worst, it is a security hole.

            I've had to clean that mess up often. I've seen something break with Windows where you get some recursive paths, which very quickly pass that tiny 260 char limit1. I've seen AMD drivers seem to do this a bit (or at least the AMD driver files/paths get messed up, not necessarily their fault, but they do have lots of little files (and I mean lots!) with long names in paths with long names). If you're lucky you can fix them by renaming some of the folders to single character names, once that's done you can delete the messed up folders. Otherwise you need to do something else to get the problem fixed. The only MS tool that can fix that issue is format2, but you can go in with Linux and delete the offending path without issue.

            1 You're right. You can get a fair bit in 260 chars

            2 Actually I never thought to try power shell when I came across those situations. Was quicker and easier3 to boot into Linux, delete the offending path, and reboot into Windows

            3 From experience of course, could take longer to learn Windows power shell commands than it would just to use a familiar Linux GUI :)

          2. Anonymous Coward
            Anonymous Coward

            Re: Long File Path support

            - I was not talking about Windows apps in general, but the File Explorer application that ships with Windows.

            - Applications written for other OSes commonly make files with paths that exceed 260 chars, why should Windows users be unable to handle those files ?

            e.g. https://stackoverflow.com/questions/37880447/file-path-too-long-on-windows

            - I have not heard a file's path called its "Metadata" before.

            1. Ken Hagan Gold badge

              Re: Long File Path support

              "- I was not talking about Windows apps in general, but the File Explorer application that ships with Windows."

              That would be the file explorer that has always supported third party extensions, written by people who read the docs and therefore know that a 260-character buffer is safe.

              "- Applications written for other OSes commonly make files with paths that exceed 260 chars, why should Windows users be unable to handle those files ?"

              Because Windows documentation has, for 25 years, consistently stated that a 260-character buffer is the maximum that you need to support, even if weird hacks are available to let you manipulate files created by other sub-systems.

              "- I have not heard a file's path called its "Metadata" before."

              Meh. It seems like a perfectly reasonable use of the term to me. It isn't part of the file's data, but is nevertheless *about* the files data. Would you have been happier if I'd followed the NTFS documentation and called it an attribute?

              1. Anonymous Coward
                Anonymous Coward

                Re: Long File Path support

                I wouldn't call it metadata because it doesn't tell you anything about the data.

                1. 2Nick3

                  Re: Long File Path support

                  "I wouldn't call it metadata because it doesn't tell you anything about the data."

                  The original post about using an overly-long path was alluding to using the path to describe the data. For example, I had a user once trying to restore a file with a path something like this:

                  C:\Users\User Name\Documents\Meeting Minutes\Biggest Project Ever - Never Delete This Data - EVER\Project Scope Meeting With Bob Bill Jonathan Matthew and Jessica\Meetings in 2017\Meetings in March\Meetings on the 19th\Meeting where we discussed the Project Scope with Everyone and Jessica too\Part of meeting where Angela was there\Minutes.doc

                  THAT is including metadata in the path name. And no, the restore would not work to the original location (yet somehow the file had been created and backed up) while a restore to C:\Users\User Name\Documents worked great.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: Long File Path support

                    No, what you show is putting metadata in the file path.

                    But the post in question called the file path "metadata".

                    Two seperate concepts.

                    1. This post has been deleted by a moderator

              2. Anonymous Coward
                Anonymous Coward

                Re: Long File Path support

                "That would be the file explorer that has always supported third party extensions"

                So we are agreed that the problem is now confined to File Explorer extensions ?

                Then we fix File Explorer when the user enables the Long File Path flag, and disable those extensions that are not marked as Long File Path compatible, and the rest of us can happliy use Long File Paths like any normal operating system and Windows is slightly less shit.

                "Because Windows documentation has, for 25 years, consistently stated that a 260-character buffer is the maximum that you need to support, "

                It does not matter what the crappy docs say. Files with longer paths will be on your drive and you need to handle them. File Explorer itself makes files with longer paths. AND CANNOT HANDLE THEM !

                "Meh. It seems like a perfectly reasonable use of the term to me."

                But only you actually use it like that.

                "Meh" indeed.

                1. This post has been deleted by a moderator

                  1. Vic

                    Re: Long File Path support

                    I suggest you to try the new long path tool

                    That's three times you've posted the same message - and it's all you've posted.

                    You're supposed to declare interests, y'know...

                    Vic.

      2. Anonymous Coward
        Anonymous Coward

        Re: Long File Path support

        No. Did you try your suggestion yourself ?

        That enables it in the OS but File Explorer does not use it:

        https://superuser.com/questions/1114572/windows-10-ver-1607-file-explorer-long-paths-not-working

    2. SleepyXuras91

      Re: Long File Path support

      Wasn't they're fix a year ago good enough for you? https://blogs.msdn.microsoft.com/jeremykuhne/2016/07/30/net-4-6-2-and-long-paths-on-windows-10/

      1. Anonymous Coward
        Anonymous Coward

        Re: Long File Path support

        No. That enables apps to support Long File Paths but File Explorer does not use that flag.

        Did you even try your own suggestion ?

        https://superuser.com/questions/1114572/windows-10-ver-1607-file-explorer-long-paths-not-working

    3. This post has been deleted by a moderator

      1. Vic

        Re: Long File Path support

        You lot really are spammy, aren't you?

        You might want to read up on the Boulder Pledge, which simply states :-

        "Under no circumstances will I ever purchase anything offered to me as the result of an unsolicited e-mail message. Nor will I forward chain letters, petitions, mass mailings, or virus warnings to large numbers of others. This is my contribution to the survival of the online community."

        You spam me - I refuse to do any business with your organisation. Permanently.

        Vic.

        1. Charles 9 Silver badge

          Re: Long File Path support

          "You spam me - I refuse to do any business with your organisation. Permanently.

          Vic."

          And then what if it turns out they're the ONLY supplier of something you REALLY need? And you lack the resources to roll your own? That's the problem with captive markets...

          1. Vic

            Re: Long File Path support

            And then what if it turns out they're the ONLY supplier of something you REALLY need?

            They're not.

            My needs are simple; I can do without a whole load of things. I need food, warmth, shelter; everything else is just gravy.

            And my dislike for spam runs deep; I have given up on several "sole" suppliers that spammed me. It means that I can no longer participate in what they were offering - that's the price of spam. And I told them so.

            Vic.

  5. Anonymous Coward
    Anonymous Coward

    https://www.theregister.co.uk/2017/06/22/two_men_arrested_probe_microsoft_networks_hack/

    Seems it wasn't just "a probe"

    Which is the sort of thing you never want to say to a proctology practitioner.

    1. Kiwi Silver badge
      Joke

      Which is the sort of thing you never want to say to a proctology practitioner.

      Even worse. The proctologist examines you thoroughly, then leaves the room. His nurse comes in as he leaves. She walks up to you and says quietly "who was that?".

    2. John Brown (no body) Silver badge

      Worth noting, of course, that MS supposedly checked over their systems and said nothing was taken.

      It appears they missed a bit.

  6. Planty Bronze badge
    Megaphone

    Perhaps someone can use it no make the windows 10 we want

    Not the steaming turd they are currently trying to force feed everyone.

    1. Anonymous Coward
      Anonymous Coward

      Re: Perhaps someone can use it no make the windows 10 we want

      That was my first thought as well, but no reputable developers are going to go near this.

      Looking at proprietary code you're not supposed to have and telling someone about it is a shitty career-move for devs and coders, it opens you up to very nasty IP / copyright allegations / lawsuits.

      1. Destroy All Monsters Silver badge

        Re: Perhaps someone can use it no make the windows 10 we want

        Looking at proprietary code you're not supposed to have and telling someone about it is a shitty career-move for devs and coders, it opens you up to very nasty IP / copyright allegations / lawsuits.

        Then just don't tell someone about it.

    2. Doctor Syntax Silver badge

      Re: Perhaps someone can use it no make the windows 10 we want

      It's the logical extension. The Home and Professional versions turn the user community into beta testers. It's only natural to let them bug-fix it as well.

  7. kryptylomese

    So how is this a bad thing unless Microsoft DOESN'T fix stuff?

    Perhaps the community can fix... oh wait

  8. scorched_cpu

    Tron replay?

    Sounds like the Tron Legacy movie. This year we put a 10 on the box! And oh yeah by the way flynn OS I mean EncomOS is available for download on the web. And yes I know, comparing win10 to flynnOS is a horrible insult.

  9. Anonymous Coward
    Anonymous Coward

    MS should bite the bullet and

    - just tell all developers that they are free to look at the sources, MS will not go after them for IP theft claims or copywrong infringement

    - lay out sizable bug bounty rewards for bugs discovered via src code audit

    Really not all that many good options out there, this might be the best way to limit the damages securitywise. This would at least give them the reputation of owning up.

    1. This post has been deleted by its author

    2. Ken Hagan Gold badge

      "tell all developers that they are free to look at the sources"

      I see where you are coming from but I think that would kill Windows as a platform.

      Developers would look at the current source code and write apps that depend on behaviour that is currently true but which is merely an accident of the current implementation. Since Windows apps are typically sold as closed source and typically not updated for free by vendors to track OS changes, the result would be that each new version of Windows would break about half the software that you've paid for, with fixes only available if you pay the vendor again.

      As readers of Raymond Chen's blog will know, this already happens to a debilitating extent. That's surprising because the only way to create such dependencies right now is to reverse engineer Windows. Apparently some programmers are smart enough to walk over assembly listings and reverse engineer how Windows currently works but not smart enough to realise how fragile this is. Worse, many of these programmers do this even when there is a documented alternative.

      1. Wayland Bronze badge

        It must be a cultural thing because Linux source is available but people use the API as intended not back doors hidden in the code.

  10. John Smith 19 Gold badge
    Unhappy

    "Windows 10 Mobile Adaptation Kit, "

    Bet you won't be seeing too many of those in the wild.

    And plenty to chew on on the PnP and WiFi stacks I think as we get to see just how good those MS training for coders really are.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Windows 10 Mobile Adaptation Kit, "

      mcse?

      hahahahahaha

  11. TechnicalBen Silver badge
    Trollface

    I'm gonna get popcorn...

  12. razorfishsl

    it's a shill to get people to fix their bugs for free..

    1. John Brown (no body) Silver badge

      ...or a scam to make it easier for MS to sue all coders who produce any code that looks even slightly similar to something in MS own codebase. MS will claim they saw the source code and go with wilful infringement instead of just infringement.

  13. Sven Coenye

    Debug symbols, you say...

    Maybe we finally find out what _NSAKEY is for?

  14. Anonymous Coward
    Anonymous Coward

    I'm done with Windows.

    Forced automatic updates were the last straw for me. I completely purged it from my home boxen about a year ago and replaced it with Linux.

    Now all that's left is my work laptop that was pre-loaded with Win10. I work alongside the IT guys and understand that Linux is a bit of a struggle to integrate with most of our tools, so I said to myself that I'd give Microsoft a little rope and leave it alone.

    But this is completely different. This isn't WannaCry, you can't fix this shit with a patch. Complete inability to mitigate potential threats has made this OS the single biggest liability in any IT organization.

    Fuck you Microsoft. Your very existence and ubiquity is just making everyone's job harder at this point.

    1. red03golf

      Re: I'm done with Windows.

      Well said!!

      I swap dozens of users over to Linux every year, now. They never return with problems, only an occasional question on how to do something - so satisfying.

      Prior to that it was customers returning every 6 months, infected, or crashed, or missing files, or running slow, can't get on this site, can't open this file, or or or ...

      I bet Gates secretly uses Linux so he doesn't have to worry about getting a virus, or hacked, or ransomware, lol.

      1. P. Lee Silver badge
        Trollface

        Re: I'm done with Windows.

        The funny thing is that all the IP laws around software are designed to stop people grabbing other people's work.

        Then I tried to think of anyone who might have the slightest interest in stealing MS' code so they didn't have to code things themselves... and I came up blank. Who would ever want to steal MS' code?

        All those IP laws and they only thing they could be used for is to stop people finding out about MS' bad coding.

    2. CheesyTheClown

      Re: I'm done with Windows.

      If you don't mind me asking, what do you mean by "this" when stating "But this is completely different."?

      And which threats has MS not addressed lately?

      And, the lack of mitigation of threats? Is this only when you avoid forced upgrades? Did you want more secure software or to stay with older and less maintained software which might not be patched? Did you not want the Windows update which blocked wannacry?

      You are very excited about Linux. Do you keep it up to date? Do you run antivirus? Do you allow network applications access via SE Linux and later close the holes when you no longer use the app? Have you configured different network profiles for home or public? Do you continue using apps with dependencies on libraries with known vulnerabilities? How do you manage your private keys?

      Linux is fun. I spend most of my Linux time reading driver and network stack source looking for rootkits for fun. I love finding nifty things like code injection opportunities in the forwarding tables. Or better, methods of replacing openssl.so with a copy that backdoors the private keys.

      Linux's greatest weakness is its dependency on C for everything. It's like placing a welcome mat on the floor and leaving the key beneath it. As such, Linux, GTK, Gnome... not even a challenge.

      So... back to "This"?

      1. bombastic bob Silver badge
        Trollface

        Re: I'm done with Windows.

        "Linux's greatest weakness is its dependency on C for everything."

        Uh, *WHAT* *THE* *FEEL* is *THAT* supposed to mean?

        Linux's greatest weakness is (most likely) LACK OF MARKETING. Otherwise we wouldn't even have this article.

        The C language might as well have been created by THE PROGRAMMING GODS. It is SUPERIOR to most other languages in just about every way, in its simplicity AND flexibility, and applicability to both low-level "hardware" coding, and high-level "UI" coding.

        If you code in languages like C-pound and think that '.Not' is GOOD in any way, then I'll just sit back and laugh at you, really really hard.

        So thanks SO much for the FUD. It echos like a Micro-shaft propaganda ad for NT4 server from the 90's.

        1. Destroy All Monsters Silver badge

          Re: I'm done with Windows.

          It is SUPERIOR to most other languages in just about every way, in its simplicity AND flexibility, and applicability to both low-level "hardware" coding, and high-level "UI" coding.

          Absolutely.

          But today, we have Typed Assembly Language. It is time to go all the way and leave kid stuff behind.

        2. CheesyTheClown

          Re: I'm done with Windows.

          Ohhh... I'm glad I came back here.

          C is a great language and it's extremely diverse. It's absolutely horrifying for something like the Linux kernel though. Consider this, it has no meaningful standard set of libraries which means that support for things like collections and passing collections is a nightmare. Sure you have things like rbtree.[hc] in the kernel, but as anyone who has studied algorithms knows, there is no single algorithm which suites everything.

          Let's talk about bounds, stacks, etc... there's absolutely no reason you can't enhance the C compiler to support more memory protection as well. C itself is a very primitive language and it's great for writing the boot code and code which does not need to alter data structures. But there are severe shortcomings in C. Yes, it's 100% possible to add millions of additional lines of repetitive and uninteresting code to implement all those protection checks. But a simple language extension could do a lot more.

          Let's talk about where I find nearly all of the exploits in the kernel. This is in error handling and return values. It's amazing how you can cause problems with most code written at two different times by the same person or by two different people. The reason for this is that there's no meaningful way to handle error complex error conditions. Almost all code depends on just returning a negative value which is supposed to mean everything. The solution to this is to return a data structure which is basically a stack of results and error information and then handle it properly. The reason this isn't done is because people get really upset when implementing anything resembling exceptions in C. And yet, nearly every exploit I've found wouldn't have been there if someone implemented try/catch/finally.

          Let's talk about data structure leaking and cleanup related to the above. Better yet, let's not... pretty sure that one sentence was enough to cover it all.

          This is 2017, not 1969. In 2017, we have language development tools and technologies that allow us to make compilers in a day. This isn't K&R sitting around inventing the table based lexical analyzer. Sticking with the C language instead of creating a proper compiler designed specifically for the implementation of the Linux kernel is just plain stupid.

          More importantly, there's absolutely no reason you have to use a standardized programming language for writing anything anymore. If your code... for example an operating system kernel would profit from writing a new programming language for it... do it. You can base it on anything you want. It's actually quite easy... unless you write the language itself in C. Use a language suited for language development instead. Get the point yet?

          The next big operating system to follow the Linux kernel will be the operating system which leaves 95% of the C language in tact and implements a compiler which :

          a) Eliminates remaining dependencies on assembler by implementing a contextual mode for fixed memory position development.

          b) Provides a standard implementation of data structures as the foundation of the language

          c) Implements a standard method of handling complex returns... or exceptions (possibly <result,errorstack>)

          d) Implements safe vs. non-safe modes of coding. 90% of the Linux kernel could easily have been done in safe mode

          e) Offers references instead of pointers as an option. This is REALLY important. Probably the greatest weakness of C for security is the fixed memory location bits. Relocatable memory is really really useful.If you read the kernel and see how many ugly hacks have been made because of it not being present, you'd be shocked. The Linux kernel is completely slammed full of shit code for handling out of memory conditions which exist purely because of supporting architectures lacking MMUs. References can be implemented in C using A LOT of bad and generally inconsistent code. It can be added to a compiler with a bit of work, but when combined with the kernel code, can implement a memory defragmenter that could fix A LOT of the kernel.

          And since you're kind enough to respond aggressively, allow me respond somewhat in kind. You're an absolute idiot... though maybe you're only a fool. C# and .NET are actually very good. So is C, Java, C++, and many others. Heck, I write several good language a year when a domain would profit from it. I you don't know why C# and .NET or even better, Javascript are often better than plain C, you probably shouldn't pretend like you know computers.

          Did you know that Javascript generally produces far faster and better code in most contexts than C and Assembler today? If you understood how microcode and memory access function, you'd realize there's a huge benefit to recompiling code on the fly. Consider that Javascript spends most of its time recompiling code as it's being run. This is because the first time you compiled it, it was optimal for the current state of the CPU, but as the state of the system changed (that's what happens in multitasking systems) the cache has changed and the CPU core being used may have changed (power state, etc..) and the Javascript compiler will reoptimize the code. It's even possible with Javascript that if you're on a hybrid system containing multiple CPU architectures or generations, the code can be relocated to a CPU which is better suited for the process.

          Of course C could be compiled into Javascript or WebAssembly and have the same benefits. The main issue is that you lose support for relocatable memory as WebAssembly to support C/C++ is flat memory. But at least for execution, it's very likely your C code will run faster on WebAssembly than on bare metal. If you then start making use of Javascript/WebAssembly libraries for things like string processing, it will be even faster. If you move all threading to Javascript threading, it will be even better.

          This does not mean you should write an operating system kernel in Javascript. Just as C is not suitable for OS development anymore, Javascript never will be.

      2. Wayland Bronze badge

        Re: I'm done with Windows.

        I remember looking at the MSDN driver code for the serial ports, all written in C. C is what operating systems are written in.

        1. CheesyTheClown

          Re: I'm done with Windows.

          Windows 10 Serial driver (C code, based on the same code you've seen... still works) : https://github.com/Microsoft/Windows-driver-samples/tree/master/serial/serial

          Windows 10 Virtual Serial driver (C++ code, based on the new SDK with memory safety consider) : https://github.com/Microsoft/Windows-driver-samples/tree/master/serial/VirtualSerial

          Mac OS X Serial Driver (C++ code... runs in user mode) : https://opensource.apple.com/source/IOSerialFamily/IOSerialFamily-91/IOSerialFamily.kmodproj/

          Using a domain specific language for a kernel which can implement the core kernel code in "unsafe mode" and then implementing the drivers, file systems, etc... in a "safe mode" language meaning memory references instead of pointers (see C11 which makes moves this way... but refuses to break with tradition by doing it as library changes instead of a language feature).

          In reality, this is 2017 and if your OS kernel still has a strict language dependence for things like file systems and device drivers, you probably aren't doing it right. These days most of that code should be user mode anyway. And no, user/kernel mode discussions stopped making sense when we started using containers and Intel and AMD started shipping 12+ core consumer CPUs

    3. Anonymous Coward
      Anonymous Coward

      Re: I'm done with Windows.

      "Forced automatic updates were the last straw for me"

      Instructions on stopping forced updates have been online for years. Apparently you weren't frustrated enough to do a simple search.

      1. Graham Dawson

        Re: I'm done with Windows.

        That advice essentially amounts to "turn off the update service", followed by laborious manual checking every day. That is not in any way acceptable.

      2. Ken Hagan Gold badge

        Re: I'm done with Windows.

        As has been widely publicised on these pages, those instructions don't work for Windows 10. Apparently you were too smug to do a simple search.

        1. Anonymous Coward
          Anonymous Coward

          Re: I'm done with Windows.

          @Ken Hagen - "As has been widely publicised on these pages, those instructions don't work for Windows 10. Apparently you were too smug to do a simple search."

          Apparently you didn't look for the updated instructions, or aren't able to figure out how to navigate the new windows settings menus. Been working fine on several systems at our office, even ones with the new creators update. There's both an updated registry hack, as well as the old "metered connection" setting readily available for your use if you want them, although the metered connection setting has moved.

          1. Wayland Bronze badge

            Re: I'm done with Windows.

            Andy P, obviously turning off updates is an ongoing battle. We have enough battles with the bad guys without having to battle with the good guys too. Don't you think this means that Windows is not for people who have to keep fighting it? Surely the effort would be better spent customizing their own version of Linux. At least the improvements could be shared and not wiped out by someone in an update.

            1. Vic

              Re: I'm done with Windows.

              We have enough battles with the bad guys without having to battle with the good guys too

              There are good guys?

              Vic.

            2. Anonymous Coward
              Anonymous Coward

              Re: I'm done with Windows.

              I don't personally enjoy having to hack a Windows laptop to bits to get it to run in the way I prefer. But MS isn't worried about me. They're worried about Joe Schmoe who doesn't know a registry entry from a hair dryer. I don't blame them for forcing updates on the hundreds of millions of sheep. Any more than I blame Apple for auto updating iPads, or Google for auto updating Chromebooks.

              As we all know, if you want fine-grained control of a computer system, you are going to be using Linux or some version of BSD. No sense complaining that Windows doesn't fit the bill when it was never meant to in the first place.

              1. Kiwi Silver badge

                Re: I'm done with Windows.

                They're worried about Joe Schmoe who doesn't know a registry entry from a hair dryer.

                That's true, and I have no problem with that (and with all my Linux oldies I tell them to update when they see the blue icon). But often the level of their updates is an issue. Does a working device need the latest drivers, other than where there is a security issue? Does every bit of software need to be at the latest version, especially when there isn't an update for security? Performance improvements are fine, and adding functionality can be fine, but removing stuff?

                During updates, W10 deletes programs people use. I don't know if it's that common but it's common enough to be getting a lot of complaints. Settings that people may find hard to locate get reset to MS's preferences, and reportedly (even by MS supporters) get moved to other locations. Manufacturer's drivers get replaced with MS ones, which may not be as good (maybe in some instances better, but I have not yet heard someone thank MS for that). They make the system restart when they want to, rather than when the user wants to (and most home users don't leave their machine on 24/7!).

                While I can understand the desire to make stuff more secure, forcing it on people in this manner is not a good way to do things. When people lose work, their internet connection, and sometimes even lose their system, forced updates are a problem.

                Making security patches forced, and others optional (especially driver and software/feature removal) would go a long way to addressing these issues.

                Making your update process something that doesn't involve a ton of pain would go a long way to helping encourage people to do it. My Linux oldies? They see the blue icon. They click on it. They click on "Install updates" (the program is up in a second or two with a list of updates already ready to go), and type in their password (you don't do day-to-day work in an admin account!). The updates start downloading, and a few minutes later (at most) are installed. The update program closes. They can click on the window behind the update one to go back to what they were doing previously, and will not even notice the rest of the process. At the end of their session they turn their machine off, and a few seconds later (usually within 15 and I cannot recall a Linux machine taking more than a minute to shut down) it has powered down. Next session they turn their machine on and start up is as normal, maybe a little faster if an update did something to improve start up speed. And if there is a restart desired, there is an icon left on the taskbar to let them know that when they're ready, their computer would like a restart.

                It is a quick, easy and painless process on Linux. If MS worked on making their updates less noticeable, and only requiring a few moments to do, then people would be happier with them.

      3. brainbone

        Re: Instructions on stopping forced updates have been online for years.

        Those instructions don't work on Windows 10 since the anniversary update.

  15. ecofeco Silver badge
    Facepalm

    Wow

    Just... wow.

  16. Queeg

    I know that in a world where you don't kick a man when he's down this post is going to suck.

    But I have to say it couldn't have happened to a more deserving company.

    Screw the popcorn, get the bar open.

    1. h4rm0ny

      >>But I have to say it couldn't have happened to a more deserving company.

      Haliburton (backer and opportunist of the Iraq war), Goldman Sachs (fiddled figures to get Greece into the EU exacerbating massively the financial crisis for those of us in Europe), DeBeers (works people to death in mines), FoxConn (doesn't work people to death because they have safety nets to catch jumpers, now), BAE (so in control of the British government that they can get Number 10 to order the Serious Fraud Office to drop investigations into it), Keurboom Communications / Gregory Rudd (99.5 million nuisance calls in the UK).

      But yeah - darn that evil Microsoft selling their software! ;)

      1. Ben Tasker Silver badge

        > But yeah - darn that evil Microsoft selling their software! ;)

        To be fair, if you take your list (and add Microsoft to it), out of those you've only really got Microsoft and BAE where a leak of their software is likely to be a big deal to them (possibly Goldman too to some extent).

        So if you start at a position of "Someone's software is going to leak (or has leaked)", then Microsoft is one in a list of two, and their business is based on the software itself, so they probably are at the top of that list.

        All the others may well deserve to have something happen, but a software leak for them is unlikely to achieve the fuzzy feelgoods you want when saying "good, they deserve it". In fact, for some of those companies, it wouldn't be that different to hearing someone had broken a window in their building.

        So OP was probably right, in that out of your list, there are 2 people who's business relies on the sale of software, Microsoft are the most dependant on it, so they probably deserve this the most.

        But, you're right too - had your list been a list of companies in the same industry, Microsoft may not have been at the top (are they more deserving than Oracle?)

  17. Captain DaFt

    So how'd they get it?

    32 TB is a freakin' lot of data to down load, to say the least.

    And nobody at MS saw a thing? Really?

    So, stored "securely" on an Azure cloud?

    Internal git left open to world + dog?

    Somebody hung at the favorite MS watering hole with a crate of harddrives going "Psst, buddy, wanna make some big bucks quick?"

    Mind boggled that someone pulled this off!

    1. Kiwi Silver badge

      Re: So how'd they get it?

      32 TB is a freakin' lot of data to down load, to say the least.

      IME Win 10 takes about 48 hours to copy 8Gb over USB 3. They must've been using another OS to do that!

      A lot of disks to transport somewhere and how many days to upload, even at fibre speeds?

      1. Anonymous Coward
        Anonymous Coward

        Re: So how'd they get it?

        "IME Win 10 takes about 48 hours to copy 8Gb over USB 3. "

        Takes a couple of minutes to do that on Windows 10. Faster copying large files than the latest Ubuntu I note from benchmarks....

        1. Kiwi Silver badge
          Linux

          Re: So how'd they get it?

          "IME Win 10 takes about 48 hours to copy 8Gb over USB 3. "

          Takes a couple of minutes to do that on Windows 10. Faster copying large files than the latest Ubuntu I note from benchmarks....

          I used the one and only benchmark that really counts - real world experience, rather than listing to some bullshit artist on MS's payroll.

          Now... Lets say that there is a speed difference though. Lets say that, to copy 10Gb on a booted MS machine would take 20 minutes compared to say 2 hours on Ubuntu. From a turned off state, which would be the fastest? Why, Ubuntu of course. You'd spend a week waiting for that idiotic "Please wait, installing updates" stupidity from the early 90's that MS insists of sticking with.

          Face it, windows is slow and rubbish. Get yourself a nice, secure, stable and responsive machine. Get Linux. Get your life back. And your sanity.

          1. Anonymous Coward
            Anonymous Coward

            Re: So how'd they get it?

            "You'd spend a week waiting for that idiotic "Please wait, installing updates" stupidity from the early 90's that MS insists of sticking with."

            It does that automatically overnight / when the computer is not being used these days...

            "Get Linux"

            I play commercial games and need an Office suite that actually works, Neither of which Linux is suitable for.

            1. Kiwi Silver badge
              Linux

              Re: So how'd they get it?

              "You'd spend a week waiting for that idiotic "Please wait, installing updates" stupidity from the early 90's that MS insists of sticking with."

              It does that automatically overnight / when the computer is not being used these days...

              What, when the computer is often turned off completely? (admittedly I do deal mainly with older people who actually turn stuff off at the wall, so maybe other people who can afford electricity to be wasted and don't care so much about safety/aren't paranoid by the rather low fire risk tend to leave them on). If that's when it does it, then there's a lot of people complaining about stuff they never actually see!

              I play commercial games and need an Office suite that actually works, Neither of which Linux is suitable for.

              So do I, which is why I wouldn't use windows. I like my system to be stable and actually function.

              As to the games, odds are it'll run better under wine than doze. I have a HP DV7 laptop with 1G ATI graphics, Linux and Win7 installed. SOASER (playing right now in another workspace), Home World (all 3 + the remastered stuff), C&C Generals (+ Zero Hour) and Tib 3 all run far better under Linux/Wine than they do under Windows (7). I also have run several bits of commercial software happily under Wine, again often faster (especially the graphics side) than with Windows, including some of the offerings from Coffee Cup, some data recovery tools (Linux is far superior in file handling, including reading/writing NTFS partitions) and a whole swag of other stuff.

              I don't promote stuff I don't believe is better. There is no incentive for me to prefer Linux over Windows other than it does a better job, period. Actually in a couple of cases I have suggested Windows may do some things better or easier, and if I believe it is the more suitable product I would suggest it, though that was broken with 8+.

              1. Anonymous Coward
                Anonymous Coward

                Re: So how'd they get it?

                "What, when the computer is often turned off completely?"

                Recent Intel chipsets have a feature that powers up the computer to check for updates. Probably doesn't work under Linux though...

                "as to the games, odds are it'll run better under wine than doze"

                Now you are just showing your ignorance. Windows 10 is simply by miles the fastest platform for gaming. Direct-X 12 is a long way ahead of other close-the-metal driver models - not to mention that people actually use it, and loads of games won't even run on Linux at all.

                " it does a better job, period. "

                Over what period? I use Windows because I need high end gaming and Office type applications. Linux is utterly crap in comparison for both those uses.

                1. Kiwi Silver badge

                  Re: So how'd they get it?

                  "What, when the computer is often turned off completely?"

                  Recent Intel chipsets have a feature that powers up the computer to check for updates. Probably doesn't work under Linux though...

                  Doesn't work very well when the machine is turned off at the wall either!

                  " it does a better job, period. "

                  Over what period? I use Windows because I need high end gaming and Office type applications. Linux is utterly crap in comparison for both those uses.

                  I don't know what you consider "high end office applications" but if you want office that works reliable, you cannot use MS office. The features will be removed on a whim, the layout will change, every other week they'll make it incompatible.

                  Oh, and I have some quite large (>1gb) presentations that simply cannot be don on Windows, MS office chokes on handling larger files.

                  Yes, a lot of games don't run on systems they're not designed for. As to your "need high end gaming", maybe you "need" to re-think some of your life if gaming actually is a "need"? There's a great world outside, with incredible graphics and animations that don't stop or stutter. Sticking to gaming can lead to depression, social anxiety, and all sorts of other problems that are not in the least "fun". This I am writing from personal experience. Don't let it happen to you (and apols if I am reading your meaning wrong)

                  1. Charles 9 Silver badge

                    Re: So how'd they get it?

                    "Yes, a lot of games don't run on systems they're not designed for. As to your "need high end gaming", maybe you "need" to re-think some of your life if gaming actually is a "need"? There's a great world outside, with incredible graphics and animations that don't stop or stutter. Sticking to gaming can lead to depression, social anxiety, and all sorts of other problems that are not in the least "fun". This I am writing from personal experience. Don't let it happen to you (and apols if I am reading your meaning wrong)"

                    Guess you never heard of smog, muggers, or Major League Gaming.

        2. Teiwaz Silver badge

          Re: So how'd they get it?

          Takes a couple of minutes to do that on Windows 10. Faster copying large files than the latest Ubuntu I note from benchmarks....

          - Using the Ubuntu for Windows subsystem doesn't count...

    2. patrickstar

      Re: So how'd they get it?

      This sounds like the stuff they hand out to partners/important developers. So it probably came from one of those, not the internal MS network.

    3. Updraft102 Silver badge

      Re: So how'd they get it?

      Or maybe they didn't pull it off.

      https://www.betaarchive.com/forum/viewtopic.php?t=37283

      According to that, it was 1.2GB that was leaked. Just a bit less than 32TB!

  18. Anonymous Coward
    Anonymous Coward

    Wake up call

    So did this come from some disgruntled rogue insider or was it a Cloud hack, or was it a Server misconfiguration leak? Surely this question has to be answered... Either way, anyone using any kind of Cloud source control: VSTS, Git LFS, Perforce, SVN etc... This is the 'mother' of all wake up calls, no?!!!!

    1. TechnicalBen Silver badge

      Re: Wake up call

      My money would be on a server/account/user* reconfiguration.

      *I have no idea what the back office networking and system is going to be like. But "pressed the wrong button/ticked the wrong box/forgot to tick the box" is the layman term. :)

      1. Charles 9 Silver badge

        Re: Wake up call

        I think so. If it was an insider, they'd include the most important part: the kernel.

    2. Anonymous Coward
      Anonymous Coward

      Re: Wake up call

      disgruntled rogue insider

      Probably someone who thought they were compiling a planet killer.

  19. Herby Silver badge

    Maybe they will fix the bad parts

    So, the users (not me, thankfully), will get a better performing OS. We can only hope, but I won't hold my breath.

    Of course the conspiracy theorists will have all sorts of explanations on how this was done, probably involving all sorts of three letter agencies (from many countries) and Microsoft itself.

    Prometheus modem for sale (a reference that goes back a ways).

  20. GrapeBunch Bronze badge

    Mischief aside, this might be useful. 1. MS is famous for "undocumented features" which back in the day favoured its own apps. Will this release see the documentation of all undocumented features? 2. other OSes are at a disadvantage because MS + manufacturer release Windows-only drivers. With source to said drivers, will it now be a walk in the park for the other OSes?

    1. Ken Hagan Gold badge

      1. I don't think MS need undocumented features in quite the same way anymore. There is a mind-boggling array of documents concerning APIs, file formats and network protocols used by Windows and other MS software. (e.g. https://msdn.microsoft.com/en-us/library/dd208104.aspx.) The problems these days are firstly can you find the document you want and secondly does the MS implementation actually match the document? (And if it doesn't, tempting you to follow the current implementation instead, will they just fix it in the next release leaving you looking like the idiot who couldn't follow a spec?)

      2. I think the drivers in this leak are the bus drivers, implementing (hopefully correctly) protocols that are fully documented and already supported by other OSes. The drivers you want are the vendor-specific layers on top and these aren't included here. In most cases, MS will not have that source.

    2. bombastic bob Silver badge
      Devil

      With source to drivers, will it now be a walk in the park for the other OSes?

      I'd like to think so, but then again I'm not really happy about the *quality* of MS-written drivers [or else we wouldn't need so many 3rd party drivers maybe...]

      What I'd like is a nice WORKAROUND or BACK DOOR to Micro-shaft's IRRITATING driver signing policy for kernel mode drivers.

      1. Updraft102 Silver badge

        Re: With source to drivers, will it now be a walk in the park for the other OSes?

        Did you try booting into Windows with driver signing enforcement disabled and then installing the unsigned driver(s)? That's how I got my modified nVidia driver for my laptop to work. I had to change the PCI ID in the .inf file to work with my card, and of course, any modification causes the driver to become unsigned. It's working fine, though, in 8.1 x64 (it worked also in 10 x64 when I was using it).

        Once it's installed, there's no more signature checking; it appears to only be done at installation time.

        1. bombastic bob Silver badge
          Mushroom

          Re: With source to drivers, will it now be a walk in the park for the other OSes?

          "Did you try booting into Windows with driver signing enforcement disabled"

          I've done that for ME, while doing driver development (in 7, not win-10-nic - I don't do win-10-nic).

          But I want to release an open source kernel driver to do something that's cool. And giving people the necessary build/install instructions to make that work is impractical, at best.

          And it's obviously a *SICK* *JOKE* that NOW you basically have to give the damn binary to Micro-shaft and have THEM sign it, for Win-10-nic anyway. At least, that's what I remember reading last year.

          I've mostly given up on windows development. may cancel my MSDN subscription, even. Their tools suck, their moving target for development UI stinks, and I haven't jumped on their bandwagon since they introduced ".Not". In fact I've had to go OUT OF MY WAY to make sure that DAMN THING isn't included in my project. It's bad enough I had to add a 'manifest' to an executable to keep vista and later from treating something as AN INSTALLER by accident, based on it's name. And the 2D FLATSO FLUGLY just makes me want to VOMIT. Devstudio after 2010 is FILLED with that kind of crap.

          Basically I do NOT want to tie my career to the TITANIC as it goes STRAIGHT for the ICEBERG.

          And I know how "easy" it is to work around their signing requirements. Except for end-users. And they'll see the "debug mode" watermark on the wallpaper, etc.. That's not the way to release open source software, ya know?

  21. Paul Hovnanian Silver badge

    32TB?

    How much is left if you skip all the #ifdef BUGS code?

    1. Kiwi Silver badge
      Thumb Up

      Re: 32TB?

      How much is left if you skip all the #ifdef BUGS code?

      Oh, that was covered in the article : "...compress down to 8TB..."

      Well, removing junk is a type of compression..

      (I see by the regular single downvotes on almost all of these posts that we are in the presence of a singular MS shill. Must be getting lonely, and this must be so bad for them only one bothers to show up to do their duty)

      1. James O'Shea

        Re: 32TB?

        "(I see by the regular single downvotes on almost all of these posts that we are in the presence of a singular MS shill. Must be getting lonely, and this must be so bad for them only one bothers to show up to do their duty)"

        you went and provoked him into creating two more accounts.

        1. Kiwi Silver badge
          Linux

          Re: 32TB?

          you went and provoked him into creating two more accounts

          Y'know, if they put as much effort into learning how to code1 instead of FUD/targetting people who dare to say nasty things about their stuff, they'd have a half-decent2 OS.

          1 Actually yes, I could code to save my life. However, you'd have to give me time. A lot of time. Like, a couple of decades or so and 2) an internet connection or a very very good collection of snippets, well documented and so on. And a keyboard with extra strong ctrl, C and V keys.

          2 What, you don't think Windows could ever be "fully-decent" do you?

  22. Kiwi Silver badge
    Linux

    About time..

    About time someone open-sourced Windows.

    Wonder if this was deliberate. Rather than pay a team of programmers to hunt for bugs, open-source it and wait for the exploits. Then charge people for bugfixesnew versions that are immune from the malware that makes use of the exploit.

    Charging done by older, suddenly "incompatible" hardware needing to be replaced. That it was perfectly compatible before the "update", and the "update" changed nothing relating to the hardware at all but somehow the machine is forever broken.

    1. keithpeter
      Black Helicopters

      Re: About time..

      @Kiwi

      "Wonder if this was deliberate. Rather than pay a team of programmers to hunt for bugs, open-source it and wait for the exploits."

      I was thinking more of a leak to cover tracks... any future major hacks/exploits that were secret - perhaps even sponsored by certain actors - can now be tracked back to this code release. Very convenient.

      Or possibly a canary: someone inside saying "read this and discover, we can tell you because they would know who we are then"

      Icon: we've had a couple overhead for hours

      1. Kiwi Silver badge
        Thumb Up

        Re: About time..

        Icon: we've had a couple overhead for hours

        Had that a while back - military one(s) circling my area.

        Pretty sure it was just a training thing, certainly nothing else has come of it. But can be unnerving,

        Especially when you can hear one passing overhead as you post...

        (Though, sadly, I believe it is the Westpac Rescue helicopter - sadly because that thing going out means someone is badly hurt and needs a chopped ride to hospital)

  23. Andrew Gratton

    TheRegister has really gone downhill, can't even post an accurate article, 32TB?

    1. Tabor

      Indeed. Without taking sides, maybe commentards can read this :

      https://www.betaarchive.com/forum/viewtopic.php?t=37283

      (and the author might want to update headline/article)

      1. ecofeco Silver badge

        How do we know betaarchive is telling the truth?

        1. Tabor

          Re:ecofeco

          How do we know El Reg is telling the truth ? In this case, I'm pretty sure BA was closer to the mark since El Reg changed the headline to "heaps" where it said "32TB" initially.

          If a headline seems like clickbait, check other sources.

  24. Anonymous Coward
    Anonymous Coward

    Windows sounds awesome

    I'm a coupon cutting cheap ass. I love my shitty Windows machine, riddled with security issues and disfunctional UI... it was worth saving a few bucks. Those Apple fanboys sure look stupid with their kinderprice toys. Hahahaha I saved 300 bucks - what will I spend my 35c daily savings on?

  25. Christian Berger Silver badge

    It'll probably be rather irrelevant...

    Remember that time when the Windows 2000 source code leaked? Appart from some jokes about how much profanity it contained and through which lengths Microsoft was going to ensure compatibility with broken software, nothing actually happened.

    1. ecofeco Silver badge

      Re: It'll probably be rather irrelevant...

      I also remember viruses becoming a serious threat around that time as well.

      Just a coincidence I'm sure. /s

  26. herman Silver badge

    Now if someone would be so nice and fix their 20 year old USB autorun bugs for them, so that we can actually use USB memory devices on Windows again without risk of picking up ten different ransom notes...

    1. Charles 9 Silver badge

      Too late. With BAD USB you can own machines with many different types of USB hardware, and since it works at the hardware level, it can work regardless of OS, making it nuke-proof.

  27. simonb_london

    Waste

    What a terrible waste of valuable hard disk space.

  28. Boris the Cockroach Silver badge
    Linux

    Will

    anyone from the open sauce area of expertise be going through the code looking for the bits of code lifted from linux et al and covered by the GPL .....

    Imagine the fun that will start when the open sauce lawyers land on m$ with "cease and desist" leteers followed by "we're gonna drag you into court and sue the arse off you " letters....

    1. patrickstar

      Re: Will

      I have read tons of MS source code and never seen a single GPLed source file in any of the closed source stuff...

      The standard MS style also happens to be different enough from most *ix code that it'd be easy to spot if it was just a cut&paste job with license removed.

  29. Anonymous Coward
    Anonymous Coward

    Even pro-Microsoftie Thurrott...

    Even pro-Microsoftie Thurrott described Windows 10 CU S as the Windows 10 'Shit' version. It must be truely ill-thought out, in terms of user experience to say that.

    "Windows 10 C reators U pdate (N ew T echnology) S hit" Edition.

    Microsoft marketing what were you thinking?

    If Microsoft wanted to do Windows 10 S right and proper, they would have used the open source code base of Linux for it's underlying core, with a Windows 10 UWP platform+Win10 user inferface bolted on top.

    Now that's something that might entice.

    1. bombastic bob Silver badge
      Unhappy

      Re: Even pro-Microsoftie Thurrott...

      "with a Windows 10 UWP platform+Win10 user inferface bolted on top."

      except THAT is the lipstick being painted on the non-oinky end of the Win-10-nic BOAR.

      You can put Linux underneath, but if it LOOKS like WIn-10-nic, SMELLS like Win-10-nic and causes me to reflex-vomit if I attempt to TASTE it (like Win-10-nic), then WHY do it?

      [yeah don't get me started on everything I *HATE* about Win-10-nic, which are all contained in the UWP 2D FLATSO FLUGLY "the METRO" CRAP-UI. I have few grips about the bottom end; it's the UI that I *HATE*]

      Anyway, I'll take Linux with Mate instead. Or better still, FreeBSD! A "Win-10-nic" desktop manager would *JUST* *SUCK*.

      1. Charles 9 Silver badge

        Re: Even pro-Microsoftie Thurrott...

        But without the core, how will you run the windows APPS that are the main reason people stick to Windows? And no, substitutes aren't always available.

        1. bombastic bob Silver badge
          Linux

          Re: Even pro-Microsoftie Thurrott...

          "how will you run the windows APPS that are the main reason people stick to Windows"

          THIS is where _MARKETING_ comes into play...

          Linux needs MARKETING. You get people to run it, and get used to "windows within a VM" for when they MUST have windows for something.

          Simultaneously you get the 'big boy' vendors to do one of two things: either they SHIP LINUX VERSIONS (I hear Quickbooks is done in Java, so for Intuit it might be pretty simple!) or else they do a "Wine certification" so that they CERTIFY their applications will run under Wine.

          Do this enough, and it will gain a life of it's own.

          The problem is that NOBODY is doing that kind of marketing work.

          HOWEVER, if we can manage to convince a few of the BIG BOYS (let's say Intel, AMD, Lenovo, Dell, and some of the others that will SELL HARDWARE AGAIN if a decent OS is available) that they need to invest in this kind of marketing, it MAY become practical enough that "it happens".

          Yes, it takes MONEY and EFFORT to unseat a monopoly. I just described one way it can be done.

          1. Charles 9 Silver badge

            Re: Even pro-Microsoftie Thurrott...

            "HOWEVER, if we can manage to convince a few of the BIG BOYS (let's say Intel, AMD, Lenovo, Dell, and some of the others that will SELL HARDWARE AGAIN if a decent OS is available) that they need to invest in this kind of marketing, it MAY become practical enough that "it happens"."

            It'll work AGAINST hardware companies since the odds are it will LOWER requirements instead of raise them. Plus, virtualization is not an option for everyone (like those with custom HARDWARE that can't be virtualized).

          2. LDS Silver badge

            "Yes, it takes MONEY and EFFORT to unseat a monopoly"

            Exactly, and you invest money and time ONLY and ONLY IF you see a return - usually more MONEY.

            Explain how your plan investing money into Linux marketing will make the above companies earn more, especially hardware ones, why people would buy more hardware because of Linux?

            Otherwise, sorry, you win an "underpants gnome" award.

    2. patrickstar

      Re: Even pro-Microsoftie Thurrott...

      Uhm, the kernel is the GOOD part of Windows. It's a masterpiece as far as kernels go. The coding style is a bit too militant for my taste, but it's certainly easier on the eyes than most of Linux.

      Whatever your issues with Windows are, chances are the kernel isn't where they stem from.

  30. Anonymous Coward
    Anonymous Coward

    Aw boo hoo,

    "Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide."

    So what, Linux source code is there for all and sundry to see and are not ashamed of coding cock-ups which can be reviewed and fixed rather than get the interns to do it and pretend there is nothing wrong. Security through obscurity is a fallacy as it's been proven time and again. I wonder just what schoolboy coding errors are now going to be shown up ?

  31. thondwe

    OEM share

    Looks to be stuff aimed at OEMs so assuming that one of those has the security hole that's leaked all this - so what other code/stuff have they lost? Firmware source could be useful to hackers?

  32. ZanzibarRastapopulous

    Adaptations...

    When people make adaptations do they use an adaptater?

  33. J J Carter Silver badge
    Trollface

    Open Source Good

    As many eyes on the source code improves Linux, right?

    1. TheVogon Silver badge

      Re: Open Source Good

      "As many eyes on the source code improves Linux, right?"

      This is what we were always told. However Linux doesn't have a lower bug count than other OSs and major holes have been found that were a) apparently obvious, and b had been there for years.

      The problem I have with it is that there will always be bugs somewhere, and a well funded attacker will presumably find it easier to find and exploit them with the source code than without it.

      Of course it's also common knowledge that security by obscurity isn't really security. And that holes can be found by fuzzing, reverse engineering, etc. But imo that does make it a bit harder for the attacker.

  34. moonpunk

    Am I the only one...

    ...that actually likes Windows 10?

    Works great for me. As does Office 365 (Teams, OneDrive, Skype 4 Business, and all of the usual Word, Excel, PowerPoint and Outlook applications).

    I accept that you pay your money and make your choice, and it wouldn't do if we were all the same, but it all works fine for me!

    1. TheVogon Silver badge

      Re: Am I the only one...

      "Works great for me"

      Me too. And if you care about the telemetry and / or want it to look like Windows 7 - which seem to be the main complaints, it's just 2 free apps to install to fix that. Personally I don't care what info they collect just so long it isn't used to target adverts in the browser, or is sold to others for any sort of marketing / sales activity. Which Microsoft do not do.

      If you haven't yet upgraded to Windows 10, it must be because you are blind and missed all the popups - and therefore you still qualify for a free upgrade! https://www.microsoft.com/en-us/accessibility/windows10upgrade

  35. This post has been deleted by a moderator

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019