Full Disclosure mailing list archives
Re: Windows 2000 Source Leak Verified. Get ready for the havoc.
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 16 Feb 2004 13:18:28 +1300
Valdis.Kletnieks () vt edu wrote:
On Sat, 14 Feb 2004 16:42:39 GMT, Lee <cheekypeople () sec33 com> said:again its 1/100 of standardd MS code for a OS, lets get a grip please... and I think I see the company who let the source get loose come out and sayMost earlier estimates of the Win2K source were about 45M lines of code (I think the "40 gig" being tossed around is the size of the source-control-system database). And I've seen the number 12.5M lines of code escaped. That's closer to 1/3 than to 1/100.
Indeed -- there are some public domain references (from folk who should know) about the size of the source control system, but of course that is way more than just the final source. Using the 45M lines of code estimate (was it reallY?? perhaps for server with IIS, etc?), some simple maths tells us something about the expected size of the source. Assume an average of 60 characters per line (reasonable??), assume a simple .ZIP compression ratio of 70% (seems a tad low for .C source based on some large .ZIPs I just checked on this machine -- most ran 72-75%): 45M * 60 * 0.30 = 810MB Vary to suit your tastes regarding likely average line length and .ZIP compression ratio... Also, consider that the directory listings I've seen posted for the "leaked" .ZIPs show that there is quite a bit of cruft included (.EML files and other non-source stuff like core dumps) and make further adjustments. So, it seems that the "leaked" source is considerably more than 1/100th the original. I think Valdis' 1/3 estimate may be a tad low as I think I saw the 12.5M lines estimate for the NT code base. Ahh, yes -- Russ Cooper posted the following to NTBugtraq: 1. NT source is NT 4.0 SP3, contains 27000+ files (658MB). It is all NT 4.0 Server except IIS, includes IE 4. No references to Mainsoft (see http://www.eweek.com/article2/0,4149,1526830,00.asp.) 2. W2K is SP1, a very small subset, IE 5, SNMP, PKI, networking and some SDK stuff. 28000+ files (338MB - although many of these are empty mail messages and other crap.) Does contain 3 references to MainSoft. Much of what is there is available elsewhere. and in another message Russ wrote: Couple of corrections. 1. There were 27,142 NT 4.0 SP3 files totaling 338MB. 2. There were 28,782 W2K SP1 files totaling 658MB. 3. It does appear that all of both versions are present, minus IIS. 4. 10,425 of the 27k NT files are actually source totaling 193MB uncompressed. 5. 8,367 of the 28k W2K files are actually source totaling 217MB uncompressed. Archived copies of the full messages from which these comments were extracted are at (sorry, URLs will wrap): http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0402&L=ntbugtraq & F=P&S=&P=2868 http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0402&L=ntbugtraq &F=P&S=&P=2954 A followup comment by Dragos Ruiu may be of interest too: http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0402&L=ntbugtraq &F=P&S=&P=3155 Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows 2000 Source Leak Verified. Get ready for the havoc. dotsecure (Feb 13)
- RE: Windows 2000 Source Leak Verified. Get ready for the havoc. Aditya, ALD [Aditya Lalit Deshmukh] (Feb 14)
- Re: Windows 2000 Source Leak Verified. Get ready for the havoc. Cael Abal (Feb 14)
- RE: Windows 2000 Source Leak Verified. Get ready for the havoc. Byron Copeland (Feb 14)
- Re: Windows 2000 Source Leak Verified. Get ready for the havoc. Lee (Feb 14)
- Re: Windows 2000 Source Leak Verified. Get ready for the havoc. Valdis . Kletnieks (Feb 15)
- Re: Windows 2000 Source Leak Verified. Get ready for the havoc. Nick FitzGerald (Feb 15)
- RE: Windows 2000 Source Leak Verified. Get ready for the havoc. Aditya, ALD [Aditya Lalit Deshmukh] (Feb 16)
- Re: Windows 2000 Source Leak Verified. Get ready for the havoc. Valdis . Kletnieks (Feb 16)
- RE: Windows 2000 Source Leak Verified. Get ready for the havoc. Aditya, ALD [Aditya Lalit Deshmukh] (Feb 14)