A few days ago, Kuro5shin evaluated the Windows source code that was leaked last week. If nothing else, the assessment is a good read because it offers a glimpse into the programmers’ comments:
:// the f***ing alpha cpp compiler seems to f**k up the goddam type “LPITEMIDLIST”, so to work
// around the f***king peice of sh*t compiler we pass the last param as an void *instead of a LPITEMIDLIST
Anyone who’s met a deadline by sucking caffeine and programming through the night can relate. The author fairly* concludes that the quality of the code is as follows:
The security risks from this code appear to be low. Microsoft do appear to be checking for buffer overruns in the obvious places. The amount of networking code here is small enough for Microsoft to easily check for any vulnerabilities that might be revealed: it’s the big applications that pose more of a risk. This code is also nearly four years old: any obvious problems should be patched by now.
[snip]
In short, there is nothing really surprising in this leak. Microsoft does not steal open-source code. Their older code is flaky, their modern code excellent. Their programmers are skilled and enthusiastic. Problems are generally due to a trade-off of current quality against vast hardware, software and backward compatibility.
Seems like a fair assessment. There are reports of a security exploit based on the leaked code, but Microsoft has stated that the vulnerability is known and has been patched.
* How do I know this is a fair conclusion? Because I’ve evaluated the leaked code myself? Of course not!
No Tags