pyrrho's Journal: Auditing Microsoft for GPL violations

I'm sure that Microsoft has used GPL code, probably without knowing, late some night when something was due the next day. I want to audit them. I think we can start by (somehow) looking for binary signatures... people that have time to make advanced obfuscating efforts have time to write their own code and don't plagerize.

MS use of GPL code may be as innocent as an extra copy of Office on a University Computer Lab computer... which is to say they ought to get rung up for it just like the BSA says!

I know it can be done, I know a general approach, I've programmed for 20 years (ok, I started in junior high, but I've been paid to do it for 17, ok, I worked my way through school as a programmer, but I've been graduated over a decade...) BUT... I don't write binary diffing tools etc. etc. and I think we could get our heads together for a sensible approach using tools people might already have around for other purposes.

NOTE: proving this would likely mean (1) MS would have to open some of it's code and (2) the FSF would get damages equal to the amount MS made selling the software that included Covered Code.

EXTRA: even discovering BSD/Public Domain code used by MS would be a good public relations thing and a big pie in MS's face and would therefore be fun aka a "good thing"

what am I missing here?

[pyrrho]

1. compile Windows versions of GPLed code using MSVC with various sensible flags
2. scan Microsofts DLLs and EXEs for binary match
   
3. show the judge, "look, this is unlikely to be a coincidence, we need to see the source for XYZ"
4. find the violation
5. 
   sue for billions!
   
6. laugh maniacally
   
7. go to beach

Re:what am I missing here?

[Surak]

Microsoft *has* used BSD code. It's widely known that the Windows NT TCP/IP stack is based on BSD's TCP/IP stack. Not that you could sue for said use... but you did mention specifically in your journal entry that the use of BSD or freeware code would be public relations coup...

There's probably some sendmail code in Exchange Server, too. But that's not GPL either.

What makes you so sure that M$ has used GPL code? They keep saying how wonderful BSD code, and its widely known that they've been using BSD code for years.

Tempting

[isorox]

A tempting final year project for a skilled undergraduate - however - wouldnt the act of examining the binary files breach some kind of obscure law?

Plagerism detectors arent very accurate, and thats when you're examining source.

The size of microsoft projects, and the size of every GPL program under the sun would also be a problem. It would be easier if you think "hmm, the way excel adds up this column is similar to gnumeric", then look at the binary then just star blankll at excelmath.dll (or whatever), trying to compare it to line 599987 of emacs.

When is it a violation? Two programs might both have "int i = 0;" in the source - hardly a violation though.

Normally to detect plagerism you'd look at bugs in the programs, which is a problem when looking at microsoft (many bugs) and open source (fewer bugs) :)

Re:Tempting

[pyrrho]

The size of the undertaking is massive, but a dedicated machine sitting in a closet could make steady progress given 24 hours a day. Setting it up is more daunting than the time running it. I think.

When is it a violation? Two programs might both have "int i = 0;" in the source - hardly a violation though.

I think you could find whole functions and beyond. Consider an easier task. What if you wanted to find the use of sample source code, such as what MS gives away (we think). You would more or less assume the modules were compiled whole, and if so, finding them would be easy (just a matter of time in my hypothetical automated process).

Also, a technique might be to start with beta versions of Windows or otherwise look for debugging information. Some modules may have function names in the modules symbol table which could give you a big clue. ??

Re:Tempting

[littlerubberfeet]

Well, given all the hype over distributed computing.....how about GPLAudit@home?
Please don't sue me for using the @ symbol.