ReactOS Code Audit 217
reub2000 writes to tell us that in response to talk of "tainted" code within ReactOS Steven Edwards, ReactOS and Wine developer, has called for a complete audit of the entire source tree in addition to procedure and policy changes. From the article: "One final note, this audit of the code is going to take a long time. It could take years, but it will happen, this project will come out better than it was before. I don't believe anything anyone has done while working on this project was really wrong. Every decision has three possibilities, being moral, ethical and or legal. Sometimes the law in itself is unethical and immoral. If people made mistakes and there was a violation of the law, I question the justice of the law and or anyone that would try to prosecute any of the developers who just want the freedom to learn and create a more free system."
defensive (Score:2, Interesting)
Re:defensive (Score:5, Interesting)
I'm not a developer, so I'm curious...is it precedented at all for them to involve MS in this audit? Would it make sense for MS to look at the source code and advise them of any transgressions so they can fix it quickly? IIRC, ReactOS is/was open-source, so it's not like Microsoft couldn't have already downloaded the code independently to look for problems. By inviting them into the audit you at least have your ass somewhat covered, especially if they decline and then turn around and sue later.
No way would MSFT participate (Score:5, Informative)
Re:No way would MSFT participate (Score:5, Funny)
Re:No way would MSFT participate (Score:2)
Defensive? Yes. Guilty? I doubt it. (Score:2)
Summary is misleading (Score:5, Informative)
What happens when you have a split personality? (Score:4, Funny)
Re:Summary is misleading (Score:2)
Re:Summary is misleading (Score:3, Informative)
in the US you gotta have one person reverse engineer and write documentation, and another write the code.
IANAL, but I have read the law, and I think this is a myth. Using two engineers gives you a way to easily *prove* that no copying was done, but it's not actually necessary. If the owner of the code you're reverse engineering sued you for copyright infringement, it would be their responsibility to prove that you did copy, and that you didn't independently create identical code. Since it would be a c
Re:Summary is misleading (Score:4, Insightful)
The "clean room' procedure is what enable clone pc's to exist in the first place when compaq cloned the bios with the two engineer method to make their reversing watertight, which it was.
It's nice to try and do that way, but not necessary. I think the big issue for single developers is not so much legally reverse engineering (which is still legal to the chagrin of many ignorant and selfish people) is not so much being right, as having the money to defend themselves in court.
So if you and a buddy "clean room something" that's only half the job. The other half is having money in the bank to cover future possible legal expenses.
I think the lesson we have seen often on slashdot is big corporations "bullying" some little guy who for all intense and purposes is legally right with what they are doing, but the corporation (or their hired suits who need to justify their salary) are the ones who are actually wrong.
Also, I would consider both the DMCA and CTEA immoral laws for a variety of reasons.
Re:Summary is misleading (Score:2)
The only caveat to the point that you make is that I believe that since the DMCA copyright is a criminal offense instead of a civil one (in the vast majority of cases).
Perhaps. Criminal penalties apply in three cases:
Those do cover a lot of ground, but in a criminal case the burden of proof increases: The prosecutor has to prove the
Re:Summary is misleading (Score:2)
There is no such law.
The advamtage of clean room engineering is that there can be no allegations of it being a derived work because code was duplicated.
Even without clean room engineering, the plaintiff must prove infringement.
Clean room engineering makes infringement impossible, so it reduces the risk of it even getting to trial or past the summary judgement stage (the defense will get gr
For those of us who are unaware... (Score:4, Interesting)
Comment removed (Score:5, Informative)
Re:For those of us who are unaware... (Score:5, Informative)
This isn't about the leaked Windows source code, its about possible invalid reverse engineering (i.e. decompiled windows code)
Re:TFA (Score:2)
Re:TFA (Score:5, Insightful)
The compiler simply is a translator that turns a human-parsable programming language into a machine parsable instruction code. That being said, a translation in the other direction is just as easy.
However, compilers these days are more advanced than the golden old days of computing, and will do crazy things to optimize code (unrolling loops, replacing ineffecient operations with more effecient ones [i = i + 1; -> i++;]). Some of these operatons can't be reliably undone (especially the case with inline functions and macros, because often the code compiler will apply the inline, and then realize there's a way to make it more effecient, thus making the code slightly different than the inline function and causing it to not be reversable), at least without a little human interaction.
And there are open source code decompilers available for a number of languages (for C, as an example, there's DCC [uq.edu.au]. Just don't go decompiling Windows and copying and pasting the code back into ReactOS
Re:For those of us who are unaware... (Score:2)
So, they found code that looks suspiciously like it was decompiled and used that way? Don't they use source control? It's trivial to trace it back to the developers that added it and ban them from further participation.
I would say it sounds like an organization problem though. Why exactly is code that makes no sense getting added? This is easily solved by say, using a post-commit hook in SVN that mails diffs. Post that to the mailing list so that everybody can see and
Article (Score:5, Informative)
Re:Article (Score:2, Funny)
Re:For those of us who are unaware... (Score:3, Informative)
Acording to what I saw on the mailing list, most of the potentially suspect code is in
ReactOS is recommended (Score:3, Interesting)
Re:ReactOS is recommended (Score:2)
Re:ReactOS is recommended (Score:3, Funny)
So what you're saying is that it's working quite a lot like Windows already?
Re:ReactOS is recommended (Score:2)
Re:ReactOS is recommended (Score:2)
I believe ReactOS are hoping for the ability to use NT 4 drivers as well, which is a good idea.. but considering that a lot of newer hardware manufacturers are no longer making NT4 drivers might be problematic.
In order to get IE 7 installed, first you'd need to get around the genuin
Re:ReactOS is recommended (Score:2)
Re:ReactOS is recommended (Score:2)
Why run IE 7.0, why not make ReactOS work with Firefox 1.5 instead? I would think that Firefox is easier to make it work with ReactOS as both are OSS projects and access to the Firefox source code can help them make a ReactOS version of Firefox, possibly Thunderbird.
I mean why try to get commercial MS-Windo
Ethical vs. Moral? (Score:2)
Re:Ethical vs. Moral? (Score:5, Insightful)
(yes, this is a joke but unfortunatly most people seem to mix up "moral" with "christian/puritanian fucked up double standard bigot moral". The best thing with moral is that you can have your own. There is no Real Moral(tm).)
Re:Ethical vs. Moral? (Score:3, Insightful)
That's a tough argument to win. Can I kill you and take your stuff, so long as I decide it's allowed by "my own" moral system?
It's much easier to defend the idea that morality is absolute, starting with axiomatic principles like human self-ownership. It's all about how we respect the essential rights of our fellow humans. In fact, you can't even defend the idea of subjective morality effectively without this axiom.
Re:Ethical vs. Moral? (Score:2)
What you can and can't do isn't decided by what you consider moral. It is decided by what everyone else considers moral. If I were gay and thought it was morally acceptable for me to get married... well... that doesn't mean I can.
Re:Ethical vs. Moral? (Score:2)
THERE IS NO DIFFERENCE
This is the first thing you are told in philosophy of ethics. They are interchangeable terms.
Now, you might personally think these words have a different sense, but what things feel like to you isn't evidence. If something is ethical it is moral, and if it is immoral it is unethical.
There are differing systems of morals and differing systems of ethics. By calling one system a 'moral' system and another an 'ethical' system you can produce seeming contridictions. But
Re:Ethical vs. Moral? (Score:3, Insightful)
If it makes you feel better I can say that I think that most other religions have even worse morals.
And of course this wasn't a stab at any individual christian but rather a stab at those who In My Humble Opinion DO have fucked up double standard bigot morals, and they are too many to ignore...
To make you feel even better I also thin
Re:Ethical vs. Moral? (Score:3, Insightful)
If you tell the truth (because you always tell the truth) and a bunch of innocent people are killed or tortured, then you are probably being ethical but immoral.
Defense Lawyers seem like a pretty good example. They ethically must defend people they may believe are guilty. If they defend poorly on purpose, they are being unethical. I believe (IANAL) that the prosecution must reveal all evidence to the defense but the def
Re:Ethical vs. Moral? (Score:2)
For example, when the PS2 launched people were selling "Playstation 2 box"es on Ebay and they knew that some buyers would assume that the PS2 actually came in the box. So a few peope paid $500+ dollars for empty playstation 2 boxes. They listed them accurately so according to Ebay's rules what they did was ethical, but I still say it was amoral.
LK
A field of study vs a measurement by a standard (Score:2, Insightful)
Morality is a specific instance of an ethics. Something is moral if it is acceptable in or follows from the view of ethics in question, and immoral if it is unacceptable or violates that code in some way.
In short, "ethical" says that some
Re:Ethical vs. Moral? (Score:3)
Re:Ethical vs. Moral? (Score:3, Interesting)
What do morals have to do with this?
Re:Ethical vs. Moral? (Score:2)
Re:Ethical vs. Moral? (Score:2)
Not quite. Morals are standards of conduct that do not require objective justification - they may, for instance, claim to be handed down by a deity. Ethics are standards of conduct that are based on objective justifications (although it is not necessary that the objective justification be incapable of being disputed).
That is not to say that particular standards of conduct in a system of mor
Re:Ethical vs. Moral? (Score:2)
You meant to say "being moral without being ethical."
IANAL, but an example would be if a lawyer breaks client-attorney privilege by reporting a confession the client had made in private to the police or state's attorney. While this information might not be admissible in court and the lawyer would potentially f
my take (Score:2, Funny)
step 1. audit code
step 2. redo any code that is in dispute
step 3. package and sell your product
step 4. PROFIT!!
Re:my take (Score:2)
Re:my take (Score:2)
ReactOS; we hardly knew you (Score:5, Insightful)
It's a shame; ReactOS came so far, and got so close (networking was almost ready) and now it's DOA.
It will be missed.
A plant (Score:2, Interesting)
If it was getting too close for comfort, i dont doubt for a second that a company like Microsoft would do something like this. ( and then set things up for one hell of a lawsuit.. )
Makes you wonder if the 'leaked code' was infact a stunt to facilitate things like this for the forseeable future.. "everyone is tainted, the sky is falling, give us more money'
Re:A plant (Score:2)
Re:A plant (Score:2)
Someone joining an organisation to disrupt it from within [wikipedia.org] is completely unheard of. Just ask the Black Panthers.
Open Source? (Score:2)
Re:ReactOS; we hardly knew you (Score:2)
Step #1 should be to get a copy of the source tree from before the Windows code was leaked. Code that has stayed the same since then isn't a problem, at least not for the reasons that are worrying them now.
Step #2 assign a name to each change. Some developers will be able to assert they have never seen Windows code. Those changes are also OK.
Step #3 for developers who cannot assert they have never seen the Windows co
Release it from another country (Score:5, Insightful)
Re:Release it from another country (Score:2)
In short, there's no where to hide.
Re:Release it from another country (Score:4, Informative)
For us in the US when you speak of clean-room reverse engineering it means that one person tears apart the implementation of a device, writes documentation and another reads that documentation and implements. Other countries do not require this invisible great wall of development and allow the same person that disassembles the interface to also write the replacement implementation.
If it's legal to do so in those countries, then it's legal to release it in them as well.
Re:Release it from another country (Score:2)
Open Solaris has what to do with ReactOS, apart from the fact they are both Free [gnu.org] operating systems?
Re:Release it from another country (Score:2)
It's a matter of numbers versus complexity - the job ahead of the straggling members is doable, given enough time (it will take considerable time, however); but in that time it's almost inevitable that ReactOS will join the ma
Re:Release it from another country (Score:2)
Because then people from other countries can't use it. In fact, it makes sense to have the work done according to the most "strict" reverse-engineering rules.
Re:Release it from another country (Score:2)
I should have also mentioned in my previous reply that there is some reasonable logic for the US rules about reverse-engineering. In the US, the reverse-engineer has to examine whatever is being reverse-engineered and then write documentation on how they think it works. Then, a "clean" engineer has to try to implement a system based on the documentation. The reason for this is that if the sam
wine (Score:2, Insightful)
If they all shift to wine coding in the mean time, im sure their will be great benefits.
How do you tell the difference? (Score:3, Interesting)
Re:How do you tell the difference? (Score:2)
Re:How do you tell the difference? (Score:2)
Nobody at Microsoft would touch the ReactOS source code with an eight-foot pole. It would too easily produce the reverse situation -- if a person who had at some point seen the ReactOS code worked on Windows, then Microsoft would be open to accusations that they had stolen GPL code, and would have to do a code audit of their own to prevent it. (As well as probably behead all the people responsible.)
Sure, if MS was really interested, they could hire some outside agent to audit the ReactOS code and compar
Get this to run on Mac OSx86 (Score:2, Insightful)
Re:Get this to run on Mac OSx86 (Score:2)
Codeweavers are putting big amounts of work into this. CrossOffice will support MacOSX [slashdot.org] in one of the next versions. Codeweavers were rather enthusiastic when Apple announced their switch. No surprise, the desktop market share of MacOSX is bigger than Linux's.
I really expect great things to come!
Bye egghat.
The forum discussions... (Score:4, Informative)
It seems all started here.
Don't mod parent informative! Here's the good link (Score:2)
This is the one
Re:The forum discussions... (Score:5, Informative)
Oh No (Score:2)
One of the posts there is from:
Steven Edwards - ReactOS and Wine developer...so if he has seen the tainted code is Wine tainted as well?
I can't help but wonder... (Score:3, Interesting)
2) Since a lot of the development effort on ReactOS is shared with WINE and vice-versa, I wonder if this could affect WINE, too. MS already has acknowledged WINE's existence by checking specifically for WINE registry settings in things like their Genuine Advantage program, but they obviously haven't sued anyone over that yet, either.
Use Anti-Plagerism Software Instead of Auditing (Score:2, Interesting)
Re:Use Anti-Plagerism Software Instead of Auditing (Score:3, Insightful)
Re:Use Anti-Plagerism Software Instead of Auditing (Score:2)
Re:Use Anti-Plagerism Software Instead of Auditing (Score:2)
Why not have MS audit? (Score:2, Interesting)
"There is the possibility that our code in the following areas *list areas* contains fragments of MS code. We would kindly request that MS advise us as to any issues with respect to this code. If we haven't heard otherwise within 6 months, we will presume that there is no MS code that has been used."
IANAL, but perhaps the law of estoppel would then apply?
Re:Why not have MS audit? (Score:3, Informative)
Re:Why not have MS audit? (Score:2)
And if MS doesn't check it, or don't finish within six months.. that does not in any way give any rights to use MS's code in ReactOS.
sorry. (Score:2)
What's really happening (Score:5, Informative)
This is more about some technicalities, and friction between developers.
You've also got to understand that a *few* of the devs are still relatively young, and while they have made great technical contributions, may not have all the working-in-a-team skills they need yet.
If you know about programming, and binary interfaces, you will know that for ReactOS to work like windows, some small bits of the compiled code MUST be EXACTLY the same. The question is how that knowledge came to be in certain people's heads, when they wrote the affected parts of ReactOS. It is extremely unlikely that infringing code will be found in ReactOS. None of the people I know there are stupid enough to use actual leaked code in the project.
However, there is a deeper aspect to the problem. There are roughly 2 factions. The first I'll call the windows-enamored folk (WE). The second I'll call the external-interface (EI) folk. The EI folk only care that the user-visable parts of reactos are compatible with windows. This will allow the Reactos code to be even better that windows code in some areas, if it can be re-achitected. The WE fold want ReactOS to work EXACTLY like windows, on every level. This may be what Hartmut was referring to in his cryptic email.
On a practical note, ReactOS is not going to be any kind of threat to or replacement for win2k for at least another 2 years. MS will not waste the effort.
ReactOS is not in danger of dying. Maybe 3 years ago some FUD could kill it, but at this point, it has come so far, and there are enough stakeholders that it's going to continue.
Coders from all over the world work on this system. People from Europe, Canada, and the Caribbean, and that's just the ones that speak english.
To ReactOS people reading this: I do think we should look at staging releases from a country with different reverse-engineering laws, though. Certain precedents have been set in US law that do not apply elsewhere.
Anon-Reactos-guy (who hates melodrama)
They're complicating it (Score:2, Interesting)
Who's auditing closed source? (Score:3, Interesting)
All I see is giant megaprofit closed source corporations get to run on the "wesayso" law, "we say we only have pure code of our own writing", but everyone else in the other camp has to be scared of lawsuits because they glanced at some closed source someplace and are under draconian NDAs or whatnot.
Kinda like diebold and vote counts. The vote is what we say it is, if you don't believe it, tough noogies.
Nah... it's called "da markett" (Score:3, Interesting)
When I worked with sales software (inventory, etc), we would occasionally decompile someone else's program to see if we could find grounds to sue, especially if the interface was very similar to our program. We catched one guy with a plagiarized copy of our program (down to programming errors) and we nailed him, driving him out of business. Actually, we didn't have to sue... we just threatened to press criminal charges and he yielded. He paid some $$$ to our firm, gave us
Never EVER look at the Windows source code (Score:4, Insightful)
Move out of USA or fork without USA developers (Score:3, Interesting)
The way it looks this project will stagnate into oblivion, unless something like a coup of foreign developers (a fork) occurs.
Too bad this happened just before v3.
Re:Move out of USA or fork without USA developers (Score:2)
If you plan on releasing in the USA, you do.
There wouldn't be (much) point to making ReactOS if people couldn't actually use it legally within the USA.
Re:Move out of USA or fork without USA developers (Score:2)
Now I don't know how much of the development team would be affected by this, so this may or may not be realistic.
Re:Yeah... (Score:2, Funny)
Re:Yeah... (Score:2)
Re:Yeah... (Score:2, Funny)
Re:Source code was copied (Score:2)
I'm sure other people have copies of the source code, though, so development may continue to some extent during the audit.
Re:taint (Score:3, Interesting)
Re:taint (Score:3, Interesting)
Uh, you do realize that Linux is just a clone of Unix, right? The ReactOS guys are trying to do the exact same thing with Windows, the situation is entirely analogous.
Re:taint (Score:2, Insightful)
Re:taint (Score:2, Insightful)
Re:download anyway? (Score:2)
Re:download anyway? (Score:2)
Downloads Still Available via SourceForge (Score:2)
Sourceforge download mirrors [sourceforge.net]
Re:Torrent link (Score:2)
Re:If one wants to clone, Why not pick MacOS inste (Score:2)
The one and only goal of the ReactOS project is to provide a free, functionally complete and open source clone of Windows. It is so that people can run Windows apps without requiring Windows. Please provide a detailed explanation of exactly how cloning OSX could possibly further that goal in any way, shape or form.
I am waiting.
Re:If one wants to clone, Why not pick MacOS inste (Score:2)
The OS X kernel, on the other hand, is an interesting academic exercise. The Mach microkernel showed