Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Open-Source Detector

timothy posted more than 9 years ago | from the lie-detection dept.

GNU is Not Unix 340

McDutchie writes "With open-source related lawsuits on the rise, a market is developing for automated tools that detect the presence of open-source code within larger application development environments. Palamida Inc. stepped in with IP Amplifier 3.0, essentially a search tool and a database that consists of more than 38 million of the most commonly used open-source files. Something Google-inspired called CodeRank is claimed to match code against the database. Hmm... maybe someone should run it on this, or even this." Of course, some open source code is perfectly welcome in commercial software, even if that software's code is not itself open; it's no secret or surprise that Microsoft, for instance, has taken advantage in some products of BSD-licensed code.

cancel ×

340 comments

Sorry! There are no comments related to the filter you selected.

First Post!!!! (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#12430591)

fIRST pOST

Bah... humbug. (-1)

Jim_Callahan (831353) | more than 9 years ago | (#12430593)

Sounds like a lot of work when you can just type "open source" and whatever you want the code to do in google, and get a bunch of project homepages. Unless they mean to detect open-source code in a compiled executable, in which case, who cares?

GPL violations! (3, Insightful)

jeroenb (125404) | more than 9 years ago | (#12430610)

appears to be the whole point of this tool anyway.

Re:GPL violations! (2, Insightful)

Jim_Callahan (831353) | more than 9 years ago | (#12430657)

Fair enough, I guess. Way to streamline the process of flooding the nation with pointless lawsuits. Maybe between this and medical malpractice, we'll finally be buried under a mile of paper and preserved for future generations of africans to excavate, like in that children's book I read once. Forgot the title.

Re:GPL violations! (0)

Anonymous Coward | more than 9 years ago | (#12430697)

Dude, if a doctor ever leaves a sponge in you, I hope you have no legal option and you end up having to fish it out through your ass.

Re:Bah... humbug. (2, Insightful)

asliarun (636603) | more than 9 years ago | (#12430714)

This sounds more like an auditing software. It looks like this tool would allow you to scan an existing codebase to check for the existence of open-source code nuggets. Considering the licensing minefields that exist today, it's probably a good thing for a release manager to do before a "release to production". This is especially so because a lot of developers routinely copy-paste code from the net and usually don't read the license accompanying the code.

IMHO, this is quite an innovative tool, and would save a release or a project manager a lot of headaches in terms of legal compliance.

Re:Bah... humbug. (3, Funny)

graywolf001 (853470) | more than 9 years ago | (#12430775)

You dont get the point of the whole thing at all. This is not for searching open source code that you could use.
This is so that you can detect OS code in your own source code. Presumably if you're managing a commercial software company you'd want to know if your developers have simply been copying code from some OS project.
It can do binaries too if you actually read the thing.

Now if you'll excuse me, I have some code I need to obfuscate ;-)

gnaa j00 (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12430597)

frist ps0t

areems is fat

windows already has some (-1)

suso (153703) | more than 9 years ago | (#12430598)

Doesn't traceroute or some dos prompt network util under Windows already contain some BSD code? Why hasn't anyone gone after MS for this?

Re:windows already has some (3, Informative)

jeroenb (125404) | more than 9 years ago | (#12430608)

Because the BSD license explicitly allows them to do this.

Re:windows already has some (1, Interesting)

imemyself (757318) | more than 9 years ago | (#12430609)

Can't people use BSD code in non-OSS projects?(Why I don't like BSD licenses personally, because they will be abused.)

Re:windows already has some (2, Insightful)

DrSkwid (118965) | more than 9 years ago | (#12430731)

How can a perfectly acceptable use of BSD code (BSD code in non-OSS projects) be abuse ?

The BSD goal is good code, not open code.

Re:windows already has some (1)

Jim_Callahan (831353) | more than 9 years ago | (#12430762)

I wouldn't call it abuse exactly. BSD was just apparrently written by people who cared more about the ideology behind open-source than actually forcing people to conform to it, whereas GPL was designed by a slightly more hardcore communist bunch. Of course, my opinions are colored by high-level slashdot exposure, so they may be suffering from radiation damage.

Re:windows already has some (3, Informative)

FidelCatsro (861135) | more than 9 years ago | (#12430784)

Actualy thats a bit wrong , the nature of the BSD license allows people to do what the hell they want with it , so in essence you cant abuse the BSD license.
This is why some people love the BSD license as they see it as total freedom and i have much respect for it myself .
I just prefer the GPL way as we get back any changes and thats gaurenteed by the license(if the software is released , i belive its ok not to feed the changes if its an internal tool only)

Re:windows already has some (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#12430611)

The BSD license permits that.
MS did nothing wrong at all in that regard.

Re:windows already has some (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#12430614)

Because the BSD license is not as restrictive as the GPL.

Re:windows already has some (0, Redundant)

DaHat (247651) | more than 9 years ago | (#12430616)

FTP.exe still contains the string regarding portions being copyrighted by the California Board of Regents... but why would anyone go after Microsoft for using BSD licensed code in their products? Last I checked, the BSD licenses was more 'free' than the GPL, permitting someone to keep their changes to themselves and be free to uses it how they see fit, provided they give props, which does and has happened.

Re:windows already has some (1)

MrByte420 (554317) | more than 9 years ago | (#12430648)

...free....as in beer. The software is not "free"....

Re:windows already has some (1)

Dot.Com.CEO (624226) | more than 9 years ago | (#12430675)

No, the BSD license is more free than the GPL. It gives users the right to do anything they want with the code. The GPL lets users do anything they want with the code as long as they keep within the GPL frame of mind.

Re:windows already has some (1)

FooBarWidget (556006) | more than 9 years ago | (#12430709)

And the GPL frame of mind is: give others the same rights you enjoy. How is this less free than BSD? Would your country be more free if you have the "freedom" to take rights away from your children? Would your country be more free if you have the "freedom" to kill people?

Re:windows already has some (1)

cortana (588495) | more than 9 years ago | (#12430754)

> How is this less free than BSD?

Whether you think it's good or bad is irrelevant. The GPL is less free than BSD because it does not grant the licensee as many freedoms.

Re:windows already has some (1)

FooBarWidget (556006) | more than 9 years ago | (#12430765)

It is relevant. Freedom is all about ethics. Freedom is not true freedom if it is bad.

Re:windows already has some (1)

ajs318 (655362) | more than 9 years ago | (#12430767)

So did the Thirteenth Amendment make the USA more free, or less free?

Re:windows already has some (1)

FooBarWidget (556006) | more than 9 years ago | (#12430813)

I don't know, I don't live in the USA and I don't know what the 13th Amendment is.

Re:windows already has some (0)

Anonymous Coward | more than 9 years ago | (#12430843)

Re:windows already has some (1)

Dot.Com.CEO (624226) | more than 9 years ago | (#12430803)

The thing I hate the most about iniciating serious discussions in /. is that, inevitably, the issue will become a moral one, that is one that depends on the point of view of the person you are talking with. In my point of view, being able to do whatever I want with a piece of code, whether that be sell it, base my new proprietary code upon it or whatever is real freedom, that is it does not depend on the point of view of the person who wrote it. For you, forcing your own, GPL point of view (i.e. all software must be Free therefore you can do whatever you want with this software as long as you adhere to my morality) is real freedom. I don't happen to agree with that.

Also, your metaphores are laughable, to say the least. You're one step away from mentioning Hitler...

Re:windows already has some (0)

Anonymous Coward | more than 9 years ago | (#12430853)

No, the BSD license is more free than the GPL. It gives users the right to do anything they want with the code.

How so? I'm the user, how does the BSD license give me the right to do anything with the code that MS copied into Windows?

BSDL fanatics seem to have this confusion about giving users rights vs. giving Microsoft rights. The GPL gives users rights, the BSDL gives Microsoft rights. The rights to deny users rights through their EULA.

Re:windows already has some (1)

FooBarWidget (556006) | more than 9 years ago | (#12430669)

It's only "more" free if you define "free" as "having the freedom to remove freedom from those who you distribute the software to".
If I write a big open source application, I will license it under the GPL, because I want *everybody* - not only the people who got the software from me, but also the people who got the software from a third party - to benefit from the same freedom. How is this "less" free than allowing third parties to not pass the same freedoms to other?

Your freedom ends where others' begin.

Re:windows already has some (0)

Anonymous Coward | more than 9 years ago | (#12430809)

How is this "less" free than allowing third parties to not pass the same freedoms to other?

It is less free because it places restrictions. Any practice or method that places restrictions, regardless of motive, restricts freedom. (note, not all restrictions are bad)

Just because it replaces restrictions that happen to coincide with your political ideology does not mean it provides freedom, especially for those who don't subscribe to the same ideology.

Since the use of your code in a commercial project does not directly harm you or the opensource community, then placing any sort of contract on that use is removing freedom.

Please, at least try to understand that underneath all the politics and bullshit there is true freedom. Where an individual is allowed to choose what action to take and how to live life without fear of repercussions from those who don't have the same set of moral values as himself. So long as their actions do not cause direct harm to others, people should be free to do whatever they want.

Re:windows already has some (1)

myc_lykaon (645662) | more than 9 years ago | (#12430830)

It's only "more" free if you define "free" as "having the freedom to remove freedom from those who you distribute the software to".

Disingenuous argument there. There are many ways one can posit that the BSD lic. os 'more free' than the GPL. Not the dubious 'only if free means removing freedoms' way you assert.

'More free in that it imposes fewer restrictions' is one simple example. The OP definately put quotes round 'free' in his original comment acknowledging that free is often a complex issue WRT licenses.

I would even suggest that your assertion that the BSD lic. removes freedom is false in that the original code that was imported into the hypothetical closed project isn't closed by the same project, it still roams free and available. Only the closed projects utilisation of that code is never released - there is nothing 'lost' in this.

Re:windows already has some (1)

maharg (182366) | more than 9 years ago | (#12430686)

yes, msft do indeed give props in FTP.EXE, as long as you grep/findstr for it. Hence the sig.

Re:windows already has some (1)

KiloByte (825081) | more than 9 years ago | (#12430719)

"free" as in "free for leeching".
That's why I really prefer GPL and especially LGPL.

With LGPL, you can use portions of my code in your proprietary programs, but I get testing and bug fixes in turn. If my code is helping someone, why wouldn't that person help me?

If the BSD stack was LGPLed, Microsoft would still be free to use it, but at least it would have to cooperate with BSD. That would make them a lot more likely to keep their sources synced with the original tree, and thus pull in any fixes. Can you imagine a non-buggy TCP stack in MS Windows?

Re:windows already has some (0)

Anonymous Coward | more than 9 years ago | (#12430824)

If the BSD stack was LGPLed, Microsoft would still be free to use it, but at least it would have to cooperate with BSD.

Actually, since a code license is not retroactive, MS would not have to change a thing provided they did not lift a stack that was LGPL'ed.

Re:windows already has some (1)

Jim_Callahan (831353) | more than 9 years ago | (#12430840)

"If my code is helping someone, why wouldn't that person help me?"


Believe it or not, there are philosophies that advocate helping people just because it's the right thing to do. It's called "anything in western philosophy but Hobbes". You should read it sometime.

Re:windows already has some (-1, Redundant)

marsu_k (701360) | more than 9 years ago | (#12430622)

Because the BSD licence permits quite anything? It's not licenced under the GPL you know.

Re:windows already has some (-1, Redundant)

LifesizeKenDoll (783854) | more than 9 years ago | (#12430624)

Code under the BSDL can be used in proprietary products granted that credit is given to its authors.

Re:windows already has some (0)

Anonymous Coward | more than 9 years ago | (#12430626)

did you ever read the bsd license?

Re:windows already has some (4, Insightful)

Bill_the_Engineer (772575) | more than 9 years ago | (#12430631)

Why hasn't anyone gone after MS for this?

You have confused Open Source with GPL. There is nothing wrong with using Open Source in applications as long as the license permits it.

Why should Microsoft be singled out for it? Expecially when we had people taking GPL'ed code and selling it as closed source...

Re:windows already has some (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12430633)

because you touch yourself at night, faggot

Re:windows already has some (1, Informative)

petaflop (682818) | more than 9 years ago | (#12430650)

That's the problem with the BSD license. It allows you to do exactly this, Microsoft are totally within their rights. As a result Microsoft are pretty happy for software to be BSD licensed. See the license text here [xfree86.org]

It's just the GPL [fsf.org] they hate, because they can't use GPL'ed software. See here [com.com] for example.

Re:windows already has some (1)

Jim_Callahan (831353) | more than 9 years ago | (#12430804)

Not so much a problem as the point of the license. Freedom of choice is good for you, it allows you to develop actual social responsibility and stuff, instead of simple obediance from fear of punishment.

Re:windows already has some (1)

bosz (621199) | more than 9 years ago | (#12430702)

But how can you check commercial software for open-source code used in it. Don't you need the source code of that software to search in. I don't think they will give you their code to do that.

DLL encryption will render this ineffective (-1, Offtopic)

carcosa30 (235579) | more than 9 years ago | (#12430613)

I hope it can crack PGP encrypted libraries.

That's the next thing for the OSS thieves. Then their malfeasance will be well-nigh undetectable...

Re:DLL encryption will render this ineffective (5, Insightful)

jdmetz (802257) | more than 9 years ago | (#12430630)

This tool is meant for commercial software companies to use, to ensure that they are not mistakenly using GPL code in their programs. It is not for open source developers to find misuses of their own code.

Re:DLL encryption will render this ineffective (4, Insightful)

FooBarWidget (556006) | more than 9 years ago | (#12430687)

"Mistakenly using GPL code"? How can anyone use GPL code on accident? You downloaded a tarball, you extracted it, you opened it in a text editor, you copied and pasted the code. And then you tell your boss that you did that "on accident"?
Can anyone explain this to me?

Re:DLL encryption will render this ineffective (1)

DrSkwid (118965) | more than 9 years ago | (#12430707)

a colleague IMs you a code snippet

Re:DLL encryption will render this ineffective (0)

Anonymous Coward | more than 9 years ago | (#12430710)

Boss told the programmers to write some routine, and the smartass downloaded a GPLd library, cut&pasted it into the program, tested that it works and slacked for the rest of the week, pretending to work on that routine.

Re:DLL encryption will render this ineffective (1)

Jim_Callahan (831353) | more than 9 years ago | (#12430716)

You keep all your reference files in the same folder, both those from your company and those garnered from the internet? I know I'm easily that sloppy, though admittedly I don't code for a living except in a very peripheral manner.

Re:DLL encryption will render this ineffective (1)

FooBarWidget (556006) | more than 9 years ago | (#12430751)

No I don't. I always put them in seperate folders. I'm not going to mix files where I'm not supposed to, that's asking for problems. And with a versioning control system, you can easily check which files don't belong in your project.

Re:DLL encryption will render this ineffective (1)

mazesoft (223178) | more than 9 years ago | (#12430721)

Again, you are not seeing the target. The target for the package is the lead programmer, Q/A and/or Legal to run and verify that none of their programmers did just that.

Re:DLL encryption will render this ineffective (2, Insightful)

cortana (588495) | more than 9 years ago | (#12430739)

Maybe you farmed it out to Elbonia, and got back thinly-veiled rip of some Free Software code.

Re:DLL encryption will render this ineffective (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12430685)

But how do we get rid of all of the dirty, smelly Mexicans?

Re:DLL encryption will render this ineffective (-1)

Anonymous Coward | more than 9 years ago | (#12430829)

no pues ahi creo que te chingaste bato

Re:DLL encryption will render this ineffective (0)

Anonymous Coward | more than 9 years ago | (#12430732)

OSS thieves

There I was thinking it was only theft if you deprive someone of property.

Why not call them "source pirates" and make your transition to the dark side complete, Mr RIAA :)

Re:DLL encryption will render this ineffective (1)

makomk (752139) | more than 9 years ago | (#12430770)

There I was thinking it was only theft if you deprive someone of property.

Slashbot^H^H^Hdot usageseems to be that you can only call IP crimes "theft" if they involve claiming material someone else has created as your own, not if you're just copying stuff without permission. No idea why; it's just one of those things...

Re:DLL encryption will render this ineffective (3, Insightful)

Vo0k (760020) | more than 9 years ago | (#12430738)

Except decrypting the code before running it takes significant portion of CPU time, effectively making the "open source alternatives" much faster. Hiding, obscuring, obfuscating, all that creates a lot of overhead...

And of course it can be done by examining the memory dump instead of executable file. It must be decrypted to run.

Hmm (0)

Anonymous Coward | more than 9 years ago | (#12430625)

Maybe someone should run it on its own codebase...

No Gurantee Against reimplentation (1, Insightful)

neomage86 (690331) | more than 9 years ago | (#12430634)

Usually the key to things is not the actual implementation used, but the algorithm behind it. This tool can't possibly ensure that some binary wasn't made by someone who looked at the open source version, and just reimplemented the same ideas. There are so many different ways of doing the same thing that this would be trivial. All this does is mean that someone who wants to use GPL code in their closed project must change a few stylistic things around. Open Source software, OTOH, is open to a much higher level of scrutiny, since anyone can see exactly what is going on underneath the hood. It will still be fun to run it against old software though ;-)

Re:No Gurantee Against reimplentation (4, Informative)

Speare (84249) | more than 9 years ago | (#12430673)

This tool can't possibly ensure that some binary wasn't made by someone who looked at the open source version, and just reimplemented the same ideas.

Um, last time I checked, this is a quite reasonable approach. You can paraphrase your book report in school, you can paraphrase your predecessor's speech, you can take photographs from famous vistas, and you can rewrite your own closed code inspired from Open Source algorithms.

Source code is protected by copyright-- that is, literal or near-literal copies containing the essence of expression. Open Source code doesn't require that reverse engineering must be done in a clinical clean-room black-box methodology. That's kinda the POINT of Open Source: show people how it's done.

Re:No Gurantee Against reimplentation (2, Insightful)

kagemaru (881295) | more than 9 years ago | (#12430683)

Usually the key to things is not the actual implementation used, but the algorithm behind it.

That's fine. Algorithms cannot/should not be copyrighted or patented.

Re:No Gurantee Against reimplentation (2)

Jim_Callahan (831353) | more than 9 years ago | (#12430690)

Heh. Soon someone will write a 'Gpl encrypter' that does this automatically. Whee, a new version of encryption wars!

Re:No Gurantee Against reimplentation (2, Insightful)

Erwos (553607) | more than 9 years ago | (#12430694)

"This tool can't possibly ensure that some binary wasn't made by someone who looked at the open source version, and just reimplemented the same ideas."

I wouldn't be so sure about that. Reputable colleges and universities do exactly that sort of check in CS courses - there are any number of tools designed to check for cheating, and they are not fooled by anything so trivial as changing variable names or swapping a couple statements. They are pretty good at catching cheaters, too.

You are correct in that it can't check "some [random] binary", but this tool was made to run against source.

I'm trying to remember where I'm not allowed to reimplement other people's ideas to begin with, though.

-Erwos

Re:No Gurantee Against reimplentation (5, Insightful)

Anonymous Coward | more than 9 years ago | (#12430711)

> This tool can't possibly ensure that some binary wasn't made by someone who looked at the open source version, and just reimplemented the same ideas.

What the fuck are you talking about ?

GPL is a based on copyright. You can't copy/paste the code.

Re-implementing the algos is fine, and have always been.

It is 100% FUD to pretend that code become tainted because you looked a GPL source. Don't spread this. Microsoft would LOVE people to beleive that. It would end up like this in interviews:

- Did you contributed to an open-source project ?
- Well, I once fixed a bug in mozilla
- Sorry, our lawyers said we can't hire you
- Why ?
- You would contamine our IP

Repeat after me. GPL is COPYRIGHT. There is no IP involved. There have NEVER been.

Re:No Gurantee Against reimplentation (0)

Tim C (15259) | more than 9 years ago | (#12430845)

It is 100% FUD to pretend that code become tainted because you looked a GPL source.

You know, every time MS's Share Soruce initiative is mentioned here, someone (usually a number of people) pipe up saying that anyone who looks at the source is a fool, as they can never again work on a related FOSS project; seeing MS's source will have tainted them.

Which is it slashdot? If that's true for MS's source, it's true for any source.

Re:No Gurantee Against reimplentation (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12430750)

Usually the key to things is not the actual implementation used, but the algorithm behind it. This tool can't possibly ensure that some binary wasn't made by someone who looked at the open source version, and just reimplemented the same ideas

I don't understand how this differs from the BitKeeper situation. Reverse engineering is OK. And it sure is a hell of a lot easier if you get source code.

In fact, if reverse engineering from GPL code was not allowed within the GPL, the GPL could be used by unscrupulous people to protect their algorithms against reverse engineering and reimplementation. Just publish the source code, and no one can ever again claim they had a "clean room" reimplementation.

Re:No Gurantee Against reimplentation (1)

strider44 (650833) | more than 9 years ago | (#12430772)

firstly, reimplementing the same ideas or even the same algorithm is fine, as long as you don't copy-paste the code.

secondly, it's pretty damned easy to detect (using computerised algorithms) that someone has changed variable names, stylistic differences etc. That is very very easily done.

Re:No Gurantee Against reimplentation (1)

strider44 (650833) | more than 9 years ago | (#12430812)

as elaboration:

The first thing to do when comparing two source files is throw out all variable names and stylistic choices and convert them to a specific format and style. This means it doesn't matter if you change "speed" to "velocity" it's still trivial to catch automatically. It also doesn't matter if you go:

int main()
{
char * message = "hello world";
printf("%s", message);
}

or

int main() { char * message = "hello world"; printf("%s", message); }

it means exactly the same thing to the computer.

Re:No Gurantee Against reimplentation (4, Insightful)

MartinG (52587) | more than 9 years ago | (#12430783)

This tool can't possibly ensure that some binary wasn't made by someone who looked at the open source version, and just reimplemented the same ideas.

Good. So long as all they are doing is gathering ideas there is nothing wrong with that. Its like me reading harry potter and then writing a book about wizards. Of course I should be allowed to.

Next you'll be telling us that someone could just look at an application working and then write their own implementation incorporating some of the same ideas. Should they be stopped from that as well? Oh wait, they can be. That's what software patents are often used for.

Re:No Gurantee Against reimplentation (1, Interesting)

Chris Kamel (813292) | more than 9 years ago | (#12430810)

decided to read the "hidden" replies first before replying myself and found it's all been said already.
But why is the dumb comment being replied to at +5 while the truly insightful AND correct replies are at +3 max

I wonder... (4, Interesting)

0x461FAB0BD7D2 (812236) | more than 9 years ago | (#12430654)

Could this tool be used in reverse?

For example, one could write a bug-filled line of code, perhaps something with a buffer-overflow. This could then be matched with open-source projects and projects with buffer overflows are found. Of course, this could also be used to find vulnerabilities and so on.

Re:I wonder... (4, Insightful)

FidelCatsro (861135) | more than 9 years ago | (#12430831)

Glad to know im not the only one worrying about this.The tool has an anual use fee in the tens of thousands , now the only people using this are not going to be companys who worry that GPL code may slip in(most will have a fairly good clue if it has and not want it publicised) its going to be people who want to try and make some money with patent litegation.

Re:I wonder... (1)

m50d (797211) | more than 9 years ago | (#12430850)

No, because it only detects the exact same code - as someone else pointed out above, simply rewriting the OSS code would be enough to defeat it. Very few buffer overflows are written identically. One place you could use it to look for vulnerabilities, though, would be looking for older (vulnerable) versions of libraries in staticly compiled programs

Isn't that (1, Funny)

Anonymous Coward | more than 9 years ago | (#12430659)

what MS anti-spyware suite does, when I first installed it it labeled vnc and something else (can't remember now.. ) as spyware.. open source infection indeed..

If Microsoft just had taken all it's code from BSD (0, Flamebait)

ooze (307871) | more than 9 years ago | (#12430660)

Having inherited, and now to clean up and later to maintain a fairly big chunk (unbelievably huge, cumbersome and bloated actually, when considering what it should do) of Microsoft code at my job, I don't wonder anymore about anything concerning Microsoft products, except them reliably working. Found no OpenSource code in there though. Only loads of Microsoft technology where it isn't needed, and retarded code constructs where there is actually an appropriate standard way in the MS environment.

In private I'm all MS less for months already (after another Windows breakdown I decided it was time to part). Still have to deal at work with it though.

Ok, so here we have the standard /. MS rant.

Ouch. (1, Insightful)

91degrees (207121) | more than 9 years ago | (#12430668)

Talk about paranoid.

Okay, I can appreciate the need to protect your intellectual property, but what sort of a control freak will go through megabytes of files to work out if some guy may have used a few lines of your code?

I thought the RIAA was overly protective of their rights, but it seems the open source commuity feels exactly the same way.

Re:Ouch. (1)

NetNifty (796376) | more than 9 years ago | (#12430766)

This isn't for Open Source devs to use to check for thier own code, it's for managers of closed source software projects to check for code that programmers may have plaigerised from open source projects.

Re:Ouch. (0)

91degrees (207121) | more than 9 years ago | (#12430849)

Good point. I must relax and read article before posting flamebait. Especially a damp squib like this one.

Re:Ouch. (0)

Anonymous Coward | more than 9 years ago | (#12430792)

Yes. Look at the leader comment at +5: people who break the terms of the GPL license are "OSS thieves".

The BSD license argument (5, Interesting)

marcovje (205102) | more than 9 years ago | (#12430672)


>Of course, some open source code is perfectly >welcome in commercial software, even if that >software's code is not itself open; it's no secret >or surprise that Microsoft, for instance, has taken >advantage in some products of BSD-licensed code.

This example (socket code) often pops up, and is often used in GPL advocacy.

Note however that the TCP/IP work was done under a DARPA grant, paid for by the US government, so it is not only legal, but even moral right for Microsoft to use this code.

Re:The BSD license argument (0)

Anonymous Coward | more than 9 years ago | (#12430720)

Note however that the TCP/IP work was done under a DARPA grant, paid for by the US government, so it is not only legal, but even moral right for Microsoft to use this code.

.. Because Microsoft owns US government?

Re:The BSD license argument (0)

Anonymous Coward | more than 9 years ago | (#12430785)

.. Because Microsoft owns US government?

Only the DoD. Which is all that matters. Right?

Re:The BSD license argument (1)

Tim C (15259) | more than 9 years ago | (#12430822)

Because work performed for and by the government of any country should be to the benefit of all its citizens and businesses, that's why.

Love them of loathe them, MS generates a huge amount of money. That can only be good for the economy, and so for the country as a whole.

Re:The BSD license argument (2)

mshiltonj (220311) | more than 9 years ago | (#12430779)

Note however that the TCP/IP work was done under a DARPA grant, paid for by the US government, so it is not only legal, but even moral right for Microsoft to use this code.

Granted. However, if they do so, their horse isn't so high when they harp on and on about having strict intellectual property controlls. *They* benefit from the work of others, how can they call it a cancer?

Re:The BSD license argument (1)

Gopal.V (532678) | more than 9 years ago | (#12430802)

Note however that the TCP/IP work was done under a DARPA grant, paid for by the US government, so it is not only legal, but even moral right for Microsoft to use this code.

Microsoft does not have the moral right to use it because it prevents the exact same thing from happening again. It seems to concentrate on shoveling money from governments (US included) into it's bank even after reaping the benefits of public funded open software.

The obvious double standards is what we look down upon.

Re:The BSD license argument (1)

m50d (797211) | more than 9 years ago | (#12430837)

Some would argue that since it's immoral for them to be writing closed source operating systems, it is more moral to try and stop them doing this.

Re:The BSD license argument (2, Insightful)

Spoing (152917) | more than 9 years ago | (#12430842)

No one licence -- BSD, GPL, other oss, or any of the closed source licences -- are always ideal. Anyone who thinks there is one true licence isn't very smart. Advocate what is appropriate.

high costs? (3, Interesting)

moz25 (262020) | more than 9 years ago | (#12430691)

Palamida charges $50,000 to $250,000 for an annual subscription to IP Amplifier. Cost depends upon the size of the customer's development environment.

That seems rather steep. Are they doing something really complicated or is this something that a well-maintained (open-source?) project could do? Of course they are storing a major amount of information (i.e. all of sourceforge/freshmeat).
This might in fact be a feature that sourceforge might want to implement (for a fee): doing a search in their database.

On the other hand, it might make more sense to check against proprietary source, data and images. They are, by their nature, harder to find.

Also: when outsourcing parts of a project, wouldn't a contract have to state explicitly conditions such as not stealing/borrowing code from elsewhere? It would be a minimum requirement that the licensing of any (sub-)code would have to fit the overall product.

This sounds like a nice idea, BUT... (1, Interesting)

PenguinBoyDave (806137) | more than 9 years ago | (#12430698)

There are too many things that this won't do, as already pointed out in the thread. The problem I see here is how someone, somewhere will use this tool once or twice, find something and that looks like infringing code and "AH HA! THERE is the REAL offender" taking something out of context or not understanding in full the hows or whys of how the code got there in the fist place, and run screaming to whoever will listen. There are a lot of issues surrounding Open Source code and mixing it with proprietary code. While this may help, I only fear this will create more problems.

Be careful of FUD (4, Insightful)

Anonymous Coward | more than 9 years ago | (#12430699)

The whole advantage of open source is you are not tied to the whims of the original developer.

This seems to be a resurrection of an old attack strategy, pretend that open source is such an burdensome onerouse license that you have to hunt open source code down like a virus.

Its not something to be encouraged!

sigh (3, Insightful)

Turn-X Alphonse (789240) | more than 9 years ago | (#12430700)

The whole concept of code seems to scream "Some will be the same". Very basic things will look very similar between several things and with the current "justice" system and ignorance of most people this is going to screw OSS.

I just think it's pathetic that we live in an era where people trying to do something nice gets stabbed in the back for it..

Lets do it the other way: the "de-OSS'ifier"... (1, Interesting)

torpor (458) | more than 9 years ago | (#12430708)

Just today on the way to work I was wondering what it would take to write a C pre-processor which takes as input a set of .c and .h files, and spits out a re-formatted, 'changed' version of the same sort of code .. effectively 're-writing' the OSS into something still functional, but unrecognizable from the original.

This would be an interesting challenge, and not entirely above the capabilities of most compiler writers. With such a tool, the motivation for releasing OSS software would be decreased; OSS writers would be de-moralized, since their original code isn't being used, only the outline/framework ..

I'm a big fan of OSS, really. Have been for years. But I think tools such as these loom on the horizon .. and if I had the spare time (I don't), I'd make one myself, and .. of course .. release it under the GPL.

(Just coz.)

Re:Lets do it the other way: the "de-OSS'ifier"... (1)

Raphael (18701) | more than 9 years ago | (#12430748)

Try a Google search for something like "C" and "obfuscator".

Re:Lets do it the other way: the "de-OSS'ifier"... (1)

republican gourd (879711) | more than 9 years ago | (#12430823)

All the filter would have to do is add comments and write documentation. Instantly unrecognizable code.

Email from the net nazis (0, Funny)

Anonymous Coward | more than 9 years ago | (#12430718)

We have scanned your computer and found the following files that are in violation off corporate IP protection policy for development: /usr/include/signal.h /usr/include/socket.h /usr/include/stdio.h /opt/java/src.zip

Please remove them.

Re:Email from the net nazis (1)

Vo0k (760020) | more than 9 years ago | (#12430760)

Yeah, like these guys who got a lawsuit threat from Microsoft because they were hosting OpenOffice on their servers. (it has Office in name, must be pirated version of MS Office!)

something about this dosn't make me as happy as .. (3, Informative)

FidelCatsro (861135) | more than 9 years ago | (#12430724)

The company has some other bussiness such as , outsourcing
For companies engaging outsourced developers, Palamida:

* Reduces your exposure to inadventant IP risksTake hold of software outsourcing by quickly assessing the origins of software IP sourced from contractors.
* Helps the origins and ownership of third-party code.
* Gets the most of out open source and externally developed tools.
* Increases efficiency, consistency and understanding.
Now its wonderfull theat they help people get the most out of OSS software but i dont like the fact they are making outsourcing easier .This is not so much a problem where i live but in the USA as i understand it many people are loosing their jobs in the tech industry thanks to companys trying to save a fair bit by outsourcing to cheaper areas .
The Outsourcer: A Best-in-Class Tool for Best-in-Class Processes

Outsourcers are playing an increasingly crucial role in global software development. Large, medium and small companies are looking to tap developers in the hopes of advancing their own software IP and business opportunities.

<ecode>

Again , I wouldnt want to do bussiness with a company that promotes this behavious , i am all for globalistation , but not for screwing people over as the companys seek to hype profits by exploiting cheap labout , Now safely aparently.. Perhaps i missunderstand the term outsourcing in this sense , though to me it always say "Contracters so we dont have honour the workers rights, localy or globaly".

<ecode>For M&A teams, Palamida helps:

* Identify and quantify IP issues early in the deal.
* Improve certainty before closure, increasing your closure rate.
* Reduce your legal exposure.
* Immediately value software innovation and intellectual property.
* Tap into the most up-to-date software IP database available.
* Secure the best possible valuation.
<b>* Speed your assessment of open source and third-party code.</b>
Again my second problem is there strong patent support here .It just makes me as someone who uses and contributes to OSS uneasy.(just my opinion and how i feel , not a statment of fact )
IP Diligence, Compliance Enforced
On to the legal section ,Their bussines model is basicaly that of enforcing IP rights , sure that may help us find companys abusing GPL code , but it also swings both ways and can open up a whole host of patent cases against GPL software.
For counsel, Palamida:

* Improves the timeliness and quality of legal diligence
* Automates compliance processes.
* Provides real time information on your code base.
* Adapts to your business processes and workflow.
Fair enough this can be usefull in this day and age , allowing you to pay them to make sure your not infringing on any patents , But this just dosn't work on 90% of the OSS projects out there , i am betting it costs a fair whack.Most people using this on OSS are IMHO going to be looking to enforce a patent case ala SCO.The potential minefield here is not fun.
or the open source community, Palamida:

* Supports and evangelizes on the use of open source software.
* Boosts productivity by spending time developing and not worrying.
* Pushes forward in unison with legal and business staff.
* Materially reduces open source compliance concerns.
* Creates new business by proving the merits of open source technology
Now that is alot better ,I can strongly respect what they are doing here .Still i dont like that they keep harping on about IP compliance..

I am probably just being paranoid and they seem to be strongly for OSS which , its just the over-stating of the VALUE of IP.Me well i totaly disbelive in IP in software and protest about it.

Also they seem to have this program that can check for oss used in propritery code , and they check a DB with references to alot of OSS , but i couldnt find the source code on the site for the DB?.

Perhaps i have missunderstood their policys and maybe im just being paranoid .
I look forward to reading any counter arguments as i am sure in my brief look over their site i may have missed something important

hehe (-1, Redundant)

Masq666 (861213) | more than 9 years ago | (#12430737)

Yeah maybe someone should try to run it on MS or SCO software. And if you really want to see if it works then CherryOS is then thing to run it on. But i assume you need to run it one the applications source code, if so it's hard to frame someone for using Open Source code. You'll probably have to file a law suit first, and use this tool to build some evidence.

Call for action (0, Flamebait)

shai_m (727380) | more than 9 years ago | (#12430745)

To whomever has access to the Windows source (via their "shared source" channel or any other _legitimate_ way): please check their source.

Will probably find many blatant violators. (4, Interesting)

putko (753330) | more than 9 years ago | (#12430777)

I worked at a ruthless company. Part of the culture was to get results as fast as possible and completely ignore things like licenses, rules and laws, if it helped to make money.

We certainly would have violated the GPL in a second, given that one couldn't really prove damage to the other party (aging idealist hippies with beards who were naive enough to give away software with a silly "license").

The ripoff of commercial software was driving me nuts though -- it seemed quite wrong, esp. given that we were raking in the dough and were not paying just because we could easily avoid it through technical measures.

However, part of the "culture" was that we were so busy that we were sloppy about the misdeeds. We wouldn't have had time to cover our tracks.

Such tools would have caught us, so I'm guessing such tools will lead to finding many similar violators.

Compare with "grep" (0, Funny)

Anonymous Coward | more than 9 years ago | (#12430791)

I wonder what would come up if they compared their own source code with GNU grep?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>