Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ReactOS Code Audit

ScuttleMonkey posted more than 8 years ago | from the defining-reverse-engineer dept.

217

reub2000 writes to tell us that in response to talk of "tainted" code within ReactOS Steven Edwards, ReactOS and Wine developer, has called for a complete audit of the entire source tree in addition to procedure and policy changes. From the article: "One final note, this audit of the code is going to take a long time. It could take years, but it will happen, this project will come out better than it was before. I don't believe anything anyone has done while working on this project was really wrong. Every decision has three possibilities, being moral, ethical and or legal. Sometimes the law in itself is unethical and immoral. If people made mistakes and there was a violation of the law, I question the justice of the law and or anyone that would try to prosecute any of the developers who just want the freedom to learn and create a more free system."

cancel ×

217 comments

Sorry! There are no comments related to the filter you selected.

Out of context (1, Offtopic)

Bizzeh (851225) | more than 8 years ago | (#14620262)

there is NO microsoft code in reactos... read the article on their site first

No source code was copied (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14620270)

To anyone going to say "ReactOS took source code from MS", please RTFA first! They didn't.

Source code was copied (0, Troll)

McGiraf (196030) | more than 8 years ago | (#14620355)

ReactOS took source code from MS ... ;)

Re:Source code was copied (1)

Pantero Blanco (792776) | more than 8 years ago | (#14620413)

More like "convoluted laws on reverse engineering are interfering with the project".

I'm sure other people have copies of the source code, though, so development may continue to some extent during the audit.

Re:Source code was copied (0)

Anonymous Coward | more than 8 years ago | (#14620472)

Did you miss the joke, reply seriously knowing it was a joke, or just miss the original post since it's been modded into oblivion?

Re:Source code was copied (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14620780)

ReactOS took source code from MS ... ;)

Bullshit. Read the article and try to understand it (use a dictionary for those long words).

Re:Source code was copied (0, Offtopic)

McGiraf (196030) | more than 8 years ago | (#14620886)

Is ;) a word that is too long for you? Read the parent of my post, it is a joke.

And if you want to insult people don't do it anonymously, coward.

Re:Source code was copied (0)

Anonymous Coward | more than 8 years ago | (#14621152)

Because he was posting as Anonymous Coward, he probably had his threshold set too high to see the original post, which has been moderated down to -1 for some reason, and kneejerked.

Yeah... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14620311)

but does it run linux?

Re:Yeah... (2, Funny)

andersbergh (884714) | more than 8 years ago | (#14620323)

I think you can run Linux in QEMU under ReactOS, if that counts.

Re:Yeah... (1)

fak3r (917687) | more than 8 years ago | (#14620375)

Yep, this is what I did, run a ReactOS dev version under a bundled QEMU downloaded from their site; and it functions allot like a VMware session running Windows (without the annoying icons ;)). I haven't had time to try to install Office or IE, but that would be a coup since some websites still rely on IE. Since we only run Linux/OS X/Freebsd at home, having IE ability without an MS OS would rock.

Re:Yeah... (1)

andersbergh (884714) | more than 8 years ago | (#14620509)

I'm running IE6 in Wine at the moment, you should try it aswell if you already haven't.

defensive (3, Interesting)

milamber3 (173273) | more than 8 years ago | (#14620321)

I'm all for giving the benefit of a doubt but he's stating that they are going to audit and it sounds like he's already working up a defense for what may be found. Sounds fishy at best.

Re:defensive (5, Interesting)

PFI_Optix (936301) | more than 8 years ago | (#14620428)

Sounds to me like they're concerned that there *might* be MS code in there, and are simply being transparent about the process of weeding it out. That way, if MS knocks on the door one day with a lawsuit for copyright infringement, they have public documentation that they initiated a voluntary audit of their code long before MS showed up.

I'm not a developer, so I'm curious...is it precedented at all for them to involve MS in this audit? Would it make sense for MS to look at the source code and advise them of any transgressions so they can fix it quickly? IIRC, ReactOS is/was open-source, so it's not like Microsoft couldn't have already downloaded the code independently to look for problems. By inviting them into the audit you at least have your ass somewhat covered, especially if they decline and then turn around and sue later.

No way would MSFT participate (5, Informative)

Mr 44 (180750) | more than 8 years ago | (#14620525)

Anyone at microsoft who looked at their source code would be considered "tainted" and could never work on any microsoft operating system. (otherwise microsoft could be accused of copying their source). Something similar happened with their Java engine and developers who had seen the licensed Sun code.

Re:No way would MSFT participate (4, Funny)

Reverend528 (585549) | more than 8 years ago | (#14620722)

Good thing microsoft is a small company and couldn't possibly afford to hire some sort of third-party consultant to read the reactos source code and compare it to the windows source code.

Defensive? Yes. Guilty? I doubt it. (1)

Spy der Mann (805235) | more than 8 years ago | (#14620613)

I'm sure that some MS troll would be delighted to say there is MS code in ReactOS. So, what would the devs do? Just ignore the problem and face a lawsuit later? Or address the issue ASAP?

Summary is misleading (4, Informative)

MustardMan (52102) | more than 8 years ago | (#14620334)

The summary seems to be implying that leaked windows source is the issue which brought on the audit, when in fact it's a technicality about the law regarding reverse engineering. In a nutshell, in the US you gotta have one person reverse engineer and write documentation, and another write the code. In other countries the same person can do both jobs. The summary makes it sound a lot worse than this.

What happens when you have a split personality? (3, Funny)

jd (1658) | more than 8 years ago | (#14620533)

Or those with Zaphod Beeblebrox' problem [nationalgeographic.com] ? Are they one or two engineers, under US law?

Re:Summary is misleading (1)

Elektroschock (659467) | more than 8 years ago | (#14620731)

The question is whether it would be easier to fix broken law than to reaudit the code. Reactos has to be present on both fronts.

Re:Summary is misleading (1)

Schraegstrichpunkt (931443) | more than 8 years ago | (#14621233)

In a nutshell, in the US you gotta have one person reverse engineer and write documentation, and another write the code.

My understanding is that you don't actually have to do that, but that it's a heck of a lot easier to successfully argue in court that there was no copying if the person who wrote the code *couldn't* have copied it.

For those of us who are unaware... (4, Interesting)

Shimdaddy (898354) | more than 8 years ago | (#14620335)

Just what happened with ReactOS, and why is some of their code "tainted"?

Re:For those of us who are unaware... (5, Informative)

scsirob (246572) | more than 8 years ago | (#14620583)

ReactOS is an attempt to build a full Windows clone including kernel and everything. Not just the Win32 API but a full-fledged OS that does not require an underlying OS like Wine on Linux.

It looked very promising to the point where several Windows applications and I was about to start playing with it. Then someone in the core developers group found some suspicious additions of code fragments that did not make sense at all at first but started to work later. These code fragments compile into machine code that is identical to fragments of leaked Windows source code. The developer smelled a rat, jumped the project and now the main guy is calling a halt.

Re:For those of us who are unaware... (4, Informative)

SirTalon42 (751509) | more than 8 years ago | (#14621308)

"These code fragments compile into machine code that is identical to fragments of leaked Windows source code."

This isn't about the leaked Windows source code, its about possible invalid reverse engineering (i.e. decompiled windows code)

TFA (0)

Anonymous Coward | more than 8 years ago | (#14621816)

Strange, TFA mentions nothing about code decompilation. It seems only to mention the Windows 2k source leaks (from several years ago):
Because of this we are not banning any developer who might have had access to
leaked sources from contributing to ReactOS, however they are being
limited as to what area they can contribute. Copyright law still
applies to all leaked Windows sources and no one in ReactOS may copy
code from a Windows source leak and try to apply it to code in the
ReactOS tree.

We know of four developers who have had access to leaked sources prior
to working on ReactOS and while they no longer have copies of the
source code in question, each of the developers have told us in
private which sections of the sources they were exposed to.
Are we really at the stage where critical system software can be decompiled? If so, shouldn't we be swimming in pirated Vista source code by now?

mnemonic_

Article (5, Informative)

Anonymous Coward | more than 8 years ago | (#14620595)

Re:Article (2, Funny)

uucp2 (731567) | more than 8 years ago | (#14620751)

Hey! Don't try to trick him to RTFA!

ReactOS is recommended (2, Interesting)

fak3r (917687) | more than 8 years ago | (#14620342)

I installed ReactOS from a dev build just before all of this hit and I was amazed. It's a great piece of software, and would offer some the ability to keep running Windows apps even if they didn't want to fall for the upgrade cycle that MS perpetuates. I want to try to install the new IE 7 Beta 2 and see if the new DoS attack against it works [fak3r.com] ! Hehe

Re:ReactOS is recommended (1)

andersbergh (884714) | more than 8 years ago | (#14620356)

I doubt IE7 will run in ReactOS, but feel free to try.

Re:ReactOS is recommended (1)

EvilMonkeySlayer (826044) | more than 8 years ago | (#14621407)

Yep, ReactOS is aiming for NT 4 (I assume SP6, since they did change the driver architecture from what.. SP3? I think it was specifically to do with video drivers and moving it into kernel space or something..) compatibility.

I believe ReactOS are hoping for the ability to use NT 4 drivers as well, which is a good idea.. but considering that a lot of newer hardware manufacturers are no longer making NT4 drivers might be problematic.

In order to get IE 7 installed, first you'd need to get around the genuine advantage check.. then you'd need to (probably) report the OS as NT 5.1 with SP2 installed to the program. Plus, they'd also need to implement a lot of the NT 5.1 SP2 changes to ReactOS/WINE codebase.

Note: I haven't read much from the ReactOS site recently, so I may be wrong partly.

Hahaha (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14620365)

Teh lunix loosers are going to get in BIG trouble with this one! So SCO couldn't put you loosers down, yuo can be assumed that Microsoft WILL! What an idiotic idea in the firs place. Take Linux + WINE and make it into an OS. Stupid stupid stupid. What idiot came up with that idea? I can't wait to see you penguinistas getting fucked in the ass with 20" cattle prods. Fucking loosers. Lames.

From the Article (-1, Troll)

Orrin Bloquy (898571) | more than 8 years ago | (#14620435)

"...we have audited our code and found it unable to satisfactorily reproduce these APIs [secunia.com] to our developers' disappointment. Further testing will be necessary to bring our product in line with user expectations."

TACO (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14620462)

troubl3. It [goat.cx]

Ethical vs. Moral? (1)

ThePyro (645161) | more than 8 years ago | (#14620477)

Erm... can someone give me an example of a decision that would be moral but not ethical, or vice versa? The distinction between the two seems a little blurry to me.

Re:Ethical vs. Moral? (1)

PFI_Optix (936301) | more than 8 years ago | (#14620515)

Moral: Of or concerned with the judgment of the goodness or badness of human action and character

Ethical: Being in accordance with the accepted principles of right and wrong that govern the conduct of a profession.

Basically, one can be ethical without being moral. For more information, see: Lawyers.

I can't think of a way to be ethical without being moral, though. In any case, the easiest way I can put it is that morals are subjective to a person, ethics are subjective to a group of persons.

Re:Ethical vs. Moral? (1)

TekPolitik (147802) | more than 8 years ago | (#14620737)

the easiest way I can put it is that morals are subjective to a person, ethics are subjective to a group of persons

Not quite. Morals are standards of conduct that do not require objective justification - they may, for instance, claim to be handed down by a deity. Ethics are standards of conduct that are based on objective justifications (although it is not necessary that the objective justification be incapable of being disputed).

That is not to say that particular standards of conduct in a system of morals are incapable of objective justification - merely that objective justification is seen as unnecessary for "moral" standards. The standard "just is".

It is entirely possible for it to be impossible to comply with both a moral standard and an ethical one at the same time.

Re:Ethical vs. Moral? (1)

Not_Wiggins (686627) | more than 8 years ago | (#14621561)

I can't think of a way to be ethical without being moral, though. In any case, the easiest way I can put it is that morals are subjective to a person, ethics are subjective to a group of persons.

You meant to say "being moral without being ethical."

IANAL, but an example would be if a lawyer breaks client-attorney privilege by reporting a confession the client had made in private to the police or state's attorney. While this information might not be admissible in court and the lawyer would potentially face losing his license, it would be a demonstration of motivation based on moral (and not ethical) reasons.

Re:Ethical vs. Moral? (1)

Anonymous Coward | more than 8 years ago | (#14620545)

The literal difference is that ethics are community based guidelines (i.e. agreed upon by society or community, though not necessarily law) while morals are individual guidelines (i.e. what you would do personally).

Example:

Killing a doctor performing abortions may be moral in your mind since under your morality he's forfeited his life by murdering fetii, but it's unethical since the community you're in looks down on it.

Re:Ethical vs. Moral? (0)

Anonymous Coward | more than 8 years ago | (#14621052)

fetus. es.
fetuses.
Not fetii.

There is only ONE word in common usage that pluralizes with 'ii' at the end: Radius - Radii.

Cactii - not a word.
Virii - not a word.
Fetii - not a word.

Cacti, at least, is a word. -us becomes -i. Just like in radius as radi-us becomes radi-i. A Cactius might be pluralized as Cactii. However there is no such thing as a Cactius, only a Cactus.

Re:Ethical vs. Moral? (5, Insightful)

Per Wigren (5315) | more than 8 years ago | (#14620643)

Moral but not ethical: "You may not work on this project if you like anal sex."

(yes, this is a joke but unfortunatly most people seem to mix up "moral" with "christian/puritanian fucked up double standard bigot moral". The best thing with moral is that you can have your own. There is no Real Moral(tm).)

Re:Ethical vs. Moral? (2, Insightful)

Maxo-Texas (864189) | more than 8 years ago | (#14620863)

If you lie to protect innocents from harm, you are probably being moral but unethical.

If you tell the truth (because you always tell the truth) and a bunch of innocent people are killed or tortured, then you are probably being ethical but immoral.

Defense Lawyers seem like a pretty good example. They ethically must defend people they may believe are guilty. If they defend poorly on purpose, they are being unethical. I believe (IANAL) that the prosecution must reveal all evidence to the defense but the defense is not required to reveal evidence that would prove guilt if they discover it. I think it would be unethical for them to reveal proof of guilt (and they might be disbarred for doing so) and I also believe it would be immoral for them to do just that.

Since the area of ethics is sometimes called moral philosophy they are pretty entwined.

Morals are often tied with sex. If you have 5 partners who all know about each other, you may be viewed as ethical but immoral.

Both morality and ethics are intimately tied to culture. Some acts which are immoral in one culture are moral in others.

Re:Ethical vs. Moral? (1)

oscartheduck (866357) | more than 8 years ago | (#14621000)

A police officer stealing medicine he cannot afford to give to his dying wife and save her life would be morally correct but would be behaving non-ethically.

Re:Ethical vs. Moral? (1)

Lord Kano (13027) | more than 8 years ago | (#14621076)

Morality varies from individual to individual, ethics are codified.

For example, when the PS2 launched people were selling "Playstation 2 box"es on Ebay and they knew that some buyers would assume that the PS2 actually came in the box. So a few peope paid $500+ dollars for empty playstation 2 boxes. They listed them accurately so according to Ebay's rules what they did was ethical, but I still say it was amoral.

LK

Re:Ethical vs. Moral? (0)

Anonymous Coward | more than 8 years ago | (#14621588)

Fun, though.

A field of study vs a measurement by a standard (2, Insightful)

Capitalist1 (127579) | more than 8 years ago | (#14621212)

Ethics is a field of study in philosophy. "Ethical" describes something that is related to a particular philosophy of ethics. Asking "is this ethical" is only asking whether or not there is some defined standard or view of ethics by which the idea or action might be judged.

Morality is a specific instance of an ethics. Something is moral if it is acceptable in or follows from the view of ethics in question, and immoral if it is unacceptable or violates that code in some way.

In short, "ethical" says that something pertains to *some* specific philosophical stance. "Moral" is a judgement based on a particular ethical stance.

Re:Ethical vs. Moral? (2)

Zardus (464755) | more than 8 years ago | (#14621511)

Decisions in programming can be Ethical, Moral, or Legal. Choose any two.

Re:Ethical vs. Moral? (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14621854)

a Doctor can legally and ethically perform an abortion, but not morally if he's a catholic.

my take (2, Funny)

loserhead (941655) | more than 8 years ago | (#14620523)

from my perspective, this can only be good for reactOS. if they use the US method for reverse-engineering, they can still understand the concepts and apply them in original code.

step 1. audit code
step 2. redo any code that is in dispute
step 3. package and sell your product
step 4. PROFIT!!

Re:my take (1)

akhomerun (893103) | more than 8 years ago | (#14620676)

how exactly can you profit on open source again?

Re:my take (1)

Reducer2001 (197985) | more than 8 years ago | (#14620748)

By selling support! See IBM, Novell, Red Hat, etc.

taint (0)

Anonymous Coward | more than 8 years ago | (#14620531)

Come on people, 20 posts and no taint jokes?? I'm disappointed.

Re:taint (3, Interesting)

AnXa (936517) | more than 8 years ago | (#14620603)

This is not subject to make fun of. ReactOS is one of the best "free software" collections that you can have from internet which also run windows programs just like that.

Re:taint (0)

Anonymous Coward | more than 8 years ago | (#14621149)

The guy wrote this on his website.

"It is our point of view that the source code leaks of Windows
have been spread to a broad enough audience that it would be
impossible to claim the product is still under Trade Secrecy"

How can these bit bangers form legal "points of view" over someting so serious? Did they grow law degrees in their sleep or something? This game is for keeps and unless these geniuses took out insurance to cover their operations before this happened, these guys are LIKELY going to have to shutdown their involvement with ReactOS and Wine and agree not to ever own or access a Windows computer (or any other Microsoft product). That's ontop of turning over everything they own of value and giving a % of their income for the rest of their natural life (or until they win the lottery). It's bad enough they are pissing-off Microsoft by trying to build an open-source clone of Windows, but to declare their stolen code to no longer be a Trade Secret ontop of it, oh man.. Stick a fork in them, they are done.

Re:taint (0)

Eli Gottlieb (917758) | more than 8 years ago | (#14621259)

I don't mean to troll, but exactly why is copying a mediocre operating system like Windoze "one of the best free software collections that you can have from [the] internet"?

Perhaps this is my bias towards 100% original operating systems kicking in. That, and the fact that I've been running my machine on nothing but Linux for the past several years and never saw any need to emulate Windoze.

Re:taint (2, Interesting)

Laur (673497) | more than 8 years ago | (#14621337)

Perhaps this is my bias towards 100% original operating systems kicking in. That, and the fact that I've been running my machine on nothing but Linux for the past several years and never saw any need to emulate Windoze.

Uh, you do realize that Linux is just a clone of Unix, right? The ReactOS guys are trying to do the exact same thing with Windows, the situation is entirely analogous.

Re:taint (0)

Eli Gottlieb (917758) | more than 8 years ago | (#14621431)

The point about Linux was that I don't see why we need to clone Windoze, when we have another (just as original, sigh...) OS that works just fine.

When my hobby OS does something useful, I'll make sure to tell everyone.

Re:taint (2, Insightful)

Luctius (931144) | more than 8 years ago | (#14621733)

Yep, and we don't need Linux because we've got minix....

Re:taint (0)

Anonymous Coward | more than 8 years ago | (#14621437)

Except that one of them's worth copying ...

ReactOS; we hardly knew you (4, Insightful)

RLiegh (247921) | more than 8 years ago | (#14620544)

This audit will take YEARS, according to their statement. I think that's optimistic, myself; by the time that they clean-room implement the code they have to audit out, no one will be interested in working on it AND it will be unusable due to MS's Software Patents.

It's a shame; ReactOS came so far, and got so close (networking was almost ready) and now it's DOA.

It will be missed.

A plant (2, Interesting)

nurb432 (527695) | more than 8 years ago | (#14621325)

Who knows, someone might have been paid off to derail the project.

If it was getting too close for comfort, i dont doubt for a second that a company like Microsoft would do something like this. ( and then set things up for one hell of a lawsuit.. )

Makes you wonder if the 'leaked code' was infact a stunt to facilitate things like this for the forseeable future.. "everyone is tainted, the sky is falling, give us more money'

Re:A plant (1)

reub2000 (705806) | more than 8 years ago | (#14621507)

The accusation came from within by one of the developers.

Re:A plant (1)

nurb432 (527695) | more than 8 years ago | (#14621572)

Who just received a undisclosed lump sum payment into his bankaccount by an unnamed company from out west.

Taking GPL code is theft! Jihaaad! (-1, Flamebait)

Hal_Porter (817932) | more than 8 years ago | (#14620548)

We should DDOS/Mailbomb their servers. Get Eben Moglen to sue them for copyright violation. Force them to release all their source code.

Oh, wait it's (allegedly) Microsoft code that was reverse engineered. No problem then.

Years? (1)

Bizzeh (851225) | more than 8 years ago | (#14620594)

I think that was taken out of context too, unless it means dog years

Release it from another country (4, Insightful)

erikdalen (99500) | more than 8 years ago | (#14620618)

Why not just release it from a country with saner ip laws that allow reverse-enigineering made by a single person? /Erik

Re:Release it from another country (1)

RLiegh (247921) | more than 8 years ago | (#14620736)

There are no other countries which have "saner ip" laws, any country which has a functional internet/computing infrastructure also either has the same IP laws, or has contractual obligations to the US to follow the US trade/IP laws.

In short, there's no where to hide.

Re:Release it from another country (3, Informative)

erikdalen (99500) | more than 8 years ago | (#14620879)

did you read the article?

For us in the US when you speak of clean-room reverse engineering it means that one person tears apart the implementation of a device, writes documentation and another reads that documentation and implements. Other countries do not require this invisible great wall of development and allow the same person that disassembles the interface to also write the replacement implementation.

If it's legal to do so in those countries, then it's legal to release it in them as well.

/Erik

Re:Release it from another country (1)

mrraven (129238) | more than 8 years ago | (#14621840)

You wouldn't have an agenda to push Open Solaris now would you? Hmmmm..

wine (3, Insightful)

jlebrech (810586) | more than 8 years ago | (#14620697)

More wine developers for us.

If they all shift to wine coding in the mean time, im sure their will be great benefits.

How do you tell the difference? (2, Interesting)

dduardo (592868) | more than 8 years ago | (#14620702)

Are they going to get a copy of the Windows source code and compare it to ReactOS? How does someone actually go about auditing code that was submitted by many people around the world?

Re:How do you tell the difference? (0)

RLiegh (247921) | more than 8 years ago | (#14620771)

> Are they going to get a copy of the Windows source code and compare it to ReactOS?

Yes. We're talking Microsoft here. You seem to be new here so let me explain a couple of things to you. Number one, we're talking about a project which is seeking to re-create Microsoft's crown jewels -its' windows monopoly. This is the same microsoft which has in the past compared the GPL to communism. Oh, did I mention that ReactOS would be reproducing MS's bread-and-butter and giving it away under the GPL?

Only a fool would assume that MS wouldn't go over ReactOS with a fine-tooth comb; executables, source code and hell, as I mentioned earlier, probably interface and methodology patents as well!

Re:How do you tell the difference? (1)

SirTalon42 (751509) | more than 8 years ago | (#14621355)

Microsoft has absolutely nothing to do with this code audit. It all was started because a developer started questioning the validity of some of the code so they temporarily closed down everything on the ReactOS site while the devs discussed what to do, so they decided that the safest thing they could do would be a complete code audit.

Get this to run on Mac OSx86 (2, Insightful)

Anonymous Coward | more than 8 years ago | (#14620910)

Theoritically, wouldn't this be a good option to get "Windows" running on OS x86 ? Not really Windows, but I imagine it would be easier for OSS programmers to add support for EFI to this software, and give MacIntel people a Windows compatible option. At least until someone figures out how to boot the "real" Windows on the new Macs.

The forum discussions... (3, Informative)

Spy der Mann (805235) | more than 8 years ago | (#14620972)

Re:The forum discussions... (4, Informative)

RemovableBait (885871) | more than 8 years ago | (#14621354)

It really all starts with Hartmut's leaving letter [reactos.org] in the mailing list. If you read through, (just use the 'Next Message' link) you'll see the whole discussion/argument unfold.

I can't help but wonder... (2, Interesting)

ZuperDee (161571) | more than 8 years ago | (#14621008)

1) If it is going to take them YEARS to do this audit, surely it will take MS just as long to audit it to find the infringing bits. But even supposing MS found infringing bits tomorrow, what good would it do MS to sue anyone? I doubt MS would do that right now, because ReactOS is obviously not anywhere NEAR the point yet where it is widely used, let alone useful for daily tasks like surfing the web or writing a document. Surely MS would have little (if anything) to gain from a business perspective by suing people just yet. If ReactOS suddenly became useful like Windows though, I'm sure that may change.

2) Since a lot of the development effort on ReactOS is shared with WINE and vice-versa, I wonder if this could affect WINE, too. MS already has acknowledged WINE's existence by checking specifically for WINE registry settings in things like their Genuine Advantage program, but they obviously haven't sued anyone over that yet, either.

Re:I can't help but wonder... (1)

mmmiiikkkeee (930217) | more than 8 years ago | (#14621178)

"useful like Windows".... lol and my AOL dics are usefull too.... i useed to use them as frisbees... quit fun when they hit the fan blades and whent off in new directions :)

download anyway? (1)

user32.ExitWindowsEx (250475) | more than 8 years ago | (#14621083)

so where can we snag source and binary forms anyway? i really don't give a shit who has what IP in there.

Re:download anyway? (1)

Pantero Blanco (792776) | more than 8 years ago | (#14621256)

I downloaded both the Live and Install versions of it a few months back and I'm making .iso's of them at the moment. According to the readme.txt file in it, it's the March 2004 release, so it's probably not the newest, but I figure I'll start a torrent of it in the next 24 hours if no one's offering a newer one. Sorry, I don't have the source code.

Re:download anyway? (1)

clawoo (945374) | more than 8 years ago | (#14621326)

Here's a mirror: http://cubeclub.hu/~rs/mirrors/www.reactos.org/ [cubeclub.hu] The original files are no longer available on sf.net.

Re:download anyway? (1)

user32.ExitWindowsEx (250475) | more than 8 years ago | (#14621650)

close enough versions for my archives.

Torrent link (1)

spleentor (873802) | more than 8 years ago | (#14621478)

here's the torrent on linuxtracker: http://linuxtracker.org/download.php?id=1363&name= ReactOS.iso.torrent [linuxtracker.org]

Re:Torrent link (1)

skiman1979 (725635) | more than 8 years ago | (#14621898)

If you autoplay the CD under XP, it gives you the option to install. Does that install as an application under XP, or will it overwrite your XP install? I've never seen an OS install CD run as an installer under XP before.

Use Anti-Plagerism Software Instead of Auditing (2, Interesting)

pingrequest (937333) | more than 8 years ago | (#14621095)

It seems like all they would have to do is programmatically (there are existing programs) that do a statistical analysis of the source of the leaked code vs. internal code... A couple hours later the comparison would be done. It would find even what seems like minor copying, and could be set with thresholds. Then they could audit those hits for credibility... They could be done in with this 'reboot' in weeks. It would be a lot faster and probably just as effective. Also it would prevent much reading of "leaked" source which seems to burn ones eyes...

Re:Use Anti-Plagerism Software Instead of Auditing (2, Insightful)

wootest (694923) | more than 8 years ago | (#14621241)

Well, that would mean they'd have to 'officially' possess the leaked code, which would mean Microsoft's lawyers would be all over them at the drop of a hat.

Re:Use Anti-Plagerism Software Instead of Auditing (1)

pingrequest (937333) | more than 8 years ago | (#14621275)

No as someone mentioned a third party or 'off hours developer in a foriegn country' could run the audit, and pass on the report to the reactos team, not the leaked code.

Re:Use Anti-Plagerism Software Instead of Auditing (1)

wootest (694923) | more than 8 years ago | (#14621360)

I still can't shake the idea that admitting that you have the leaked code in the first place is a bad idea, regardless of if you're a developer or just responsible for running the test, or if you're in the US or not. And I don't think it'd sit well with an audit effort to indirectly rely on the code you're supposed to not copy, even if they don't openly or officially support it.

Re:Use Anti-Plagerism Software Instead of Auditing (1)

pingrequest (937333) | more than 8 years ago | (#14621541)

They already admitted that if you RTA. I think the point is it is impossible to audit code (except statisically for oddities perhaps) for potential copying, without having what you were potentially copying. If you read the article on their site they already have developerers who've admitted access, what I'm suggesting would be even less code examination than the specific modules that have already (and admittedly) been looked into.

Re:Use Anti-Plagerism Software Instead of Auditing (1)

wootest (694923) | more than 8 years ago | (#14621654)

They admitted that individual developers have had contact with the source code, and it's unclear to me if these developers were core members of the project or just casual committers. I get your point that it's impossible to audit without knowing what to look for, but it doesn't seem to me like it'd be a good idea to have this as a step in an audit process that's officially being lead by the project itself. Sure, someone else could do it unofficially, away from the official audit, but didn't your first post call this out as something that'd need to be integrated into the audit itself?

Just one more detail. In any case, continually checking the full code for references to the leaked source code seems to me to imply - like you say - advertised access to the leaked code. The committed code that prompted the audit in the first place *could* have been someone reading code off of someone else's screen - being exposed to the source code and not actually in possession of it. I don't see how the worst case scenario (project officially in possession of leaked code vs. individual developers exposed to leaked code, or maybe even legit code under some Microsoft arrangements) is not going to make the audit one magnitude worse if you'd want to avoid Microsoft's lawyers.

Re:Use Anti-Plagerism Software Instead of Auditing (1)

pingrequest (937333) | more than 8 years ago | (#14621809)

Point taken about 'audit official steps', although I'm still at a loss as to what the audit would be without something like it. I'm no expert in the audit process, but my suggestion centered around a programmatic audit which would remove much personal liability, and threshold analysis to get the project back on track rapidly. Not every line of code needs looked at. Analysis could be against source, but it could also be against machine code which may be a better test. It would lead to something like the top 10% of the code (blocks even, not whole files) ordered by the highest risk/'probabilty-of-copy' ranking.

Why not have MS audit? (2, Interesting)

kwandar (733439) | more than 8 years ago | (#14621097)

I'm wondering if ReactOS couldn't send a letter to Microsoft and simply say:

"There is the possibility that our code in the following areas *list areas* contains fragments of MS code. We would kindly request that MS advise us as to any issues with respect to this code. If we haven't heard otherwise within 6 months, we will presume that there is no MS code that has been used."

IANAL, but perhaps the law of estoppel would then apply?

Re:Why not have MS audit? (2, Informative)

KarmaMB84 (743001) | more than 8 years ago | (#14621279)

Yeah, they could presume all they want but they could still be sued for infringement. You can't force anyone to audit your code for you...

Re:Why not have MS audit? (1)

d_jedi (773213) | more than 8 years ago | (#14621316)

That's backwards. If MS checks the code, and they find some of their's in it - guess what that means? LAWSUIT.

And if MS doesn't check it, or don't finish within six months.. that does not in any way give any rights to use MS's code in ReactOS.

sorry. (1)

Heisenbug (122836) | more than 8 years ago | (#14621396)

I'm not a lawyer yet, but I can take a stab. In order for MS to give up its cause of action, it would have to agree to a contract that said so. Silence is (practically) never taken as agreement to a contract; estoppel would only apply if MS made an affirmative promise that was otherwise unenforceable, knowing that ReactOS would act in reliance on the promise.

Re:sorry. (0)

Anonymous Coward | more than 8 years ago | (#14621575)

As a lawyer-in-training myself (actually waiting for class to start), I have to agree.

The letter/statement above amounts to an offer (a pretty crappy one at that). For a contract (legally binding agreement) to form the parties must agree to the terms. One party cannot dictate terms for both sides and include an automatic acceptance of those terms.

Think about it. I send an email to everyone in the world saying "I maintain an email mailing list. My fee to remove your address from this list is $500.00. Unless I receive an objection to this offer within 1 hour of sending this email, your acceptance of the terms is implied. I accept money orders only. Thank you and have a nice day."

No court in the world would enforce that. And the law does not consider the length of time involved either (6 months in the original vs. 1 hour in my example). It's irrelevant.

And, as stated above, estoppel is a concept that requires *reliance* on a promise to *prevent* the promisor from failing to follow through with the promise. Microsoft has made no promise. ReactOS has made no reliance (because there was no promise). Estoppel is not applicable.

bleh come on guys (0, Offtopic)

Venim (846130) | more than 8 years ago | (#14621177)

i'm disappointed in you guys, only 1 funny post? come on people! and it was only rated like 3 or something

Tainted code? (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14621381)

Is that like tainted meat?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>