Slashdot Mirror
Tridgell Reveals Bitkeeper Secrets
wallykeyster writes "The Register is reporting on Andrew Tridgell publicly demonstrating how to interoperate with Bitkeeper. During his keynote at the Linux.Conf.Au, Tridgell connected to a BitKeeper site via telnet and used the mostly forgotten "help" tool. Ethical arguments of aside, what really counts as reverse engineering anyway?"
The main difference is that Linus did not reverse engineer the MINIX kernel in order to write Linux's kernel. It's legit.
Does anyone remember taking thier first radio apart "just to see how it works". This in the most base form was reverse engineering. Personally if you have the resources and the desire, by all means. Find out what makes it tick. The only reason Bit-Keeper is annoyed is because they see a free product competing with thier own. Not yet persay, but in the very near future.
If we don't make light of everything, we are just stumbling in the dark - Blank
Exactly. He didn't do something immoral, like cloning the IBM PC via reverse engineering.
We should have never had the PC revolution, because that resulted from the availability of PC clones.
We should have to pay over $1000 for a system with only 200 megs of disk and 8 megs of RAM. We should eat from the poison tree of reverse engineering.
(end of sarcasm)
Seriously, reverse engineering is legit. It is responsible for a lot of progress. It used to be legally protected, until insane laws (DMCA) and insane judges (Southern District of New York, Federal court system, etc) got involved.
Just because it CAN be done, doesn't mean it should!
Actually I think it is good for bitkeeper. No one at my company had ever heard of BitKeeper until this controversy started. Now they're looking into using it.
Any publicity is good publicity
Replace "AIM" with "BK" in the above text, and see if you still believe what you're asserting.
I forget what 8 was for.
Am I the only one here who things that real freedom is achieved only when you can tollerate an opposing point of vew?
Why can't BK develop, and sell software under any liscense they choose? Why isn't Linus free to use that solution if he so chooses? Why is it ok for us to rip on the MS type people for behavior that is OK for us to emulate in support of free and open software?
Why is it ok to try and screw BK over, who spent a great deal of money to develop this?
But this is slashdot. A slashdoter who didn't build his own computer is like a Jedi who didn't build his own lightsaber!
The DMCA specifically allows reverse engineering for compatibility.
I just had a discussion over dinner with some friends about this very subject. What it basically came down to was that even if there is a provision for it, it's gonna take someone with deep pockets willing to go to court over this. Hell even Adobe won't take it on, and they'd need it to use the Nikon raw file format.
The discussion also brought up an interesting point -- When is compatibility not the reason to reverse-engineer something? I mean even if you reverse engineer with the intent to make your own product, are you not technically trying to interoperate with something else?
You can take accountability for a product when it is used according to a contract and not take accountability for it when it is misused. The manufacturer/service provider takes accountability under specific conditions.
Your suggestion that it is necessary to keep the BK protocol closed because the BitKeeper people want to be held accountable is just plain bogus. They did it to prevent competition.
Also, you still can't get docs on a whole lot of BIOS stuff which was reverse engineered years ago, because of indefinite-duration contractual obligations.
In any case, certainly, using telnet to type "help" and reading the resulting documentation does not count as reverse engineering. It is instead a form of RTFM/RTFD.
> One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it.
Yeah, I know and I think it is bullshit.
Nobody should rely on the client to be nice.
A while ago, any computer running ICQ could simply be shot down by a wrongly formatted package that ICQ would parse and break on it and (in the days of Windows 9x) take the OS with it.
From what I read, BitKeeper has the same problem : a client can completly trash the repository if it doesnt respect the protocol. Which I call slopy design.
I client shouldnt be able to make more damage than the user has rights and HEY! it's a f*cking version control system. I DEMAND that any change done by any client can be reversed easly (after all, this is what I use a VCS for).
For me, it looks like BitKeeper has a HUGE reliability problem in that it relies far too much on clients respecting the protocol and that they cry out that loud to avoid people from looking closer at this design problem.
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
Reverse engineering is not morally wrong...in fact, it is specifically protected by all the copyright laws in the US.
Heck, "reverse engineering" is "figuring out how something works", AKA "hacking" (NOT "cracking"). This is the basis of most good technological progress and, in a different realm, science.
Of course that is until people look deeper into what the publicity is all about. McVoy pretty much illustrated the inherent dangers of not being Open Source -- that at a whim (of a madman?) all your data are belong to them.
Worse yet, we've illustrated that here's someone who's willing to do just that...yank his product from under a high profile project.
If your company is looking into using BK, you may wish to take these recent events into consideration or at least bring them up to those making the decisions.
Because that's the best time to attack someone. I think, despite what you say, Linus didn't believe it must end. He felt this one would be different. Ultimately he made a bad call, he's angry about it, and to distract attention from his misjudgement he's attacking someone who can't respond.
And Perens? This is a slugfest that only Gates, Darl, and RMS would love - all for differing reasons. Why does Perens feel compelled to call out Linus over his treatment of Tridgell?
Because someone had to do it, and it had to be someone with the standing. Linus is doing something horrible, but do you think he or his fans would listen if you or me called him on it? Which I would, in an instant. But probably only Perens and ESR had the stature to do this.
I am trolling
Most BK servers are part of the internet, opening a simple telnet connection to a well known port is no secret at all. If Tridge could corrupt BKs database any blackhat could. There's really no excuse for implementing poor security or none at all in BK. For the benefit of BitMover i assume that they did put proper security in place and safeguarded against accidental corruption of the BK database. Regardless of that your argument is moot.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
It's not morally wrong to try to access information from a BitKeeper repository. That's all Tridge did. No attempt was made to clone BK.
The global economy is a great thing until you feel it locally.
Kinda like how openssh is morally wrong because you can buy directly from ssh.
Since when is using ideas developed by someone else morally wrong? Just think the moral quagmire we'd be in if scientists did shit like that. There are specific ways to protect ideas (and/or implementations): copyright, patent, trade secrets. You want to now extend these protections to any form of machine without some application process?
Maybe it's the absence of audience laughter cues or something, I don't know, but the irony in Tridgell's demo and in The Register's writeup of it was entirely obvious to me. I had a really good chuckle.
... so Tridgell made his point admirably that there has been a mountain made up out of a molehill of nothingness.
Didn't you RTFA, maybe? Here are the relevant sentences:
Tridgell demonstrated the procedure to disprove accusations that his detractors in the Torvalds/McVoy camp had made against him. Principally, that he was some kind of "an evil genius" reverse engineer.
The demo showed that the work was obviously not reverse engineeering in any real sense of the word, nor was it even remotely describable as "genius" work
And he made us laugh at the same time too. You didn't?
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Please explain what is illegitimate about reverse engineering Bitkeeper's network protocol in an effort to distribute a free software program which is network-compatible with the proprietary Bitkeeper program.
Digital Citizen
I think I understand Linus' thinking about this based on some of his emails that were not as widely circulated as others. Linus is a pragmatist. He doesn't see open source or reverse engineering as intrinsically morally good or bad.
He sees them as good things if they produce good (profitable, valuable) results. He is upset with Tridge because he believes that Tridge had no good (profitable, valuable) end-game. Tridge's actions were destined to destroy the cooperation between the Linux kernel team and BitKeeper. Yet there is no situation in which those actions lead to benefit to either the kernel team, or the open source community or the BitKeeper company (in Linus' opinion). Here he is in his own words.
In other words, it wasn't the act of reverse engineering that is wrong. It is the act of screwing up Linus' life and BitKeeper's advertising scheme without having any beneficial side effects.
Truer words were never spoken, and I thank you for posting them. Sad thing is the rest of your comment indicates you have set them aside already, or perhaps never had them.
There is absolutely nothing unethical in what Tridge did here, at least insofar as has been mentioned in any of the reporting on this in the past few days that we've both had access to. There is absolutely no ethical obligation to keep an agreement you were not a party to. The rest of your rant assumes facts not in evidence, without any source, and has the definate whiff of BS to me.
In fact, what Tridge has done here is the epitome of ethical behavior. Linus is stung now, understandably disoriented and angry because he's been proven wrong and, being human, his first response is to lash out at Tridge instead of thanking him. Give it a few years though... once his wounded pride settles down I'm sure he will, in fact, thank Tridge for this.
Locking your data into a proprietary single-vendor format for the sake of temporary convenience was never a good idea. Everyone told Linus this, but he was too smart to listen. Now exactly what he was warned about has happened. And it was inevitable all along - if Tridge hadn't done it someone or something else would have - McVoy was a ticking time bomb. The fact that the guy isn't very stable didn't help, but honestly - McVoy could have been a saint and the thing would have still been a ticking time bomb. If Tridges actions resulted in it going off a little sooner than otherwise, then he saved Linus and many others trouble in the long run. Replacing BK wasn't going to get any easier...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it.
Client-side security is no security at all.
Security through obscurity is no security at all.
What you suggest is plain incorrect - you are assuming Tridge had no 'good endgame'. Which is plain silly. His aim was simply to make a tool people could use in lieu of BitKeeper to help manage to source tree, without the use of BitKeepr? How is this _not_ a good endgame? Saving money for people working on open source project? The whole use of BitKeeper in the first place makes the management of a kernel source tree outrageous for an open source project. Initially the clients were free and now the BitKeeper owners want to charge for them - this is the _entire_ crux of the problem! Its the usual, 'oh sorry, there are too many people with BitKeeper clients now, and we think we should now be able to charge for them'. Tridge is doing what the Open Office people did - produce something that can manipulate the _data_ that BitKeeper produces and open source it so something like the open source kernel can be accessed by all. Why is this even vaguely wrong?!
You also assume the the BK people will change the protocol for handling the data - if this is so, then Tridge I would assume update his tool to suit. You also assume that the tool as a client would be useless? Why? This makes little sense - remember this is from the person who helped build samba, and that could hardly be called useless. So even based on previous efforts you are being ignorant and pretty rude to Tridges abilities and software. Id suggest you look at some of the things hes done.
You suggest Tridge writes a SCM, well there are many open source alternative, although none to Linus's liking and this is again the main issue. Its not about Tridge at all, hes simply trying to find a solution to the BK mess Linus has produced! If Linus chose an open source source management tool then _ALL_ of these problems would disappear. Its all because he has a friend who now wants to cash in on BK client licenses - which is more 'moral' for an open source.. well.. pretty damn obvious isnt it. Imho it wouldnt surprise me if Linus has even a slight cut for marketing BK clients - this is very common in commercial world, hire high profile users to promote your wares. It looks very much like this here.
In the long run this is all for an _open_source_ development project, and without a free/GPL or open source tool to manage it, you are going to get into all sorts of problems - and unless someone relents (preferably Linus and hit BK obsession) then its going to make a mess of what was originally a good open source project.
No I see it a bit differently - I think its more than justa about friends its a philosophical clash. I came to this conclusion reading about samba on the samba website and the following statement hit me ...
This contrasts with Torvalds more pragmatic approach in getting things done. Which is more correct is a matter of personal opinion. Pragamatism vs strict GNU adherance.
peterrenshaw ~ Another Scrappy Startup
Sure, but then why not apply that analysis to Larry's action to pull the license?
Once the tool has been developed, Larry has two choices:
* Pull the license (which is bad for everyone)
* Ignore the tool (which isn't so bad)
So, looking at it this way, Larry's action of yanking the license had no good (profitable, valuable) results.
Now of course, Larry can say, but the point of yanking the license is that my threat to yank the license was intended to deter people from doing what Tridge did. I am just protecting my right to make a living off my software. I had to follow through on my threat to protect my credibility; if I didn't, then what would stop people from profiting off my coattails?
But Tridge can say, but the point of reverse engineering the system is that my threat to reverse engineer the system was intended to deter Larry from imposing unreasonable conditions on the community. I am just protecting the the commnity's right to access its data. I had to follow through on my threat to protect my credibility; if I didn't, then what would stop Larry from continuing to refuse to give us the access we deserve?
So, as you see, the "what is practically good (profitable, valuable)" analysis doesn't give us a conclusion here. Either Tridge or Larry could have avoided having the license pulled.
The type of analysis that WOULD decide the conflict is one which looks at who is being treated fairly or unfairly, or one which considered the "rights" of all parties (i.e. my right to make a living off BitKeeper without having it reverse engineered, vs. my right to access the metadata of the Linux kernal development).
For example, if a criminal mastermind had an atom bomb aimed at New York city and demanded your wife and your firstborn child as ransom, and you refused, and he blew up New York, then it wouldn't make sense for someone to say that the mastermind was a good man but that you are responsible for the destruction of New York. But, using Linus's "good (practical, valuable)" analysis, all that can be concluded is that both the criminal and you were responsible. The more sensible conclusion is that your wife and your child have a right not to be ransomed to some criminal, but that the criminal has little right to your wife and child, therefore he is the bad guy here. But this necessarily involves taking a stand on the fairness of each side's demands.
Linus seems to be claiming that he doesn't want to get caught up in a discussion of rights, but by blaming Tridge, he is probably implicitly assuming that Larry's putative right not to have others "ride his coattails" holds more weight than Tridge's putative right to interoperate and to access metadata without signing a license agreement.
"Keeping source "closed" (which is a term used by the Open Source movement) means that the users don't have freedom. When you deny others their freedom you are using power. Power is not freedom."
I use my power of ownership to keep you from living in my home. From reading my mail. And eating my food if I do not give you permission. My freedom to own what I make overrides your freedom to take what I make. Like it or not but makeing people release their work as open source is slavery. Making sure that people have the freedom to write their own software and the right to give it to others is freedom.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I've read the same messages, and find it incredibly strange that the previous message would get modded to 5 when it's simply repeating a bunch of tripe that Linus spewed forth on realworldtech.
... PROVIDED you agree to the license, which a number of people are unwilling to do.
Of the many rebuttals he received, allow me to give a choice quote:
(note: I had to reformat this because the slashdot gestapo lameness filter is on overdrive today)
Name: Karl Stenerud (kstenerud@hotmail.com) 4/14/05
Linus Torvalds (torvalds@osdl.org) on 4/14/05 wrote:
-
>Tridge wanted to create a tool that checked out BK trees for people who didn't sign the license. But it still
>needed BK to actually do anything useful - since it would not actually do the work that BK did.
>
So basically it would dump the raw BK data?
Or would it recreate a local copy complete with necessary metadata
(is there any metadata that is needed?)
What made the data useless if you didn't have BK? And could that missing functionality be added?
I'm still not sure I understand why connecting to a BK server via a custom tool and dumping the data from the repository contained within is such a bad thing...
>"Hey, that's a useful helper". Yes, except when it isn't.
>
>And it isn't, if releasing it just causes the BK protocols to change, and people who used BK in the first place to have to stop using it,
How would releasing a client tool cause the protocols to change? Isn't it the server that dictates the protocol?
>and when using the tool against a BK repository is a violation of the license that the BK user agreed to.
But wasn't the point of the tool to get the contents of a BK repository without being bound by the license?
>See the problem now? Tridge's tool would have been useful if that usage had been sanctioned by BitMover.
I don't see how sanctioning by BitMover is a criteria for the usefulness of a tool...
>But since that tool ends up invalidating your right to use BK in the first place,
How can it invalidate your right to use BK if you've never agreed to the license in the first place?
You can quite easily stop using the tool and then start using the real BK client should you so choose.
You just have to remember that it's a one-way street.
>and since that tool can not replace what BK did, then yes, the tool is pointless.
From Tridge's description, it doesn't sound at all like he planned on ever replacing what BK did.
However, failure to match feature-for-feature does not make a tool pointless.
Am I missing something here?
>So you have three choices
>- don't use the tool (which makes it useless)
>- use the tool, but stop using BK (which makes it useless)
>- use the tool _and_ use BK, which violates the BK license
Actually, you missed the fourth choice:
- Never use BK, but use the tool instead.
And that makes for an acceptable outcome in both a moral and legal sense, if I understand this correctly.
>and everybody would be happy. If a developer wanted to switch to Tridges hypothetical tool, BK comes with the
>stuff needed to export your own data.
>Do you see? It's really exactly the same thing. The BK license isn't any less relevant than the GPL, and the
>fact that BitMover is a company doesn't make it ok to violate their licenses and continue to use their programs.
Quite correct. You shouldn't violate any license you agree to.
BUT, in order to violate a license, you have to first agree to it.
If you use Tridge's tool, you don't have to agree to the license in order to get the repository contents.
Linus got caught up in a conflict of interest, pure and simple (by maintaining the public linux source code on a closed source, draconian-licensed, for-profit repository system written by a close friend).
Conflicts of interest invariably lead to conflict of ethics, and Linus's ethics have been found wanting of late.