Slashdot Mirror
Tridgell Reveals Bitkeeper Secrets
wallykeyster writes "The Register is reporting on Andrew Tridgell publicly demonstrating how to interoperate with Bitkeeper. During his keynote at the Linux.Conf.Au, Tridgell connected to a BitKeeper site via telnet and used the mostly forgotten "help" tool. Ethical arguments of aside, what really counts as reverse engineering anyway?"
Well, I think it's safe to say that Linus Torvalds is wasting his time on his new RCS, 'git'. He may as well just go ahead and write a BitKeeper-compatible system, since he liked BK so much. Oh, wait. That's morally "wrong". So says the guy working on a clone of the UNIX operating system. Something doesn't quite add up here.
Bethanie: Whore...
Fan Whore
A man named Johan Mikelson who keeps track of every bit inside his head!
I don't think that this changes much in open source development. Linus has made his decision and i think that this isn't that good for bitkeeper. Many companies are using bitkeeper because linux is/was managed with this tool. Well. We'll see. But well done Andrew. Better than reverse engeneering it in the hard way and "ripping" the secrets out...
chris
Does anyone remember taking thier first radio apart "just to see how it works". This in the most base form was reverse engineering. Personally if you have the resources and the desire, by all means. Find out what makes it tick. The only reason Bit-Keeper is annoyed is because they see a free product competing with thier own. Not yet persay, but in the very near future.
If we don't make light of everything, we are just stumbling in the dark - Blank
err...give him back his karma :-P
(yeah, yeah, I know the Preview button is there - you can give him some of my karma for not previewing)
He's just trying to karma whore by whining. I bet, if I submitted articles (sans links) that said I got modded down for mentioning the submitted story, I'd get modded up. Even if I was lying. Mod him down and put a stop to this practice.
214 qmail home page: http://pobox.com/~djb/qmail.html
So, you're saying that Exchange is qmail?
Any process that lets one reproduce BitKeeper's process. That includes things like protocol, data format, etc.
;-)
If I reverse-engineered BitKeeper and wrote a client, I would expect my client to be able to seamlessly interact with any other BitKeeper client. Sans license, of course
--LWM
One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it. That's one of the advantages most managers see with going with a commercial company rather than a OSS solution.
This isn't just copying functionality, it's putting a widely used system at risk because you don't agree with their practices. That's the same philosophy espoused by a lot of virus writers.
You're kidding right? If the BK system is so brittle that it cannot protect itself against a hostile client then it should not be hosting any source code.
If a friendly client (trying to obtain interoperability) can fundamentally break a server, just imagine what a script kiddie would do..
I've read a few exchanges from the /. crowd, read a few statements by Linus and the gang, have read McVoy's interpretation of the BK saga, and have come to one conclusion:
No one but the three people involved in this fiasco *really* knows what happened to get this situation to the stage where people begin a verbal free-fire in public.
McVoy is a business man; true to his heart, he needs to keep the BK user strung out on his code. Hell, I would feel the same sense of outrage that he feels if someone threatened to kill my cash cow. Don't pretend that every one you wouldn't feel the same way if it was *your* revenue stream. To me, anyone who claims an absolute vow of poverty is looking for a monastery to live in. Everyone I know would fight to protect a source of financial income.
Selfish? You bet. But nature has created more selfish beings than egalitarian ones. Nature favors pragmatism.
But McVoy could have let this one ride a bit more. It is just a matter of time before someone cracks his model. Then he will have to play the same game as Microsoft and Adobe only on a different level. Too bad for him, though, that his inexpensive advertising scheme didn't last. That is another little detail that goes relatively "un-remarked" upon in the various forums I've read. Larry had one of the hottest programmers in FOSS using his SCM. In fact, this Man Of The Year lavished all kinds of praise on his progeny! You would have to pay more than the "free" license fee for that kind of advertising. Shit, probably A LOT more. If Linus had been paid for his endorsements, that could have added up to quite a sum of money. Larry has wisely kept those funds securely in his pocket.
Again, I'd do that too. The monks of this world can keep their vows.
Linus? Well, it was kind of hard to turn down a free license for one of the best SCMs on the market. If I had been in his position, I would have grabbed the product and ran. In fact, I would like to personally thank Larry for helping juice the Linux kernel development. I know SCO has been rummaging around in the Linux closet for evidence that it was their intellectual property that made the kernel advance so quickly. I believe that Larry's BK contribution probably made the significant increase in kernel production possible. Judging from Linus' angst and outrage, I think he believes that too.
But Linus is being a bit thin skinned. Does he believe he is the ONLY programmer that has been burned by relying on a proprietary product for their work? Didn't he listen to all the people who had been telling him about *their* bad experiences with proprietary lock-in? From what I've read in the past, they had plenty of legitimate worries that this was going to happen. I'm sure that Linus knew it would happen someday too. He's just pissed that it happened NOW as opposed to LATER.
Boo hoo, get over it, this too will pass, etc. But why attack Tridgell in public? Hmmm.... That does raise some interesting questions. And why get all bitchy about it?
There is something we are not getting in this little soap opera. Tridgell is silent, probably for good reason. But why would Linus take him to task knowing that he would not be able to respond publicly?
And Perens? This is a slugfest that only Gates, Darl, and RMS would love - all for differing reasons. Why does Perens feel compelled to call out Linus over his treatment of Tridgell?
I thought the points made by some posters about just how Tridgell was sniffing packets to see the metadata protocols is extremely insightful. To have BK protocols running on his network would require that he be operating a client and server somewhere where he could see it, no? What network was he sniffing if he didn't have a license?
What amazes me is that the attempt to get BK's protocols didn't happen *sooner*. With all of the pissing and moaning that erupted when Linus started using BK, I would have thought there would have been someone doing what Tridgell was accomplishing years
"Rocky Rococo, at your cervix!"
These political spats are fun, but realistically speaking, this is degenerating into an episode of "The Simple Life."
Next thing you know, Torvalis will be breaking up with Perens because "well, he knows what he did."
Person 1 liked a tool. Person 2's actions caused the first person to lose rights to his tool. Person 1 vents. Person 3 vents on Person 1. BFD.
Soon, there will be a group hug and an exchange of hair care products. End of story. Welcome to "life in the big leagues of software." Tune in next week, when Person 5 attempts to purchase a voltage regulator.
Just because virus writers have the same philosophy, that doesn't mean reverse engineers are bad. That's a seriously flawed argument.
Also, I believe the kernel source is usually backed up. They'd just have to restore it. And hopefully, if it got hosed, Linus would willingly switch from using BK, because it would prove its inviability as an SCM.
Replace "AIM" with "BK" in the above text, and see if you still believe what you're asserting.
I forget what 8 was for.
I cannot see any justification for the slamming that Tridgell is getting and it's worse that it's coming from a very respected figure, so maybe _I've_ got something wrong here; it's time the ethical argument _was_ tested and debated between Torvald and Tridgell in the open so I can read what both sides really think and I can make up my own mind. Torvald can't be talking c**p but neither can Tridgell - maybe here is a chance for us all to study a very important debate; if BitKeeper would play ball then maybe Tridgell can speak out openly. Hey, maybe even Richard Stallman could get involved (only joking ;)
And rightly so. If BK's server were so insecure, that it allowed a random person write access to the kernel source code, then people should be screaming bloody murder at BK.
One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it. That's one of the advantages most managers see with going with a commercial company rather than a OSS solution.
You forgot to cite Windows as proof of how well a commercial company provides a secure operating environment.
Ok, I don't read The Register much, but the titles of the "related articles" caught my eye. Pretty tough to figure out which side they are on:
What if Tridge wrote something that totally hosed the kernel source on BK's server? People would be screaming bloody murder at BK for letting it happen. One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it. That's one of the advantages most managers see with going with a commercial company rather than a OSS solution.
Security through obscurity? People are bothering to argue for that on slashdot?
The distributed tools are way more powerful than the centralized systems; so I think it's great to see the Darcs and Monotone groups both interested in the (probably much more performant) Git backend.
(PS: yeah, I know about Arch, but damn that thing's confusing. I'm guessing they borrowed the usability team from clearcase. If you like Arch, it's definately worth checking out Monotone or Darcs. (personally I lean to Darcs because of the cool language it's written in; but like monotone as well)
Am I the only one here who things that real freedom is achieved only when you can tollerate an opposing point of vew?
Why can't BK develop, and sell software under any liscense they choose? Why isn't Linus free to use that solution if he so chooses? Why is it ok for us to rip on the MS type people for behavior that is OK for us to emulate in support of free and open software?
Why is it ok to try and screw BK over, who spent a great deal of money to develop this?
But this is slashdot. A slashdoter who didn't build his own computer is like a Jedi who didn't build his own lightsaber!
Is Tridge the elusive IBM hacker who "hacked" into SCO when the claimed:
"IBM exploited the bug to bypass SCO's security system, hack into SCO's computers, and download the very files IBM has now attached to its motion"
The DMCA specifically allows reverse engineering for compatibility
;-)
Tell that to Dmitry Skylarov.
--
AC
You can take accountability for a product when it is used according to a contract and not take accountability for it when it is misused. The manufacturer/service provider takes accountability under specific conditions.
Your suggestion that it is necessary to keep the BK protocol closed because the BitKeeper people want to be held accountable is just plain bogus. They did it to prevent competition.
Also, you still can't get docs on a whole lot of BIOS stuff which was reverse engineered years ago, because of indefinite-duration contractual obligations.
In any case, certainly, using telnet to type "help" and reading the resulting documentation does not count as reverse engineering. It is instead a form of RTFM/RTFD.
> One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it.
Yeah, I know and I think it is bullshit.
Nobody should rely on the client to be nice.
A while ago, any computer running ICQ could simply be shot down by a wrongly formatted package that ICQ would parse and break on it and (in the days of Windows 9x) take the OS with it.
From what I read, BitKeeper has the same problem : a client can completly trash the repository if it doesnt respect the protocol. Which I call slopy design.
I client shouldnt be able to make more damage than the user has rights and HEY! it's a f*cking version control system. I DEMAND that any change done by any client can be reversed easly (after all, this is what I use a VCS for).
For me, it looks like BitKeeper has a HUGE reliability problem in that it relies far too much on clients respecting the protocol and that they cry out that loud to avoid people from looking closer at this design problem.
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
Not if you were invited.
Scenario: Bob is forced to buy a client for a SCM he doesn't like. Bob invites Ted to come over to his house and poke around on the client. Bob has permission to use the client AND interact with the server. Ted is looking at the server from the client that his friend purchased.
I don't think that would be something that could be construed as "illegal". It might be "actionable" in a civil tort sense.
That might be why Tridgell is keeping quiet.
"Rocky Rococo, at your cervix!"
Gee, if Linux/Microsoft is so brittle that it cannot protect itself from a hostile client, people shouldn't use it either.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
The linked article demonstrated how Tridge accessed the bk system. He typed 'clone' at it, and it started spitting BK data at him. He dumped that binary data to disk and started munging through it. He was looking at the *on-disk format*, not any "wire formats" other than the one demonstrated with the telnet session. He didn't need to be sniffing anyone's network to do this.
[
And except for IBM, on a small number of machines, for about six months, I don't recall MCA being used by anyone.
Much like the status of EBCDIC doesn't concern me much either. =)
Of course you're right. I was referring to the original IBM PC -- but I had forgotten the BIOS needed reverse engineering.
Lost at C:>. Found at C.
Most BK servers are part of the internet, opening a simple telnet connection to a well known port is no secret at all. If Tridge could corrupt BKs database any blackhat could. There's really no excuse for implementing poor security or none at all in BK. For the benefit of BitMover i assume that they did put proper security in place and safeguarded against accidental corruption of the BK database. Regardless of that your argument is moot.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
probably not kidding, but i expect the real reason is that first it's the OSS client, next it's the server, then it's bye bye bitkeeper...
I think a better analogy would be web sites. By looking at slashdot I'm poking around on a server I do not own (e.g. telnet slashdot.org 80, get index). If you have a BitKeeper server with kernel source on the net and you make it publically available (e.g. no passwords), I don't see how anyone who connects to it and access the data you made publically available should get in trouble. This does presume that the data isn't copyrighted such that distributing it would be illegal. In the case of the kernel,
-- john
Indeed. Imagine, if you will, a Linux-hostile group with some technical ability who wanted to disrupt Linux development. Can you think of a single better way to do this than to screw up the BK repository? This would be one heck of a DOS attack, no doubt accompanied by lots of bad publicity against Linux.
This would've been a lot more effective than Microsoft's SCO lawsuit against IBM; and could be done for just a fraction of the money.
I'm sorry, but the "security through obscurity" argument doesn't work here. And if BitKeeper is indeed as fragile as the creator of it claims, a great service has been done in getting the Linux community to move away from BitKeeper.
Let us hope that Linus' new "git" SCM is much better insulated against a hostile attack.
The best way to predict the future is to create it. - Peter Drucker.
Somehow I imagine this happened before you were wearing long pants--but the IBM PC was an open spec.
Maybe it's the absence of audience laughter cues or something, I don't know, but the irony in Tridgell's demo and in The Register's writeup of it was entirely obvious to me. I had a really good chuckle.
... so Tridgell made his point admirably that there has been a mountain made up out of a molehill of nothingness.
Didn't you RTFA, maybe? Here are the relevant sentences:
Tridgell demonstrated the procedure to disprove accusations that his detractors in the Torvalds/McVoy camp had made against him. Principally, that he was some kind of "an evil genius" reverse engineer.
The demo showed that the work was obviously not reverse engineeering in any real sense of the word, nor was it even remotely describable as "genius" work
And he made us laugh at the same time too. You didn't?
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
The Register doesn't sit on the fence about anything much, they always make a clear stand for or against any major issue.
:-)
It's their hallmark, "Biting the hand that feeds IT".
Pretty much like Slashdot, but without the dups.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
TW to Linus at
If which was the case Tridge would have contacted his lawyer even though he did clearly did nothing illegal w.r.t. bitkeeper, but if Linus has influence with OSDL then he would have needed advice regarding suing for unfair dismissal.
The simplest and most blatantly obvious explanation is that McVoy freaked over and acted like a jerk, then decided to start spreading FUD with a little help from his unexpectedly misguided friend Linus.
Until more information comes out from McVoy, there really is no reason to give him any more credibility than he already squandered. Agreed. But there is no need to make up stories about what must have really happened, when it is pretty clear what did happen.
Akarsz Magyar Gentoo fórumot? Akkor
Well, certainly not that! If that's to be considered reverse engineering -- especially illegal reverse engineering -- then the next question we need to be asking is ``Why is it so hot where we're going and what are we doing in this handbasket?''
Anyone remember when ``HELLO'' and ``HELP'' were the same program? (Extra credit: Anyone remember what OS that's from?) Today's legal climate would probably have anyone issuing ``HELP'' on that OS tossed in jail as a system cracker. (Heck, if ``lynx'' can get you indicted in the UK...)
CUR ALLOC 20195.....5804M
https://sourceforge.net/projects/sourcepuller/
It's one thing to have bugs that can be exploited, another to have an insecure design that really can't be secured. BK wasn't designed back in the nice old days of the net when everyone was friendly like unix / dos. LM should know better.
Give it a rest. BK is buried, the first kernel
release with git is done.
Fucking Register is trying to get some pageviews
by trolling again and again.
For the last time - what Tridge did is legal.
But it screwed Linus over because he used BK
which was the best tool for the job.
Lots of "propritery software is crime against
humanity" dudes are crying "we told you so" the
whole mess would have not happened if only Linus
used a free and blessed software.
But the truth is that there was no free software
which did the job.
If some random client "...totally hosed the kernel source on BK's server...", then I would consider that a serious flaw in the software well worth discovering and fixing. Afterall, what's to say a malicious client isn't trying to do this very thing right now. Or how about some random layer 2 or 3 data corruption which exposes the same issues.
As we've well-learned, in watching cross-site-scripting, buffer overflows, and other attacks - you can never trust the connecting client.
What's suprising is how many people actually believe that's all Tridge had to do reverse engineer the BK protocol. While I'm willing to buy that he didn't need a BK client, the demo is obviously at best a trivial first step.
Unlike most people, I can actually respect McVoy's decision to remove the free client (though not necessarily in the angry way he did it). The SAMBA and BK situations aren't exactly identical. Tridge's reverse engineering for SAMBA is not *that* big a deal to MS. So what if a Windows server gets fooled into thinking that some Linux or VMS box is a Windows machine? While this service is immeasurable to many of us, we represent a small part of MS's customer base. It's unlikely that such a thing will enable anyone to budge MS in it's golden goose OS or office productivity markets.
But I think the situation is a little different with the BitMover guys. It's probably not THAT incredulous to imagine someone coming up with a free BK client that is better than the free version, and at least competitive with the paid-for version. If such a client is released, then no one would have a reason to buy BitMover's non-free client, thus putting a dent in BitMover's income. After all, it's not like BitKeeper has the channels to force their product down people's throats while threatening vendors who dare to sale someone else's product. They don't have the power to articially manipulate the "free" market for their benefit.
So, IMHO, the difference is this: The Free Open Source development community doesn't have the resources to affect a goliath like MS in any significant way. But a smallfry like BitMover? The FOSS bandwidth is there to bring a company like this to its knees and McVoy knows it. No doubt he's reaped many benefits from the free BK client and his company's association with Linux, but now the other shoe has officially dropped...
Now, I'm not arguing that BitMover doesn't deserve such a fate or that I'm siding with them. It is an open market after all and may the best man win. However, I can at least understand why McVoy and crew would be threatened by a free product competing with their non-free product. Yes Tridge building a new client *does* release Linux source from propietary SCM lock-in which is good for the *rest* of us. But let's at least admit that it's also a valid economicthreat to BitMover as well. Again, why buy their non-free client, if I can get a good enough free client off sourceforge? On a purely economic and pragmatic basis, both sides can be right.
For the record, I don't think Tridge is in the wrong and I don't think he's "out to get" BitMover or McVoy. However, I think an unintended side-effect of his development could be the downfall of BitMover.
Someone should really reverse engineer BK and publish the results. It would be interesting to find out what all the real problems are with a system that can't handle a rogue client without trashing the repository.
git (GNU Interactive Tools) is a screen-based console "filer" with command line and extreme flexibility and key mapping, etc.
Freshmeat:http://freshmeat.net/projects/gnuinterac tivetools/
Homepage: http://www.hulubei.net/tudor/git/
GNU Page:http://www.gnu.org/software/git/
Thank you for putting across so eloquently what my sarcastic analogy failed to do.
I guess I'll need to aim my LCD a little lower (that's Lowest Common Denominator, not Light Emitting Diode for the math-impaired).
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Tridgell = Samba = Screws Microsoft = Good
Any questions?
I know a bit of the background through a friend at OSDL and the public has not received the full story. Linus has his reasons for taking this position.
Um, yeah. Buggy clients shouldn't crash servers. This is basic.
not in countries where prostitution is legal.
Please explain what is illegitimate about reverse engineering Bitkeeper's network protocol in an effort to distribute a free software program which is network-compatible with the proprietary Bitkeeper program.
Digital Citizen
Whopping 4.77 MHz and I could even save programs to my cassette recorder...
Pay no attention to that man behind the curtain.
Liquid Crystal Display maybe?
No, Adobe wouldn't need to reverse engineer anything to make their proprietary software compatible with Nikon's encrypted white balance segment of the raw files. There actually aren't any adverse implications for Adobe in this situation.
Adobe need only negotiate a license for a proprietary binary-only software which they could link into Photoshop or call as needed. Thus, Nikon and Adobe can continue to screw users out of their freedoms and their money while these proprietors retain their secrets.
Please don't forget how Adobe used the DMCA to arrest and detain Sklyarov. The public's real problem with Adobe should center on Adobe treats their users and that they back laws which are unhelpful to the free software community.
Digital Citizen
I have been following this issue for some time now and cannot really avoid the feeling that the issue isn't really in reverse engineering the BK protocols. Real issue lies in the management of the servers and ownership of the server. What other intentions could an open source implementation of BK have other than access their hosted servers?
In my view the service (whatever it is) is owned and regulated by the company or individual who provides the service. In this case the service was free, and everyone was happy about it. Open source client would destroy this control over the service and enable users to access the service without agreeing to the terms of the service. I cannot imagine how any company would allow this kind of behaviour to happen.
What I have understood is that Linus is against reverse engineering something that sole purpose is to circumvent control mechanisms of this kind of hosted service. Maybe it is not illegal as such but it is not morally correct either as the service provider should have control over their service. One could argue it actually is an intrusion to their server and accessing data without permission.
Anyway comparison to SAMBA is a bit odd as the servers SAMBA was ment to access were mostly maintained people whose sole purpose was to share the data with all legal users. There was not one company maintaining gigantic share containing all the shared data in the world.
Actually, Arch is integrating git
As a couple of people have pointed out, I too found the whole BK thing with Torvalds, exceedingly bizarre.
:-)
:-)
Furthermore, I think cvs has some issues, but the decentralized approach bitkeeper portends, is some sort of super secret to doing offline cooperative source code management?
My whole impression with the excommnication of the kernel source code from cvs, was that they had to totally dump cvs for what reason? Kind harsh, period.
What I couldn't understand is why didn't they design or modify cvs to do disconnected distributed updates with similair capabilities such as BK.
Is it NOT logical, to have a tool with source available to modify should it not do what you need it too do? (i.e. if cvs really was deficient, it is open source so it can be fixed.)
Is that not the whole point to this endeavor we Open Source guys are exercising in our daily professional lives?
Revolting against closed source systems because they break far too easily, can't be fixed without going to jail and are owned by companies who have no interest in solving our problems just creating features to keep the upgrade cash cow machine milking continuously?
Whether we like it or not?
?
Instead, they just totally dumped cvs which manages some of the largest projects on the internet that easily rivals the size scope and complex code base of the Linux Kernel, (Mozilla)
Mozilla developers are pretty happy with cvs, and judging from the results, I use Mozilla everyday.
So why did they dump cvs again?
Something else must be going on here and unfortunately, the true reason why Linus would use BK is probably something he is keeping too himself.
We probably wouldn't like the answer anyway, so I am fine with that.
Just for the record, I am in the camp that thinks it is a fundamental error to architect a piece of software that is open like the Linux Kernel number one, number two being its primary proponent of open engineering practices in general like Linus Torvalds, number three then turn around and close off the technology process that builds it and suggest it is a better way to manage the process than the one your using to build number 1.
WTF?
However, Linus is still my hero.
-hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
Tridge's reverse engineering for SAMBA is not *that* big a deal to MS. So what if a Windows server gets fooled into thinking that some Linux or VMS box is a Windows machine? While this service is immeasurable to many of us, we represent a small part of MS's customer base. It's unlikely that such a thing will enable anyone to budge MS in it's golden goose OS or office productivity markets.
I disagree. Most machines running Samba are servers, not clients. Without Samba, we would all be running Windows fileservers. Once you have to have the Windows server, you might as well put Active Directory on it rather than set up another machine with OpenLDAP, and you might as well run IIS, since it's there and you have the Windows admins to run it. Domain server, dhcp server, on and on.
Samba is huge. It's what lets my company run 500 Win, Linux and Mac desktops with only two Win servers; the one one that runs SUS to patch all those Windows clients, and the payroll server (curse ADP). All the other servers are Linux with a couple of Sun boxes for corprate datastore apps.
Samba lets us not need Windows servers, and I can't believe that Microsoft wouldn't care about that.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
http://www.m-w.com/cgi-bin/dictionary?book=Diction ary&va=performant&x=0&y=0
My other first post is car post.
I now remember why I don't watch soap operas.
Every episode is exactly the same.
Moof.
svk. there you go.
100% distributed, decentralized, and uses subversion.
you're welcome.
This is a slugfest that only Gates, Darl, and RMS would love
I disagree. tdr and djb would love it too.
Upon Googling, I found this link which would seem to indicate that both Tandy and Dell released MCA PCs.
Truer words were never spoken, and I thank you for posting them. Sad thing is the rest of your comment indicates you have set them aside already, or perhaps never had them.
There is absolutely nothing unethical in what Tridge did here, at least insofar as has been mentioned in any of the reporting on this in the past few days that we've both had access to. There is absolutely no ethical obligation to keep an agreement you were not a party to. The rest of your rant assumes facts not in evidence, without any source, and has the definate whiff of BS to me.
In fact, what Tridge has done here is the epitome of ethical behavior. Linus is stung now, understandably disoriented and angry because he's been proven wrong and, being human, his first response is to lash out at Tridge instead of thanking him. Give it a few years though... once his wounded pride settles down I'm sure he will, in fact, thank Tridge for this.
Locking your data into a proprietary single-vendor format for the sake of temporary convenience was never a good idea. Everyone told Linus this, but he was too smart to listen. Now exactly what he was warned about has happened. And it was inevitable all along - if Tridge hadn't done it someone or something else would have - McVoy was a ticking time bomb. The fact that the guy isn't very stable didn't help, but honestly - McVoy could have been a saint and the thing would have still been a ticking time bomb. If Tridges actions resulted in it going off a little sooner than otherwise, then he saved Linus and many others trouble in the long run. Replacing BK wasn't going to get any easier...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
...and then use that information to build a competing radio?
Sure! Build a crystal radio with using a razor blade and a hand-wound coil! Didn't you ever do that when you were a kid?
If you're a zombie and you know it, bite your friend!
One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it.
Client-side security is no security at all.
Security through obscurity is no security at all.
So let me get this straight... Jeremy Allison, Andrew Tridgell, Gerrald Carter, John Terpstra etc write a tool that reverse engineers Microsoft/LanMan protocols and I am supposed to feel all warm and fuzzy...
Andrew writes a tool to reverse engineer BitKeeper and I am supposed to be pissed???
So, is this a case of "it's okay to do it to MS, just not one of our own"?
If such a client is released, then no one would have a reason to buy BitMover's non-free client, thus putting a dent in BitMover's income.
Huh?
Bitkeeper's value is in the server, not the client.
If Bitkeeper's getting their money out of the client, they're just borrowing trouble.
...by developing a competing product? Wasn't he also bound by the BK license clause that forbid anyone using BitKeeper from creating something like git?
Pat
Not if Larry revoked the license. Revoking the license removes any restrictions imposed by said license.
At the risk of getting modded as redundant I'll say it... for those who don't find this obvious -- Tridgell "reverse-engineering" BK was just an excuse for McVoy to pull back the free version. And this article only makes it more obvious. McVoy just needed to point his finger at someone. And Torvalds just followed McVoy's leads (or vice-versa).
..and then use that information to build a competing radio?
Therein lies the difference.
Well who is to say that some did not grow up and do just that. Isn't that what it all comes down to. You learn to make something better and then in time learn to produce it on a larger scale for all to enjoy.
If we don't make light of everything, we are just stumbling in the dark - Blank
Grandparent:
"If BitKeeper wishes to keep their source proprietary then it is morally wrong."
Parent:
"People should have the "FREEDOM" to..."
Freedom to do what? You do realize that morality necessarily means giving up the freedom to do things (like kill people you don't like etc.).
If people want the freedom to be antisocial with regards to their sourcecode that is fine and people can choose to do so, but that doesn't make it moral*.
*(It also doesn't mean it's immoral, you'd have to read what RMS says and see if his arguement holds, or up with a coutner arguement.)
Gee, if Linux/Microsoft is so brittle that it cannot protect itself from a hostile client, people shouldn't use it either.
Yup. If you don't have the latest patches on either a Linux or Windows machine then you should not have it connected to a network running anything that you rely on.
Company's spend a lot of money keeping up-to-date to ensure that Linux/Windows machines can protect themselves against hostile clients.
Source code from tridge has been posted to FreshMeat. The SourcePuller project is hosted on SourceForge.
"If people want the freedom to be antisocial with regards to their source code that is fine and people can choose to do so, but that doesn't make it moral*."
You see the problem is that I really feel that BitKeepers license was the LEAST free that I have ever seen. I have no problem with them selling software and letting people copy it as much as they want. That is their choice and is no more immoral than any other property rights. It does take time and effort and money to write good software. Where BitKeeper went too far is the "no competing projects" part. I do not know if I would even call that immoral. I will say that I found the price too high.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
The kernel hackers aren't the ones who need to hear Tridgell's side of this, they know about it. But the community at large, normal users, do need to hear that Tridgell was in the right, from a big name, therefore ESR would do good. However I agree he's probably too political to get involved.
I am trolling
MCA was used by IBM up untill 1996-1997 (I dont remember when they went over to PCI exactly) for the RS/6000 (POWERPC) machines they were selling. I believe MCA was first used by IBM back when the PS/2 systems were introduced to the market, this would have been late 80's into 1990.
Well I've wrestled with reality for thirty five years doctor, and I'm happy to say I finally won out over it.
The FSF, which has a very good grasp of American copyright law, maintains that setting conditions for merely running the software is outside the powers of a copyright holder in most circumstances. The early revisions of the Apple Public Source License were criticized on this basis, noting the cruel irony that would result if trying to make a free software license resulted in extending copyright power.
Digital Citizen