Tridgell Reveals Bitkeeper Secrets

wallykeyster writes "The Register is reporting on Andrew Tridgell publicly demonstrating how to interoperate with Bitkeeper. During his keynote at the Linux.Conf.Au, Tridgell connected to a BitKeeper site via telnet and used the mostly forgotten "help" tool. Ethical arguments of aside, what really counts as reverse engineering anyway?"

lol @ #buttes, failures.

[bethane]

Well, I think it's safe to say that Linus Torvalds is wasting his time on his new RCS, 'git'. He may as well just go ahead and write a BitKeeper-compatible system, since he liked BK so much. Oh, wait. That's morally "wrong". So says the guy working on a clone of the UNIX operating system. Something doesn't quite add up here.

Re:lol @ #buttes, failures.

[amorformosus]

The main difference is that Linus did not reverse engineer the MINIX kernel in order to write Linux's kernel. It's legit.

Re:lol @ #buttes, failures.

[Frank+T.+Lofaro+Jr.]

Exactly. He didn't do something immoral, like cloning the IBM PC via reverse engineering.

We should have never had the PC revolution, because that resulted from the availability of PC clones.

We should have to pay over $1000 for a system with only 200 megs of disk and 8 megs of RAM. We should eat from the poison tree of reverse engineering.

(end of sarcasm)

Seriously, reverse engineering is legit. It is responsible for a lot of progress. It used to be legally protected, until insane laws (DMCA) and insane judges (Southern District of New York, Federal court system, etc) got involved.

Re:lol @ #buttes, failures.

[BHearsum]

Uhm. Nope.

Linus has stated that a centralized system would not work -- which is why subversion is a bad choice. He *needs* something distributed. Apparantly monotone was a possible choice, but in the end he decided to write his own system.

Re:lol @ #buttes, failures.

[Binestar]

It used to be legally protected, until insane laws (DMCA)

The DMCA specifically allows reverse engineering for compatibility.

Re:lol @ #buttes, failures.

[tzanger]

The DMCA specifically allows reverse engineering for compatibility.

I just had a discussion over dinner with some friends about this very subject. What it basically came down to was that even if there is a provision for it, it's gonna take someone with deep pockets willing to go to court over this. Hell even Adobe won't take it on, and they'd need it to use the Nikon raw file format.

The discussion also brought up an interesting point -- When is compatibility not the reason to reverse-engineer something? I mean even if you reverse engineer with the intent to make your own product, are you not technically trying to interoperate with something else?

Re:lol @ #buttes, failures.

[rpdillon]

Reverse engineering is not morally wrong...in fact, it is specifically protected by all the copyright laws in the US.

Heck, "reverse engineering" is "figuring out how something works", AKA "hacking" (NOT "cracking"). This is the basis of most good technological progress and, in a different realm, science.

Re:lol @ #buttes, failures.

[blueskies]

And who the HELL are you to be telling Torvalds how he should spend his time?

I did some research on him:

He is Mikael Johansson.
His slashdot ID is 814403.
And here is a link to his account in case you want to know more: http://slashdot.org/~Mikael%20Johansson.

Re:lol @ #buttes, failures.

[digidave]

It's not morally wrong to try to access information from a BitKeeper repository. That's all Tridge did. No attempt was made to clone BK.

Re:lol @ #buttes, failures.

[blueskies]

Kinda like how openssh is morally wrong because you can buy directly from ssh.

Since when is using ideas developed by someone else morally wrong? Just think the moral quagmire we'd be in if scientists did shit like that. There are specific ways to protect ideas (and/or implementations): copyright, patent, trade secrets. You want to now extend these protections to any form of machine without some application process?

Re:lol @ #buttes, failures.

[LWATCDR]

Even if I agree which I do not that reverse engineering Bitkeeper would be wrong that is not what he was doing. He was reverse engineering the protocol so that other CLIENTS could inter operate with Bitkeeper.
One the protocol was figured out programmers could write bitkeeper plug ins for Eclipse, Anjuta, and kdevelop. You would still need the bitkeeper server. Frankly I do worry that Linus will not like his fall from grace as the darling of the OSS community. I do not know him so I will hope he will not take offense and just pack it in. Frankly I really disliked the THOU SHALL NOT WORK ON A COMPETING VCS license that Bitkeeper required.

Re:lol @ #buttes, failures.

[HishamMuhammad]

Do you think the BK license required Linus to promise to never write a competing product for the rest of his life? Amazingly, yes. Apparently, the original license did not specify a time frame, so it could be interpreted as valid for undetermined time. The revised license seems to specify 1 year as the no-compete clause.

Re:lol @ #buttes, failures.

[LWATCDR]

Wow the list of things that are just wrong with you post is long.

No Unix is not Open Source and no it was not in the past. Some BSD versions of it are You had to pay extra for the source to UNIX and you where not allowed to copy it.

VAX is not an OS it is a family of computers. VAXs could run Unix, VMS, and a host of other OSs. VMS is still alive and is now called openVMS. Sure there are a lot more systems running Windows, Linux, and Unix than VMS but it is a very robust and secure system that is still at the heart of some very important systems.

The first DOS had no Unix in it. It was more of a clone of CP/M. CP/M was not like Unix at all except that it had a command line and some strangely named utilities like pip. Only when Dos version 2.0 came out did any remotely Unix style features like directories and the pipe get added.

SUN is not an OS it is a company. They did have Sun OS and now Solaris both of which are UNIX. And they paid for the UNIX source code as did IBM for AIX. Berkley was given the code I think then got sued for giving away BSD until the court found out that AT&T had borrowed back a lot of BSD code so it became a wash.

"If BitKeeper wishes to keep their source proprietary then it is morally wrong."
This is also just garbage and totally ignores the real issue. I do not care what RMS or anyone else says closed source is not immoral. People should have the "FREEDOM" to keep their source closed, open it, or to charge anything they want for it as long as they are not a monopoly.

I have no problem with them keeping their source proprietary. That is their right. We are not talking about source code here. We are talking protocols and methods and that is a very different thing.
What I find very wrong is using a programing tool that has a license that restricts what type of software I can write! If I wanted to use Bitkeeper I could not use it to manage the source of a Bitkeeper like program! What is worse is if I used Bitkeeper I could not then WORK on a Bitkeeper replacement even if I used CVS for that project! Imagine if I was not allowed to write a c++ compiler using Visual c++! Or I was not allowed to work on OpenOffice because I used Excel at my job! How people would be screaming about that! Bitkeeper I guess had every right to require it however I have to say that to accept that seems just wrong. I am sure that at the time it seemed like a fast solution to a big problem. Now it could turn into an even BIGGER problem.

Re:lol @ #buttes, failures.

[DA-MAN]

Amazingly, yes. Apparently, the original license did not specify a time frame, so it could be interpreted as valid for undetermined time. The revised license seems to specify 1 year as the no-compete clause.

But Larry McVoy revoked the license. Doesn't that mean that the no-compete clause has been revoked with the rest of the license?

Re:lol @ #buttes, failures.

[smallpaul]

I think I understand Linus' thinking about this based on some of his emails that were not as widely circulated as others. Linus is a pragmatist. He doesn't see open source or reverse engineering as intrinsically morally good or bad.

He sees them as good things if they produce good (profitable, valuable) results. He is upset with Tridge because he believes that Tridge had no good (profitable, valuable) end-game. Tridge's actions were destined to destroy the cooperation between the Linux kernel team and BitKeeper. Yet there is no situation in which those actions lead to benefit to either the kernel team, or the open source community or the BitKeeper company (in Linus' opinion). Here he is in his own words.

Tridge wanted to create a tool that checked out BK trees for people who didn't sign the license. But it still needed BK to actually do anything useful - since it would not actually do the work that BK did.

"Hey, that's a useful helper". Yes, except when it isn't.

And it isn't, if releasing it just causes the BK protocols to change, and people who used BK in the first place to have to stop using it, and when using the tool against a BK repository is a violation of the license that the BK user agreed to.

See the problem now? Tridge's tool would have been useful if that usage had been sanctioned by BitMover. But since that tool ends up invalidating your right to use BK in the first place, and since that tool can not replace what BK did, then yes, the tool is pointless.

So you have three choices
- don't use the tool (which makes it useless)
- use the tool, but stop using BK (which makes it useless)
- use the tool _and_ use BK, which violates the BK license

Two useless cases, and one outright license violation.

Now, let's look at a _constructive_ case: let's say that Tridge had written a really good SCM. Now the choice would be:
- use the tool (cool, that works)
- use BK (cool, that also works)

and everybody would be happy. If a developer wanted to switch to Tridges hypothetical tool, BK comes with the stuff needed to export your own data.

In other words, it wasn't the act of reverse engineering that is wrong. It is the act of screwing up Linus' life and BitKeeper's advertising scheme without having any beneficial side effects.

Re:lol @ #buttes, failures.

[Flaming+Death]

What you suggest is plain incorrect - you are assuming Tridge had no 'good endgame'. Which is plain silly. His aim was simply to make a tool people could use in lieu of BitKeeper to help manage to source tree, without the use of BitKeepr? How is this _not_ a good endgame? Saving money for people working on open source project? The whole use of BitKeeper in the first place makes the management of a kernel source tree outrageous for an open source project. Initially the clients were free and now the BitKeeper owners want to charge for them - this is the _entire_ crux of the problem! Its the usual, 'oh sorry, there are too many people with BitKeeper clients now, and we think we should now be able to charge for them'. Tridge is doing what the Open Office people did - produce something that can manipulate the _data_ that BitKeeper produces and open source it so something like the open source kernel can be accessed by all. Why is this even vaguely wrong?!

You also assume the the BK people will change the protocol for handling the data - if this is so, then Tridge I would assume update his tool to suit. You also assume that the tool as a client would be useless? Why? This makes little sense - remember this is from the person who helped build samba, and that could hardly be called useless. So even based on previous efforts you are being ignorant and pretty rude to Tridges abilities and software. Id suggest you look at some of the things hes done.

You suggest Tridge writes a SCM, well there are many open source alternative, although none to Linus's liking and this is again the main issue. Its not about Tridge at all, hes simply trying to find a solution to the BK mess Linus has produced! If Linus chose an open source source management tool then _ALL_ of these problems would disappear. Its all because he has a friend who now wants to cash in on BK client licenses - which is more 'moral' for an open source.. well.. pretty damn obvious isnt it. Imho it wouldnt surprise me if Linus has even a slight cut for marketing BK clients - this is very common in commercial world, hire high profile users to promote your wares. It looks very much like this here.

In the long run this is all for an _open_source_ development project, and without a free/GPL or open source tool to manage it, you are going to get into all sorts of problems - and unless someone relents (preferably Linus and hit BK obsession) then its going to make a mess of what was originally a good open source project.

Re:lol @ #buttes, failures.

[bshanks]

Sure, but then why not apply that analysis to Larry's action to pull the license?

Once the tool has been developed, Larry has two choices:

* Pull the license (which is bad for everyone)
* Ignore the tool (which isn't so bad)

So, looking at it this way, Larry's action of yanking the license had no good (profitable, valuable) results.

Now of course, Larry can say, but the point of yanking the license is that my threat to yank the license was intended to deter people from doing what Tridge did. I am just protecting my right to make a living off my software. I had to follow through on my threat to protect my credibility; if I didn't, then what would stop people from profiting off my coattails?

But Tridge can say, but the point of reverse engineering the system is that my threat to reverse engineer the system was intended to deter Larry from imposing unreasonable conditions on the community. I am just protecting the the commnity's right to access its data. I had to follow through on my threat to protect my credibility; if I didn't, then what would stop Larry from continuing to refuse to give us the access we deserve?

So, as you see, the "what is practically good (profitable, valuable)" analysis doesn't give us a conclusion here. Either Tridge or Larry could have avoided having the license pulled.

The type of analysis that WOULD decide the conflict is one which looks at who is being treated fairly or unfairly, or one which considered the "rights" of all parties (i.e. my right to make a living off BitKeeper without having it reverse engineered, vs. my right to access the metadata of the Linux kernal development).

For example, if a criminal mastermind had an atom bomb aimed at New York city and demanded your wife and your firstborn child as ransom, and you refused, and he blew up New York, then it wouldn't make sense for someone to say that the mastermind was a good man but that you are responsible for the destruction of New York. But, using Linus's "good (practical, valuable)" analysis, all that can be concluded is that both the criminal and you were responsible. The more sensible conclusion is that your wife and your child have a right not to be ransomed to some criminal, but that the criminal has little right to your wife and child, therefore he is the bad guy here. But this necessarily involves taking a stand on the fairness of each side's demands.

Linus seems to be claiming that he doesn't want to get caught up in a discussion of rights, but by blaming Tridge, he is probably implicitly assuming that Larry's putative right not to have others "ride his coattails" holds more weight than Tridge's putative right to interoperate and to access metadata without signing a license agreement.

Re:lol @ #buttes, failures.

[LWATCDR]

"Keeping source "closed" (which is a term used by the Open Source movement) means that the users don't have freedom. When you deny others their freedom you are using power. Power is not freedom."
I use my power of ownership to keep you from living in my home. From reading my mail. And eating my food if I do not give you permission. My freedom to own what I make overrides your freedom to take what I make. Like it or not but makeing people release their work as open source is slavery. Making sure that people have the freedom to write their own software and the right to give it to others is freedom.

Re:lol @ #buttes, failures.

[Mock]

I've read the same messages, and find it incredibly strange that the previous message would get modded to 5 when it's simply repeating a bunch of tripe that Linus spewed forth on realworldtech.

Of the many rebuttals he received, allow me to give a choice quote:
(note: I had to reformat this because the slashdot gestapo lameness filter is on overdrive today)


Name: Karl Stenerud (kstenerud@hotmail.com) 4/14/05

Linus Torvalds (torvalds@osdl.org) on 4/14/05 wrote:
-
>Tridge wanted to create a tool that checked out BK trees for people who didn't sign the license. But it still
>needed BK to actually do anything useful - since it would not actually do the work that BK did.
>

So basically it would dump the raw BK data?
Or would it recreate a local copy complete with necessary metadata
(is there any metadata that is needed?)

What made the data useless if you didn't have BK? And could that missing functionality be added?

I'm still not sure I understand why connecting to a BK server via a custom tool and dumping the data from the repository contained within is such a bad thing...

>"Hey, that's a useful helper". Yes, except when it isn't.
>
>And it isn't, if releasing it just causes the BK protocols to change, and people who used BK in the first place to have to stop using it,

How would releasing a client tool cause the protocols to change? Isn't it the server that dictates the protocol?

>and when using the tool against a BK repository is a violation of the license that the BK user agreed to.

But wasn't the point of the tool to get the contents of a BK repository without being bound by the license?

>See the problem now? Tridge's tool would have been useful if that usage had been sanctioned by BitMover.

I don't see how sanctioning by BitMover is a criteria for the usefulness of a tool...

>But since that tool ends up invalidating your right to use BK in the first place,

How can it invalidate your right to use BK if you've never agreed to the license in the first place?
You can quite easily stop using the tool and then start using the real BK client should you so choose.
You just have to remember that it's a one-way street.

>and since that tool can not replace what BK did, then yes, the tool is pointless.

From Tridge's description, it doesn't sound at all like he planned on ever replacing what BK did.
However, failure to match feature-for-feature does not make a tool pointless.
Am I missing something here?

>So you have three choices
>- don't use the tool (which makes it useless)
>- use the tool, but stop using BK (which makes it useless)
>- use the tool _and_ use BK, which violates the BK license

Actually, you missed the fourth choice:
- Never use BK, but use the tool instead.

And that makes for an acceptable outcome in both a moral and legal sense, if I understand this correctly.

>and everybody would be happy. If a developer wanted to switch to Tridges hypothetical tool, BK comes with the
>stuff needed to export your own data. ... PROVIDED you agree to the license, which a number of people are unwilling to do.

>Do you see? It's really exactly the same thing. The BK license isn't any less relevant than the GPL, and the
>fact that BitMover is a company doesn't make it ok to violate their licenses and continue to use their programs.

Quite correct. You shouldn't violate any license you agree to.
BUT, in order to violate a license, you have to first agree to it.
If you use Tridge's tool, you don't have to agree to the license in order to get the repository contents.


Linus got caught up in a conflict of interest, pure and simple (by maintaining the public linux source code on a closed source, draconian-licensed, for-profit repository system written by a close friend).
Conflicts of interest invariably lead to conflict of ethics, and Linus's ethics have been found wanting of late.

Bit Keeper's actually...

A man named Johan Mikelson who keeps track of every bit inside his head!

Perhaps a stretch

[jonnystiph]

Does anyone remember taking thier first radio apart "just to see how it works". This in the most base form was reverse engineering. Personally if you have the resources and the desire, by all means. Find out what makes it tick. The only reason Bit-Keeper is annoyed is because they see a free product competing with thier own. Not yet persay, but in the very near future.

Re:Do this change something?

[stry_cat]

Linus has made his decision and i think that this isn't that good for bitkeeper.

Actually I think it is good for bitkeeper. No one at my company had ever heard of BitKeeper until this controversy started. Now they're looking into using it.

Any publicity is good publicity

Re:Using BK's servers

[Anthony+Liguori]

One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it. That's one of the advantages most managers see with going with a commercial company rather than a OSS solution.

This isn't just copying functionality, it's putting a widely used system at risk because you don't agree with their practices. That's the same philosophy espoused by a lot of virus writers.

You're kidding right? If the BK system is so brittle that it cannot protect itself against a hostile client then it should not be hosting any source code.

If a friendly client (trying to obtain interoperability) can fundamentally break a server, just imagine what a script kiddie would do..

Recycled Comment

[geomon]

I've read a few exchanges from the /. crowd, read a few statements by Linus and the gang, have read McVoy's interpretation of the BK saga, and have come to one conclusion:

No one but the three people involved in this fiasco *really* knows what happened to get this situation to the stage where people begin a verbal free-fire in public.

McVoy is a business man; true to his heart, he needs to keep the BK user strung out on his code. Hell, I would feel the same sense of outrage that he feels if someone threatened to kill my cash cow. Don't pretend that every one you wouldn't feel the same way if it was *your* revenue stream. To me, anyone who claims an absolute vow of poverty is looking for a monastery to live in. Everyone I know would fight to protect a source of financial income.

Selfish? You bet. But nature has created more selfish beings than egalitarian ones. Nature favors pragmatism.

But McVoy could have let this one ride a bit more. It is just a matter of time before someone cracks his model. Then he will have to play the same game as Microsoft and Adobe only on a different level. Too bad for him, though, that his inexpensive advertising scheme didn't last. That is another little detail that goes relatively "un-remarked" upon in the various forums I've read. Larry had one of the hottest programmers in FOSS using his SCM. In fact, this Man Of The Year lavished all kinds of praise on his progeny! You would have to pay more than the "free" license fee for that kind of advertising. Shit, probably A LOT more. If Linus had been paid for his endorsements, that could have added up to quite a sum of money. Larry has wisely kept those funds securely in his pocket.

Again, I'd do that too. The monks of this world can keep their vows.

Linus? Well, it was kind of hard to turn down a free license for one of the best SCMs on the market. If I had been in his position, I would have grabbed the product and ran. In fact, I would like to personally thank Larry for helping juice the Linux kernel development. I know SCO has been rummaging around in the Linux closet for evidence that it was their intellectual property that made the kernel advance so quickly. I believe that Larry's BK contribution probably made the significant increase in kernel production possible. Judging from Linus' angst and outrage, I think he believes that too.

But Linus is being a bit thin skinned. Does he believe he is the ONLY programmer that has been burned by relying on a proprietary product for their work? Didn't he listen to all the people who had been telling him about *their* bad experiences with proprietary lock-in? From what I've read in the past, they had plenty of legitimate worries that this was going to happen. I'm sure that Linus knew it would happen someday too. He's just pissed that it happened NOW as opposed to LATER.

Boo hoo, get over it, this too will pass, etc. But why attack Tridgell in public? Hmmm.... That does raise some interesting questions. And why get all bitchy about it?

There is something we are not getting in this little soap opera. Tridgell is silent, probably for good reason. But why would Linus take him to task knowing that he would not be able to respond publicly?

And Perens? This is a slugfest that only Gates, Darl, and RMS would love - all for differing reasons. Why does Perens feel compelled to call out Linus over his treatment of Tridgell?

I thought the points made by some posters about just how Tridgell was sniffing packets to see the metadata protocols is extremely insightful. To have BK protocols running on his network would require that he be operating a client and server somewhere where he could see it, no? What network was he sniffing if he didn't have a license?

What amazes me is that the attempt to get BK's protocols didn't happen *sooner*. With all of the pissing and moaning that erupted when Linus started using BK, I would have thought there would have been someone doing what Tridgell was accomplishing years

Re:Recycled Comment

[m50d]

But why would Linus take him to task knowing that he would not be able to respond publicly?

Because that's the best time to attack someone. I think, despite what you say, Linus didn't believe it must end. He felt this one would be different. Ultimately he made a bad call, he's angry about it, and to distract attention from his misjudgement he's attacking someone who can't respond.

And Perens? This is a slugfest that only Gates, Darl, and RMS would love - all for differing reasons. Why does Perens feel compelled to call out Linus over his treatment of Tridgell?

Because someone had to do it, and it had to be someone with the standing. Linus is doing something horrible, but do you think he or his fans would listen if you or me called him on it? Which I would, in an instant. But probably only Perens and ESR had the stature to do this.

Re:Recycled Comment

[swv3752]

McVoy and Torvalds are friends. It has been posted earlier that McVoy went to Torvald's home to pitch the use of BitKeeper.

Linus speaking out against Tridge, is simply that of someone backing up his friend. Unfortunately for Linus, it makes him a hypocritical git.

Re:Recycled Comment

[goon]

'... Linus speaking out against Tridge, is simply that of someone backing up his friend... '

No I see it a bit differently - I think its more than justa about friends its a philosophical clash. I came to this conclusion reading about samba on the samba website and the following statement hit me ...

• '... Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. ...' (the emphasis is mine)

This contrasts with Torvalds more pragmatic approach in getting things done. Which is more correct is a matter of personal opinion. Pragamatism vs strict GNU adherance.

The Linux Life?

[mveloso]

These political spats are fun, but realistically speaking, this is degenerating into an episode of "The Simple Life."

Next thing you know, Torvalis will be breaking up with Perens because "well, he knows what he did."

Person 1 liked a tool. Person 2's actions caused the first person to lose rights to his tool. Person 1 vents. Person 3 vents on Person 1. BFD.

Soon, there will be a group hug and an exchange of hair care products. End of story. Welcome to "life in the big leagues of software." Tune in next week, when Person 5 attempts to purchase a voltage regulator.

Try this one again, shall we?

[abulafia]

Replace "AIM" with "BK" in the above text, and see if you still believe what you're asserting.

Free as in stealing?

[Scott+Lockwood]

Am I the only one here who things that real freedom is achieved only when you can tollerate an opposing point of vew?

Why can't BK develop, and sell software under any liscense they choose? Why isn't Linus free to use that solution if he so chooses? Why is it ok for us to rip on the MS type people for behavior that is OK for us to emulate in support of free and open software?

Why is it ok to try and screw BK over, who spent a great deal of money to develop this?

Re:Using BK's servers

[eturro]

You can take accountability for a product when it is used according to a contract and not take accountability for it when it is misused. The manufacturer/service provider takes accountability under specific conditions.
Your suggestion that it is necessary to keep the BK protocol closed because the BitKeeper people want to be held accountable is just plain bogus. They did it to prevent competition.

PC reverse-engineering != typing "help" in telnet

[js7a]

IBM would give you a map of the pinouts and everything else

On the contrary, the entire "microchannel archtecture" is still considered a trade secret by IBM (please correct me if I'm wrong, but I think there is a contractual reason that it might always be.)

Also, you still can't get docs on a whole lot of BIOS stuff which was reverse engineered years ago, because of indefinite-duration contractual obligations.

In any case, certainly, using telnet to type "help" and reading the resulting documentation does not count as reverse engineering. It is instead a form of RTFM/RTFD.

Re:Using BK's servers

[TekGoNos]

> One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it.

Yeah, I know and I think it is bullshit.
Nobody should rely on the client to be nice.

A while ago, any computer running ICQ could simply be shot down by a wrongly formatted package that ICQ would parse and break on it and (in the days of Windows 9x) take the OS with it.

From what I read, BitKeeper has the same problem : a client can completly trash the repository if it doesnt respect the protocol. Which I call slopy design.
I client shouldnt be able to make more damage than the user has rights and HEY! it's a f*cking version control system. I DEMAND that any change done by any client can be reversed easly (after all, this is what I use a VCS for).

For me, it looks like BitKeeper has a HUGE reliability problem in that it relies far too much on clients respecting the protocol and that they cry out that loud to avoid people from looking closer at this design problem.

Re:Poking a server you don't own

[geomon]

Not if you were invited.

Scenario: Bob is forced to buy a client for a SCM he doesn't like. Bob invites Ted to come over to his house and poke around on the client. Bob has permission to use the client AND interact with the server. Ted is looking at the server from the client that his friend purchased.

I don't think that would be something that could be construed as "illegal". It might be "actionable" in a civil tort sense.

That might be why Tridgell is keeping quiet.

Re:Do this change something?

[Eberlin]

Of course that is until people look deeper into what the publicity is all about. McVoy pretty much illustrated the inherent dangers of not being Open Source -- that at a whim (of a madman?) all your data are belong to them.

Worse yet, we've illustrated that here's someone who's willing to do just that...yank his product from under a high profile project.

If your company is looking into using BK, you may wish to take these recent events into consideration or at least bring them up to those making the decisions.

Re:Using BK's servers

[gotan]

What if Tridge wrote something that totally hosed the kernel source on BK's server? People would be screaming bloody murder at BK for letting it happen.

... and rightly so. If BitMover doesn't put a proper authentification protocoll in place and doesn't safeguard against corruption of the BK database (what if some false bytes due to communication errors hosed the database?) then it's their fault. If it was as easy as you suggest in your posting then i'd call that gross negligence on behalf of BitMover.

Most BK servers are part of the internet, opening a simple telnet connection to a well known port is no secret at all. If Tridge could corrupt BKs database any blackhat could. There's really no excuse for implementing poor security or none at all in BK. For the benefit of BitMover i assume that they did put proper security in place and safeguarded against accidental corruption of the BK database. Regardless of that your argument is moot.

LOL, irony too complex, huh?

[Morgaine]

Maybe it's the absence of audience laughter cues or something, I don't know, but the irony in Tridgell's demo and in The Register's writeup of it was entirely obvious to me. I had a really good chuckle.

Didn't you RTFA, maybe? Here are the relevant sentences:

Tridgell demonstrated the procedure to disprove accusations that his detractors in the Torvalds/McVoy camp had made against him. Principally, that he was some kind of "an evil genius" reverse engineer.

The demo showed that the work was obviously not reverse engineeering in any real sense of the word, nor was it even remotely describable as "genius" work ... so Tridgell made his point admirably that there has been a mountain made up out of a molehill of nothingness.

And he made us laugh at the same time too. You didn't?

Re:Give me a break...

[Bamafan77]

"I hope he has something more substantial to back himself up than a weak joke."

What's suprising is how many people actually believe that's all Tridge had to do reverse engineer the BK protocol. While I'm willing to buy that he didn't need a BK client, the demo is obviously at best a trivial first step.

Unlike most people, I can actually respect McVoy's decision to remove the free client (though not necessarily in the angry way he did it). The SAMBA and BK situations aren't exactly identical. Tridge's reverse engineering for SAMBA is not *that* big a deal to MS. So what if a Windows server gets fooled into thinking that some Linux or VMS box is a Windows machine? While this service is immeasurable to many of us, we represent a small part of MS's customer base. It's unlikely that such a thing will enable anyone to budge MS in it's golden goose OS or office productivity markets.

But I think the situation is a little different with the BitMover guys. It's probably not THAT incredulous to imagine someone coming up with a free BK client that is better than the free version, and at least competitive with the paid-for version. If such a client is released, then no one would have a reason to buy BitMover's non-free client, thus putting a dent in BitMover's income. After all, it's not like BitKeeper has the channels to force their product down people's throats while threatening vendors who dare to sale someone else's product. They don't have the power to articially manipulate the "free" market for their benefit.

So, IMHO, the difference is this: The Free Open Source development community doesn't have the resources to affect a goliath like MS in any significant way. But a smallfry like BitMover? The FOSS bandwidth is there to bring a company like this to its knees and McVoy knows it. No doubt he's reaped many benefits from the free BK client and his company's association with Linux, but now the other shoe has officially dropped...

Now, I'm not arguing that BitMover doesn't deserve such a fate or that I'm siding with them. It is an open market after all and may the best man win. However, I can at least understand why McVoy and crew would be threatened by a free product competing with their non-free product. Yes Tridge building a new client *does* release Linux source from propietary SCM lock-in which is good for the *rest* of us. But let's at least admit that it's also a valid economicthreat to BitMover as well. Again, why buy their non-free client, if I can get a good enough free client off sourceforge? On a purely economic and pragmatic basis, both sides can be right.

For the record, I don't think Tridge is in the wrong and I don't think he's "out to get" BitMover or McVoy. However, I think an unintended side-effect of his development could be the downfall of BitMover.

What part of this don't you get?

[glrotate]

Tridgell = Samba = Screws Microsoft = Good

Any questions?

Please explain the illegimacy.

[jbn-o]

Please explain what is illegitimate about reverse engineering Bitkeeper's network protocol in an effort to distribute a free software program which is network-compatible with the proprietary Bitkeeper program.

Re:Please explain the illegimacy.

[jbn-o]

Where did you get the idea this agreement exists? What exactly does this agreement say? What evidence is there to show that Tridgell agreed to its terms or did something that required complying with such a clause or be liable for losing a copyright infringement lawsuit?

I'm suspect that Tridgell, who appears to be quite dedicated to software freedom, would realize the implications of agreeing to such a thing and therefore not agree to it.

As it stands, Tridge has said he was not a licensee of the Bitkeeper program. Furthermore, I have no reason to believe he's lying.

Re:Ethics aside?

[Arker]

The trouble is that you can't set ethics aside unless you're unethical.

Truer words were never spoken, and I thank you for posting them. Sad thing is the rest of your comment indicates you have set them aside already, or perhaps never had them.

There is absolutely nothing unethical in what Tridge did here, at least insofar as has been mentioned in any of the reporting on this in the past few days that we've both had access to. There is absolutely no ethical obligation to keep an agreement you were not a party to. The rest of your rant assumes facts not in evidence, without any source, and has the definate whiff of BS to me.

In fact, what Tridge has done here is the epitome of ethical behavior. Linus is stung now, understandably disoriented and angry because he's been proven wrong and, being human, his first response is to lash out at Tridge instead of thanking him. Give it a few years though... once his wounded pride settles down I'm sure he will, in fact, thank Tridge for this.

Locking your data into a proprietary single-vendor format for the sake of temporary convenience was never a good idea. Everyone told Linus this, but he was too smart to listen. Now exactly what he was warned about has happened. And it was inevitable all along - if Tridge hadn't done it someone or something else would have - McVoy was a ticking time bomb. The fact that the guy isn't very stable didn't help, but honestly - McVoy could have been a saint and the thing would have still been a ticking time bomb. If Tridges actions resulted in it going off a little sooner than otherwise, then he saved Linus and many others trouble in the long run. Replacing BK wasn't going to get any easier...

Re:tridge's source code is up for download

[close_wait]

Here are some relevant sections from the README

cePuller was written for two reasons. First, because the terms of the free BitKeeper license are not suitable for some members of the free software community. This can occasionally lead to frustrating situations where a free software developer wishes to access a BitKeeper repository, and is either unable to, or can only access it via a gateway that translates the repository into another format, possibly losing some information.

The second reason for writing SourcePuller was to provide a open library of routines that can talk to BitKeeper servers and manipulate local BitKeeper repositories. It is hoped that this library will be used by the authors of other source code management systems to allow them to interoperate with BitKeeper. Eventually this should result in an improvement in the quality of the various bk repository gateways.

SourcePuller is not intended to be a full replacement for BitKeeper. Instead, you should use SourcePuller as an interoperability tool for situations where you cannot use bk itself. SourcePuller is missing a large amount of core functionality from BitKeeper, and thus is not suitable as a full replacement.

Update - April 2005
-------------------

As you probably know, there has been quite a fuss lately about this code and the fact that BitMover has now withdrawn the free version of bk. First off, I would like to say that this result was not the intention when I wrote this code. I had hoped that an alternative open client would be able to coexist happily with the proprietary BitKeeeper client, as has happened with so many other protocols. An open client combined with the ability to accurately import into other source code management tools would have been a big step forward, and should have allowed BitMover to flourish in the commercial environment while still being used by the free software community.

I would also like to say that BitMover is well within its rights to license BitKeeper as it sees fit. I am of course disappointed at how BitMover has portrayed some of my actions, but please understand that they are under a lot of pressure. Under stress people sometimes say things that perhaps they shouldn't.

As I have stated previously, my code was written without using bk. Some people expressed some skepticism over that, perhaps because they haven't noticed that bk servers have online protocol help (just type 'help' into a telnet session). I don't think it is unreasonable to assume that this help was intended for people like myself who wished to implement new clients.

I would like to thank all the people who have supported me in the development of this tool by providing useful advice both before, during and after the development of the code. I tried to consult with a wide range of interested parties and the feedback I got was certainly appreciated.

Finally, I would like to point out the obvious fact that Linus was perfectly within his rights to choose bk for the kernel. I personally would not have chosen it, but it was his choice to make, not anyone elses. Linus is now in the unenviable position of changing source code management systems, which is a painful task, particularly when moving away from a system that worked as well as bk did. If you want to help, then help with code not commentary. There have been enough flames over this issue already.

Someone's defending this as a SECURITY feature?

[argent]

One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it.

Client-side security is no security at all.

Security through obscurity is no security at all.