ReactOS Code Audit

reub2000 writes to tell us that in response to talk of "tainted" code within ReactOS Steven Edwards, ReactOS and Wine developer, has called for a complete audit of the entire source tree in addition to procedure and policy changes. From the article: "One final note, this audit of the code is going to take a long time. It could take years, but it will happen, this project will come out better than it was before. I don't believe anything anyone has done while working on this project was really wrong. Every decision has three possibilities, being moral, ethical and or legal. Sometimes the law in itself is unethical and immoral. If people made mistakes and there was a violation of the law, I question the justice of the law and or anyone that would try to prosecute any of the developers who just want the freedom to learn and create a more free system."

Out of context

[Bizzeh]

there is NO microsoft code in reactos... read the article on their site first

Re:Out of context

[LifesABeach]

You know if you think about it, (with respect to the code audit); that when these folks go back and review the code, there's going to be alot of, "Oh Shit! I wrote it that way?" Going on.

Re:Out of context

[Bizzeh]

I know that all too well, when you come to code something the second time around, it always ends up better, because you have the knowledge from the first time

defensive

[milamber3]

I'm all for giving the benefit of a doubt but he's stating that they are going to audit and it sounds like he's already working up a defense for what may be found. Sounds fishy at best.

Re:defensive

[PFI_Optix]

Sounds to me like they're concerned that there *might* be MS code in there, and are simply being transparent about the process of weeding it out. That way, if MS knocks on the door one day with a lawsuit for copyright infringement, they have public documentation that they initiated a voluntary audit of their code long before MS showed up.

I'm not a developer, so I'm curious...is it precedented at all for them to involve MS in this audit? Would it make sense for MS to look at the source code and advise them of any transgressions so they can fix it quickly? IIRC, ReactOS is/was open-source, so it's not like Microsoft couldn't have already downloaded the code independently to look for problems. By inviting them into the audit you at least have your ass somewhat covered, especially if they decline and then turn around and sue later.

Re:Yeah...

[andersbergh]

I think you can run Linux in QEMU under ReactOS, if that counts.

Summary is misleading

[MustardMan]

The summary seems to be implying that leaked windows source is the issue which brought on the audit, when in fact it's a technicality about the law regarding reverse engineering. In a nutshell, in the US you gotta have one person reverse engineer and write documentation, and another write the code. In other countries the same person can do both jobs. The summary makes it sound a lot worse than this.

Re:Summary is misleading

[Elektroschock]

The question is whether it would be easier to fix broken law than to reaudit the code. Reactos has to be present on both fronts.

Re:Summary is misleading

[Schraegstrichpunkt]

In a nutshell, in the US you gotta have one person reverse engineer and write documentation, and another write the code.

My understanding is that you don't actually have to do that, but that it's a heck of a lot easier to successfully argue in court that there was no copying if the person who wrote the code *couldn't* have copied it.

Re:Summary is misleading

[swillden]

in the US you gotta have one person reverse engineer and write documentation, and another write the code.

IANAL, but I have read the law, and I think this is a myth. Using two engineers gives you a way to easily *prove* that no copying was done, but it's not actually necessary. If the owner of the code you're reverse engineering sued you for copyright infringement, it would be their responsibility to prove that you did copy, and that you didn't independently create identical code. Since it would be a civil suit, they would only have to prove this with a "preponderance" of the evidence, but the burden of proof would be on them. If you had used two engineers, then there would be no way they could meet that burden of proof.

In a nutshell: Using two engineers is overkill, but a great way to be absolutely safe. Using only one engineer is legal, but gives the other side a (probably slim) possibility of winning an infringement suit.

Re:Summary is misleading

[eclectro]

The only caveat to the point that you make is that I believe that since the DMCA copyright is a criminal offense instead of a civil one (in the vast majority of cases).

The "clean room' procedure is what enable clone pc's to exist in the first place when compaq cloned the bios with the two engineer method to make their reversing watertight, which it was.

It's nice to try and do that way, but not necessary. I think the big issue for single developers is not so much legally reverse engineering (which is still legal to the chagrin of many ignorant and selfish people) is not so much being right, as having the money to defend themselves in court.

So if you and a buddy "clean room something" that's only half the job. The other half is having money in the bank to cover future possible legal expenses.

I think the lesson we have seen often on slashdot is big corporations "bullying" some little guy who for all intense and purposes is legally right with what they are doing, but the corporation (or their hired suits who need to justify their salary) are the ones who are actually wrong.

Also, I would consider both the DMCA and CTEA immoral laws for a variety of reasons.

Re:Summary is misleading

[Frank+T.+Lofaro+Jr.]

in a nutshell, in the US you gotta have one person reverse engineer and write documentation, and another write the code.

There is no such law.

The advamtage of clean room engineering is that there can be no allegations of it being a derived work because code was duplicated.

Even without clean room engineering, the plaintiff must prove infringement.

Clean room engineering makes infringement impossible, so it reduces the risk of it even getting to trial or past the summary judgement stage (the defense will get granted summary judgement if as a matter of law the facts require finding for the defendant - which will be the case if there wasn't even a possibility of the code being copied).

Re:Summary is misleading

[swillden]

The only caveat to the point that you make is that I believe that since the DMCA copyright is a criminal offense instead of a civil one (in the vast majority of cases).

Perhaps. Criminal penalties apply in three cases:

1. Where the infringement was done for financial gain.
2. Where the retail value of the infringing copies exceeded $1000.
3. Where copy protection mechanisms were circumvented

Those do cover a lot of ground, but in a criminal case the burden of proof increases: The prosecutor has to prove the case "beyond a reasonable doubt". Also, to get the criminal penalties the infringment must be "willfull". All of the civil remedies are still available as well, with their lower standard of proof.

So if you and a buddy "clean room something" that's only half the job. The other half is having money in the bank to cover future possible legal expenses.

The advantage of doing it "clean room", though, is that your potential future legal expenses are much, much lower, because your defense is so simple, and so foolproof. Basically, you're saying "The guy who wrote this code never, ever saw your code, so there's no way he could have copied it."

I would consider both the DMCA and CTEA immoral laws for a variety of reasons.

I just think they're laws that are against the public's interest, and that the public is stupid for not realizing it and doing more about it. I also think the media companies who bought those laws are shooting their own interests in the foot. They've managed to so completely unbalance copyright law that they've removed all moral force from it. With a reasonable copyright law, the average person would see the value to society in obedience to the law, and there would also be plenty of public-domain material to use. As it is, the man on the street thinks "Who owns Shakespeare's writings?" is a legitimate question. Since the man on the street has never seen, and will never see, how something passes out of copyright, he doesn't even realize that this is possible, much less that that's how it's supposed to be. Imagine how different that would be in a world where everything the Beatles made was already in the public domain, and PC-DOS 1.0 was only three years from becoming public.

For those of us who are unaware...

[Shimdaddy]

Just what happened with ReactOS, and why is some of their code "tainted"?

Re:For those of us who are unaware...

[scsirob]

ReactOS is an attempt to build a full Windows clone including kernel and everything. Not just the Win32 API but a full-fledged OS that does not require an underlying OS like Wine on Linux.

It looked very promising to the point where several Windows applications and I was about to start playing with it. Then someone in the core developers group found some suspicious additions of code fragments that did not make sense at all at first but started to work later. These code fragments compile into machine code that is identical to fragments of leaked Windows source code. The developer smelled a rat, jumped the project and now the main guy is calling a halt.

Re:For those of us who are unaware...

[SirTalon42]

"These code fragments compile into machine code that is identical to fragments of leaked Windows source code."

This isn't about the leaked Windows source code, its about possible invalid reverse engineering (i.e. decompiled windows code)

Re:For those of us who are unaware...

[jonwil]

Basicly, what happened is that someone found code (assembler code) in the kernel that looked suspiciously like what you get if you disassemble the same piece of microsoft code (with similar "magic numbers" for stack adjustments and stuff) and cried foul. So now, they are going to audit the code to look for possible suspect code. And they are going to tighten their rules to prevent anything bad from happening in the future.

Acording to what I saw on the mailing list, most of the potentially suspect code is in the kernel and device drivers rather than all the upper level user bits.

Re:For those of us who are unaware...

[vadim_t]

I don't understand, what's the problem?

So, they found code that looks suspiciously like it was decompiled and used that way? Don't they use source control? It's trivial to trace it back to the developers that added it and ban them from further participation.

I would say it sounds like an organization problem though. Why exactly is code that makes no sense getting added? This is easily solved by say, using a post-commit hook in SVN that mails diffs. Post that to the mailing list so that everybody can see and check whether it makes sense or not.

Re:For those of us who are unaware...

[failrate]

One potential danger of Open Source projects is that someone could "contribute" copyright or patented code under the guise of helpfulness, only to set you up to get burned down the line, innit?

Re:For those of us who are unaware...

Just what is google, and how do you "google" something?

Re:For those of us who are unaware...

[nogginthenog]

Microsoft (presumably) use Visual C. I'm guessing that ReactOS uses GCC? If this is the case I think it's highly unlikely that both would produce the same output.

Re:For those of us who are unaware...

[dusik]

I think that's why parent post said the leaked *source code* produced the same output (presumably when both are compiled the with the same compiler and settings).

ReactOS is recommended

[fak3r]

I installed ReactOS from a dev build just before all of this hit and I was amazed. It's a great piece of software, and would offer some the ability to keep running Windows apps even if they didn't want to fall for the upgrade cycle that MS perpetuates. I want to try to install the new IE 7 Beta 2 and see if the new DoS attack against it works! Hehe

Re:ReactOS is recommended

[andersbergh]

I doubt IE7 will run in ReactOS, but feel free to try.

Re:ReactOS is recommended

[EvilMonkeySlayer]

Yep, ReactOS is aiming for NT 4 (I assume SP6, since they did change the driver architecture from what.. SP3? I think it was specifically to do with video drivers and moving it into kernel space or something..) compatibility.

I believe ReactOS are hoping for the ability to use NT 4 drivers as well, which is a good idea.. but considering that a lot of newer hardware manufacturers are no longer making NT4 drivers might be problematic.

In order to get IE 7 installed, first you'd need to get around the genuine advantage check.. then you'd need to (probably) report the OS as NT 5.1 with SP2 installed to the program. Plus, they'd also need to implement a lot of the NT 5.1 SP2 changes to ReactOS/WINE codebase.

Note: I haven't read much from the ReactOS site recently, so I may be wrong partly.

Re:ReactOS is recommended

[SirTalon42]

ReactOS is also aiming at compatibility with NT 5.x (aka 2000, XP and 2k3) and eventually NT 6.x (aka vista). User space compatibility with 9x should mostly be a by product of NT support.

Re:ReactOS is recommended

[Orion+Blastar]

Ironic that WINE is mostly a recreation of the Win9X APIS, and was not intended to be a NT/2000/XP environment. I've used WINE and found it to be more in lines with WIN9X when I needed NT/2000/XP support.

Why run IE 7.0, why not make ReactOS work with Firefox 1.5 instead? I would think that Firefox is easier to make it work with ReactOS as both are OSS projects and access to the Firefox source code can help them make a ReactOS version of Firefox, possibly Thunderbird.

I mean why try to get commercial MS-Windows software working with ReactOS when there are easier ways to get OSS software working with it? The only commercial software that ReactOS need bother with are the Windows and DOS based games, for the Gameheads that want a Windows type OS that can play their latest games. Which means you need to implement the DirectX, allow software security drivers and DLLs to install so copy protected games will work, and provide some sort of Windows driver model based on more than just NT (perhaps 2000 and XP driver models) or just use Linux drivers and have that interface with the DirectX API calls. By the time you get the commercial games working, chances are a lot of other commercial software will work as well. Yet it seems to make better sense to start on the OSS conversions to at least get a good user base of ReactOS users, before the money can be invested for making commercial software work.

Remember the whole goal of ReactOS is to provide a Windows alternative that can run Windows software.

Re:ReactOS is recommended

[assassinator42]

I hated it, although I've only tried it on MS Virtual Machine. First, it srashed right at boot. Then, after reinstalling, it actually booted, but the graphics were messed up, and it BSOD'd a whole lot.

Re:ReactOS is recommended

[nacturation]

I hated it, although I've only tried it on MS Virtual Machine. First, it srashed right at boot. Then, after reinstalling, it actually booted, but the graphics were messed up, and it BSOD'd a whole lot.

So what you're saying is that it's working quite a lot like Windows already?

Re:ReactOS is recommended

So it was basically just like windows, after all.

Re:ReactOS is recommended

[dwandy]

Then, after reinstalling, it actually booted, but the graphics were messed up, and it BSOD'd a whole lot.

It's amazing, the level to which they've already reproduced the original. I call copyright infrigement - no way they'd get so close so fast on their own.

Re:ReactOS is recommended

[andersbergh]

I think Firefox runs quite well in ReactOS actually. I've seen screenshots of it running.

Re:ReactOS is recommended

[Orion+Blastar]

Version 1.5? If so, it appears they did a good advancement since I last used ReactOS. I will try to download a new copy of it, if they put it back at SourceForge. Right now, it appears that all of their ISOs are no longer for download.

If ReactOS good enough for the average person to use to web surf and use email using Firefox 1.5 and Thunderbird 1.5 yet with some limited Windows applications other than OSS software?

At least it is not Freedows, anyone remember that vaporware?

Let us hope Microsoft does not sue ReactOS like they did Lindows aka Linspire.

Re:ReactOS is recommended

[andersbergh]

I don't know specifically about 1.5, but there's one thing I know for sure: ReactOS is NOT ready for the average person.

Source code was copied

[McGiraf]

ReactOS took source code from MS ... ;)

Re:Source code was copied

[Pantero+Blanco]

More like "convoluted laws on reverse engineering are interfering with the project".

I'm sure other people have copies of the source code, though, so development may continue to some extent during the audit.

Re:Source code was copied

Did you miss the joke, reply seriously knowing it was a joke, or just miss the original post since it's been modded into oblivion?

Re:Source code was copied

[McGiraf]

Is ;) a word that is too long for you? Read the parent of my post, it is a joke.

And if you want to insult people don't do it anonymously, coward.

Re:Source code was copied

Because he was posting as Anonymous Coward, he probably had his threshold set too high to see the original post, which has been moderated down to -1 for some reason, and kneejerked.

Re:Source code was copied

;) isn't really a word.
</pedantry>

Re:Yeah...

[fak3r]

Yep, this is what I did, run a ReactOS dev version under a bundled QEMU downloaded from their site; and it functions allot like a VMware session running Windows (without the annoying icons ;)). I haven't had time to try to install Office or IE, but that would be a coup since some websites still rely on IE. Since we only run Linux/OS X/Freebsd at home, having IE ability without an MS OS would rock.

Ethical vs. Moral?

[ThePyro]

Erm... can someone give me an example of a decision that would be moral but not ethical, or vice versa? The distinction between the two seems a little blurry to me.

Re:Ethical vs. Moral?

[PFI_Optix]

Moral: Of or concerned with the judgment of the goodness or badness of human action and character

Ethical: Being in accordance with the accepted principles of right and wrong that govern the conduct of a profession.

Basically, one can be ethical without being moral. For more information, see: Lawyers.

I can't think of a way to be ethical without being moral, though. In any case, the easiest way I can put it is that morals are subjective to a person, ethics are subjective to a group of persons.

Re:Ethical vs. Moral?

The literal difference is that ethics are community based guidelines (i.e. agreed upon by society or community, though not necessarily law) while morals are individual guidelines (i.e. what you would do personally).

Example:

Killing a doctor performing abortions may be moral in your mind since under your morality he's forfeited his life by murdering fetii, but it's unethical since the community you're in looks down on it.

Re:Ethical vs. Moral?

[Per+Wigren]

Moral but not ethical: "You may not work on this project if you like anal sex."

(yes, this is a joke but unfortunatly most people seem to mix up "moral" with "christian/puritanian fucked up double standard bigot moral". The best thing with moral is that you can have your own. There is no Real Moral(tm).)

Re:Ethical vs. Moral?

[TekPolitik]

the easiest way I can put it is that morals are subjective to a person, ethics are subjective to a group of persons

Not quite. Morals are standards of conduct that do not require objective justification - they may, for instance, claim to be handed down by a deity. Ethics are standards of conduct that are based on objective justifications (although it is not necessary that the objective justification be incapable of being disputed).

That is not to say that particular standards of conduct in a system of morals are incapable of objective justification - merely that objective justification is seen as unnecessary for "moral" standards. The standard "just is".

It is entirely possible for it to be impossible to comply with both a moral standard and an ethical one at the same time.

Re:Ethical vs. Moral?

[Maxo-Texas]

If you lie to protect innocents from harm, you are probably being moral but unethical.

If you tell the truth (because you always tell the truth) and a bunch of innocent people are killed or tortured, then you are probably being ethical but immoral.

Defense Lawyers seem like a pretty good example. They ethically must defend people they may believe are guilty. If they defend poorly on purpose, they are being unethical. I believe (IANAL) that the prosecution must reveal all evidence to the defense but the defense is not required to reveal evidence that would prove guilt if they discover it. I think it would be unethical for them to reveal proof of guilt (and they might be disbarred for doing so) and I also believe it would be immoral for them to do just that.

Since the area of ethics is sometimes called moral philosophy they are pretty entwined.

Morals are often tied with sex. If you have 5 partners who all know about each other, you may be viewed as ethical but immoral.

Both morality and ethics are intimately tied to culture. Some acts which are immoral in one culture are moral in others.

Re:Ethical vs. Moral?

[oscartheduck]

A police officer stealing medicine he cannot afford to give to his dying wife and save her life would be morally correct but would be behaving non-ethically.

Re:Ethical vs. Moral?

fetus. es.
fetuses.
Not fetii.

There is only ONE word in common usage that pluralizes with 'ii' at the end: Radius - Radii.

Cactii - not a word.
Virii - not a word.
Fetii - not a word.

Cacti, at least, is a word. -us becomes -i. Just like in radius as radi-us becomes radi-i. A Cactius might be pluralized as Cactii. However there is no such thing as a Cactius, only a Cactus.

Re:Ethical vs. Moral?

[Lord+Kano]

Morality varies from individual to individual, ethics are codified.

For example, when the PS2 launched people were selling "Playstation 2 box"es on Ebay and they knew that some buyers would assume that the PS2 actually came in the box. So a few peope paid $500+ dollars for empty playstation 2 boxes. They listed them accurately so according to Ebay's rules what they did was ethical, but I still say it was amoral.

LK

Re:Ethical vs. Moral?

[Zardus]

Decisions in programming can be Ethical, Moral, or Legal. Choose any two.

Re:Ethical vs. Moral?

[Not_Wiggins]

I can't think of a way to be ethical without being moral, though. In any case, the easiest way I can put it is that morals are subjective to a person, ethics are subjective to a group of persons.

You meant to say "being moral without being ethical."

IANAL, but an example would be if a lawyer breaks client-attorney privilege by reporting a confession the client had made in private to the police or state's attorney. While this information might not be admissible in court and the lawyer would potentially face losing his license, it would be a demonstration of motivation based on moral (and not ethical) reasons.

Re:Ethical vs. Moral?

Fun, though.

Re:Ethical vs. Moral?

a Doctor can legally and ethically perform an abortion, but not morally if he's a catholic.

Re:Ethical vs. Moral?

Except that stealing stuff increases its price, thus killing more people in his situation.

The fact is that every action we take has positive and negative consequences which we aren't remotely capable of evaluating.

p.s. I vote for the morals=religion ethics=reason distinction, though I don't know what's "official". So by my definitions ethics are the impossible ones.

Re:Ethical vs. Moral?

[TubeSteak]

I'll take Legal and Ethical.

What do morals have to do with this?

Re:Ethical vs. Moral?

What, an anti-Christian joke on Slashdot? I'm so surprised that the most hated group on Slashdot--Christians--is the butt of constant off-topic jokes and stereotype ridicule!

If it was a poke at atheists or secularists, you'd be -1 by now.

Re:Ethical vs. Moral?

[Cobralisk]

In my understanding, along with some philosophy I've read, there is a Real Moral. In every situation for which a moral judgement is appropriate, there is a Right Thing to do. However, the responsibility of judging this Right Thing lies with the person taking the action in question, since no other person has moral authority over any other person. This is the essense of being a free thinking individual. No person can prioritize your values for you, but they can judge you wrong and punish you for it (possibly unjustly). It is possible to make a bad moral judgement, even with good intentions, and it is well-developed wisdom that allows us to make better moral choices. Of course if you are a Nihilist this doesn't really apply to you anyway, so burn in your personal hell of nothingness.

Re:Ethical vs. Moral?

[Kent+Simon]

is the butt of constan...t
If it was a poke at atheists...
pun intended?

Re:Ethical vs. Moral?

[Bazzalisk]

If you are an employee of an education establlishment then sleeping with a fully consenting adult member of the student body whom you yourself have little or no professional contact with might be considered moral but unethical.

Re:Ethical vs. Moral?

[Rocketship+Underpant]

"The best thing with moral is that you can have your own. There is no Real Moral(tm)"

That's a tough argument to win. Can I kill you and take your stuff, so long as I decide it's allowed by "my own" moral system?

It's much easier to defend the idea that morality is absolute, starting with axiomatic principles like human self-ownership. It's all about how we respect the essential rights of our fellow humans. In fact, you can't even defend the idea of subjective morality effectively without this axiom.

Re:Ethical vs. Moral?

[John+Nowak]

That's a tough argument to win. Can I kill you and take your stuff, so long as I decide it's allowed by "my own" moral system?

What you can and can't do isn't decided by what you consider moral. It is decided by what everyone else considers moral. If I were gay and thought it was morally acceptable for me to get married... well... that doesn't mean I can.

Re:Ethical vs. Moral?

[PFI_Optix]

I stand corrected.

There are a lot of things that are ethically permissible that most people would find immoral. I was having trouble coming up with a scenario in which the reverse was true.

Personally, that situation doesn't present a conflict for me. I believe that something told in confidence should remain in confidence so long as another person is not presently endangered by that information. But I can see how someone would consider it a moral obligation to report the confession.

Re:Ethical vs. Moral?

[Per+Wigren]

What, an anti-Christian joke on Slashdot? I'm so surprised that the most hated group on Slashdot--Christians--is the butt of constant off-topic jokes and stereotype ridicule!

If it makes you feel better I can say that I think that most other religions have even worse morals. :)
And of course this wasn't a stab at any individual christian but rather a stab at those who In My Humble Opinion DO have fucked up double standard bigot morals, and they are too many to ignore...

To make you feel even better I also think that atheism often is bigotry. I'm a convinced agnostic. :) I may be a believer (in that there is something more) but I think that all organized religion is a scam and too often leads to bigotry and brainwash.

Re:Ethical vs. Moral?

[ltbarcly]

Moral == Ethical

THERE IS NO DIFFERENCE

This is the first thing you are told in philosophy of ethics. They are interchangeable terms.

Now, you might personally think these words have a different sense, but what things feel like to you isn't evidence. If something is ethical it is moral, and if it is immoral it is unethical.

There are differing systems of morals and differing systems of ethics. By calling one system a 'moral' system and another an 'ethical' system you can produce seeming contridictions. But the contradictions are between the competing systems, each of which is a system of morals and a system of ethics, since every system of morals is a system of ethics.

Example of a parallel argument to yours: There is a difference between things that taste good and things which are tasty. Nachos are tasty to people in America, but in Japan people think nachos don't taste good. Therefore there is a difference between tasty and tastes good, since nachos can be tasty and not taste good at the same time.

The above is ridiculous, and so is your assertion once you realize what you are really claiming.

Re:Ethical vs. Moral?

[dusik]

Maybe someone died because of this post. The horror!

Re:Ethical vs. Moral?

[dusik]

Indeed, eBay is still littered with auctions for "information on how to get ", where 99% of the content is the specs to make the potential bidder salivate, and somewhere in there is the hidden text saying you're not bidding on the actual item.

Re:Ethical vs. Moral?

[sorak]

Erm... can someone give me an example of a decision that would be moral but not ethical, or vice versa? The distinction between the two seems a little blurry to me.

Hopefully, this is a concise definition.

Since morality is something that people have been trying to define since the dawn of time, it would be presumptuous for an association made up of pharmacists, or programmers, or lawyers, or butchers to say "we are the ultimate authority on what is moral".

But, on the other hand, I have heard some preachers say some crazy things in my life. Many of them have defined morality as "the strictest adherence to __my__ faith", with the keyword being my, as in "not yours". In many cases these people have defined things that I would consider to be morally reprehensible as morality, as in the case of those who have used the bible to justify bigotry against blacks, jews, catholics, and homosexuals, for one example.

So, the point is that ethics describe a code of professional behavior, often followed by people who are not dishonest.

Possible examples:

• A doctor who performs life-saving surgery on a serial killer
• A lawyer who defends a terrorist because he believes that everyone is entitled to a fair trial
• A pharmacist who refuses to fill birth control prescriptions because it's against his religion (you might argue this is a case of moral but unethical)

Re:Ethical vs. Moral?

[CableModemSniper]

Moral == Ethical

THERE IS NO DIFFERENCE

This is the first thing you are told in philosophy of ethics. They are interchangeable terms.

Ok, but what are you told in philosphy of morals?

Re:Ethical vs. Moral?

[ltbarcly]

You waited like a week to post this? Nobody will ever see it but me!

Re:Yeah...

[andersbergh]

I'm running IE6 in Wine at the moment, you should try it aswell if you already haven't.

my take

[loserhead]

from my perspective, this can only be good for reactOS. if they use the US method for reverse-engineering, they can still understand the concepts and apply them in original code.

step 1. audit code
step 2. redo any code that is in dispute
step 3. package and sell your product
step 4. PROFIT!!

Re:my take

[akhomerun]

how exactly can you profit on open source again?

Re:my take

[Reducer2001]

By selling support! See IBM, Novell, Red Hat, etc.

Re:my take

[crazyjimmy]

step 1. audit code
step 2. redo any code that is in dispute
step 3. package and sell your product
step 4. PROFIT!!

Wait, where's the ???

--Jimmy
I have no sig.

No way would MSFT participate

[Mr+44]

Anyone at microsoft who looked at their source code would be considered "tainted" and could never work on any microsoft operating system. (otherwise microsoft could be accused of copying their source). Something similar happened with their Java engine and developers who had seen the licensed Sun code.

Re:No way would MSFT participate

[Reverend528]

Good thing microsoft is a small company and couldn't possibly afford to hire some sort of third-party consultant to read the reactos source code and compare it to the windows source code.

Re:No way would MSFT participate

SCO is too busy talking up bullshit about Linux.

Re:No way would MSFT participate

[MartinG]

Just like anyone who has read Harry Potter is no longer allowed to write stories about wizards.

Re:No way would MSFT participate

[Tweekster]

the whole concept of "If i look at this code i am tainted is bullllshit...as in never been proven to exist"

if i reada book am i tainted from writing one...

the only people who repeat that lie are just trying to scare everyone else.

taint

Come on people, 20 posts and no taint jokes?? I'm disappointed.

Re:taint

[AnXa]

This is not subject to make fun of. ReactOS is one of the best "free software" collections that you can have from internet which also run windows programs just like that.

Re:taint

The guy wrote this on his website.

"It is our point of view that the source code leaks of Windows
have been spread to a broad enough audience that it would be
impossible to claim the product is still under Trade Secrecy"

How can these bit bangers form legal "points of view" over someting so serious? Did they grow law degrees in their sleep or something? This game is for keeps and unless these geniuses took out insurance to cover their operations before this happened, these guys are LIKELY going to have to shutdown their involvement with ReactOS and Wine and agree not to ever own or access a Windows computer (or any other Microsoft product). That's ontop of turning over everything they own of value and giving a % of their income for the rest of their natural life (or until they win the lottery). It's bad enough they are pissing-off Microsoft by trying to build an open-source clone of Windows, but to declare their stolen code to no longer be a Trade Secret ontop of it, oh man.. Stick a fork in them, they are done.

Re:taint

[Eli+Gottlieb]

I don't mean to troll, but exactly why is copying a mediocre operating system like Windoze "one of the best free software collections that you can have from [the] internet"?

Perhaps this is my bias towards 100% original operating systems kicking in. That, and the fact that I've been running my machine on nothing but Linux for the past several years and never saw any need to emulate Windoze.

Re:taint

[Laur]

Perhaps this is my bias towards 100% original operating systems kicking in. That, and the fact that I've been running my machine on nothing but Linux for the past several years and never saw any need to emulate Windoze.

Uh, you do realize that Linux is just a clone of Unix, right? The ReactOS guys are trying to do the exact same thing with Windows, the situation is entirely analogous.

Re:taint

[Eli+Gottlieb]

The point about Linux was that I don't see why we need to clone Windoze, when we have another (just as original, sigh...) OS that works just fine.

When my hobby OS does something useful, I'll make sure to tell everyone.

Re:taint

Except that one of them's worth copying ...

Re:taint

[Luctius]

Yep, and we don't need Linux because we've got minix....

Re:taint

[eatjello]

Games, my friend. It is the only reason to run windows.

Re:taint

Although I respect and indeed are impressed by the effort going into creating an M$ free windows like operating system... me .02cent think this a _complete_ waste of time. Do we need another MS XP? Think not, MS will forever be better to do that.

The OSS community needs to refine, enhance, polish and create a better, more stable grand looking über linux OS that everyone from the diehard hacker to uncle tom would like to use becaus it is better. Looks better, more easy to use, with a wealth of device-drivers ec. I can take the hassle of knowing what the print command looks like this week in your (insert favourite distribution here) but the majority can not. Time and effort should better be used at the truly free GNU/linux os.

Re:taint

[dusik]

Which part of GNU's Not Unix do you not understand? ;)

Re:taint

[dusik]

Oh, copying Windows is nothing profound. Try it with any CD burner :)

The painstaking reimplementation of the Win32 API (for Wine and ReactOS) and a clone of the kernel (ReactOS) is unfortunately needed because so many programmers felt the need to go and write code that only works on said platform. Since most programmers cannot be bothered to write anywhere near-portable code, some talented people find that it may be worth their time to write an entire OS just to keep those programmes running happily for years to come, after MS stops supporting these old interfaces they created.

Microsoft decides for us when we don't really need those old programmes anymore, and when we need to upgrade.

Re:taint

[Eli+Gottlieb]

Take it from a guy writing his own operating system: truly OS-portable code is hard to find on any platform.

Re:taint

[dusik]

Certainly.

But writing your software in Visual Basic, for example, means you're not even trying.

Re:taint

[AnXa]

Just in case if you don't know. I assume that you have some kind of knowlege what is reverse engineering and what it means to have GPLed windows a like operating system.

Linux is not acctually unix. It's a unix-a-like operating system. People working with it have done it from scratch and used a lot of time to make it work. They have used the documentation available to make it compatible with unix standards and so on.

Now think about this. ReactOS is that kind of Operating system but it is trying to be windows compatible and windows-a-like instead of unix. It has took a one heck of more time to make it barely to work. It's reverse engineered and since there are no much documentation available of windows and it's fuctions. It has been one hell of a job to make it run software like Office and games such as Unreal Tournament.

This is a big archievement from the ReactOS people. It's in common knowlege for the people who have been following Windows beta news in net that when Blackcomp aka Vieanna hits the streets maybe 2010 or later it won't be running programs made for windowsxp and earlier because of the security issues related to those programs. Windows Vieanna is going to support only vista programs which are using new libraries and classes.

ReactOS is going to have lots of people using it to run older windows software if this really is true since I don't know for sure.

What happens when you have a split personality?

[jd]

Or those with Zaphod Beeblebrox' problem? Are they one or two engineers, under US law?

Re:What happens when you have a split personality?

[sorak]

Or those with Zaphod Beeblebrox' problem? Are they one or two engineers, under US law?

It depends...They have to buy two copies of windows, four copies of every music CD (one for each ear), and neither head can read out loud.

But, they still only get one paycheck, and, since one head is Jewish, neither head gets to stay home on Christmas or Chaunakah

ReactOS; we hardly knew you

[RLiegh]

This audit will take YEARS, according to their statement. I think that's optimistic, myself; by the time that they clean-room implement the code they have to audit out, no one will be interested in working on it AND it will be unusable due to MS's Software Patents.

It's a shame; ReactOS came so far, and got so close (networking was almost ready) and now it's DOA.

It will be missed.

Re:ReactOS; we hardly knew you

[starseeker]

Depends on how they do it. IANAL, but these are the obvious first steps that occur to me:

Step #1 should be to get a copy of the source tree from before the Windows code was leaked. Code that has stayed the same since then isn't a problem, at least not for the reasons that are worrying them now.

Step #2 assign a name to each change. Some developers will be able to assert they have never seen Windows code. Those changes are also OK.

Step #3 for developers who cannot assert they have never seen the Windows code, someone will have to check their code against the relevant Windows code, figure out what the "standard" needs to be (how exactly DOES one idenfity when code is too similar? I mean, cut and paste is obvious, but there are more subtle concerns. If the contributions are sufficiently small that they can be redone without too much trouble, that's probably the easiest scenario.

Of course, that doesn't clear ReactOS from the threats of patent infringement or even a "lawsuit without merit", but they will be on pretty much the same footing as the other free OS projects. Given the legal system in the US and the fact ReactOS has no revenue stream, they don't actually have to do anything wrong to get crushed by the legal system's price tag. But it will at least be a show of good faith.

Years?

[Bizzeh]

I think that was taken out of context too, unless it means dog years

Article

Here is an article which explains it.

Re:Article

[uucp2]

Hey! Don't try to trick him to RTFA!

Defensive? Yes. Guilty? I doubt it.

[Spy+der+Mann]

I'm sure that some MS troll would be delighted to say there is MS code in ReactOS. So, what would the devs do? Just ignore the problem and face a lawsuit later? Or address the issue ASAP?

Release it from another country

[erikdalen]

Why not just release it from a country with saner ip laws that allow reverse-enigineering made by a single person? /Erik

Re:Release it from another country

[RLiegh]

There are no other countries which have "saner ip" laws, any country which has a functional internet/computing infrastructure also either has the same IP laws, or has contractual obligations to the US to follow the US trade/IP laws.

In short, there's no where to hide.

Re:Release it from another country

[erikdalen]

did you read the article?

For us in the US when you speak of clean-room reverse engineering it means that one person tears apart the implementation of a device, writes documentation and another reads that documentation and implements. Other countries do not require this invisible great wall of development and allow the same person that disassembles the interface to also write the replacement implementation.

If it's legal to do so in those countries, then it's legal to release it in them as well.

/Erik

Re:Release it from another country

[mrraven]

You wouldn't have an agenda to push Open Solaris now would you? Hmmmm..

Re:Release it from another country

[RLiegh]

>You wouldn't have an agenda to push Open Solaris now would you?

Open Solaris has what to do with ReactOS, apart from the fact they are both Free operating systems?

Re:Release it from another country

[mrraven]

Since you mention Open Solaris in your sig perhaps you have a vested interest in a competing operating system not being licsensed in the U.S.? Perhaps you are a Sun employee or investor? Could be... Or perhaps it's just even an unconscious bias but it's rather curious that you dismiss React OS. being able to be licensed despite what TFA said.

Re:Release it from another country

[lasindi]

Why not just release it from a country with saner ip laws that allow reverse-enigineering made by a single person?

Because then people from other countries can't use it. In fact, it makes sense to have the work done according to the most "strict" reverse-engineering rules.

Re:Release it from another country

[RLiegh]

Any number of things could be, however the fact remains that ReactOS has a small development community (which recent developments has made even smaller) and they have had to rip out large parts of their kernel code; both of these facts are known to anyone who follows the ReactOS forum.

It's a matter of numbers versus complexity - the job ahead of the straggling members is doable, given enough time (it will take considerable time, however); but in that time it's almost inevitable that ReactOS will join the many abandoned projects littering SourceForge.

Finally, since you mention my sig, allow me to comment that because of Sun's 20 years of professional experience, this sort of IP fiasco would be almost impossible to occure with Open Solaris. This is in large part because Sun has the experience in utilising methodologies that account for a variety of scenerios -including IP theft- and policies are in place to circumnavigate legal confusions such as the ones facing the the tenacious but inexperienced hobbyists of the ReactOS project.

Re:Release it from another country

[lasindi]

Why not just release it from a country with saner ip laws that allow reverse-enigineering made by a single person?

I should have also mentioned in my previous reply that there is some reasonable logic for the US rules about reverse-engineering. In the US, the reverse-engineer has to examine whatever is being reverse-engineered and then write documentation on how they think it works. Then, a "clean" engineer has to try to implement a system based on the documentation. The reason for this is that if the same person who is writing the documentation gets to write the implementation, that person is very tempted to simply copy directly from the original implementation, which would be a violation of copyright law. The separation eliminates this temptation, thereby keeping the reverse-engineered copy (hopefully) free of copyright conflicts.

Re:Release it from another country

[eclectro]

There is no law in the US that does not allow a single person to reverse engineer something.

What is against the law is copying the code line by line into your own creation.

I think it might be argued that it would be "fair use" if a small portion of code was used to achieve certain functionality. But because the vast majority of the citizenship is stupid and worships at the ivory tower of copyright, I would not trust a jury to see it this way.

Companies have tried to extend patents by copyrighting the way a device looks (and hence its functionality) to try and gain the ridiculous protection that copyright law currently offers (or they will try the samething with trademarks). Thankfully there is established case law and a couple of judges on the bench who have repeatedly thrown out such attempts.

Many companies "do not get it" (and neither do legislators). It either needs to be protected by a copyright, patent or trademark. Not both a copyright and simultaneously a patent (and then later when the patent runs out - a trademark - like what happened with those little square juiceboxes - the maker tried to trademark the "look" after the patent expired). If it's a device - it gets a patent. Name for the device - a trademark. Something that is written - copyright.

It truly is unfortunate that patent and copyright protection has been afforded to software simultaneously. This and other outrageous practices such as EULAs show that the software industry has gotten away without accountability for way too long.

While I'm ranting, software makers need to be held accountable for software that is continuosly not secure (i.g. Windows). Like rolling bugfixes into the next upgrade to force users to get on the upgrade mill or be hacked. This needs to stop, and people need to stop selling and buying crapware from people that will let adware, trojans, spyware or whoever is in Romania to have root with a users computer.

Penalties need to be harsh. And Sony, for your underhanded attempt at rootkitting everybody, you need to face a financial penalty that stings - like a $100 check to everyone that has one of those CDs, which is what a local computer tech would charge to do a windows re-install.

Re:Release it from another country

because of Sun's 20 years of professional experience, this sort of IP fiasco would be almost impossible to occure with Open Solaris. This is in large part because Sun has the experience in utilising methodologies that account for a variety of scenerios -including IP theft- and policies are in place to circumnavigate legal confusions such as the ones facing the the tenacious but inexperienced hobbyists of the ReactOS project.

Like the policy that enabled Sun to pay off SCO, thereby helping fund the War on Freedom? Thanks, but I'll take my chances with the hobbyists - at least the hobbyists haven't bent over and taken it up the ass from the IP terrorists yet.

Re:Release it from another country

[kimvette]

Parent should be modded up because so many people here are implying that a EULA can prevent reverse engineering (aside from commie states like People's Republik of Kalifornia it can't), that you HAVE to use two people to reverse engineer (you might in individual states but generally you don't), etc.

Also: some functions are BOUND to be identical. If you have a memory manager that reallocates say, strings one byte at a time (which is far more expensive than allocating say, 1K at a time due to the required context switches in Windows), what is the likelihood that such an implementation in Windows, ReactOS, BSD, or Linux would have very different code? Aside from comments and formatting, such an obvious implementation would likely be identical. Some would consider that a copyright infringement, but it would be like having a redneck using the phrase "that there is hogwash" in a book, and alledging copyright infringement when another book from another author uses the same phrase in a similar context.

Re:Release it from another country

[RLiegh]

>Like the policy that enabled Sun to settle ownership issues with SCO, thereby enabling them to make Solaris Freely available?

Fixed your post, you're welcome.

Re:Release it from another country

[sorak]

or us in the US when you speak of clean-room reverse engineering it means that one person tears apart the implementation of a device, writes documentation and another reads that documentation and implements. Other countries do not require this invisible great wall of development and allow the same person that disassembles the interface to also write the replacement implementation.

If it's legal to do so in those countries, then it's legal to release it in them as well.

Three problems with that...

• If the project leader lives in the U.S., then it would be incredibly impractical for him to move to some foreign country, which he would have to do, if he wishes to avoid U.S. IP laws.
• Even if he did move to some other country, REACTOS still would be illegal for U.S. use. Why devote years of your life to something that is no more legal than a hacked copy of XP that you just leeched off a p2p network? (also, one of the reasons for not using Windows is often the use of second-hand PCs donated to schools and non-profits; if the person didn't donate a certificate of authenticity, you can't legally use the OS)

• From what I've heard, this is a case in which someone used a dissassembler to decompile windows, and then submitted the decompiled code without making a single change or even bothering to learn what the code did.

  Anyway, this guy seems a little idealistic. He said something to the effect that it would be unfair (I think he said "injustice") to prosecute someone over this (as if fairness plays a part in IP law...). To me, this implies that he may not be as cynical as the rest of us.

  Don't get me wrong...Honesty is something to admire in a person, but the point is that he may follow the U.S. standard because he agrees that whatever happened is wrong.

  I personally believe that the only way to reverse engineer someone's product without stealing the code is to have as little exposure to the source code as possible, which is what the US laws enforce.

Re:Release it from another country

[mrraven]

p.s. Never underestimate what a "tenacious and inexperienced hobbyist" can do. Linus Torvalds was just such a person who wanted a Unix like operating system for his 386, the rest is as they say history. Put that in your .000001% market share Solaris pipe and smoke it.

Re:Release it from another country

[RLiegh]

>Linus Torvalds was just such a person who wanted a Unix like operating system for his 386,

And his cavilier attitude towards code accountability has led to the SCO fiasco, which nearly put an end to genuine Free (as in speech) software. Put THAT in your DRM-chmod'ed kernel and run it.

Re:Release it from another country

[mrraven]

Obviously kowtowing to lawyers is more important to you than how the operating system actually performs. It is just this sort of obsequious bowing to lawyers that is one of the biggest problems in the world today. Without i.p. lawyers throwing up roadblocks many more "tenacious hobbyists" would be producing free software for all of us to enjoy. Do gcc, firefox, gnome, ring a bell? It seems you are secretly sympathetic to the SCO lawyers as they give Solaris an ARTIFICIAL leg up on "tenacious hobbyists" such as RMS, who gave us the free software concept in the first place, and the tool (gcc) to compile that free software.

Note I do actually believe that is a place in the world for many different sorts of software licenses, for example I'm running OS X on the desktop and Ubuntu/Apache for my web server for http://treefunk.net/forum

What I object to is your sly underhanded dissing of React OS, Linux, and "tenacious hobbyists" not on the basis on technical merit, but on the basis of how well they can fend off lawyers. Surely we can do better than to fall back on arbitrary authority when technical performance is a better reason to accept or reject an operating system?

Re:Release it from another country

[RLiegh]

To call RMS a 'hobbyist' is an insult beyond reproach. Perhaps you should do some research on him and his accomplishments in the [b]Professional[/b] world (EMACS springs to mind). Yes, he rants, froths and has long hair; but his background is wholly, solidly credible.

The ability to avoid evitable litagation -something that your hero RMS spends considerable time, energy and thought into- is a reflection of how much planning and attention to detail goes into a project.

I realise that linux losers hate to "kowtow" to any kind of structure or authority, but it has been proven time and time again that projects which adhere to professional, time-tested organisational methodologies produce software which is more dependable and of generally higher quality.

By adhering to a consistent and professional form of managing resources they are free to focus on technical breakthroughs (such as NetBSD being the first free OS to provide USB support, FreeBSD's implementation of the Jail concept and Open Solaris' extending that into their zones feature) while projects comprised of mere rabble are wasting years doing code audits (ReactOS) or going hat in hand to major corporations such as IBM to clean up after their legal entanglements.

In short, if you lack the ability to plan in detail enough to take litigation into consideration, it's more likely than not you lack the ability to produce software which can match the quality of that put out by people who actually earn their bread and butter by programming.

wine

[jlebrech]

More wine developers for us.

If they all shift to wine coding in the mean time, im sure their will be great benefits.

Re:wine

The code was already crossing back and forth

How do you tell the difference?

[dduardo]

Are they going to get a copy of the Windows source code and compare it to ReactOS? How does someone actually go about auditing code that was submitted by many people around the world?

Re:How do you tell the difference?

[RLiegh]

> Are they going to get a copy of the Windows source code and compare it to ReactOS?

Yes. We're talking Microsoft here. You seem to be new here so let me explain a couple of things to you. Number one, we're talking about a project which is seeking to re-create Microsoft's crown jewels -its' windows monopoly. This is the same microsoft which has in the past compared the GPL to communism. Oh, did I mention that ReactOS would be reproducing MS's bread-and-butter and giving it away under the GPL?

Only a fool would assume that MS wouldn't go over ReactOS with a fine-tooth comb; executables, source code and hell, as I mentioned earlier, probably interface and methodology patents as well!

Re:How do you tell the difference?

[SirTalon42]

Microsoft has absolutely nothing to do with this code audit. It all was started because a developer started questioning the validity of some of the code so they temporarily closed down everything on the ReactOS site while the devs discussed what to do, so they decided that the safest thing they could do would be a complete code audit.

Re:How do you tell the difference?

[Kadin2048]

Huh?

Nobody at Microsoft would touch the ReactOS source code with an eight-foot pole. It would too easily produce the reverse situation -- if a person who had at some point seen the ReactOS code worked on Windows, then Microsoft would be open to accusations that they had stolen GPL code, and would have to do a code audit of their own to prevent it. (As well as probably behead all the people responsible.)

Sure, if MS was really interested, they could hire some outside agent to audit the ReactOS code and compare it to the Windows code, but that would cost a lot of money, and you can bet Microsoft isn't going to pay for it. They'd rather undercut ReactOS' audit if anything, that way they can make vague threats later to anyone who might think about using ReactOS about lawsuits -- pull a page from the SCO "FUD Playbook," if you will.

This story is about an entirely internal issue to the ReactOS project team. Somehow, they discovered some code that someone thought was suspect (how they would know this isn't entirely clear) and now they're doing a code audit, and reviewing reverse engineering practices to make sure everyone is in compliance with US intellectual property laws. In the future, anyone who doesn't agree to follow the stricter practices (and put this in writing) won't be allowed to make major contributions to the project.

Re:How do you tell the difference?

[aminorex]

Indeed, this is a brilliant idea for a mole in Microsoft to employ, to force Microsoft to open their source code: Insert GPL component in the core OS; wait until the next version ships; emit a press release documenting irrefutably that Microsoft has released a product derived from GPL code, which is therefore subject to the terms of the GPL. At this point, there's no way they are going to withdraw a product installed on millions of systems, at a cost of billions of dollars, so they are obligated under law to release the source code for the system.

Re:How do you tell the difference?

[sorak]

Are they going to get a copy of the Windows source code and compare it to ReactOS? How does someone actually go about auditing code that was submitted by many people around the world?

They originally had two hints that tipped them off that there was a problem in the first place

• Code that made no sense. It existed but it's purpose didn't seem to be known (probably because the pieces that made no sense were related to the interaction between the piece of code and some other part of the OS that either hadn't yet been implemented, or had been implemented differently). Anyway, nobody could explain why certain parts of the code had been done the way they were
• The code, when compiled was exactly the same, bit for bit, as Windows code.

The unix tool diff can be used to determine if any compiled binary files are exactly the same as the microsoft equivilant, and I'm curious if there are any "antidiffs" that can be fed two different files, and will point out patterns of significant length that the two files share.

As for the actual code review, I'm an IT student, not a hard-core programmer, but I would suggest looking for the following things in the code...

• lack of comments (the original comments are lost when Windows is compiled, and the contributor either doesn't want to add comments, or doesn't know how the code works)
• strange variable and function names (this, too, is lost when code is compiled)
• Code in which the functionality doesn't make sense (a sign of microsoft code. Sorry, I haven't made a microsoft joke in a while)
• Names of contributors. If they're really serious about this code review, and the original coder doesn't take credit (or legal liability) for his work, then the code needs to be examined more closely. And, of course, if someone does have their name on stolen code, then you would want to look closely at everything that person does.

Of course, none of those things can prove bad code, but, anyone who cares about the project will take credit for his own hard work (meaning, nobody is going to be quiet if a piece of code is posted on the web page, and they know it wasn't stolen because they wrote it), and these things may give the REACTOS project some things to look for

Re:How do you tell the difference?

[RAMMS+EIN]

Nah, much more likely they would find the infringing piece, rip it out, and pay damages (that'll be $ 0 for lost sales). On a more serious note, they would probably be in much more trouble if they GPL'd and released their source.

Get this to run on Mac OSx86

Theoritically, wouldn't this be a good option to get "Windows" running on OS x86 ? Not really Windows, but I imagine it would be easier for OSS programmers to add support for EFI to this software, and give MacIntel people a Windows compatible option. At least until someone figures out how to boot the "real" Windows on the new Macs.

Re:Get this to run on Mac OSx86

[egghat]

IMHO WinE will be a much better option to get windows programs running on MacOSX for Intel. Check out darwine.

Codeweavers are putting big amounts of work into this. CrossOffice will support MacOSX in one of the next versions. Codeweavers were rather enthusiastic when Apple announced their switch. No surprise, the desktop market share of MacOSX is bigger than Linux's.

I really expect great things to come!

Bye egghat.

The forum discussions...

[Spy+der+Mann]

http://www.reactos.org.nyud.net:8090/forum/viewtop ic.php?t=1627

It seems all started here.

Re:The forum discussions...

[RemovableBait]

It really all starts with Hartmut's leaving letter in the mailing list. If you read through, (just use the 'Next Message' link) you'll see the whole discussion/argument unfold.

Re:The forum discussions...

[can56]

After reading the forum discussions (thanks RB), this quote sticks out:

"I think the policy is clear that this type of dirty-room reverse engineering should be used as a last resort only"

A last resort? Disassembly of *any* proprietory program to understand its internals is a big NONO, whether you use the info yourself, or pass it on. [Unless you have permission from the owner, of course]

If you are going to reverse-engineer something, do it cleanly.

I can't help but wonder...

[ZuperDee]

1) If it is going to take them YEARS to do this audit, surely it will take MS just as long to audit it to find the infringing bits. But even supposing MS found infringing bits tomorrow, what good would it do MS to sue anyone? I doubt MS would do that right now, because ReactOS is obviously not anywhere NEAR the point yet where it is widely used, let alone useful for daily tasks like surfing the web or writing a document. Surely MS would have little (if anything) to gain from a business perspective by suing people just yet. If ReactOS suddenly became useful like Windows though, I'm sure that may change.

2) Since a lot of the development effort on ReactOS is shared with WINE and vice-versa, I wonder if this could affect WINE, too. MS already has acknowledged WINE's existence by checking specifically for WINE registry settings in things like their Genuine Advantage program, but they obviously haven't sued anyone over that yet, either.

Re:I can't help but wonder...

[mmmiiikkkeee]

"useful like Windows".... lol and my AOL dics are usefull too.... i useed to use them as frisbees... quit fun when they hit the fan blades and whent off in new directions :)

Re:I can't help but wonder...

[ClamIAm]

Since a lot of the development effort on ReactOS is shared with WINE and vice-versa, I wonder if this could affect WINE, too.

I'm going to say no. ReactOS is (mostly) GPL, Wine is LGPL. So code intended for ReactOS would have to be specifically re-released under the LGPL to be accepted in the Wine project (unless they allow GPL contributions, I don't know this).

Re:I can't help but wonder...

[sorak]

1) If it is going to take them YEARS to do this audit, surely it will take MS just as long to audit it to find the infringing bits. But even supposing MS found infringing bits tomorrow, what good would it do MS to sue anyone? I doubt MS would do that right now, because ReactOS is obviously not anywhere NEAR the point yet where it is widely used, let alone useful for daily tasks like surfing the web or writing a document. Surely MS would have little (if anything) to gain from a business perspective by suing people just yet. If ReactOS suddenly became useful like Windows though, I'm sure that may change.

When the project becomes useful and reliabile, it's popularity will skyrocket (IHMO, if that day comes), but if they wait until then, Microsoft could probably shut the project down with the lawsuit they would have. Microsoft's case would be much stronger because they could say "the REACTOS community knew they were stealing code and didn't care".

Also, if they wait until then, then they will have to wade through a larger amount of code, looking for code that was submitted years ago, and they would run the risk that whoever submitted the bad code continued to submit the code, making the project practically shut down while developers scramble to replace the bad code.

2) Since a lot of the development effort on ReactOS is shared with WINE and vice-versa, I wonder if this could affect WINE, too. MS already has acknowledged WINE's existence by checking specifically for WINE registry settings in things like their Genuine Advantage program, but they obviously haven't sued anyone over that yet, either.

That's very insightful. I never used wine, because I have two PCs, and one of them is a Windows box, but I would hope that this isn't the case. I would really like to see a day when people don't have to give up 90% of the software on the market just to switch to Linux.

Don't mod parent informative! Here's the good link

[Spy+der+Mann]

http://www.reactos.org.nyud.net:8090/forum/viewtop ic.php?t=1565&start=0

This is the one :) The parent link isn't bad, but it's a different one.

download anyway?

[user32.ExitWindowsEx]

so where can we snag source and binary forms anyway? i really don't give a shit who has what IP in there.

Re:download anyway?

[Pantero+Blanco]

I downloaded both the Live and Install versions of it a few months back and I'm making .iso's of them at the moment. According to the readme.txt file in it, it's the March 2004 release, so it's probably not the newest, but I figure I'll start a torrent of it in the next 24 hours if no one's offering a newer one. Sorry, I don't have the source code.

Re:download anyway?

[clawoo]

Here's a mirror: http://cubeclub.hu/~rs/mirrors/www.reactos.org/ The original files are no longer available on sf.net.

Re:download anyway?

[user32.ExitWindowsEx]

close enough versions for my archives.

Re:download anyway?

You can not remove packages from sourceforge, only sf staff can do. So here are the links.

Live CD: http://prdownloads.sourceforge.net/reactos/reactos 0.2.9-REL-live.zip?download
ISO Image: http://prdownloads.sourceforge.net/reactos/reactos 0.2.9-REL-iso.zip?download
Preloaded with QEMU: http://prdownloads.sourceforge.net/reactos/reactos 0.2.9-REL-qemu.zip?download (what is .7z?)
Source: http://prdownloads.sourceforge.net/reactos/reactos 0.2.9-REL-src.zip?download (what is .7z?)
VMWare Image: http://prdownloads.sourceforge.net/reactos/reactos 0.2.9-REL-vmplayer.zip?download

Use Anti-Plagerism Software Instead of Auditing

[pingrequest]

It seems like all they would have to do is programmatically (there are existing programs) that do a statistical analysis of the source of the leaked code vs. internal code... A couple hours later the comparison would be done. It would find even what seems like minor copying, and could be set with thresholds. Then they could audit those hits for credibility... They could be done in with this 'reboot' in weeks. It would be a lot faster and probably just as effective. Also it would prevent much reading of "leaked" source which seems to burn ones eyes...

Re:Use Anti-Plagerism Software Instead of Auditing

[wootest]

Well, that would mean they'd have to 'officially' possess the leaked code, which would mean Microsoft's lawyers would be all over them at the drop of a hat.

Re:Use Anti-Plagerism Software Instead of Auditing

[pingrequest]

No as someone mentioned a third party or 'off hours developer in a foriegn country' could run the audit, and pass on the report to the reactos team, not the leaked code.

Re:Use Anti-Plagerism Software Instead of Auditing

[wootest]

I still can't shake the idea that admitting that you have the leaked code in the first place is a bad idea, regardless of if you're a developer or just responsible for running the test, or if you're in the US or not. And I don't think it'd sit well with an audit effort to indirectly rely on the code you're supposed to not copy, even if they don't openly or officially support it.

Re:Use Anti-Plagerism Software Instead of Auditing

[pingrequest]

They already admitted that if you RTA. I think the point is it is impossible to audit code (except statisically for oddities perhaps) for potential copying, without having what you were potentially copying. If you read the article on their site they already have developerers who've admitted access, what I'm suggesting would be even less code examination than the specific modules that have already (and admittedly) been looked into.

Re:Use Anti-Plagerism Software Instead of Auditing

[wootest]

They admitted that individual developers have had contact with the source code, and it's unclear to me if these developers were core members of the project or just casual committers. I get your point that it's impossible to audit without knowing what to look for, but it doesn't seem to me like it'd be a good idea to have this as a step in an audit process that's officially being lead by the project itself. Sure, someone else could do it unofficially, away from the official audit, but didn't your first post call this out as something that'd need to be integrated into the audit itself?

Just one more detail. In any case, continually checking the full code for references to the leaked source code seems to me to imply - like you say - advertised access to the leaked code. The committed code that prompted the audit in the first place *could* have been someone reading code off of someone else's screen - being exposed to the source code and not actually in possession of it. I don't see how the worst case scenario (project officially in possession of leaked code vs. individual developers exposed to leaked code, or maybe even legit code under some Microsoft arrangements) is not going to make the audit one magnitude worse if you'd want to avoid Microsoft's lawyers.

Re:Use Anti-Plagerism Software Instead of Auditing

[pingrequest]

Point taken about 'audit official steps', although I'm still at a loss as to what the audit would be without something like it. I'm no expert in the audit process, but my suggestion centered around a programmatic audit which would remove much personal liability, and threshold analysis to get the project back on track rapidly. Not every line of code needs looked at. Analysis could be against source, but it could also be against machine code which may be a better test. It would lead to something like the top 10% of the code (blocks even, not whole files) ordered by the highest risk/'probabilty-of-copy' ranking.

Why not have MS audit?

[kwandar]

I'm wondering if ReactOS couldn't send a letter to Microsoft and simply say:

"There is the possibility that our code in the following areas *list areas* contains fragments of MS code. We would kindly request that MS advise us as to any issues with respect to this code. If we haven't heard otherwise within 6 months, we will presume that there is no MS code that has been used."

IANAL, but perhaps the law of estoppel would then apply?

Re:Why not have MS audit?

[KarmaMB84]

Yeah, they could presume all they want but they could still be sued for infringement. You can't force anyone to audit your code for you...

Re:Why not have MS audit?

[d_jedi]

That's backwards. If MS checks the code, and they find some of their's in it - guess what that means? LAWSUIT.

And if MS doesn't check it, or don't finish within six months.. that does not in any way give any rights to use MS's code in ReactOS.

A field of study vs a measurement by a standard

[Capitalist1]

Ethics is a field of study in philosophy. "Ethical" describes something that is related to a particular philosophy of ethics. Asking "is this ethical" is only asking whether or not there is some defined standard or view of ethics by which the idea or action might be judged.

Morality is a specific instance of an ethics. Something is moral if it is acceptable in or follows from the view of ethics in question, and immoral if it is unacceptable or violates that code in some way.

In short, "ethical" says that something pertains to *some* specific philosophical stance. "Moral" is a judgement based on a particular ethical stance.

A plant

[nurb432]

Who knows, someone might have been paid off to derail the project.

If it was getting too close for comfort, i dont doubt for a second that a company like Microsoft would do something like this. ( and then set things up for one hell of a lawsuit.. )

Makes you wonder if the 'leaked code' was infact a stunt to facilitate things like this for the forseeable future.. "everyone is tainted, the sky is falling, give us more money'

Re:A plant

[reub2000]

The accusation came from within by one of the developers.

Re:A plant

[nurb432]

Who just received a undisclosed lump sum payment into his bankaccount by an unnamed company from out west.

Re:A plant

[RLiegh]

> The accusation came from within by one of the developers.

Someone joining an organisation to disrupt it from within is completely unheard of. Just ask the Black Panthers.

Re:A plant

[reub2000]

The dev who did this was with the project for a while. I highly doubt that Birr was sent by microsoft. Besides the audit means that when microsoft comes to sue them, microsoft has no grounds to sue them one because all of the code has been cleaned.

Re:A plant

[RLiegh]

>Besides the audit means that when microsoft comes to sue them,
>microsoft has no grounds to sue them one because all of the code has been cleaned.

It means nothing of the sort; it means that Microsoft has to work harder to find something to sue the ReactOS project for (and there's little doubt they have the resources to find an algorythmic needle in a source code haystack).

Also, everyone is ignoring Patents; MS is unlikely to forego using that weapon in the War On OSS.

sorry.

[Heisenbug]

I'm not a lawyer yet, but I can take a stab. In order for MS to give up its cause of action, it would have to agree to a contract that said so. Silence is (practically) never taken as agreement to a contract; estoppel would only apply if MS made an affirmative promise that was otherwise unenforceable, knowing that ReactOS would act in reliance on the promise.

Re:sorry.

As a lawyer-in-training myself (actually waiting for class to start), I have to agree.

The letter/statement above amounts to an offer (a pretty crappy one at that). For a contract (legally binding agreement) to form the parties must agree to the terms. One party cannot dictate terms for both sides and include an automatic acceptance of those terms.

Think about it. I send an email to everyone in the world saying "I maintain an email mailing list. My fee to remove your address from this list is $500.00. Unless I receive an objection to this offer within 1 hour of sending this email, your acceptance of the terms is implied. I accept money orders only. Thank you and have a nice day."

No court in the world would enforce that. And the law does not consider the length of time involved either (6 months in the original vs. 1 hour in my example). It's irrelevant.

And, as stated above, estoppel is a concept that requires *reliance* on a promise to *prevent* the promisor from failing to follow through with the promise. Microsoft has made no promise. ReactOS has made no reliance (because there was no promise). Estoppel is not applicable.

Torrent link

[spleentor]

here's the torrent on linuxtracker: http://linuxtracker.org/download.php?id=1363&name= ReactOS.iso.torrent

Re:Torrent link

[skiman1979]

If you autoplay the CD under XP, it gives you the option to install. Does that install as an application under XP, or will it overwrite your XP install? I've never seen an OS install CD run as an installer under XP before.

Re:Yeah...

[Richard+Dick+Head]

Try it, post a screen shot, it'd probably work. Someone's already tried ReactOS under QEMU under ReactOS

Interview with Steven Edwards at Newsforge

http://software.newsforge.com/software/06/02/01/16 30225.shtml?tid=132&tid=25

TFA

Strange, TFA mentions nothing about code decompilation. It seems only to mention the Windows 2k source leaks (from several years ago):

Because of this we are not banning any developer who might have had access to
leaked sources from contributing to ReactOS, however they are being
limited as to what area they can contribute. Copyright law still
applies to all leaked Windows sources and no one in ReactOS may copy
code from a Windows source leak and try to apply it to code in the
ReactOS tree.

We know of four developers who have had access to leaked sources prior
to working on ReactOS and while they no longer have copies of the
source code in question, each of the developers have told us in
private which sections of the sources they were exposed to.

Are we really at the stage where critical system software can be decompiled? If so, shouldn't we be swimming in pirated Vista source code by now?

mnemonic_

Re:TFA

Assembly can be partially decompiled to C (C++ ?)

Re:TFA

[SirTalon42]

This whole thing has to do with reverse engineering and the difference between whats legal in the US (one person examins, separate person implements), and the most of the rest of the world (one person can do both). Decompilers have been around for a LONG time, they aren't any thing new.

Re:TFA

[ciroknight]

Oh hell yes it can, it can be entirely re-compiled into C, but it may not look exactly as it did before it met the compiler.

The compiler simply is a translator that turns a human-parsable programming language into a machine parsable instruction code. That being said, a translation in the other direction is just as easy.

However, compilers these days are more advanced than the golden old days of computing, and will do crazy things to optimize code (unrolling loops, replacing ineffecient operations with more effecient ones [i = i + 1; -> i++;]). Some of these operatons can't be reliably undone (especially the case with inline functions and macros, because often the code compiler will apply the inline, and then realize there's a way to make it more effecient, thus making the code slightly different than the inline function and causing it to not be reversable), at least without a little human interaction.

And there are open source code decompilers available for a number of languages (for C, as an example, there's DCC. Just don't go decompiling Windows and copying and pasting the code back into ReactOS ;)

Re:TFA

Transforming binaries into readable C code is not easy. Not even remotely.

What's really happening

Hi, I am pretty close to some of the ReactOS goings-on, and I am posting anon, even though nothing I say here should really be too controversial. I just want to cut this PR fiasco in the bud.

This is more about some technicalities, and friction between developers.

You've also got to understand that a *few* of the devs are still relatively young, and while they have made great technical contributions, may not have all the working-in-a-team skills they need yet.

If you know about programming, and binary interfaces, you will know that for ReactOS to work like windows, some small bits of the compiled code MUST be EXACTLY the same. The question is how that knowledge came to be in certain people's heads, when they wrote the affected parts of ReactOS. It is extremely unlikely that infringing code will be found in ReactOS. None of the people I know there are stupid enough to use actual leaked code in the project.

However, there is a deeper aspect to the problem. There are roughly 2 factions. The first I'll call the windows-enamored folk (WE). The second I'll call the external-interface (EI) folk. The EI folk only care that the user-visable parts of reactos are compatible with windows. This will allow the Reactos code to be even better that windows code in some areas, if it can be re-achitected. The WE fold want ReactOS to work EXACTLY like windows, on every level. This may be what Hartmut was referring to in his cryptic email.

On a practical note, ReactOS is not going to be any kind of threat to or replacement for win2k for at least another 2 years. MS will not waste the effort.

ReactOS is not in danger of dying. Maybe 3 years ago some FUD could kill it, but at this point, it has come so far, and there are enough stakeholders that it's going to continue.

Coders from all over the world work on this system. People from Europe, Canada, and the Caribbean, and that's just the ones that speak english.

To ReactOS people reading this: I do think we should look at staging releases from a country with different reverse-engineering laws, though. Certain precedents have been set in US law that do not apply elsewhere.

Anon-Reactos-guy (who hates melodrama)

Re:What's really happening

Anon-Reactos-guy (who hates melodrama)

if you hate melodrama you really are reading the wrong site.

Re:What's really happening

:). True true. But even though firefighters hate fire, they go charging in anyway ..

Re:What's really happening

"To ReactOS people reading this: I do think we should look at staging releases from a country with different reverse-engineering laws, though. Certain precedents have been set in US law that do not apply elsewhere."

I'm no expert on copyright law (yet) or its restrictions on reverse-engineering. However, I would think making a release in another country won't help. It's the regulation of the ACT of reverse-engineering that you imply causes problems. Where the end product is released is irrelevant.

A robber can't claim immunity from prosecution because he robbed a bank in jurisdiction A and was apprehended while spending the money in jurisdiction B. It doesn't matter if B recognizes robbery as a criminal offense or not. The robbery was committed in A. If robbery is illegal in A, he'll be tried for robbery.

Similarly, unless ReactOS moves all its reverse-engineering activities to more friendly locations, then those individuals doing reverse-engineering in the U.S. are bound by the regulations for that activity. Releasing the finished product somewhere else does not relinquish the legal obligation that U.S. developers have to follow U.S. regulations for reverse-engineering.

Microsoft auditing ReactOS is like...

...Al Qaeda auditing the security of US airports.

"There is the possibility that some of our security measures in the following areas *list airports* are not fully secure. We would kindly request that Osama Bin Laden advise us as to any issues with respect to our security. If we haven't heard otherwise within 6 months, we will presume that our airports are completely secure."

The goals are different

The ReactOS devs need to make sure that all code is audited and any offending bits are gone.

All Microsoft needs to do is find one piece of offending code, and they can achieve their goals.

They're complicating it

[kimvette]

Rather than worrying about that, why would anyone bother looking at the leaked source when decompilers have come a long way in the last few years? Just decompile, say, the NTFS driver and read the decompiled source. DMCA, EULA or other contrived roadblock, not there's nothing prevent such reverse engineering for the purpose of interoperability.

Re:They're complicating it

[kimvette]

. . . providing you don't just copy & paste code into your own function.

Also I made a similar remark. Someone {cciRRus (889392)} replied that when you decompile it, you're breaking a EULA because when you decompile it you get this in the generated C: /* WARNING!!! You are not allowed to decompile this binary for the purpose of reverse engineering. */

However, IIRC, EULA cannot prevent reverse engineering for the purpose of reverse engineering, even if the method is by decompiling - I think that any alleged violation on that basis would be thrown out of court on at least two basis:

  - 1. a shrinkwrap EULA cannot prevent reverse engineering for the purpose of interoperability (heck, even signed non-compete agreements don't hold water in many states)
  - 2. Antitrust issues - Microsoft is engaging in anti-competitive tactics by including such notices in an otherwise-legal method, abusing their monopoly status

Of course IANAL so someone better versed in case law/precedents could chime in. I know cases have been decided both ways but I'm not sure which is dominant.

With that said You CANNOT and absolutely should not simply recompile the generated C and distribute that, but you can certainly look at what structures need to be generated to maintain a sane journal on the disk, and cleanly implement new functions to maintain the same structures on disk. A purist approach would be to write a spec and hand it off to another member of the team to implement, but it should not be necessary for any developer with ANY integrity whatsoever. Only a lazy sod would copy the code and implement it as their own.

Re:They're complicating it

[protektor]

You might want to check the BNETD case since the court specifically held that that a EULA could prevent reverse engineering for interoperability. That was one of the key points of the case and the courts up held Vivendi's side that BNETD was not allowed to create a clone server of battle.net because it violated the EULA of the game software that they agreed to.

So you would be wrong when you say a EULA can't prevent reverse engineering.

Any copying was done legally...

The first peice that was called into question was a bit of assembly that is way over my head, some kernel internals. The developer who did that file admits to having looked at articles/source code written by someone who disassembled the windows version of the same file, but only after exhausting research into other options (such as examining the linux kernel, etc). This is standard clean-room-disassembly tactics and is quite legal. See for yourself.

This is not a matter of driver compatibility. The fast system call
stub is a mostly hardware-defined entrypoint, handled by low-level
software logic. In implementing it, there are only 3 available sources
of information: Whatever minimal info the Intel manual gives, the Linux
sources, the Windows kernel binary. It is almost simply impossible to
"guess" how the stub should work. Filip tried to make it work more then
a year ago, and even he gave up (the AMD version), beacuse it is simply
too hard and confusing unless you have some available code to look at.
As such, my first and foremost source was the Linux source code. It
helped me understand how to setup the LSTAR MSR register, as well as the
other register values. Then, through several mailing list posts, I was
able to understand some bugs in the way ReactOS had its segments set up,
which caused problems in the code. Then, to understand the way Windows
chose between INT2E and SYSENTER, I found a document online written by a
person called Elicz, which described the stub and what it should do,
much in the same way people argued "clean-room reverse engineering" is
done. With this information, I was able to write more then 85% of the
stub. My next, and final remaining possible step, was to use IDA to look
at the Windows code. I used it as a learning tool, not as a copying
tool. It is hard to argue that what I did was "Reverse-engineering",
which, to my knowledge, implies taking something apart to re-create it,
since this usually implies converting the assembly code to functional C
code or otherwise. But I don't view as looking at assembly in order to
understand a low-level hardware interface as "reverse engineering". And
yes, as described above, it -was- my last choice. Additionally, the
parts which were supposedly "copied" are NOT part of the functional part
of the code. They are debug helpers, offering nothing else but
assertions in case of problems.

Who's auditing closed source?

[zogger]

What government agency/set of cops is auditing closed source to make sure it doesn't contain open source code in violation of copyright? Are closed source shops lawyers making them maintain a legal position that their coders can never glance at open source code lest they become tainted and it slop over into the code?

All I see is giant megaprofit closed source corporations get to run on the "wesayso" law, "we say we only have pure code of our own writing", but everyone else in the other camp has to be scared of lawsuits because they glanced at some closed source someplace and are under draconian NDAs or whatnot.

Kinda like diebold and vote counts. The vote is what we say it is, if you don't believe it, tough noogies.

If one wants to clone, Why not pick MacOS instead?

[bsharma]

If ReactOS folks want to sweatout an open source OS, why not pick a better product to clone? An open source MacOS on X86 can work wonders. Especially, now that the real MacOS runs on X86. MacOS is based on FreeBSD, it will have much less legal headache to worry about. (I haven't heard of any leaked MacOS source, has anyone?)

M$ talkin about ReactOS code...

How can we be sure M$ will say the truth about what code is theirs? They would have to show their own code for that.

Now, what if for some reason they both use some similar code? Will ReactOS have to stop using that code, even if they didn't copy it?

SCO

Just to play devil's advocate, may I ask how do you know that MS hasn't 'innovated' some of the ReactOS code into it's own products?

SCO tried the same BS against IBM and others, but the only overlapping code they could show was stuff that SCO had taken from others. This is probably just another harassment case like SCO.

The lesson in all this is to make sure that US-style IP laws don't get shoved up the EU's ass this summer. Sure, we'd all like to see the EU catch some grief, at least on principle, especially member states like France, but due to riders on 'Free' Trade agreements, the EU is the last region with semi-sane IP laws.

Never EVER look at the Windows source code

[Wizzmer]

This is another good reason why the EU shouldn't accept Microsoft's offer to share their server protocols source code with third party devs. If you look at the *specifications* and build something you are way better off than having looked at the source itself. If you look at the source you are "tainted" for life.

Obviously derived from stolen code!

[hotfireball]

It is obviously derived from some stoolen code as it is also perfectly suitable running viruses...

Who's copying who?

[Merdalors]

In one of the ReactOS Forums, someone makes the interesting point that some of Microsoft's code may have been copied from BSD, so when you look at the same code in ReactOS, it may look like MS code, but it's really BSD.

Downloads Still Available via SourceForge

[lightyear4]

click:
Sourceforge download mirrors

Re:If one wants to clone, Why not pick MacOS inste

[ClamIAm]

Even better, bunches of code in OS X is BSD and GPL-licensed.

Re: Plurals Ending with "ii"

[some+guy+I+know]

There is only ONE word in common usage that pluralizes with 'ii' at the end: Radius - Radii.

Wrong.
Julius Caesar and all of his clones are collectively known as Julii.
Also, if a person is curious in many ways, he/she is curii.
Yes, I'm serii.

Open Source?

[ModernGeek]

If the project is all open source, what is to keep someone from forking the project, and making a variant with a new and possibly better group of developers. I've watched ReactOS grow from being able to run a few command line apps, to being able to do what it is doing now. I am very impressed. I remember when reading Bill Gates "The Road Ahead" he said the problem with windows is that a third party os could not run windows programs, and that someone needs to build an os that can. Someone needs to take ReactOS, manage it, and call it OpenWindows or OpenDows. orrr oDows. yeah, I like odows for open windows. One of you take ReactOS right now and keep developing it, and take it away from the guy who wants to kill it with the code audit.

Move out of USA or fork without USA developers

[Artemis3]

This is a lost case, and the remedy seems even worse. You can't just accept USA laws being imposed to all the developers, its not their fault. Instead of taking "years" to "audit" code, just to have microsoft in the end make fun of them in their deep pocketed "legal" system; i would say move outside to a sane country and continue there the development. Else, fork without the USA developers and continue.

The way it looks this project will stagnate into oblivion, unless something like a coup of foreign developers (a fork) occurs.

Too bad this happened just before v3.

Re:Move out of USA or fork without USA developers

[evilviper]

You can't just accept USA laws being imposed to all the developers,

If you plan on releasing in the USA, you do.

There wouldn't be (much) point to making ReactOS if people couldn't actually use it legally within the USA.

Re:Move out of USA or fork without USA developers

[Lonewolf666]

It would still make sense for the EU. Of course, the US developers would have to bail out at that point to avoid being dragged into court.
Now I don't know how much of the development team would be affected by this, so this may or may not be realistic.

Re:If one wants to clone, Why not pick MacOS inste

[bjoeg]

Is there a market for what you're asking? A big part of the world runs Windows, and if you could get a big share of that market, like all the gamers, who really dont need much of the background stuff windows has to offer. ReactOS makes a clean neat OS upon which they can install their most essential games and IMs.

Btw. are there not a bunch of OSX theme copies out there already?

Oh No

[MichaelSmith]

One of the posts there is from:

Steven Edwards - ReactOS and Wine developer

...so if he has seen the tainted code is Wine tainted as well?

Nah... it's called "da markett"

[hummassa]

(I would know... I did this already)

When I worked with sales software (inventory, etc), we would occasionally decompile someone else's program to see if we could find grounds to sue, especially if the interface was very similar to our program. We catched one guy with a plagiarized copy of our program (down to programming errors) and we nailed him, driving him out of business. Actually, we didn't have to sue... we just threatened to press criminal charges and he yielded. He paid some $$$ to our firm, gave us his clients database (which we used to offer our support contract, at a discount) -- I think he lived on our backs for an year so IMHO he got off easily.

Oh really?

[cciRRus]

just decompile, say, the NTFS driver and read the decompiled source. DMCA, EULA or other contrived roadblock, not there's nothing prevent such reverse engineering for the purpose of interoperability.

I decompiled ntfs.sys and right at the top of the code it states:

/* WARNING!!! You are not allowed to decompile this binary for the purpose of reverse engineering. */

Re:Oh really?

[kimvette]

Would that hold up in court though? If the purpose is interoperability then Microsoft could be tried for antitrust issues if they were to take action against someone who decompiled it to get NTFS to work on another system.

Re:If one wants to clone, Why not pick MacOS inste

[Slashcrap]

If ReactOS folks want to sweatout an open source OS, why not pick a better product to clone?

The one and only goal of the ReactOS project is to provide a free, functionally complete and open source clone of Windows. It is so that people can run Windows apps without requiring Windows. Please provide a detailed explanation of exactly how cloning OSX could possibly further that goal in any way, shape or form.

I am waiting.

ObPython

Not completely unlike the ReactOS story, eh...

Listen, lad. I built this kingdom up from nothing. When I started here, all there was was swamp. Other kings said I was daft to build a castle on a swamp, but I built it all the same, just to show 'em. It sank into the swamp. So, I built a second one. That sank into the swamp. So, I built a third one. That burned down, fell over, THEN sank into the swamp, but the fourth one stayed up! And that's what you're gonna get, lad. The strongest castle in these islands.

Re:If one wants to clone, Why not pick MacOS inste

[TheRaven64]

I take it you've never looked at the designs of the Windows NT and OS X kernels in detail. The Windows kernel is very much VMS-lite. It misses a few of the nicer features of VMS, but it has some very nice new features. One of my favourite is the existence of different kernel personalities (e.g. Win32, POSIX, OS/2). I believe the ReactOS people also plan to add a Java personality and possibly a DOS one.

The OS X kernel, on the other hand, is an interesting academic exercise. The Mach microkernel showed that:

1. Microkernels were possible, and
2. The Mach way was not the correct way of doing them

The Darwin kernel provides the same POSIX APIs as Linux, Solaris, *BSD, etc. Creating Yet Another UNIX-like Kernel is really not interesting anymore. If you want to run OS X apps without OS X, then I would advise:

• Work on NetBSD's Darwin compatibility layer. It runs a few Darwin apps, but not Aqua yet.
• Work on GNUstep, and write a binary compatibility layer that translates Cocoa calls into GNUstep ones.

I never knew

>If people made mistakes and there was a violation of the law, I >question the justice of the law

I can think of more than a few practitioners of corporate evil who'd love to use that type of ignorance as their defence.

Virus Compatibility?

[gneer]

I know, it's an old joke to ask for virus compatibility. But seriously, I am going to set up a newby's computer. Therefore I consider using ReactOS instead of Linux, but if the prior is too compatible to Windows, i.e. to the malware as well, then that switch doesn't make any sense in this case.

Re: Plurals Ending with "ii"

[dusik]

curio-us --> curioi

god that looks wrong!