Slashdot Mirror
ReactOS Code Audit
reub2000 writes to tell us that in response to talk of "tainted" code within ReactOS Steven Edwards, ReactOS and Wine developer, has called for a complete audit of the entire source tree in addition to procedure and policy changes. From the article: "One final note, this audit of the code is going to take a long time. It could take years, but it will happen, this project will come out better than it was before. I don't believe anything anyone has done while working on this project was really wrong. Every decision has three possibilities, being moral, ethical and or legal. Sometimes the law in itself is unethical and immoral. If people made mistakes and there was a violation of the law, I question the justice of the law and or anyone that would try to prosecute any of the developers who just want the freedom to learn and create a more free system."
I'm all for giving the benefit of a doubt but he's stating that they are going to audit and it sounds like he's already working up a defense for what may be found. Sounds fishy at best.
I think you can run Linux in QEMU under ReactOS, if that counts.
The summary seems to be implying that leaked windows source is the issue which brought on the audit, when in fact it's a technicality about the law regarding reverse engineering. In a nutshell, in the US you gotta have one person reverse engineer and write documentation, and another write the code. In other countries the same person can do both jobs. The summary makes it sound a lot worse than this.
Just what happened with ReactOS, and why is some of their code "tainted"?
I installed ReactOS from a dev build just before all of this hit and I was amazed. It's a great piece of software, and would offer some the ability to keep running Windows apps even if they didn't want to fall for the upgrade cycle that MS perpetuates. I want to try to install the new IE 7 Beta 2 and see if the new DoS attack against it works! Hehe
fak3r.com
from my perspective, this can only be good for reactOS. if they use the US method for reverse-engineering, they can still understand the concepts and apply them in original code.
step 1. audit code
step 2. redo any code that is in dispute
step 3. package and sell your product
step 4. PROFIT!!
Anyone at microsoft who looked at their source code would be considered "tainted" and could never work on any microsoft operating system. (otherwise microsoft could be accused of copying their source). Something similar happened with their Java engine and developers who had seen the licensed Sun code.
Or those with Zaphod Beeblebrox' problem? Are they one or two engineers, under US law?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
This audit will take YEARS, according to their statement. I think that's optimistic, myself; by the time that they clean-room implement the code they have to audit out, no one will be interested in working on it AND it will be unusable due to MS's Software Patents.
It's a shame; ReactOS came so far, and got so close (networking was almost ready) and now it's DOA.
It will be missed.
Here is an article which explains it.
This is not subject to make fun of. ReactOS is one of the best "free software" collections that you can have from internet which also run windows programs just like that.
-Seeing the problem is ½ of solution-
Why not just release it from a country with saner ip laws that allow reverse-enigineering made by a single person? /Erik
Erik Dalén
Moral but not ethical: "You may not work on this project if you like anal sex."
(yes, this is a joke but unfortunatly most people seem to mix up "moral" with "christian/puritanian fucked up double standard bigot moral". The best thing with moral is that you can have your own. There is no Real Moral(tm).)
My other account has a 3-digit UID.
If they all shift to wine coding in the mean time, im sure their will be great benefits.
Are they going to get a copy of the Windows source code and compare it to ReactOS? How does someone actually go about auditing code that was submitted by many people around the world?
If you lie to protect innocents from harm, you are probably being moral but unethical.
If you tell the truth (because you always tell the truth) and a bunch of innocent people are killed or tortured, then you are probably being ethical but immoral.
Defense Lawyers seem like a pretty good example. They ethically must defend people they may believe are guilty. If they defend poorly on purpose, they are being unethical. I believe (IANAL) that the prosecution must reveal all evidence to the defense but the defense is not required to reveal evidence that would prove guilt if they discover it. I think it would be unethical for them to reveal proof of guilt (and they might be disbarred for doing so) and I also believe it would be immoral for them to do just that.
Since the area of ethics is sometimes called moral philosophy they are pretty entwined.
Morals are often tied with sex. If you have 5 partners who all know about each other, you may be viewed as ethical but immoral.
Both morality and ethics are intimately tied to culture. Some acts which are immoral in one culture are moral in others.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Theoritically, wouldn't this be a good option to get "Windows" running on OS x86 ? Not really Windows, but I imagine it would be easier for OSS programmers to add support for EFI to this software, and give MacIntel people a Windows compatible option. At least until someone figures out how to boot the "real" Windows on the new Macs.
http://www.reactos.org.nyud.net:8090/forum/viewtop ic.php?t=1627
It seems all started here.
1) If it is going to take them YEARS to do this audit, surely it will take MS just as long to audit it to find the infringing bits. But even supposing MS found infringing bits tomorrow, what good would it do MS to sue anyone? I doubt MS would do that right now, because ReactOS is obviously not anywhere NEAR the point yet where it is widely used, let alone useful for daily tasks like surfing the web or writing a document. Surely MS would have little (if anything) to gain from a business perspective by suing people just yet. If ReactOS suddenly became useful like Windows though, I'm sure that may change.
2) Since a lot of the development effort on ReactOS is shared with WINE and vice-versa, I wonder if this could affect WINE, too. MS already has acknowledged WINE's existence by checking specifically for WINE registry settings in things like their Genuine Advantage program, but they obviously haven't sued anyone over that yet, either.
It seems like all they would have to do is programmatically (there are existing programs) that do a statistical analysis of the source of the leaked code vs. internal code... A couple hours later the comparison would be done. It would find even what seems like minor copying, and could be set with thresholds. Then they could audit those hits for credibility... They could be done in with this 'reboot' in weeks. It would be a lot faster and probably just as effective. Also it would prevent much reading of "leaked" source which seems to burn ones eyes...
I'm wondering if ReactOS couldn't send a letter to Microsoft and simply say:
"There is the possibility that our code in the following areas *list areas* contains fragments of MS code. We would kindly request that MS advise us as to any issues with respect to this code. If we haven't heard otherwise within 6 months, we will presume that there is no MS code that has been used."
IANAL, but perhaps the law of estoppel would then apply?
Ethics is a field of study in philosophy. "Ethical" describes something that is related to a particular philosophy of ethics. Asking "is this ethical" is only asking whether or not there is some defined standard or view of ethics by which the idea or action might be judged.
Morality is a specific instance of an ethics. Something is moral if it is acceptable in or follows from the view of ethics in question, and immoral if it is unacceptable or violates that code in some way.
In short, "ethical" says that something pertains to *some* specific philosophical stance. "Moral" is a judgement based on a particular ethical stance.
One man's religion is another man's belly-laugh. - LL
Who knows, someone might have been paid off to derail the project.
If it was getting too close for comfort, i dont doubt for a second that a company like Microsoft would do something like this. ( and then set things up for one hell of a lawsuit.. )
Makes you wonder if the 'leaked code' was infact a stunt to facilitate things like this for the forseeable future.. "everyone is tainted, the sky is falling, give us more money'
---- Booth was a patriot ----
Uh, you do realize that Linux is just a clone of Unix, right? The ReactOS guys are trying to do the exact same thing with Windows, the situation is entirely analogous.
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
Decisions in programming can be Ethical, Moral, or Legal. Choose any two.
You can mod your friends, you can mod your nose, but you can't mod your friend's nose.
Try it, post a screen shot, it'd probably work. Someone's already tried ReactOS under QEMU under ReactOS
The real path to male liberation
Yep, and we don't need Linux because we've got minix....
Hi, I am pretty close to some of the ReactOS goings-on, and I am posting anon, even though nothing I say here should really be too controversial. I just want to cut this PR fiasco in the bud.
This is more about some technicalities, and friction between developers.
You've also got to understand that a *few* of the devs are still relatively young, and while they have made great technical contributions, may not have all the working-in-a-team skills they need yet.
If you know about programming, and binary interfaces, you will know that for ReactOS to work like windows, some small bits of the compiled code MUST be EXACTLY the same. The question is how that knowledge came to be in certain people's heads, when they wrote the affected parts of ReactOS. It is extremely unlikely that infringing code will be found in ReactOS. None of the people I know there are stupid enough to use actual leaked code in the project.
However, there is a deeper aspect to the problem. There are roughly 2 factions. The first I'll call the windows-enamored folk (WE). The second I'll call the external-interface (EI) folk. The EI folk only care that the user-visable parts of reactos are compatible with windows. This will allow the Reactos code to be even better that windows code in some areas, if it can be re-achitected. The WE fold want ReactOS to work EXACTLY like windows, on every level. This may be what Hartmut was referring to in his cryptic email.
On a practical note, ReactOS is not going to be any kind of threat to or replacement for win2k for at least another 2 years. MS will not waste the effort.
ReactOS is not in danger of dying. Maybe 3 years ago some FUD could kill it, but at this point, it has come so far, and there are enough stakeholders that it's going to continue.
Coders from all over the world work on this system. People from Europe, Canada, and the Caribbean, and that's just the ones that speak english.
To ReactOS people reading this: I do think we should look at staging releases from a country with different reverse-engineering laws, though. Certain precedents have been set in US law that do not apply elsewhere.
Anon-Reactos-guy (who hates melodrama)
Rather than worrying about that, why would anyone bother looking at the leaked source when decompilers have come a long way in the last few years? Just decompile, say, the NTFS driver and read the decompiled source. DMCA, EULA or other contrived roadblock, not there's nothing prevent such reverse engineering for the purpose of interoperability.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
What government agency/set of cops is auditing closed source to make sure it doesn't contain open source code in violation of copyright? Are closed source shops lawyers making them maintain a legal position that their coders can never glance at open source code lest they become tainted and it slop over into the code?
All I see is giant megaprofit closed source corporations get to run on the "wesayso" law, "we say we only have pure code of our own writing", but everyone else in the other camp has to be scared of lawsuits because they glanced at some closed source someplace and are under draconian NDAs or whatnot.
Kinda like diebold and vote counts. The vote is what we say it is, if you don't believe it, tough noogies.
This is another good reason why the EU shouldn't accept Microsoft's offer to share their server protocols source code with third party devs. If you look at the *specifications* and build something you are way better off than having looked at the source itself. If you look at the source you are "tainted" for life.
I'll take Legal and Ethical.
What do morals have to do with this?
[Fuck Beta]
o0t!
This is a lost case, and the remedy seems even worse. You can't just accept USA laws being imposed to all the developers, its not their fault. Instead of taking "years" to "audit" code, just to have microsoft in the end make fun of them in their deep pocketed "legal" system; i would say move outside to a sane country and continue there the development. Else, fork without the USA developers and continue.
The way it looks this project will stagnate into oblivion, unless something like a coup of foreign developers (a fork) occurs.
Too bad this happened just before v3.
Artix
Your Linux, your init.
Oh hell yes it can, it can be entirely re-compiled into C, but it may not look exactly as it did before it met the compiler.
;)
The compiler simply is a translator that turns a human-parsable programming language into a machine parsable instruction code. That being said, a translation in the other direction is just as easy.
However, compilers these days are more advanced than the golden old days of computing, and will do crazy things to optimize code (unrolling loops, replacing ineffecient operations with more effecient ones [i = i + 1; -> i++;]). Some of these operatons can't be reliably undone (especially the case with inline functions and macros, because often the code compiler will apply the inline, and then realize there's a way to make it more effecient, thus making the code slightly different than the inline function and causing it to not be reversable), at least without a little human interaction.
And there are open source code decompilers available for a number of languages (for C, as an example, there's DCC. Just don't go decompiling Windows and copying and pasting the code back into ReactOS
"Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
Games, my friend. It is the only reason to run windows.
(I would know... I did this already)
When I worked with sales software (inventory, etc), we would occasionally decompile someone else's program to see if we could find grounds to sue, especially if the interface was very similar to our program. We catched one guy with a plagiarized copy of our program (down to programming errors) and we nailed him, driving him out of business. Actually, we didn't have to sue... we just threatened to press criminal charges and he yielded. He paid some $$$ to our firm, gave us his clients database (which we used to offer our support contract, at a discount) -- I think he lived on our backs for an year so IMHO he got off easily.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
"The best thing with moral is that you can have your own. There is no Real Moral(tm)"
That's a tough argument to win. Can I kill you and take your stuff, so long as I decide it's allowed by "my own" moral system?
It's much easier to defend the idea that morality is absolute, starting with axiomatic principles like human self-ownership. It's all about how we respect the essential rights of our fellow humans. In fact, you can't even defend the idea of subjective morality effectively without this axiom.
He who lights his taper at mine, receives light without darkening me.
What, an anti-Christian joke on Slashdot? I'm so surprised that the most hated group on Slashdot--Christians--is the butt of constant off-topic jokes and stereotype ridicule!
:)
:) I may be a believer (in that there is something more) but I think that all organized religion is a scam and too often leads to bigotry and brainwash.
If it makes you feel better I can say that I think that most other religions have even worse morals.
And of course this wasn't a stab at any individual christian but rather a stab at those who In My Humble Opinion DO have fucked up double standard bigot morals, and they are too many to ignore...
To make you feel even better I also think that atheism often is bigotry. I'm a convinced agnostic.
My other account has a 3-digit UID.