Slashdot Mirror

← Back to Stories (view on slashdot.org)

ReactOS Code Audit

Posted by ryuzaki0 on from the defining-reverse-engineer dept.

reub2000 writes to tell us that in response to talk of "tainted" code within ReactOS Steven Edwards, ReactOS and Wine developer, has called for a complete audit of the entire source tree in addition to procedure and policy changes. From the article: "One final note, this audit of the code is going to take a long time. It could take years, but it will happen, this project will come out better than it was before. I don't believe anything anyone has done while working on this project was really wrong. Every decision has three possibilities, being moral, ethical and or legal. Sometimes the law in itself is unethical and immoral. If people made mistakes and there was a violation of the law, I question the justice of the law and or anyone that would try to prosecute any of the developers who just want the freedom to learn and create a more free system."

15 of 217 comments (clear)

  1. Summary is misleading by MustardMan · · Score: 4, Informative

    The summary seems to be implying that leaked windows source is the issue which brought on the audit, when in fact it's a technicality about the law regarding reverse engineering. In a nutshell, in the US you gotta have one person reverse engineer and write documentation, and another write the code. In other countries the same person can do both jobs. The summary makes it sound a lot worse than this.

  2. For those of us who are unaware... by Shimdaddy · · Score: 4, Interesting

    Just what happened with ReactOS, and why is some of their code "tainted"?

    1. Re:For those of us who are unaware... by scsirob · · Score: 5, Informative

      ReactOS is an attempt to build a full Windows clone including kernel and everything. Not just the Win32 API but a full-fledged OS that does not require an underlying OS like Wine on Linux.

      It looked very promising to the point where several Windows applications and I was about to start playing with it. Then someone in the core developers group found some suspicious additions of code fragments that did not make sense at all at first but started to work later. These code fragments compile into machine code that is identical to fragments of leaked Windows source code. The developer smelled a rat, jumped the project and now the main guy is calling a halt.

      --
      To Terminate, or not to Terminate, that's the question - SCSIROB
    2. Re:For those of us who are unaware... by SirTalon42 · · Score: 4, Informative

      "These code fragments compile into machine code that is identical to fragments of leaked Windows source code."

      This isn't about the leaked Windows source code, its about possible invalid reverse engineering (i.e. decompiled windows code)

  3. Re:defensive by PFI_Optix · · Score: 5, Interesting

    Sounds to me like they're concerned that there *might* be MS code in there, and are simply being transparent about the process of weeding it out. That way, if MS knocks on the door one day with a lawsuit for copyright infringement, they have public documentation that they initiated a voluntary audit of their code long before MS showed up.

    I'm not a developer, so I'm curious...is it precedented at all for them to involve MS in this audit? Would it make sense for MS to look at the source code and advise them of any transgressions so they can fix it quickly? IIRC, ReactOS is/was open-source, so it's not like Microsoft couldn't have already downloaded the code independently to look for problems. By inviting them into the audit you at least have your ass somewhat covered, especially if they decline and then turn around and sue later.

    --
    120 characters for a sig? That's bloody useless.
  4. No way would MSFT participate by Mr+44 · · Score: 5, Informative

    Anyone at microsoft who looked at their source code would be considered "tainted" and could never work on any microsoft operating system. (otherwise microsoft could be accused of copying their source). Something similar happened with their Java engine and developers who had seen the licensed Sun code.

    1. Re:No way would MSFT participate by Reverend528 · · Score: 4, Funny

      Good thing microsoft is a small company and couldn't possibly afford to hire some sort of third-party consultant to read the reactos source code and compare it to the windows source code.

      --
      Badass Resumes
  5. ReactOS; we hardly knew you by RLiegh · · Score: 4, Insightful

    This audit will take YEARS, according to their statement. I think that's optimistic, myself; by the time that they clean-room implement the code they have to audit out, no one will be interested in working on it AND it will be unusable due to MS's Software Patents.

    It's a shame; ReactOS came so far, and got so close (networking was almost ready) and now it's DOA.

    It will be missed.

  6. Article by Anonymous Coward · · Score: 5, Informative

    Here is an article which explains it.

  7. Release it from another country by erikdalen · · Score: 4, Insightful

    Why not just release it from a country with saner ip laws that allow reverse-enigineering made by a single person? /Erik

    --
    Erik Dalén
  8. Re:Ethical vs. Moral? by Per+Wigren · · Score: 5, Insightful

    Moral but not ethical: "You may not work on this project if you like anal sex."

    (yes, this is a joke but unfortunatly most people seem to mix up "moral" with "christian/puritanian fucked up double standard bigot moral". The best thing with moral is that you can have your own. There is no Real Moral(tm).)

    --
    My other account has a 3-digit UID.
  9. Re:The forum discussions... by RemovableBait · · Score: 4, Informative

    It really all starts with Hartmut's leaving letter in the mailing list. If you read through, (just use the 'Next Message' link) you'll see the whole discussion/argument unfold.

  10. What's really happening by Anonymous Coward · · Score: 5, Informative

    Hi, I am pretty close to some of the ReactOS goings-on, and I am posting anon, even though nothing I say here should really be too controversial. I just want to cut this PR fiasco in the bud.

    This is more about some technicalities, and friction between developers.

    You've also got to understand that a *few* of the devs are still relatively young, and while they have made great technical contributions, may not have all the working-in-a-team skills they need yet.

    If you know about programming, and binary interfaces, you will know that for ReactOS to work like windows, some small bits of the compiled code MUST be EXACTLY the same. The question is how that knowledge came to be in certain people's heads, when they wrote the affected parts of ReactOS. It is extremely unlikely that infringing code will be found in ReactOS. None of the people I know there are stupid enough to use actual leaked code in the project.

    However, there is a deeper aspect to the problem. There are roughly 2 factions. The first I'll call the windows-enamored folk (WE). The second I'll call the external-interface (EI) folk. The EI folk only care that the user-visable parts of reactos are compatible with windows. This will allow the Reactos code to be even better that windows code in some areas, if it can be re-achitected. The WE fold want ReactOS to work EXACTLY like windows, on every level. This may be what Hartmut was referring to in his cryptic email.

    On a practical note, ReactOS is not going to be any kind of threat to or replacement for win2k for at least another 2 years. MS will not waste the effort.

    ReactOS is not in danger of dying. Maybe 3 years ago some FUD could kill it, but at this point, it has come so far, and there are enough stakeholders that it's going to continue.

    Coders from all over the world work on this system. People from Europe, Canada, and the Caribbean, and that's just the ones that speak english.

    To ReactOS people reading this: I do think we should look at staging releases from a country with different reverse-engineering laws, though. Certain precedents have been set in US law that do not apply elsewhere.

    Anon-Reactos-guy (who hates melodrama)

  11. Never EVER look at the Windows source code by Wizzmer · · Score: 4, Insightful

    This is another good reason why the EU shouldn't accept Microsoft's offer to share their server protocols source code with third party devs. If you look at the *specifications* and build something you are way better off than having looked at the source itself. If you look at the source you are "tainted" for life.

  12. Re:TFA by ciroknight · · Score: 4, Insightful

    Oh hell yes it can, it can be entirely re-compiled into C, but it may not look exactly as it did before it met the compiler.

    The compiler simply is a translator that turns a human-parsable programming language into a machine parsable instruction code. That being said, a translation in the other direction is just as easy.

    However, compilers these days are more advanced than the golden old days of computing, and will do crazy things to optimize code (unrolling loops, replacing ineffecient operations with more effecient ones [i = i + 1; -> i++;]). Some of these operatons can't be reliably undone (especially the case with inline functions and macros, because often the code compiler will apply the inline, and then realize there's a way to make it more effecient, thus making the code slightly different than the inline function and causing it to not be reversable), at least without a little human interaction.

    And there are open source code decompilers available for a number of languages (for C, as an example, there's DCC. Just don't go decompiling Windows and copying and pasting the code back into ReactOS ;)

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush