Forgot your password?
typodupeerror

ReactOS Code Audit 217

Posted by ScuttleMonkey
from the defining-reverse-engineer dept.
reub2000 writes to tell us that in response to talk of "tainted" code within ReactOS Steven Edwards, ReactOS and Wine developer, has called for a complete audit of the entire source tree in addition to procedure and policy changes. From the article: "One final note, this audit of the code is going to take a long time. It could take years, but it will happen, this project will come out better than it was before. I don't believe anything anyone has done while working on this project was really wrong. Every decision has three possibilities, being moral, ethical and or legal. Sometimes the law in itself is unethical and immoral. If people made mistakes and there was a violation of the law, I question the justice of the law and or anyone that would try to prosecute any of the developers who just want the freedom to learn and create a more free system."
This discussion has been archived. No new comments can be posted.

ReactOS Code Audit

Comments Filter:
  • defensive (Score:2, Interesting)

    by milamber3 (173273) on Wednesday February 01, 2006 @05:50PM (#14620321)
    I'm all for giving the benefit of a doubt but he's stating that they are going to audit and it sounds like he's already working up a defense for what may be found. Sounds fishy at best.
  • by Shimdaddy (898354) on Wednesday February 01, 2006 @05:51PM (#14620335) Homepage
    Just what happened with ReactOS, and why is some of their code "tainted"?
  • by fak3r (917687) on Wednesday February 01, 2006 @05:52PM (#14620342) Homepage
    I installed ReactOS from a dev build just before all of this hit and I was amazed. It's a great piece of software, and would offer some the ability to keep running Windows apps even if they didn't want to fall for the upgrade cycle that MS perpetuates. I want to try to install the new IE 7 Beta 2 and see if the new DoS attack against it works [fak3r.com]! Hehe
  • Re:defensive (Score:5, Interesting)

    by PFI_Optix (936301) on Wednesday February 01, 2006 @05:58PM (#14620428) Journal
    Sounds to me like they're concerned that there *might* be MS code in there, and are simply being transparent about the process of weeding it out. That way, if MS knocks on the door one day with a lawsuit for copyright infringement, they have public documentation that they initiated a voluntary audit of their code long before MS showed up.

    I'm not a developer, so I'm curious...is it precedented at all for them to involve MS in this audit? Would it make sense for MS to look at the source code and advise them of any transgressions so they can fix it quickly? IIRC, ReactOS is/was open-source, so it's not like Microsoft couldn't have already downloaded the code independently to look for problems. By inviting them into the audit you at least have your ass somewhat covered, especially if they decline and then turn around and sue later.
  • Re:taint (Score:3, Interesting)

    by AnXa (936517) on Wednesday February 01, 2006 @06:15PM (#14620603) Homepage Journal
    This is not subject to make fun of. ReactOS is one of the best "free software" collections that you can have from internet which also run windows programs just like that.
  • by dduardo (592868) on Wednesday February 01, 2006 @06:24PM (#14620702)
    Are they going to get a copy of the Windows source code and compare it to ReactOS? How does someone actually go about auditing code that was submitted by many people around the world?
  • by ZuperDee (161571) <zuperdee @ y a h o o . com> on Wednesday February 01, 2006 @06:49PM (#14621008) Homepage Journal
    1) If it is going to take them YEARS to do this audit, surely it will take MS just as long to audit it to find the infringing bits. But even supposing MS found infringing bits tomorrow, what good would it do MS to sue anyone? I doubt MS would do that right now, because ReactOS is obviously not anywhere NEAR the point yet where it is widely used, let alone useful for daily tasks like surfing the web or writing a document. Surely MS would have little (if anything) to gain from a business perspective by suing people just yet. If ReactOS suddenly became useful like Windows though, I'm sure that may change.

    2) Since a lot of the development effort on ReactOS is shared with WINE and vice-versa, I wonder if this could affect WINE, too. MS already has acknowledged WINE's existence by checking specifically for WINE registry settings in things like their Genuine Advantage program, but they obviously haven't sued anyone over that yet, either.
  • by pingrequest (937333) on Wednesday February 01, 2006 @06:56PM (#14621095)
    It seems like all they would have to do is programmatically (there are existing programs) that do a statistical analysis of the source of the leaked code vs. internal code... A couple hours later the comparison would be done. It would find even what seems like minor copying, and could be set with thresholds. Then they could audit those hits for credibility... They could be done in with this 'reboot' in weeks. It would be a lot faster and probably just as effective. Also it would prevent much reading of "leaked" source which seems to burn ones eyes...
  • by kwandar (733439) on Wednesday February 01, 2006 @06:56PM (#14621097)
    I'm wondering if ReactOS couldn't send a letter to Microsoft and simply say:

    "There is the possibility that our code in the following areas *list areas* contains fragments of MS code. We would kindly request that MS advise us as to any issues with respect to this code. If we haven't heard otherwise within 6 months, we will presume that there is no MS code that has been used."

    IANAL, but perhaps the law of estoppel would then apply?
  • A plant (Score:2, Interesting)

    by nurb432 (527695) on Wednesday February 01, 2006 @07:19PM (#14621325) Homepage Journal
    Who knows, someone might have been paid off to derail the project.

    If it was getting too close for comfort, i dont doubt for a second that a company like Microsoft would do something like this. ( and then set things up for one hell of a lawsuit.. )

    Makes you wonder if the 'leaked code' was infact a stunt to facilitate things like this for the forseeable future.. "everyone is tainted, the sky is falling, give us more money'
  • Re:taint (Score:3, Interesting)

    by Laur (673497) on Wednesday February 01, 2006 @07:21PM (#14621337)
    Perhaps this is my bias towards 100% original operating systems kicking in. That, and the fact that I've been running my machine on nothing but Linux for the past several years and never saw any need to emulate Windoze.

    Uh, you do realize that Linux is just a clone of Unix, right? The ReactOS guys are trying to do the exact same thing with Windows, the situation is entirely analogous.

  • by Anonymous Coward on Wednesday February 01, 2006 @08:29PM (#14621854)
    a Doctor can legally and ethically perform an abortion, but not morally if he's a catholic.

  • by kimvette (919543) on Wednesday February 01, 2006 @09:26PM (#14622181) Homepage Journal
    Rather than worrying about that, why would anyone bother looking at the leaked source when decompilers have come a long way in the last few years? Just decompile, say, the NTFS driver and read the decompiled source. DMCA, EULA or other contrived roadblock, not there's nothing prevent such reverse engineering for the purpose of interoperability.
  • by zogger (617870) on Wednesday February 01, 2006 @09:27PM (#14622185) Homepage Journal
    What government agency/set of cops is auditing closed source to make sure it doesn't contain open source code in violation of copyright? Are closed source shops lawyers making them maintain a legal position that their coders can never glance at open source code lest they become tainted and it slop over into the code?

    All I see is giant megaprofit closed source corporations get to run on the "wesayso" law, "we say we only have pure code of our own writing", but everyone else in the other camp has to be scared of lawsuits because they glanced at some closed source someplace and are under draconian NDAs or whatnot.

    Kinda like diebold and vote counts. The vote is what we say it is, if you don't believe it, tough noogies.
  • by TubeSteak (669689) on Wednesday February 01, 2006 @10:14PM (#14622483) Journal
    I'll take Legal and Ethical.

    What do morals have to do with this?

  • by Artemis3 (85734) on Thursday February 02, 2006 @01:32AM (#14623517)
    This is a lost case, and the remedy seems even worse. You can't just accept USA laws being imposed to all the developers, its not their fault. Instead of taking "years" to "audit" code, just to have microsoft in the end make fun of them in their deep pocketed "legal" system; i would say move outside to a sane country and continue there the development. Else, fork without the USA developers and continue.

    The way it looks this project will stagnate into oblivion, unless something like a coup of foreign developers (a fork) occurs.

    Too bad this happened just before v3.
  • by hummassa (157160) on Thursday February 02, 2006 @05:42AM (#14624195) Homepage Journal
    (I would know... I did this already)

    When I worked with sales software (inventory, etc), we would occasionally decompile someone else's program to see if we could find grounds to sue, especially if the interface was very similar to our program. We catched one guy with a plagiarized copy of our program (down to programming errors) and we nailed him, driving him out of business. Actually, we didn't have to sue... we just threatened to press criminal charges and he yielded. He paid some $$$ to our firm, gave us his clients database (which we used to offer our support contract, at a discount) -- I think he lived on our backs for an year so IMHO he got off easily.

Neckties strangle clear thinking. -- Lin Yutang

Working...