Linked by Thom Holwerda on Fri 27th Jan 2006 21:01 UTC
ReactOS "There has been a lot of talk about possible tainted code in ReactOS and or developers that had access to leaked Microsoft source code. This has caused a lot of speculation about the future of the ReactOS Project. I'm going to try to put those fears to rest and explain what has been going on and where we are going to go from here. There was one issue that started this discussion and it related to clean-room reverse engineering of certain code in ReactOS."
Order by: Score:
To bad
by Smartpatrol on Fri 27th Jan 2006 21:41 UTC
Smartpatrol
Member since:
2005-07-06

year to complete the code review? by that time ReactOS will be a distant memory. Its a damn shame.

Reply Score: 5

They have done well
by alcibiades on Fri 27th Jan 2006 21:57 UTC
alcibiades
Member since:
2005-10-12

They come out of it very well. Yes, its a pity they found themselves in this situation, but they are going about it right, and will come out of it, and we should support them. Financially as well as morally.

Reply Score: 5

Translation?
by Googlesaurus on Fri 27th Jan 2006 22:04 UTC
Googlesaurus
Member since:
2005-10-19

"One final note, this audit of the code is going to take a long time.It could take years, but it will happen, this project will come out better than it was before."

Did the author just say downloads are suspended until the code review is completed???????????

Reply Score: 2

Not wishing to troll here
by Zenja on Fri 27th Jan 2006 22:47 UTC
Zenja
Member since:
2005-07-06

I was really suprised at the speed in which a small number of developers were able to get ReactOS to such a working state so quickly, with limited documentation about the inner workings of WinNT (especially compared to how long it's taking AROS, Haiku etc). Yes, I'm aware that WINE has given them a large head start, but still, the speed is very impressive. Now that we've read that at least 4 of its developers had access to leaked Windows source code, well, this doesn't look good for ReactOS at all.

Sadly, I believe that this project has just been given a mortal blow, and it will slowly bleed to death. Once the mainstream sensationalist media get a hold of this, some of the remaining developers might even wish to disassociate themselves from this project to prevent tarnishing their reputation (ie. new employers google developers name, and end up discovering that the project they worked on is center of code theft controversy). Goodbye ReactOS.

Reply Score: 1

RE: Not wishing to troll here
by BrandonTurner on Fri 27th Jan 2006 23:09 UTC in reply to "Not wishing to troll here"
BrandonTurner Member since:
2006-01-27

I don't think Steven explained that part well enough. Those of the developers that admited to having the leaked code have not had access to it in over 2 years. Also, they confirmed that at no time did they use any knowdegle gained from the code to help ROS. Infact, all said that they did not even read/study the code. I personally believe each dev that admitted to it, and I beleive that there was no taint caused because of this. However because legal advise we did vote the way we did. Just to cover all our bases.

Reply Score: 2

RE: Not wishing to troll here
by Tyr. on Fri 27th Jan 2006 23:13 UTC in reply to "Not wishing to troll here"
Tyr. Member since:
2005-07-06

Yes, I'm aware that WINE has given them a large head start, but still, the speed is very impressive. Now that we've read that at least 4 of its developers had access to leaked Windows source code, well, this doesn't look good for ReactOS at all.

I don't know what you're talking about. The speed was absulutely *glacial* at first, to the point where everyone thought the project was dead. Turns out they were just coding along and then came out with their hard work and took everyone by surprise. Once they had that solid base to work on the project in general speeded up.

Second, I highly doubt there was code copying going on. MS would have been all over them a long time ago if there was. And this whole deal about being "contaminated" because you read some code once is just a sign of just how twisted the IP system has become IMHO.

Reply Score: 4

RE[2]: Not wishing to troll here
by bryanv on Fri 27th Jan 2006 23:28 UTC in reply to "RE: Not wishing to troll here"
bryanv Member since:
2005-08-26

The project I'm currently involved with in the US has me in a "clean room". We're handed specifications we much implement. We know the client already has a system that does exactly what they're handing us. However: We're not allowed to look at it, examine it, use it, etc. All communication about requirements, use, system design, etc. are monitored by independant third parties.

All because the last consulting company to come in and build the system had a little clause that they retained ownership of the product since they produced it.

Well, the client (now wanting to license branding options to their clients, resell the product, etc.) isn't happy with that situation, and brought us into a clean room to reimplement the system so they -can- do that.

I can totally understand the danger that can be caused by tainted coders. The client I work for could loose everything if we were tainted in any way -- and they're rightfully paranoid about it. Hopefully, in another month I'll be done with this clean room stuff - it'll be nice to be out of the 'dungeon' as we've started to call it.

Reply Score: 1

RE: Not wishing to troll here
by ionescu007 on Fri 27th Jan 2006 23:15 UTC in reply to "Not wishing to troll here"
ionescu007 Member since:
2006-01-27

I don't like to feed trolls but I could try to point out that ReactOS has been in development since 1997-1998. That's about 9 years. Haiku has been in development since 2002 or 2003, AFAIK. That's only 3 or 4 years at best. Judging by their status page: http://haiku-os.org/learn.php?mode=status, Haiku is around what could be called a ~0.5 status. They've almost reached alpha in all their modules. ReactOS has *cross your fingers networking*, almost 0 sound support except for very specific configurations, and supports about 3 video card drivers. It also can't really run any big application in a usable fashion except for Abi/OO (which hit regressions every month). It seems pretty clear that Haiku has done twice the amount of work ReactOS did in half the time, so I don't understand your comparision, which seemed to imply that ReactOS was developed so "rapidly" because 5 developers had access to leaked source code. If those 5 developers had actually used that access to some purpose, I think ReactOS would've been at 1.0 a couple of years ago. I'm pretty sure a lot of the original Linux devs "had access to" UNIX code as well. Linux is alive and well today. Since the project seems to have taken such a serious stance against this and is going through such a heavy audit, I very much doubt there was any foul play involved, or that could be mistankingly intepreted.

Reply Score: 3

RE[2]: Not wishing to troll here
by siki_miki on Sun 29th Jan 2006 15:01 UTC in reply to "Not wishing to troll here"
siki_miki Member since:
2006-01-17

For something that is publicly available, there should not be any blacklisting of anyone for contributing to reactos. Especially if person in question doesn't live in the US or if they didn't sign NDA with MS. If they read a document containing info about leaked source code, or even unmodified data itself, it doesn't mean they downloaded it or they even knew what is it and can't be held responsible, not even in the context of US nazi-IP laws.

And btw. Microsoft is being punished by the EU for NOT making available documentation of their interfaces, people doingit instead of MS shouldn't be punished for it!

Reply Score: 1

Court Case?
by buggyboo on Fri 27th Jan 2006 23:39 UTC
buggyboo
Member since:
2006-01-27

It is our hope that a court case will arise and declare Microsoft's Windows code is no longer under Trade Secret protection so these developers who did have access to some of the leaked sources will be free to contribute again to all sections of the project.

Hoping a court case will come along to settle the matter is quite a stretch. Who's going to be the defendant in this hoped-for court case, who will cover the legal costs and how long will it take?

Reply Score: 1

RE: Court Case?
by Googlesaurus on Sat 28th Jan 2006 00:31 UTC in reply to "Court Case?"
Googlesaurus Member since:
2005-10-19

The chances of a court case ordering proprietary source no longer under trade secret protection.... Billions to one.

I'm curious how they can run an audit which could prove the code in ROS valid, without a copy of the Windows source code to compare it to.

Anyone care to explain that one?

Reply Score: 2

RE[2]: Court Case?
by rm6990 on Sun 29th Jan 2006 17:43 UTC in reply to "RE: Court Case?"
rm6990 Member since:
2005-07-04

The chances of a court case ordering proprietary source no longer under trade secret protection.... Billions to one.

Yes, because this has NEVER happened before *cough*Unix*cough*.

Do you even understand how Trade Secrets work? Even if someone illegally makes a trade secret publically available, the original creator loses Trade Secret Protection on the work. He has recourse against the people making the code publically available, but no one else, at least under Trade Secret Law.

Reply Score: 1

Heh... My guess
by Anonymous Coward on Sat 28th Jan 2006 01:45 UTC
Anonymous Coward
Member since:
2005-07-06

The code that decompiles to the same as windows code is some of the BSD code that made it into Windows and coincidentally into ROS...that would be pretty funny, especially since bits and pieces of Windows have bits and pieces of BSD code in it. (ie: The TCP/IP Stack, and probably more than a few other things)

Reply Score: 1

RE: Heh... My guess
by PlatformAgnostic on Sat 28th Jan 2006 04:52 UTC in reply to "Heh... My guess"
PlatformAgnostic Member since:
2006-01-02

I just looked this up. According to a guy on the NT networking team, http://www.kuro5hin.org/story/2001/6/19/05641/7357, NT Ver. >3.5 uses a completely microsoft TCP/IP stack. The userland utilities like nslookup and ping might still be BSD-based, but the actual stack is not particularly BSD.

-PA

Reply Score: 1

Let's just say
by AndrewZ on Sat 28th Jan 2006 01:46 UTC
AndrewZ
Member since:
2005-11-15

"Anyone care to explain that one?"

Let's just say that Microsoft can throw as many lawyers at this any time they want. The only way this project could survive that onslaught is if it was unreproachably squeaky clean. Which is it now not.

Reply Score: 1

Disingenuous?
by weorthe on Sat 28th Jan 2006 02:37 UTC
weorthe
Member since:
2005-07-06

"Due to the fact we have developers in many different countries the term reverse engineering can mean many things to many different people."

Hmmm...

"For us in the US when you speak of clean-room reverse engineering it means that one person tears apart the implementation of a device, writes documentation and another reads that documentation and implements."

Notice the change in terminology, the addition of "clean-room." I think "clean-room reverse engineering" means the same thing in Pakistan and Korea as it does in the U.S. I don't think coders looking at leaked (stolen!) Microsoft code and then implementing those ideas in ROS code believed for a second that what they were doing would be legal in the U.S.

"We don't know what the legal ramifications are for someone downloading and having leaked code..."

I bet you can guess.

"It is our point of view that the source code leaks of Windows have been spread to a broad enough audience that it would be impossible to claim the product is still under Trade Secrecy."

Are you willing to test this in court as defendants? Is this wishful thinking? Are you grasping at straws to excuse the actions of some of your coders?

"any developer that had access to leaked sources is baned from contributing code to the project for any of the modules that are the same as leaked sources they examined."

Now they are letting coders who looked at leaked code work on any dll except the ones corresponding to the Microsoft ones they saw. This does nothing to guarantee that they will not re-implement code. Code gets reused. Code may appear in any number of dlls. There is no legal protection at all here.

I hate to be critical of hard-working coders but the excuses here are weak and the proposed solution, no matter how many years they spend on it, fixes nothing.

Reply Score: 1

RE: Disingenuous?
by Googlesaurus on Sat 28th Jan 2006 03:46 UTC in reply to "Disingenuous?"
Googlesaurus Member since:
2005-10-19

"I hate to be critical of hard-working coders but the excuses here are weak and the proposed solution, no matter how many years they spend on it, fixes nothing."

The only thing I have gained from all of this is the knowledge WINE an Codeweavers have just became a huge target for similar "issues". Having one sister even remotely related to the other..... can't be a good thing.

To the WINE and Codeweavers folks..... How ya gonna prove you ain't using illegal code, without something to compare it to??????????????????????

Reply Score: 1

RE[2]: Disingenuous?
by mikesum32 on Sat 28th Jan 2006 04:38 UTC in reply to "RE: Disingenuous?"
mikesum32 Member since:
2005-10-22

It's not up to WINE or Codeweavers to prove they are innocent.

Innocent until proven guilty in the U.S.A. is they way it's supposed to work.

So Microsoft has the burrden to prove someone stole thier code.

Of course having lots of money helps.

Reply Score: 1

RE[3]: Disingenuous?
by Googlesaurus on Sat 28th Jan 2006 04:45 UTC in reply to "RE[2]: Disingenuous?"
Googlesaurus Member since:
2005-10-19

Okay...... So if MS were to provide enough evidence to a grand jury, WINE would need to answer. This isn't a jury trial thing.......

Reply Score: 1

RE[2]: Disingenuous?
by mike_m on Sat 28th Jan 2006 08:41 UTC in reply to "RE: Disingenuous?"
mike_m Member since:
2005-08-30

> To the WINE and Codeweavers folks..... How ya gonna prove you ain't using illegal code, without something to compare it to?

1) Wine uses regression test cases to show the correct behaviour of Windows API functions matches its behaviour.

2) Wine's implemention *must* differ significantly from Windows in many places because it is built on Posix/X11 and not the NT kernel.

Reply Score: 1

RE[3]: Disingenuous?
by siki_miki on Sun 29th Jan 2006 15:06 UTC in reply to "RE[2]: Disingenuous?"
siki_miki Member since:
2006-01-17

One interesting part of code in leaked windows is a complete IE5 source code. I'm sure wine folks could take advantage of it. Of course, it is hard to prove anything was looked at while doing implementation.

ReactOS folks are doing the right thing. Some of them maybe have source code to look at, but of course they won't ever admit it, and in addition they enforce a policy to have clean hands.

Reply Score: 1

RE[3]: Disingenuous?
by Googlesaurus on Sun 29th Jan 2006 17:53 UTC in reply to "RE[2]: Disingenuous?"
Googlesaurus Member since:
2005-10-19

"2) Wine's implemention *must* differ significantly from Windows in many places because it is built on Posix/X11 and not the NT kernel."

I still recall a previous thread on OSnews where I was saying it was only a matter of time before ROS got into the shit. Someone from the ROS camp told me it was impossible because of their methods.....

Something now tells me it's only a matter of time before Wine and Codeweavers find themselves in the same situation as ROS.

One needs to wonder if MS hasn't leaked source code, simply as a means for less than honest developers to poison these projects.

Reply Score: 1

RE[4]: Disingenuous?
by mike_m on Mon 30th Jan 2006 01:57 UTC in reply to "RE[3]: Disingenuous?"
mike_m Member since:
2005-08-30

> I still recall a previous thread on OSnews where I was saying it was only a matter of time before ROS got into the shit. Someone from the ROS camp told me it was impossible because of their methods.....

> Something now tells me it's only a matter of time before Wine and Codeweavers find themselves in the same situation as ROS.

No, they won't. *There is no other* implementation of Win32 on Posix/X11 out there.

You also ignored my first point about black box reverse engineering using test cases. You never even need to know how the original implementation worked, but you can know how it behaves from the test cases and write your implementation to pass the same test cases.

The test cases can be run many time, so are both regression and conformance tests.

Reply Score: 1

RE: Disingenuous?
by digitaleon on Sun 29th Jan 2006 13:57 UTC in reply to "Disingenuous?"
digitaleon Member since:
2006-01-22

From: weorthe
I don't think coders looking at leaked (stolen!) Microsoft code and then implementing those ideas in ROS code believed for a second that what they were doing would be legal in the U.S.

People not inside U.S. jurisdiction and not doing business subject to U.S. jurisdiction have no reason to familiarise themselves with U.S. legislation. The contributors outside the U.S. were no doubt operating on the assumption of a "no" answer in both cases, whether or not that is in fact legally the case.

Those people in positions of authority with the ReactOS project inside U.S. jurisdiction are hoping that the code audit, new project policy, current competitive status of their product versus that of Microsoft Windows, and the vagaries and subtleties of the details involved will cause Microsoft to not consider legal action worthwhile. Only time will tell if they're right.

Reply Score: 1

code review
by Quantis on Sat 28th Jan 2006 07:39 UTC
Quantis
Member since:
2006-01-24

The only feasable way of getting through an audit is for th developers to bring in a thrid party, in anther country with much less stringent laws, which will be able to compare the source code, with making any direct contribution to the project.

Guess from the fact they think it will take o long, there is every chance that they believe that this is going to be the case, as if they were doing it internally they would find it much easier to comare the code, because looking at the progress they have made over the last few years , from intresting novelty to OMG this just might work status with 0.3 these guys must live and breath windows..

all i can say is hats off you guys and good luck!

Reply Score: 1

usable again
by gedmurphy on Sat 28th Jan 2006 12:42 UTC
gedmurphy
Member since:
2005-12-23

Although it's going to take years to rewrite all the code that must be removed, it won't be years until there is a working bootcd again.

There was a lot of advanced functionality in ReactOS which wasn't essential for the basic running of the operating system. Even to go as far as to say that parts of vista functionality were starting to find there way in there.

ReactOS will be back, and because of this new IP policy which has been put in place, it stands a much better chance of surviving as a mainstream operating system.

Reply Score: 1

ms got their way
by viator on Sat 28th Jan 2006 21:15 UTC
viator
Member since:
2005-10-11

well ms is happy now their only direct competiter sidelined for years. Past and present devs should be investigated to see if any of them recieved an large influx of untraceble cash lol..

Reply Score: 1

Bunch of friggin idiots here...
by rm6990 on Sun 29th Jan 2006 17:55 UTC
rm6990
Member since:
2005-07-04

Did you people even bother to RTFA?

There is NO issue of "stolen code" (whatever the hell that means....you can't *steal* code). There is no issue of copyrighted code either.

Chances are this code is not under Trade Secret Protection anymore. Thousands upon thousands of people have seen it, without any NDA. Doesn't matter whether Microsoft authorized this or not under Trade Secret Law. It's just simply not how trade secret law works.

It is not illegal to have "stolen" source code on your harddrive. Copyright law applies to copying, modifying and redistributing, not use or viewing. The US is trying to extend these laws however.

And last but not least, these developers had access to the code 2 YEARS AGO.

This is a short article people, quit being so friggin lazy and read it.

Reply Score: 1

Googlesaurus Member since:
2005-10-19

"There is NO issue of "stolen code" (whatever the hell that means....you can't *steal* code). There is no issue of copyrighted code either."

Of course it's not possible to steal code....
The ROS folks just shut down their entire project for the hell or it....

Reply Score: 1