Linked by Thom Holwerda on Thu 17th Jan 2008 15:27 UTC, submitted by jayson.knight
.NET (dotGNU too) "Last October I blogged about our plan to release the source code to the .NET Framework libraries, and enable debugging support of them with Visual Studio 2008. Today I'm happy to announce that this is now available for everyone to use. Specifically, you can now browse and debug the source code for the following .NET Framework libraries."
Order by: Score:
No use for mono right?
by FunkyELF on Thu 17th Jan 2008 15:58 UTC
FunkyELF
Member since:
2006-07-26

Does mono implement their own libraries or do they use the actual binaries from .NET?

Reply Score: 2

RE: No use for mono right?
by WereCatf on Thu 17th Jan 2008 16:11 UTC in reply to "No use for mono right?"
WereCatf Member since:
2006-02-15

The .NET Framework source is being released under a read-only reference license

Non-GPL, and pretty much useless :/

Reply Score: 7

RE[2]: No use for mono right?
by Hiev on Thu 17th Jan 2008 16:26 UTC in reply to "RE: No use for mono right?"
Hiev Member since:
2005-09-27

I agree that is useless.

Reply Score: 1

RE[2]: No use for mono right?
by Moocha on Thu 17th Jan 2008 16:40 UTC in reply to "RE: No use for mono right?"
Moocha Member since:
2005-07-06

Non-GPL, and pretty much useless :/


You must never have encountered a bug in the system libraries before.... Lucky bastard ;)

The license sucks, but if you're stuck with .NET this is invaluable. No more hackish reverse engineering with Reflector.

Reply Score: 8

RE[3]: No use for mono right?
by WereCatf on Thu 17th Jan 2008 16:45 UTC in reply to "RE[2]: No use for mono right?"
WereCatf Member since:
2006-02-15

You must never have encountered a bug in the system libraries before.... Lucky bastard ;)

Actually, no, I haven't ;) Atleast not that I know of ;)

And well, I was just saying it is useless in regards to Mono. I am sure this is useful some .NET programmers though. It's just sad that you can't actually develop those sources further or integrate them to Mono or anything like that. Then again, I don't do C# anyways :3

Reply Score: 2

RE[2]: No use for mono right?
by Almafeta on Thu 17th Jan 2008 17:07 UTC in reply to "RE: No use for mono right?"
Almafeta Member since:
2007-02-22

Non-GPL, and pretty much useless :/


Not quite useless. As it is now open-source (!free: this is as free as GPL'd software is), we can look forward to a new round of system attacks thanks to the visible security holes.

I don't know why they'd go through with that rumor. I guess Microsoft thought they hadn't shot themselves in the foot enough lately.

Reply Score: 1

RE[3]: No use for mono right?
by sj87 on Thu 17th Jan 2008 21:23 UTC in reply to "RE[2]: No use for mono right?"
sj87 Member since:
2007-12-16

Non-GPL, and pretty much useless :/

Not quite useless. As it is now open-source (!free: this is as free as GPL'd software is), we can look forward to a new round of system attacks thanks to the visible security holes.


"Open Source" does not mean that the code is available somewhere around the net but reproducing or even looking at it is illegal. .NET's distribution license isn't even near an open source one.

Edited 2008-01-17 21:24 UTC

Reply Score: 5

RE[4]: No use for mono right?
by aesiamun on Thu 17th Jan 2008 21:36 UTC in reply to "RE[3]: No use for mono right?"
aesiamun Member since:
2005-06-29

I believe if the source is open to reading then it might be open source...not Open Source, definitely not Free Software, but it is still open source...

Reply Score: 2

RE[5]: No use for mono right?
by sorpigal on Fri 18th Jan 2008 14:12 UTC in reply to "RE[4]: No use for mono right?"
sorpigal Member since:
2005-11-02

This kind of subtle capital/lower case distinction is dangerous, please avoid. Say that it is source-visible, or source-available. To say it is open source, even if you don't say Open Source, is to imply that it meets the Open Source Definition. Though we should all be used to case sensitivity by now the relaxed nature of online written communication is such that it is far more likely to be assumed that you are being slightly careless with your shift key then it is to be assumed that you mean source that is merely visible.

Reply Score: 1

RE[3]: No use for mono right?
by rainman on Fri 18th Jan 2008 07:30 UTC in reply to "RE[2]: No use for mono right?"
rainman Member since:
2007-05-22

this is as free as GPL'd software is


A bold statement indeed. Let's see now...

The Microsoft Reference License allows you to:
* read the source code

The GNU General Public License allows you to:
* read the source code
* modify the source code
* include portions of the source code in other software
* redistribute the original source code
* distribute modified copies of the source code

The GPL may impose some restrictions, but comparing it to the MS-RL is just ridiculous.

Reply Score: 5

RE[4]: No use for mono right?
by sorpigal on Fri 18th Jan 2008 14:14 UTC in reply to "RE[3]: No use for mono right?"
sorpigal Member since:
2005-11-02

I think you misunderstand the post to which you replied. He said " As it is now open-source (!free: this is as free as GPL'd software is)", which I think was meant to be read as "As it is now open source, though not free in the GPL'd software definition of free."

Reply Score: 1

RE[2]: No use for mono right?
by zdzichu on Fri 18th Jan 2008 09:58 UTC in reply to "RE: No use for mono right?"
zdzichu Member since:
2006-11-07

GPL would be also useless, as mono Class Libraries are licensed under MIT X11.

Reply Score: 1

RE[3]: No use for mono right?
by WereCatf on Fri 18th Jan 2008 15:28 UTC in reply to "RE[2]: No use for mono right?"
WereCatf Member since:
2006-02-15

GPL would be also useless, as mono Class Libraries are licensed under MIT X11.

Thanks for mentioning, I didn't know that. I am totally not interested in Mono so I don't know much about it, I just thought it'd be GPL or something similar. But well, anyways, the fact still stays that this release of the code is useless to Mono ;)

Reply Score: 2

RE: No use for mono right?
by IridiumAlly on Thu 17th Jan 2008 16:11 UTC in reply to "No use for mono right?"
IridiumAlly Member since:
2007-06-29

Mono uses their own code libraries which is based upon the public published specification.

Reply Score: 9

RE: No use for mono right?
by rx182 on Thu 17th Jan 2008 16:54 UTC in reply to "No use for mono right?"
rx182 Member since:
2005-07-08

Even if it was GPL'ed, most of it would be useless to Mono developers. For example, they couldn't port MS's implementation of System.Windows.Forms because it's a huge wrapper around Windows native API (unless they would use part of Wine to achieve this).

Reply Score: 3

RE[2]: No use for mono right?
by Moochman on Thu 17th Jan 2008 18:20 UTC in reply to "RE: No use for mono right?"
Moochman Member since:
2005-07-06

Not to mention that MS would then expect a patent tax from everyone who based off of that code....

Speaking of which, it seems that Microsoft explicitly voids even the "read-only" part of the license if you're not developing for Windows.

"The .NET Framework source is being released under a read-only reference license. When we announced that we were releasing the source back in October, some people had concerns about the potential impact of their viewing the source. To help clarify and address these concerns, we made a small change to the license to specifically call out that the license does not apply to users developing software for a non-Windows platform that has 'the same or substantially the same features or functionality' as the .NET Framework. If the software you are developing is for Windows platforms, you can look at the code, even if that software has "the same or substantially the same features or functionality" as the .NET Framework."

So if you're writing something for a platform other than Windows, you're not allowed to look at the source. I guess this rules out people who write for two platforms simultaneously, as well.

This license is just oh so very useful.

Edited 2008-01-17 18:30 UTC

Reply Score: 3

RE[3]: No use for mono right?
by umccullough on Thu 17th Jan 2008 18:41 UTC in reply to "RE[2]: No use for mono right?"
umccullough Member since:
2006-01-26

So if you're writing something for a platform other than Windows, you're not allowed to look at the source. I guess this rules out people who write for two platforms simultaneously, as well.

Uh... I suspect you're reading that from a "conspiracy theorists" position.

I believe they're basically saying: If you're writing software that runs on Windows, you can view the source. But if you're writing software that doesn't run on Windows at all - go F yourself, you can't read our source. They don't care whether it's developed for Mono or whatever - as long as it runs on Windows.

If you think about it from that perspective - they just want to make sure that an end user of the software can choose to use Windows to run the software.

Reply Score: 3

RE[4]: No use for mono right?
by jayson.knight on Thu 17th Jan 2008 19:00 UTC in reply to "RE[3]: No use for mono right?"
jayson.knight Member since:
2005-07-06

So if you're writing something for a platform other than Windows, you're not allowed to look at the source. I guess this rules out people who write for two platforms simultaneously, as well.

Uh... I suspect you're reading that from a "conspiracy theorists" position.

I believe they're basically saying: If you're writing software that runs on Windows, you can view the source. But if you're writing software that doesn't run on Windows at all - go F yourself, you can't read our source. They don't care whether it's developed for Mono or whatever - as long as it runs on Windows.

If you think about it from that perspective - they just want to make sure that an end user of the software can choose to use Windows to run the software.


You're both reading it wrong. If you were writing software that mimics the .Net framework for an OS other than Windows, you cannot view the source. i.e. Mono developers working on a .Net compiler for Linux are not allowed to look at the source. Those same developers can look all they want if they are writing a .Net compiler for Windows. And if you're not writing any of the code yourself, you can view all you want regardless of what platform you're working with.

Reply Score: 7

RE[5]: No use for mono right?
by umccullough on Thu 17th Jan 2008 19:09 UTC in reply to "RE[4]: No use for mono right?"
umccullough Member since:
2006-01-26

You're both reading it wrong.

Ok, after re-reading it - you're probably correct - that it only applies to people re-creating software that "mimics" .NET framework functionality.

However, it does explicitly state that if they're writing software that runs on Windows and mimics the .NET framework functionality, they can read the source. Thus I still interpret that as: If you're a developer working on Mono - you can read the source as long as Mono continues to run on Windows.

Ultimately, IANAL, so I'll defer the official interpretation to those who are qualified. I just don't see this as being nearly so nefarious as the Microsoft-haters out there. Didn't Microsoft cooperate with the Mono folks recently to help write Moonlight?

Reply Score: 3

JonathanBThompson Member since:
2006-05-26

What all this does not prevent, though, is someone using a cleanroom process whereby someone reads the source code according to the license, and then documents how things are supposed to work by translating the code into suitable flowcharts/algorithms, and sending that documentation off to someone to reproduce the functionality (which by necessity requires the same headers/API) which can then be fully compatible, all without the other platform coder ever looking at the code itself. Keep in mind, this method requires careful documentation and a process to ensure that there's no way things could be accidentally polluted by the developer seeing the code, and there's a good paper trail.

This is how Compaq was able to start out in the field of PC compatibles: reading the source code (or even machine code) of the PC BIOS by itself and then reproducing the functionality wouldn't have been allowed, but they followed this method, and now there's all sorts of PC compatibles, and IBM is mostly/entirely out of the PC/PC-compatible business, because IBM simply couldn't provide enough people enough of what they wanted at a price people would pay.

I predict that the source code to .NET that's been exposed in this manner will be used in the same way.

Reply Score: 2

v Outsourcing development
by usr0 on Thu 17th Jan 2008 16:35 UTC
RE: Outsourcing development
by eggs on Thu 17th Jan 2008 16:36 UTC in reply to "Outsourcing development"
eggs Member since:
2006-01-23

It would be if they accepted patches.

Reply Score: 1

Not quite so utterly useless
by mheath on Thu 17th Jan 2008 16:58 UTC
mheath
Member since:
2007-04-24

Microsoft is finally catching up to what we've been doing in Java for years. Even though their libraries are not open source, to say this is utterly useless is rather ignorant. Being able to step through library code in a debugger is very helpful for complex situations.

I don't think I'll every use .NET for a real project but it's still nice to see Microsoft getting nudged in the right direction.

Reply Score: 10

v RE: Not quite so utterly useless
by Almafeta on Thu 17th Jan 2008 17:11 UTC in reply to "Not quite so utterly useless"
RE[2]: Not quite so utterly useless
by smitty on Thu 17th Jan 2008 17:42 UTC in reply to "RE: Not quite so utterly useless"
smitty Member since:
2005-10-13

A little over the top, there, aren't you? Has anyone ever proven that java was less secure than .NET, just because it was open source? Or is that just your personal completely unsupported opinion?

I would think that a high level language that manages its own memory would be pretty safe whether it's open source or not.

Reply Score: 3

sebasttien.huss Member since:
2007-08-03

Close source don't mean secure at least.
Hacker use automated tools to find vulnerabilities ins this kind of stack. reading the source code to find vulnerabilities is a painfull job. Using automated tools is realy more efficiant. So being close-source don't help security much.
Instead, I think (IMHO) that being open-source, help security as anyone can find why the vulnerability is there and submit a patch.

my 2c

Reply Score: 4

jayson.knight Member since:
2005-07-06

"Microsoft is finally catching up to what we've been doing in Java for years.


Unfortunately so, too. Although I'd call it "being pulled down," not "catching up."

Here at work, we used .NET over Java, largely because Java was open source and .NET was closed/secure. I don't know what we're going to do now; I guess we're going to have to have a meeting now to discuss whether we can rewrite the entire project or whether we need to cut our losses (my job being among them).
"

Why would source visibility have any impact on your project? .Net source has been viewable by anyone w/ reflector since .Net's inception, the only thing that changes is that you can now step through the code w/ full symbol support. And according to ScottGu, you'll be able to pull down the entire repository at some point in the future as well. Sounds like you might want a new job anyways if that's your company's view on things.

Reply Score: 10

Redeeman Member since:
2006-03-23

LOL, you, and your job, are the worst bunch of morons to ever face this earth, seriously, saying that opensource by definition makes for insecure software..
its even more stupid than saying the earth is flat.. i suggest you sail over the edge... now shoo

Reply Score: 1

Soulbender Member since:
2005-08-18

Here at work, we used .NET over Java, largely because Java was open source and .NET was closed/secure.
I don't know what we're going to do now; I guess we're going to have to have a meeting now to discuss whether we can rewrite the entire project or whether we need to cut our losses (my job being among them).


Well, that's what happen when you make stupid business decisions like that.
Perhaps you should try to break the trend of bad decision making by not rewriting or cutting your losses but instead just go with the .Net changes.

Edited 2008-01-18 03:46 UTC

Reply Score: 3

RE[2]: Not quite so utterly useless
by lemur2 on Fri 18th Jan 2008 03:56 UTC in reply to "RE: Not quite so utterly useless"
lemur2 Member since:
2007-02-17

"Microsoft is finally catching up to what we've been doing in Java for years.
Unfortunately so, too. Although I'd call it "being pulled down," not "catching up." Here at work, we used .NET over Java, largely because Java was open source and .NET was closed/secure. I don't know what we're going to do now; I guess we're going to have to have a meeting now to discuss whether we can rewrite the entire project or whether we need to cut our losses (my job being among them). "

1. "Security through obscurity" doesn't work, it is a fundamentally flawed concept.

http://en.wikipedia.org/wiki/Security_through_obscurity

2. You are entirely right, however, about the pointlessness of Microsoft releasing anything via one of its "read only" shared source licenses. Microsoft will not accept any improvements to the code back again (even security enhancements) ... so there is no "security by design" enhancement to be had via this move.

3. It seems that perhaps the only real purpose served here is Microsoft's hope that some open source projects would be tempted to copy this now-visible Microsoft code, giving Microsoft an opportunity to close them down. Even when no open-source projects actually use Microsoft's code, this ruse may still prove useful to Microsoft in that they can perhaps make a FUD accusation about it anyway ... in a similar vein to recent unsupported Microsoft-FUD about alleged patent violations in Linux.

Reply Score: 3

PlatformAgnostic Member since:
2006-01-02

I think you have some misconceptions about source visibility and security...

The most dangerous problems in code are not to be seen at the source level. Well, not anymore at least, since Microsoft and many others use static analysis tools in addition to code reviews and general testing.

There is a lot greater risk from larger design issues in the software. If you design it securely, having external people look at the code isn't a big deal. Especially when they could see the code anyway through .NET Reflector.

Reply Score: 2

RE: Not quite so utterly useless
by rchavik on Thu 17th Jan 2008 18:03 UTC in reply to "Not quite so utterly useless"
rchavik Member since:
2005-06-30

I don't quite agree.

In complex situations, we'd have more pressing issues than worrying and wondering what the library is doing.

Even if we've found a bug in the library, we can't fix it or do anything about the bug.

We will end up with writing a workaround anyway (after spending a couple of hours for nothing). A couple of hours that would have been better spent by ignoring the source code and start writing the workaround immediately.

(Fix Typo)

Edited 2008-01-17 18:10 UTC

Reply Score: 1

Useful for plenty...
by umccullough on Thu 17th Jan 2008 18:25 UTC
umccullough
Member since:
2006-01-26

Anyone stating that this is "not useful" is clearly an idiot.

First, as a C# dev, I can certainly attest to the importance of being able to debug into the underlying system libraries and framework classes as desired. This will allow me to fully understand the implementation if I must, even locating any possible bugs that may exist and either planning around them, implementing my own solution, or reporting them to Microsoft in hopes that they'll be fixed in the next framework service pack.

For a mono developer, I would expect this is an open invitation to analyzing the Microsoft implementation, documenting it, and then writing a replacement for it. Clean-room style of course to avoid any copyright issues. (Disclaimer: I haven't reviewed the license to see what additional restrictions have been placed on it).

For end users, it's an opportunity for full-disclosure of any vulnerabilities that can be found in the code and documented publicly such that software built on the .NET framework libraries can be made more secure and robust.

Reply Score: 6

RE: Useful for plenty...
by BrianH on Thu 17th Jan 2008 19:01 UTC in reply to "Useful for plenty..."
BrianH Member since:
2005-07-06

For a mono developer, I would expect this is an open invitation to analyzing the Microsoft implementation, documenting it, and then writing a replacement for it. Clean-room style of course to avoid any copyright issues. (Disclaimer: I haven't reviewed the license to see what additional restrictions have been placed on it).


Keep in mind that clean-room style analysis requires that the developer doing the analysis can't actually do any of the development. Anyone developing code to be run on other .NET platforms (like Mono) would have to disable any access to these source repositories to be sure that none of the code propagates to the other platforms.

Moreover, if a developer ever sees this source code they may be prohibited from ever contributing code to any cross-platform project for legal reasons - just ask the ReactOS project.

This source code release is of limited use to developers of Windows-only closed source programs, but can only be used by the rest of us under very strict conditions.

Reply Score: 2

RE[2]: Useful for plenty...
by umccullough on Thu 17th Jan 2008 19:13 UTC in reply to "RE: Useful for plenty..."
umccullough Member since:
2006-01-26

Moreover, if a developer ever sees this source code they may be prohibited from ever contributing code to any cross-platform project for legal reasons - just ask the ReactOS project.

You'll have to excuse my ignorance on this topic. I did follow all the ReactOS auditing news - but IIRC, that was due to the potential that some developers of ReactOS had illegally viewed leaked source and/or illegally reverse-engineered (decompiled?) Microsoft binaries.

Doesn't that make it a whole different story here?

Also, I did understand what a true clean-room method was - you make it sound like it's impossible to find someone who will review the code and document how it works.

Reply Score: 2

RE[3]: Useful for plenty...
by BrianH on Thu 17th Jan 2008 19:49 UTC in reply to "RE[2]: Useful for plenty..."
BrianH Member since:
2005-07-06

I did follow all the ReactOS auditing news - but IIRC, that was due to the potential that some developers of ReactOS had illegally viewed leaked source and/or illegally reverse-engineered (decompiled?) Microsoft binaries.

Doesn't that make it a whole different story here?

There is no legal difference between reading leaked source and reading source outside of its licensing limitations. Developers who use Reflector on MS binaries would be similarly prohibited from contributing code to .NET alternatives.

Also, I did understand what a true clean-room method was - you make it sound like it's impossible to find someone who will review the code and document how it works.

That's not a problem, except that it is work that is not as cool as contributing code, so will not be as likely to get done on a volunteer basis. The problem was that you said a Mono developer - clean-room development requires at least two people, and the analysis person won't be available for other uses, particularly not for contributing code. This makes the analysis task more likely to need to be a paid position.

Reply Score: 2

RE[4]: Useful for plenty...
by lemur2 on Fri 18th Jan 2008 04:30 UTC in reply to "RE[3]: Useful for plenty..."
lemur2 Member since:
2007-02-17

There is no legal difference between reading leaked source and reading source outside of its licensing limitations.


IANAL ... but I would challenge that assumption.

It is illegal to reveal a trade secret. That means the act of leaking of trade secret source code is illegal, and can be punished.

However, AFAIK, once a secret is leaked, it is no longer a secret and it is then legal for other parties (other than those who did the leak in the first place) to then use that secret. This is the reason why trade secrets are so jealously guarded ... keeping the secret is the only protection that they have.

Copyright law is different, but copyright law pertains only to the making of illegal copies for sale of some work that is published ... that is, some work that is made publicly available by its author.

Source code that is not published cannot (by definition) have copyright protection. It can, at best, be a trade secret.

Therefore, AFAIK (remember IANAL), reading of leaked source code (that you did not leak yourself) is not at all the same as reading of published source code and then using it outside of its copyright permissions.

Edited 2008-01-18 04:32 UTC

Reply Score: 3

RE[5]: Useful for plenty...
by tomcat on Sun 20th Jan 2008 02:50 UTC in reply to "RE[4]: Useful for plenty..."
tomcat Member since:
2006-01-06

It is illegal to reveal a trade secret. That means the act of leaking of trade secret source code is illegal, and can be punished.


That is not true. Revealing a trade secret is not punishable under criminal law; but, rather, only within the civil court process.

Furthermore, if you want to prevent your employees from disclosing trade secrets, the primary way to do that is to have them sign a non-compete, non-disclosure agreement. Again, that does not make them liable under criminal law, but it does provide the ability to fire and sue them, if they violate the terms of the agreement.

Edited 2008-01-20 02:53 UTC

Reply Score: 0

v RE: Useful for plenty...
by tomcat on Thu 17th Jan 2008 20:11 UTC in reply to "Useful for plenty..."
so smart
by gsmd on Thu 17th Jan 2008 21:32 UTC
gsmd
Member since:
2007-02-02

Now MS got a chance to sue Mono as if they steal some portions of the opensourced code.

Reply Score: 1

RE: so smart
by BrianH on Thu 17th Jan 2008 22:04 UTC in reply to "so smart"
BrianH Member since:
2005-07-06

Now MS got a chance to sue Mono as if they steal some portions of the opensourced code.

1. The code wasn't open sourced - it's under the reference license, which doesn't even pretend to be open source.
2. MS is unlikely to sue the Mono people, especially when they provide so much assistance to them, have interoperability labs with Novell, etc.
3. Mono doesn't need this, they are doing fine.

Reply Score: 1

RE: so smart
by PlatformAgnostic on Sat 19th Jan 2008 05:51 UTC in reply to "so smart"
PlatformAgnostic Member since:
2006-01-02

Miguel has explicitly said that mono developers will not look at this code. If he and his team aren't concerned about it, why should you be?

Reply Score: 2

That's pretty nice
by sweiss on Thu 17th Jan 2008 21:43 UTC
sweiss
Member since:
2005-10-01

As a .NET developer, this is a most welcome addition. Maybe now I can understand all of the annoying bugs with MS's TreeView control (maybe these are features?).

Anyway, I don't understand that conspiracy theory with Mono some people keep suggesting.

Can't it possibly be that Microsoft is doing something to benefit their users?
I doubt MS currently fears Mono in any way.

Reply Score: 2

RE: That's pretty nice
by fretinator on Thu 17th Jan 2008 21:50 UTC in reply to "That's pretty nice"
fretinator Member since:
2005-07-06

As a .NET developer, this is a most welcome addition. Maybe now I can understand all of the annoying bugs with MS's TreeView control (maybe these are features?). Anyway, I don't understand that conspiracy theory with Mono some people keep suggesting. Can't it possibly be that Microsoft is doing something to benefit their users? I doubt MS currently fears Mono in any way.


I don't think anyone is suggesting that Microsoft is "fearing" mono. They just made it clear that if you were a developer of an alternate implementation of these libraries - i.e., Mono - you best move along and not look at these sources. I glad they put that warning in. It could save some trouble down the rode. As a .NET developer who is an enthusiastic Linux user, I will try to stear clear of seeing these sources. Who's to say what kind of project I might work on in the future. I wouldn't want to limit my future options (however small the likelihood). Nonetheless, I do not see that as a Microsoft problem. They are free to make proprietary code, and only allow it to be seen under their terms. I am free not to look at it (at least so far).

Reply Score: 2

Reverse engineering
by Detlef Niehof on Fri 18th Jan 2008 00:33 UTC
Detlef Niehof
Member since:
2006-05-02

Is there a law that forbids reverse engineering by one person? I was under the impression that it is rather easier to prove that no original code was being re-used when two people make a clean-room implementation. And also, humans being humans, they simply tend to remember the code that they have seen, and it might be difficult to implement it the same way as if one would not have seen the original code.
But in general, legal reverse engineering by one person should be feasible, shouldn't it?
I'd appreciate any clarification.

Reply Score: 1

RE: Reverse engineering
by lemur2 on Fri 18th Jan 2008 04:06 UTC in reply to "Reverse engineering"
lemur2 Member since:
2007-02-17

Is there a law that forbids reverse engineering by one person? I was under the impression that it is rather easier to prove that no original code was being re-used when two people make a clean-room implementation. And also, humans being humans, they simply tend to remember the code that they have seen, and it might be difficult to implement it the same way as if one would not have seen the original code. But in general, legal reverse engineering by one person should be feasible, shouldn't it? I'd appreciate any clarification.


IANAL ... AFAIK (etc), copyright law pertains only to making it illegal to copy the published work of someone else and make money yourself from selling the copies.

"Closed-source" software source code isn't a published work. Copyright protection for any software released as binary only therefore is limited to anyone making copies of the binaries. The source code in this case is protected only by the fact that it is a trade secret.

Trade secret law in turn makes it legal for other parties to try to discover the secret. It is illegal as an insider to give away or to sell the secret, but it is not illegal at all for an outsider to try discover the secret.

Therefore, reverse engineering of binary-only software code is legal provided you do not make direct copies of the copyrighted binaries for the purpose of selling them to other parties. Provided you restrict yourself to "finding out the secret" of how it works, then reverse engineering is OK. You can then legally make a work-alike version of the software (that is NOT a copy of the original binary) using the understanding you have gained.

This is the reason why Samba is legal. Microsoft cannot have legitimate patents on it because the SMB protocol is actually IBM's invention. Samba is not a copy of Windows binary code, nor is the Samba source code a copy of the Windows source code. Samba is just a work-alike of a Windows trade secret.

Somewhat ironically, Microsoft releasing (or publishing, if you will) of source code under "read only" permission of their shared source program actually enables copyright law protection of Microsoft's source code.

Edited 2008-01-18 04:17 UTC

Reply Score: 3

Everyone?
by aliquis on Fri 18th Jan 2008 09:33 UTC
aliquis
Member since:
2005-07-23

Uhm, it's not there for anyone to use actually.. It's there, but not for use.. ;/

Reply Score: 1

Fantastic News
by kramii on Fri 18th Jan 2008 09:57 UTC
kramii
Member since:
2005-07-22

As a .Net dev this is the best news I have had in a long time.

Why?

1. The behaviour of the library is not always well documented. MSDN is notoriously bad in some areas. Being able to read the source code enables the dev to understand *exactly* what the libraries are doing, how to use them, why they are there and when to use them.

2. It enables devs to *verify* the existence of suspected bugs lin the framework, and to work with MS to resolve them (or at least to document them and their work-arounds).

3. It gives us the oportunity to learn from the people who developed the framework by looking at the techniques they have used.

4. It can provide insight into the reasons *why* the routines in the framework behave in particular ways.

5. It *could* enable clean-room development for the Mono devs. (INAL)

6. It will spawn a whole lot articles on all aspects of the framework, many of which will be instructive and become essential reading.

7. It will lead to more secure code. Security vulnerabilities in the framework will become known, understood, worked-around and patch.

8. Some of us are just interested because we like that sort of thing.

Couldn't we already get these benefits with Reflector? Of course we've been able to see decompile the source for a long time using Reflector (it is a wonderful tool), but that is no substitute for reading the original code with MS comments in, and being able to step through code in the debugger.

I don't always like Microsoft (I think many of their products are actuall quite poor, and really hate many of the policies that they have persued over the years) but .Net is actually rather good, and this is the best thing MS has ever done to enhance it.

Well done, Microsoft.

Reply Score: 2

RE: Fantastic News
by sorpigal on Fri 18th Jan 2008 14:21 UTC in reply to "Fantastic News"
sorpigal Member since:
2005-11-02

5. It *could* enable clean-room development for the Mono devs. (INAL)

IANAL either, but it couldn't. The license specifically forbids reading the source for the purpose of creating similar software on another platform.

Edited 2008-01-18 14:21 UTC

Reply Score: 1

RE[2]: Fantastic News
by kramii on Mon 21st Jan 2008 09:59 UTC in reply to "RE: Fantastic News"
kramii Member since:
2005-07-22

Fair enough: you're probably right.

However, everthing depends on legal interpretation.

I can think of several scenarios that would be worth investigating.

1) Someone used the source code in a way permitted by the licence. They document their findings. What stops the Mono devs using these documents?

2) Someone in a nation where the licence has no legal standing to document what the code does. Can these documents be used by the Mono devs?

Naturally, until proven otherwise, I must agree with you. Nevertheless, the possibilities are intriguing.

Reply Score: 1

RE[3]: Fantastic News
by sorpigal on Tue 22nd Jan 2008 12:32 UTC in reply to "RE[2]: Fantastic News"
sorpigal Member since:
2005-11-02

1) Someone used the source code in a way permitted by the licence. They document their findings. What stops the Mono devs using these documents?


Probably nothing, but I doubt it would be useful. The spec is already published so the main advantage would be in documenting MS-specific bugs/oddities. Even if bug-for-bug compatibility were desired that would only have minimal usefulness.

2) Someone in a nation where the licence has no legal standing to document what the code does. Can these documents be used by the Mono devs?


I'm pretty sure that's a "No."

Reply Score: 1

Pink elephants flying over a volcano!
by kaiwai on Fri 18th Jan 2008 11:02 UTC
kaiwai
Member since:
2005-07-06

I'm sorry but I've never seen such a waste of hard disk space in all my life. Microsoft is trying to pawn off a 'read only' licence as a change in direction? sorry, colour be completely unimpressed. If Microsoft *really* want to impress me and others, how about opensource the whole damn framework under something like CDDL or BSDL?

This is nothing more than an attempt for Microsoft to muddy the waters of what one considers 'opensource' and worse, put projects like Mono under even more legal scrutiny - just imagine the field day when the legal experts (aka, oxygen thieves within Microsoft) get wiff of something looks a bit like what appears in their source code - OMG! it uses printf()! its a direct copy! *rolls eyes*

Reply Score: 1

Quite useful
by TommyCarlier on Fri 18th Jan 2008 12:16 UTC in reply to "Pink elephants flying over a volcano!"
TommyCarlier Member since:
2006-08-02

This is very useful for .NET developers. Debugging and reading the original source code is a lot better than using Reflector to examine the "source code". We now get the original variable names, the original comments (VERY useful), the original file organization, ...
And people can learn a lot from "just reading" someone else's code.

Reply Score: 2

MollyC Member since:
2006-07-04

I'm sorry but I've never seen such a waste of hard disk space in all my life. Microsoft is trying to pawn off a 'read only' licence as a change in direction? sorry, colour be completely unimpressed. If Microsoft *really* want to impress me and others, how about opensource the whole damn framework under something like CDDL or BSDL?

This is nothing more than an attempt for Microsoft to muddy the waters of what one considers 'opensource' and worse, put projects like Mono under even more legal scrutiny - just imagine the field day when the legal experts (aka, oxygen thieves within Microsoft) get wiff of something looks a bit like what appears in their source code - OMG! it uses printf()! its a direct copy! *rolls eyes*


I expect this sort of bull from lemur, but not someone who is more intelligent like you. This code has been released to assist those developing code that runs on the .NET framework libs by allowing for the browsing of and debugging of the .NET framework library code. That's it. If you're not writing code that runs on the .NET framework libs, then ignore this source code. You aren't the target. This isn't open source code nor is it meant to be nor is it pretending to be. Just think of it in the same terms as the Microsoft's C-runtime, C++ STL, and MFC code that Microsoft has been releasing for years. That code is released in order to assist developers making code to run on Microsoft's stuff, not for laying the groundwork for lawsuits by tricking or even tempting devs into using said code outside the bounds of the license. The release of this .NET framework code is similar in purpose.

The reaction here is so childish. Microsoft releases code to help those writing code that runs on Microsoft's stuff, and those that have zero interest in writing such code come here to bash and try to convince those that are writing such code that this is useless (and even "evil", since it's only purpose is for suing people later on (paraphrasing the lunatics)). Pathetic in the extreme.

Edited 2008-01-18 17:55 UTC

Reply Score: 3

kaiwai Member since:
2005-07-06

The reaction here is so childish. Microsoft releases code to help those writing code that runs on Microsoft's stuff, and those that have zero interest in writing such code come here to bash and try to convince those that are writing such code that this is useless (and even "evil", since it's only purpose is for suing people later on (paraphrasing the lunatics)). Pathetic in the extreme.


How is it childish? lets assume I work on Mono, whilst developing mono, I want to ensure that my implementation is compatible with Microsoft's implementation - and not have to write a whole heap of tests that may or may not test the function as Microsoft intended - I decide to look at the code.

Due to the 'read only' nature of the licence, sure, I might get my the issue resolved in my implementation, but it leaves a massive hole there for someone to exploit by way of legal action. Given Microsoft's threats against open source projects and their 'infringing' on patents of which they're too lazy to disclose, I would be very cautious.

It has NOTHING to do with hating Microsoft - so stop trying to bring up BS which has nothing to do with the topic; I own a Mac, and I'm quite happy to use Microsoft products, I've got Office 2008, MSN messenger, I like using their online services - so no, I'm not some rabid anti-Microsoft person with a chip on his shoulder, just a concerned person who having heard the threats by Microsoft, I don't want to see open source projects drown a sea of frivolous litigation.

Edited 2008-01-19 02:27 UTC

Reply Score: 2

MollyC Member since:
2006-07-04

How is it childish? lets assume I work on Mono, whilst developing mono, I want to ensure that my implementation is compatible with Microsoft's implementation - and not have to write a whole heap of tests that may or may not test the function as Microsoft intended - I decide to look at the code.

Due to the 'read only' nature of the licence, sure, I might get my the issue resolved in my implementation, but it leaves a massive hole there for someone to exploit by way of legal action. Given Microsoft's threats against open source projects and their 'infringing' on patents of which they're too lazy to disclose, I would be very cautious.

It has NOTHING to do with hating Microsoft - so stop trying to bring up BS which has nothing to do with the topic; I own a Mac, and I'm quite happy to use Microsoft products, I've got Office 2008, MSN messenger, I like using their online services - so no, I'm not some rabid anti-Microsoft person with a chip on his shoulder, just a concerned person who having heard the threats by Microsoft, I don't want to see open source projects drown a sea of frivolous litigation.


It's childish because you guys are looking for bogey men where they ain't, and are in essence saying that it would be better if Microsoft had not released this code at all. You do that because you speak from the perspective of someone not making .NET code, of someone to whom this release isn't targetted. You claim concern about how this release will affect non-.NET coders without considering the concerns about .NET coders to whom this release is targetted.

Here's a quote about this I read on slashdot that sums things up quite nicely:
"This release is not intended to benefit the Slashdot crowd [or those not making code that runs on .NET]. Of course it isn't "open source", and Microsoft never said it was. This is Microsoft assisting developers working with .NET on the Windows platform. There are a huge number of developers who fit that description. Sorry if you don't, but not everything is about you."



I never mentioned "hating Microsoft". That you brought that up unprompted may reveal your own feelings on the matter. So rather than responding to me by raising issues I didn't raise, why don't you address something I did raise, which is that Microsoft has released source code for many years (C runtime, C++ STL, MFC), and all that time nobody accused them of doing it for the purpose of suing anyone.

As for Mono, Miguel has instituted a policy that nobody that has seen the .NET code will be allowed to work on Mono in any way, shape, or form. So your scenario of being a Mono developer that decides to look at Microsoft's code to enusre that your implementation is compatible would in fact violate Miguel's own policy. Now, if someone decides to violate Miguel's policy and potentially put Mono at risk, that's on that dev, not Microsoft. Microsoft released this code to help .NET devs, how it affects Mono is not their concern. It's Miguel's concern, and Miguel has taken the action he sees fit (banning those that have seen MS's code from working on Mono). And he did this without trashing the releasing of the code for .NET devs.

Edited 2008-01-19 19:16 UTC

Reply Score: 3

gonzo Member since:
2005-11-10

How is it childish? lets assume I work on Mono, whilst developing mono, I want to ensure that my implementation is compatible with Microsoft's implementation - and not have to write a whole heap of tests that may or may not test the function as Microsoft intended - I decide to look at the code.

If you're working on Mono then it is not for you, Microsoft (Scott Guthrie) clearly said it. So stop being stubborn.

Reply Score: 1