leak of windows source software. Beneficial?

30 réponses [Dernière contribution]
tonlee
Hors ligne
A rejoint: 09/08/2014

https://www.theregister.co.uk/2017/06/23/windows_10_leak/
Can it provide more source software for hard ware?

IrishUSA
Hors ligne
A rejoint: 12/03/2016

I think it's very bad news for WINE and the ReactOS project. It makes it harder for them to be able to defend themselves against claims that they have seen the source code.

hack and hack
Hors ligne
A rejoint: 04/02/2015

WINE and ReactOS happened before the source code leak, therefore that argument can't stand.

As for the source code itself, it's meaningful only to see how f***ed up it might be regarding privacy.
Else, I don't care since I don't use it (OK I do at work, but not willingly). It shouldn't be long before hearing more from it in the news. Or not, since it's probably illegal.

jxself
Hors ligne
A rejoint: 09/13/2010

"WINE and ReactOS happened before the source code leak, therefore that argument can't stand."

Only for code that went into WINE and ReactOS before the leak. The provenance of code that goes in afterward would have the potential problem that IrishUSA pointed out.

hack and hack
Hors ligne
A rejoint: 04/02/2015

Yet since the code is available on both sides, the comparison and verification will be possible, and the claim debunked.

OK, maybe it's harder for them, but not by much.

jxself
Hors ligne
A rejoint: 09/13/2010

Only if you think that code never looks similar. Look how long Oracle was able to draw out the case with Google for a few lines.

hack and hack
Hors ligne
A rejoint: 04/02/2015

But isn't there something like a time stamp? Something that validates that the code was like that at a time before the leak?
Plus it's licensed. I don't know much about all that stuff though, but it seems farfetched.

Legimet
Hors ligne
A rejoint: 12/10/2013

It's the code developed after the leak that could potentially cause problems.

hack and hack
Hors ligne
A rejoint: 04/02/2015

Well, since there's actually very little code leaked, I doubt it's really troublesome. And since it's "available", the WINE and ReactOS team can make sure to avoid such pitfall by comparing before publishing.
I see no serious reason to worry about that.

jxself
Hors ligne
A rejoint: 09/13/2010

"And since it's "available", the WINE and ReactOS team can make sure to avoid such pitfall by comparing before publishing."

Looking at the source code would be part of the problem. ReactOS, at least, follows a clean room design [0] says their website. And so, they should absolutely positively NOT look at the source code. Ever. So as to avoid being influenced by anything that they may see, consciously or subconsciously.

If there were truly no problem in such cases then clean room design [0] would not be needed. Your proposal, though, is having the people inside the clean room go and look at the stuff they're not supposed to be seeing, thus contaminating the clean room.

"I don't know much about all that stuff though but it seems farfetched."

Clearly you don't so you shouldn't be weighing in on topics that you don't know about. Clean room design exists for a very specific reason, as the Wikipedia article covers. The people inside the clean room can never, ever look at the thing being copied. Contaminating the clean room would be a big deal.

[0] https://en.wikipedia.org/wiki/Clean_room_design

hack and hack
Hors ligne
A rejoint: 04/02/2015

OK so what's the problem then ? Sheer bad luck in creating from scratch something very close to the few lines of code (and it seems, not too meaningful) leaked? Possible, but unlikely.

As for "STFU because you don't know what you're talking about":
I wouldn't learn a thing in that case.
Plus it's not because I'm wrong on one point (comparing code so as to not make it too similar), that I'm wrong on all of it. I still think that you're overreacting, given the few lines of codes leaked, and given that much of the code was written prior to the leak. But please enlighten me.

Legimet
Hors ligne
A rejoint: 12/10/2013

Oracle claims that Google copied these 9 (trivial) lines of code: https://fossbytes.com/9-lines-of-code-that-google-stole-from-oracle-java-android/. Such a small amount of code shouldn't even be copyrightable.

Also, if the Wine developers, for example, look at the Windows source code, it is possible that they write their code in a similar fashion without realizing it. This is why it's important not to look at the source code. Another example of this with PowerVR: http://libv.livejournal.com/26972.html

hack and hack
Hors ligne
A rejoint: 04/02/2015

Thanks for the info.

loldier
Hors ligne
A rejoint: 02/17/2016

I surmise should they make the mistake of using "stolen" code, the rightsholders, whoever they are now or in the future, would wait until something *worthwhile* comes out of the ReactOS project. THEN sue and drive them into oblivion.

We never know where the patents go or who's acquired by whom.

The developer who put in those nine lines used to work for SUN.

onpon4
Hors ligne
A rejoint: 05/30/2012

Everything you've been saying is wrong. It's very simple:

1. It is illegal to utilize the leaked Windows source code in any way. Forget copyright, it's also a trade secret.

2. The fact that the code was leaked means that from now on, if anything the Wine or ReactOS developers come up with happens to match anything in the leak (which is actually quite easy), then Microsoft will have an easier case with them. at best, this could lead to an expensive lawsuit. At worst, this could result in the entire Wine and ReactOS projects being shut down, permanently.

So no, there's no nuance to this. This leak is 100% detrimental to libre software, the Wine project, and the ReactOS project.

hack and hack
Hors ligne
A rejoint: 04/02/2015

1. That point is already settled since legal or not, at least React OS would never even consult it (clean room design).

2. I see with Legimet's examples how it easy it can be. So indeed, the from now on, any written line of code is at risk.
Btw, if a case happens and is lost, all the code written before the leak would be lost too?

Though reasoning on incomplete data is indeed a bad habit,
TIL because I was "weighing in on topics that I don't know about".

tonlee
Hors ligne
A rejoint: 09/08/2014

Jxself, you should stop being self assured on legal matters. I would say, you have
no or little experience on making legal declarations. It seems you read a bit of wikileaks and
assume that settles a matter. Which is does not.
Would you have legal knowledge, you would know that often a case is lurked and
you will not know what a court concrete will say.
I have noticed you making rubbish legal remarks on this matter before. By your own standards,
which you use to quiet hack and hack, you should should shut up yourself.

Even if wikileaks says differently, I am not sure an american court will accept an
argument, that any other software claiming to be made by clean room standards, but
looks identical to leaked software, automatically will be deemed illegal or breaching
rights of the owner of the leaked software.
If the clean room software team can document, that a reverse engineering attempt likely
would result in something similar to the leaked source software and the clean room
team can document every step of their reverse engineering, I would say, that the burden
of proving that the clean room team made use of the leaked source software, is on
the owner of the leaked source software. What does case law say on this matter?
He will have to prove, that the clean room team have read the leaked source software.
How do you do that? It can turn out to be difficult.
Another matter is about legal resources. If the clean room team has little resources and
their counterpart lots, then the clean room team may lose on that account.

My remarks on the quality of jxself's legal writings applies to onpon4 too. It is black
and white talk. Onpon4 likely writes on no or very little knowledge about legal
matters.

The clean room team can turn dirty. It can read the leaked source software.
Then construct a credible reverse engineering story. It other words lie in front of
a court of law. It will be up to the court and the clean room team's
counterpart to unmask such behavior.

hack and hack
Hors ligne
A rejoint: 04/02/2015

Sticking only to the present thread (I don't know the backstory of those two):
0npon4 merely repeated/compiled what was said before him (though ignoring that I've had already stated myself that the leak what very possibly illegal).
But you're right tonlee: for example many torrents are illegal after all. They're still used anyway.
Also I still don't see why the development prior to the leak would be threatened. Because the ruling of the law would be too heavy to carry? Maybe. Maybe not. Worst case, the existing code is already available.

As for jxself, right or wrong, please just stick to the subject at hand and don't try to silence people like that. There's a practical reason why you shouldn't: https://en.wikipedia.org/wiki/No_such_thing_as_a_stupid_question

See, you learned something as well ;)

tonlee, I definitely agree that it's hardly so simple with the law. After all, Google won vs Oracle:
http://www.businessinsider.com/google-won-its-lawsuit-against-oracle-2016-5?international=true&r=US&IR=T

Anyway, assuming we can move beyond such a petty conversation...

Facts (more or less):
* we don't know the exact content of the leak
* accusations of that order happened, but weren't necessarily successful, hence tonlee's law argument.
* Free software is based on solid legal grounds, after all. Was this risk already thought about?
* Anything that can be done is already done in terms of development methods (I hope so)
* Whether the leak is really a problem for a handful of free software programs or not, the majority (if not all) of the people here won't do a thing about it anyway.

So, uh, what was my point again... Oh, right: call me when something actually happens. And stop acting so high & mighty, specially if you're right.

loldier
Hors ligne
A rejoint: 02/17/2016

As for jxself...

Raymond says:

...by hacker standards, your respondent is showing you a rough kind of respect simply by not ignoring you. You should instead be thankful for this grandmotherly kindness.

http://www.catb.org/esr/faqs/smart-questions.html#rtfm

hack and hack
Hors ligne
A rejoint: 04/02/2015

EDIT: reorganizing a bit

From the same link:
These replies mean that the responder thinks (a) the information you need is easy to find, and (b) you will learn more if you seek out the information than if you have it spoon-fed to you.
Easy to find? The clean room concept? I beg to differ.
Better to seek info instead of being spoon-fed? True.
Effective communication vs sugar-coating ? Definitely.
But do you feel I've been spoon-fed with the KFSN4-DRE threads?

As for this thread, the fact is, with a bit of spoon feeding, I learned way more (and it profits to others as well).
I'm not asking for apologies, I don't care. But it matters that people seemingly ignorant from a subject feel free to express themselves.
"A wise man can learn more from a foolish question than a fool can learn from a wise answer."

Plus I don't count the number of opportunities on this forum to drop a RTFM (hence my suggestion of making use of sticky threads, btw). Or RTFT, for that matter (T for thread).

Although I see your point (and thank you for the link, which I wasn't even aware of. I guess it's not too easy to find :P ), jxself suggested something fundamentally wrong.
RTFM is not an invitation to silence people, it's an invitation for them to do the research.
There can obviously be some cause and effect, but then he worded it very badly, because that's not what it means.

Anyway, if this is settled, back to the program.

hack and hack
Hors ligne
A rejoint: 04/02/2015

Hi to the funny lone downvoter. I like to upvote myself and others when I see idiotic downvotes, so instead of wasting your time, why don't you actually answer to the posts you don't like?

I can understand upvoting without an explanation, but not downvoting without an explanation.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

>I like to upvote myself and others when I see idiotic
downvotes,

heh, me too, and on occasions teh other way around too, it's called 'balancing the dumb voting system', what can you do..

hack and hack
Hors ligne
A rejoint: 04/02/2015

Haha, I like the name :)

Ignacio.Agullo
Hors ligne
A rejoint: 09/29/2009

On 02/07/17 23:40, wrote:
> Jxself, you should stop being self assured on legal matters. I would
> say, you have
> no or little experience on making legal declarations.

Excuse me, but you seem to me unexperienced on legal matters.

--
Ignacio Agulló · name at domain

tonlee
Hors ligne
A rejoint: 09/08/2014

List your arguments.

Soon.to.be.Free
Hors ligne
A rejoint: 07/03/2016

It appears the story, as posted by the Register, may be somewhat sensationalist: https://www.betaarchive.com/forum/viewtopic.php?t=37283 gives a clarification.

Regardless, there's probably not much that can come from it besides a minor privacy review (and Heather's spark idea, which sounds quite practical- a 100% libre Microsoft logo generator!). Not only is this a "relatively minor" leak, containing only a few items of at most tangential interest, it's still proprietary.

AnotherStranger
Hors ligne
A rejoint: 09/15/2016

It could be beneficial in terms of that people may find more nasty backdoors which could bring more people to free software :-)

jorgesumle
Hors ligne
A rejoint: 06/01/2016

> Please turn JavaScript on and reload the page.
DDoS protection by Cloudflare

> Ray ID: 3781151a5a3f2b5e

Great! The Cloudflare wall once again.

I'd say that the ReactOS and Wine developers should try to ignore the source code. And if they get a pull request, they should verify if it does look too similar to the Windows's source code. Libre software should follow its way, and ignore proprietary software.

hack and hack
Hors ligne
A rejoint: 04/02/2015

For ReactOS at least, that's what they do. Read a few posts above for details.

Jodiendo
Hors ligne
A rejoint: 01/09/2013

Updated to add https://www.theregister.co.uk/2017/06/23/windows_10_leak/

Beta Archive's administrators are in the process of removing non-public Microsoft components and builds from its FTP server and its forums.

For example, all mention of the Shared Source Kit has been erased from its June 19 post. We took some screenshots before any material was scrubbed from sight. You'll notice from the screenshot above in the article and the forum post that the source kit has disappeared between the Microsoft Windows 10 Debug Symbols and Diamond Monster 3D II Starter Pack.

The source kit is supposed to be available to only "qualified customers, enterprises, governments, and partners for debugging and reference purposes."

In a statement, Beta Archive said: "The 'Shared Source Kit' folder did exist on the FTP until [The Register's] article came to light. We have removed it from our FTP and listings pending further review just in case we missed something in our initial release. We currently have no plans to restore it until a full review of its contents is carried out and it is deemed acceptable under our rules."