Tridgell Reveals Bitkeeper Secrets

wallykeyster writes "The Register is reporting on Andrew Tridgell publicly demonstrating how to interoperate with Bitkeeper. During his keynote at the Linux.Conf.Au, Tridgell connected to a BitKeeper site via telnet and used the mostly forgotten "help" tool. Ethical arguments of aside, what really counts as reverse engineering anyway?"

lol @ #buttes, failures.

Well, I think it's safe to say that Linus Torvalds is wasting his time on his new RCS, 'git'. He may as well just go ahead and write a BitKeeper-compatible system, since he liked BK so much. Oh, wait. That's morally "wrong". So says the guy working on a clone of the UNIX operating system. Something doesn't quite add up here.

Re:lol @ #buttes, failures.

Exactly. He didn't do something immoral, like cloning the IBM PC via reverse engineering.

We should have never had the PC revolution, because that resulted from the availability of PC clones.

We should have to pay over $1000 for a system with only 200 megs of disk and 8 megs of RAM. We should eat from the poison tree of reverse engineering.

(end of sarcasm)

Seriously, reverse engineering is legit. It is responsible for a lot of progress. It used to be legally protected, until insane laws (DMCA) and insane judges (Southern District of New York, Federal court system, etc) got involved.

Re:lol @ #buttes, failures.

It used to be legally protected, until insane laws (DMCA)

The DMCA specifically allows reverse engineering for compatibility.

Re:lol @ #buttes, failures.

The DMCA specifically allows reverse engineering for compatibility.

I just had a discussion over dinner with some friends about this very subject. What it basically came down to was that even if there is a provision for it, it's gonna take someone with deep pockets willing to go to court over this. Hell even Adobe won't take it on, and they'd need it to use the Nikon raw file format.

The discussion also brought up an interesting point -- When is compatibility not the reason to reverse-engineer something? I mean even if you reverse engineer with the intent to make your own product, are you not technically trying to interoperate with something else?

PC reverse-engineering != typing "help" in telnet

IBM would give you a map of the pinouts and everything else

On the contrary, the entire "microchannel archtecture" is still considered a trade secret by IBM (please correct me if I'm wrong, but I think there is a contractual reason that it might always be.)

Also, you still can't get docs on a whole lot of BIOS stuff which was reverse engineered years ago, because of indefinite-duration contractual obligations.

In any case, certainly, using telnet to type "help" and reading the resulting documentation does not count as reverse engineering. It is instead a form of RTFM/RTFD.

Please explain the illegimacy.

Please explain what is illegitimate about reverse engineering Bitkeeper's network protocol in an effort to distribute a free software program which is network-compatible with the proprietary Bitkeeper program.

Re:Please explain the illegimacy.

Where did you get the idea this agreement exists? What exactly does this agreement say? What evidence is there to show that Tridgell agreed to its terms or did something that required complying with such a clause or be liable for losing a copyright infringement lawsuit?

I'm suspect that Tridgell, who appears to be quite dedicated to software freedom, would realize the implications of agreeing to such a thing and therefore not agree to it.

As it stands, Tridge has said he was not a licensee of the Bitkeeper program [newsforge.com]. Furthermore, I have no reason to believe he's lying.

Re:lol @ #buttes, failures.

Do you think the BK license required Linus to promise to never write a competing product for the rest of his life? Amazingly, yes. Apparently, the original license did not specify a time frame, so it could be interpreted as valid for undetermined time. The revised license seems to specify 1 year as the no-compete clause.

Re:lol @ #buttes, failures.

Amazingly, yes. Apparently, the original license did not specify a time frame, so it could be interpreted as valid for undetermined time. The revised license seems to specify 1 year as the no-compete clause.

But Larry McVoy revoked the license. Doesn't that mean that the no-compete clause has been revoked with the rest of the license?

Re:lol @ #buttes, failures.

It's not morally wrong to try to access information from a BitKeeper repository. That's all Tridge did. No attempt was made to clone BK.

Re:lol @ #buttes, failures.

Kinda like how openssh is morally wrong because you can buy directly from ssh.

Since when is using ideas developed by someone else morally wrong? Just think the moral quagmire we'd be in if scientists did shit like that. There are specific ways to protect ideas (and/or implementations): copyright, patent, trade secrets. You want to now extend these protections to any form of machine without some application process?

Re:lol @ #buttes, failures.

I think I understand Linus' thinking about this based on some of his emails that were not as widely circulated as others. Linus is a pragmatist. He doesn't see open source or reverse engineering as intrinsically morally good or bad.

He sees them as good things if they produce good (profitable, valuable) results. He is upset with Tridge because he believes that Tridge had no good (profitable, valuable) end-game. Tridge's actions were destined to destroy the cooperation between the Linux kernel team and BitKeeper. Yet there is no situation in which those actions lead to benefit to either the kernel team, or the open source community or the BitKeeper company (in Linus' opinion). Here he is in his own words.

Tridge wanted to create a tool that checked out BK trees for people who didn't sign the license. But it still needed BK to actually do anything useful - since it would not actually do the work that BK did.

"Hey, that's a useful helper". Yes, except when it isn't.

And it isn't, if releasing it just causes the BK protocols to change, and people who used BK in the first place to have to stop using it, and when using the tool against a BK repository is a violation of the license that the BK user agreed to.

See the problem now? Tridge's tool would have been useful if that usage had been sanctioned by BitMover. But since that tool ends up invalidating your right to use BK in the first place, and since that tool can not replace what BK did, then yes, the tool is pointless.

So you have three choices
- don't use the tool (which makes it useless)
- use the tool, but stop using BK (which makes it useless)
- use the tool _and_ use BK, which violates the BK license

Two useless cases, and one outright license violation.

Now, let's look at a _constructive_ case: let's say that Tridge had written a really good SCM. Now the choice would be:
- use the tool (cool, that works)
- use BK (cool, that also works)

and everybody would be happy. If a developer wanted to switch to Tridges hypothetical tool, BK comes with the stuff needed to export your own data.

In other words, it wasn't the act of reverse engineering that is wrong. It is the act of screwing up Linus' life and BitKeeper's advertising scheme without having any beneficial side effects.

Re:lol @ #buttes, failures.

Sure, but then why not apply that analysis to Larry's action to pull the license?

Once the tool has been developed, Larry has two choices:

* Pull the license (which is bad for everyone)
* Ignore the tool (which isn't so bad)

So, looking at it this way, Larry's action of yanking the license had no good (profitable, valuable) results.

Now of course, Larry can say, but the point of yanking the license is that my threat to yank the license was intended to deter people from doing what Tridge did. I am just protecting my right to make a living off my software. I had to follow through on my threat to protect my credibility; if I didn't, then what would stop people from profiting off my coattails?

But Tridge can say, but the point of reverse engineering the system is that my threat to reverse engineer the system was intended to deter Larry from imposing unreasonable conditions on the community. I am just protecting the the commnity's right to access its data. I had to follow through on my threat to protect my credibility; if I didn't, then what would stop Larry from continuing to refuse to give us the access we deserve?

So, as you see, the "what is practically good (profitable, valuable)" analysis doesn't give us a conclusion here. Either Tridge or Larry could have avoided having the license pulled.

The type of analysis that WOULD decide the conflict is one which looks at who is being treated fairly or unfairly, or one which considered the "rights" of all parties (i.e. my right to make a living off BitKeeper without having it reverse engineered, vs. my right to access the metadata of the Linux kernal development).

For example, if a criminal mastermind had an atom bomb aimed at New York city and demanded your wife and your firstborn child as ransom, and you refused, and he blew up New York, then it wouldn't make sense for someone to say that the mastermind was a good man but that you are responsible for the destruction of New York. But, using Linus's "good (practical, valuable)" analysis, all that can be concluded is that both the criminal and you were responsible. The more sensible conclusion is that your wife and your child have a right not to be ransomed to some criminal, but that the criminal has little right to your wife and child, therefore he is the bad guy here. But this necessarily involves taking a stand on the fairness of each side's demands.

Linus seems to be claiming that he doesn't want to get caught up in a discussion of rights, but by blaming Tridge, he is probably implicitly assuming that Larry's putative right not to have others "ride his coattails" holds more weight than Tridge's putative right to interoperate and to access metadata without signing a license agreement.

Re:lol @ #buttes, failures.

Uhm. Nope.

Linus has stated that a centralized system would not work -- which is why subversion is a bad choice. He *needs* something distributed. Apparantly monotone was a possible choice, but in the end he decided to write his own system.

Re:lol @ #buttes, failures.

And who the HELL are you to be telling Torvalds how he should spend his time?

I did some research on him:

He is Mikael Johansson.
His slashdot ID is 814403.
And here is a link to his account in case you want to know more: http://slashdot.org/~Mikael%20Johansson [slashdot.org].

Re:lol @ #buttes, failures.

Reverse engineering is not morally wrong...in fact, it is specifically protected by all the copyright laws in the US.

Heck, "reverse engineering" is "figuring out how something works", AKA "hacking" (NOT "cracking"). This is the basis of most good technological progress and, in a different realm, science.

Re:lol @ #buttes, failures.

Even if I agree which I do not that reverse engineering Bitkeeper would be wrong that is not what he was doing. He was reverse engineering the protocol so that other CLIENTS could inter operate with Bitkeeper.
One the protocol was figured out programmers could write bitkeeper plug ins for Eclipse, Anjuta, and kdevelop. You would still need the bitkeeper server. Frankly I do worry that Linus will not like his fall from grace as the darling of the OSS community. I do not know him so I will hope he will not take offense and just pack it in. Frankly I really disliked the THOU SHALL NOT WORK ON A COMPETING VCS license that Bitkeeper required.

Re:lol @ #buttes, failures.

Wow the list of things that are just wrong with you post is long.

No Unix is not Open Source and no it was not in the past. Some BSD versions of it are You had to pay extra for the source to UNIX and you where not allowed to copy it.

VAX is not an OS it is a family of computers. VAXs could run Unix, VMS, and a host of other OSs. VMS is still alive and is now called openVMS. Sure there are a lot more systems running Windows, Linux, and Unix than VMS but it is a very robust and secure system that is still at the heart of some very important systems.

The first DOS had no Unix in it. It was more of a clone of CP/M. CP/M was not like Unix at all except that it had a command line and some strangely named utilities like pip. Only when Dos version 2.0 came out did any remotely Unix style features like directories and the pipe get added.

SUN is not an OS it is a company. They did have Sun OS and now Solaris both of which are UNIX. And they paid for the UNIX source code as did IBM for AIX. Berkley was given the code I think then got sued for giving away BSD until the court found out that AT&T had borrowed back a lot of BSD code so it became a wash.

"If BitKeeper wishes to keep their source proprietary then it is morally wrong."
This is also just garbage and totally ignores the real issue. I do not care what RMS or anyone else says closed source is not immoral. People should have the "FREEDOM" to keep their source closed, open it, or to charge anything they want for it as long as they are not a monopoly.

I have no problem with them keeping their source proprietary. That is their right. We are not talking about source code here. We are talking protocols and methods and that is a very different thing.
What I find very wrong is using a programing tool that has a license that restricts what type of software I can write! If I wanted to use Bitkeeper I could not use it to manage the source of a Bitkeeper like program! What is worse is if I used Bitkeeper I could not then WORK on a Bitkeeper replacement even if I used CVS for that project! Imagine if I was not allowed to write a c++ compiler using Visual c++! Or I was not allowed to work on OpenOffice because I used Excel at my job! How people would be screaming about that! Bitkeeper I guess had every right to require it however I have to say that to accept that seems just wrong. I am sure that at the time it seemed like a fast solution to a big problem. Now it could turn into an even BIGGER problem.

Re:lol @ #buttes, failures.

"Keeping source "closed" (which is a term used by the Open Source movement) means that the users don't have freedom. When you deny others their freedom you are using power. Power is not freedom."
I use my power of ownership to keep you from living in my home. From reading my mail. And eating my food if I do not give you permission. My freedom to own what I make overrides your freedom to take what I make. Like it or not but makeing people release their work as open source is slavery. Making sure that people have the freedom to write their own software and the right to give it to others is freedom.

Bit Keeper's actually...

A man named Johan Mikelson who keeps track of every bit inside his head!

Do this change something?

I don't think that this changes much in open source development. Linus has made his decision and i think that this isn't that good for bitkeeper. Many companies are using bitkeeper because linux is/was managed with this tool. Well. We'll see. But well done Andrew. Better than reverse engeneering it in the hard way and "ripping" the secrets out...

Re:Do this change something?

Linus has made his decision and i think that this isn't that good for bitkeeper.

Actually I think it is good for bitkeeper. No one at my company had ever heard of BitKeeper until this controversy started. Now they're looking into using it.

Any publicity is good publicity

Re:Do this change something?

Of course that is until people look deeper into what the publicity is all about. McVoy pretty much illustrated the inherent dangers of not being Open Source -- that at a whim (of a madman?) all your data are belong to them.

Worse yet, we've illustrated that here's someone who's willing to do just that...yank his product from under a high profile project.

If your company is looking into using BK, you may wish to take these recent events into consideration or at least bring them up to those making the decisions.

Perhaps a stretch

Does anyone remember taking thier first radio apart "just to see how it works". This in the most base form was reverse engineering. Personally if you have the resources and the desire, by all means. Find out what makes it tick. The only reason Bit-Keeper is annoyed is because they see a free product competing with thier own. Not yet persay, but in the very near future.

What counts as reverse engineering BitKeeper?

Any process that lets one reproduce BitKeeper's process. That includes things like protocol, data format, etc.

If I reverse-engineered BitKeeper and wrote a client, I would expect my client to be able to seamlessly interact with any other BitKeeper client. Sans license, of course ;-)

--LWM

Recycled Comment

I've read a few exchanges from the /. crowd, read a few statements by Linus and the gang, have read McVoy's interpretation of the BK saga, and have come to one conclusion:

No one but the three people involved in this fiasco *really* knows what happened to get this situation to the stage where people begin a verbal free-fire in public.

McVoy is a business man; true to his heart, he needs to keep the BK user strung out on his code. Hell, I would feel the same sense of outrage that he feels if someone threatened to kill my cash cow. Don't pretend that every one you wouldn't feel the same way if it was *your* revenue stream. To me, anyone who claims an absolute vow of poverty is looking for a monastery to live in. Everyone I know would fight to protect a source of financial income.

Selfish? You bet. But nature has created more selfish beings than egalitarian ones. Nature favors pragmatism.

But McVoy could have let this one ride a bit more. It is just a matter of time before someone cracks his model. Then he will have to play the same game as Microsoft and Adobe only on a different level. Too bad for him, though, that his inexpensive advertising scheme didn't last. That is another little detail that goes relatively "un-remarked" upon in the various forums I've read. Larry had one of the hottest programmers in FOSS using his SCM. In fact, this Man Of The Year lavished all kinds of praise on his progeny! You would have to pay more than the "free" license fee for that kind of advertising. Shit, probably A LOT more. If Linus had been paid for his endorsements, that could have added up to quite a sum of money. Larry has wisely kept those funds securely in his pocket.

Again, I'd do that too. The monks of this world can keep their vows.

Linus? Well, it was kind of hard to turn down a free license for one of the best SCMs on the market. If I had been in his position, I would have grabbed the product and ran. In fact, I would like to personally thank Larry for helping juice the Linux kernel development. I know SCO has been rummaging around in the Linux closet for evidence that it was their intellectual property that made the kernel advance so quickly. I believe that Larry's BK contribution probably made the significant increase in kernel production possible. Judging from Linus' angst and outrage, I think he believes that too.

But Linus is being a bit thin skinned. Does he believe he is the ONLY programmer that has been burned by relying on a proprietary product for their work? Didn't he listen to all the people who had been telling him about *their* bad experiences with proprietary lock-in? From what I've read in the past, they had plenty of legitimate worries that this was going to happen. I'm sure that Linus knew it would happen someday too. He's just pissed that it happened NOW as opposed to LATER.

Boo hoo, get over it, this too will pass, etc. But why attack Tridgell in public? Hmmm.... That does raise some interesting questions. And why get all bitchy about it?

There is something we are not getting in this little soap opera. Tridgell is silent, probably for good reason. But why would Linus take him to task knowing that he would not be able to respond publicly?

And Perens? This is a slugfest that only Gates, Darl, and RMS would love - all for differing reasons. Why does Perens feel compelled to call out Linus over his treatment of Tridgell?

I thought the points made by some posters about just how Tridgell was sniffing packets to see the metadata protocols is extremely insightful. To have BK protocols running on his network would require that he be operating a client and server somewhere where he could see it, no? What network was he sniffing if he didn't have a license?

What amazes me is that the attempt to get BK's protocols didn't happen *sooner*. With all of the pissing and moaning that erupted when Linus started using BK, I would have thought there would have been someone doing what Tridgell was accomplishing years

Re:Recycled Comment

But why would Linus take him to task knowing that he would not be able to respond publicly?

Because that's the best time to attack someone. I think, despite what you say, Linus didn't believe it must end. He felt this one would be different. Ultimately he made a bad call, he's angry about it, and to distract attention from his misjudgement he's attacking someone who can't respond.

And Perens? This is a slugfest that only Gates, Darl, and RMS would love - all for differing reasons. Why does Perens feel compelled to call out Linus over his treatment of Tridgell?

Because someone had to do it, and it had to be someone with the standing. Linus is doing something horrible, but do you think he or his fans would listen if you or me called him on it? Which I would, in an instant. But probably only Perens and ESR had the stature to do this.

Re:Recycled Comment

McVoy and Torvalds are friends. It has been posted earlier that McVoy went to Torvald's home to pitch the use of BitKeeper.

Linus speaking out against Tridge, is simply that of someone backing up his friend. Unfortunately for Linus, it makes him a hypocritical git.

Re:Recycled Comment

'... Linus speaking out against Tridge, is simply that of someone backing up his friend... '

No I see it a bit differently - I think its more than justa about friends its a philosophical clash. I came to this conclusion reading about samba on the samba website and the following statement hit me ...

• '... Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. ...' (the emphasis is mine)

This contrasts with Torvalds more pragmatic approach in getting things done. Which is more correct is a matter of personal opinion. Pragamatism vs strict GNU adherance.

The Linux Life?

These political spats are fun, but realistically speaking, this is degenerating into an episode of "The Simple Life."

Next thing you know, Torvalis will be breaking up with Perens because "well, he knows what he did."

Person 1 liked a tool. Person 2's actions caused the first person to lose rights to his tool. Person 1 vents. Person 3 vents on Person 1. BFD.

Soon, there will be a group hug and an exchange of hair care products. End of story. Welcome to "life in the big leagues of software." Tune in next week, when Person 5 attempts to purchase a voltage regulator.

Linus pressured to drop it?

This seems really out of character for Linus, I suspect that someone in his position practically lists his job title as "reverse engineer". I bet he was pressured by someone(s) to drop bitkeeper and he's pitching a fit as a sign to all of us that something totally crappy happened.

Don't put the ethical arguments aside please...

I cannot see any justification for the slamming that Tridgell is getting and it's worse that it's coming from a very respected figure, so maybe _I've_ got something wrong here; it's time the ethical argument _was_ tested and debated between Torvald and Tridgell in the open so I can read what both sides really think and I can make up my own mind. Torvald can't be talking c**p but neither can Tridgell - maybe here is a chance for us all to study a very important debate; if BitKeeper would play ball then maybe Tridgell can speak out openly. Hey, maybe even Richard Stallman could get involved (only joking ;)

The Register

Ok, I don't read The Register much, but the titles of the "related articles" caught my eye. Pretty tough to figure out which side they are on:

'Cool it, Linus' - Bruce Perens

Torvalds knifes Tridgell
The Larry and Linus Show: personalities vs principles?
Linus Torvalds in bizarre attack on open source
Linus Torvalds defers closed source crunch

Free as in stealing?

Am I the only one here who things that real freedom is achieved only when you can tollerate an opposing point of vew?

Why can't BK develop, and sell software under any liscense they choose? Why isn't Linus free to use that solution if he so chooses? Why is it ok for us to rip on the MS type people for behavior that is OK for us to emulate in support of free and open software?

Why is it ok to try and screw BK over, who spent a great deal of money to develop this?

Is tridge IBM unclean hacker

Is Tridge the elusive IBM hacker who "hacked" into SCO when the claimed [groklaw.net]:

"IBM exploited the bug to bypass SCO's security system, hack into SCO's computers, and download the very files IBM has now attached to its motion"

DMCA here I come!

> used the mostly forgotten "help" tool. ... what
> really counts as reverse engineering anyway?"

So, reading the fine manual is now considered reverse engineering... And therefore illegal! Now I can sue anyone who tells me to RTFM!

What is reverse engineering?

``... Tridgell connected to a BitKeeper site via telnet and used the mostly forgotten "help" tool. Ethical arguments of aside, what really counts as reverse engineering anyway?''

Well, certainly not that! If that's to be considered reverse engineering -- especially illegal reverse engineering -- then the next question we need to be asking is ``Why is it so hot where we're going and what are we doing in this handbasket?''

Anyone remember when ``HELLO'' and ``HELP'' were the same program? (Extra credit: Anyone remember what OS that's from?) Today's legal climate would probably have anyone issuing ``HELP'' on that OS tossed in jail as a system cracker. (Heck, if ``lynx'' can get you indicted in the UK...)

tridge's source code is up for download

https://sourceforge.net/projects/sourcepuller/ [sourceforge.net]

Re:tridge's source code is up for download

Here are some relevant sections from the README

cePuller was written for two reasons. First, because the terms of the free BitKeeper license are not suitable for some members of the free software community. This can occasionally lead to frustrating situations where a free software developer wishes to access a BitKeeper repository, and is either unable to, or can only access it via a gateway that translates the repository into another format, possibly losing some information.

The second reason for writing SourcePuller was to provide a open library of routines that can talk to BitKeeper servers and manipulate local BitKeeper repositories. It is hoped that this library will be used by the authors of other source code management systems to allow them to interoperate with BitKeeper. Eventually this should result in an improvement in the quality of the various bk repository gateways.

SourcePuller is not intended to be a full replacement for BitKeeper. Instead, you should use SourcePuller as an interoperability tool for situations where you cannot use bk itself. SourcePuller is missing a large amount of core functionality from BitKeeper, and thus is not suitable as a full replacement.

Update - April 2005
-------------------

As you probably know, there has been quite a fuss lately about this code and the fact that BitMover has now withdrawn the free version of bk. First off, I would like to say that this result was not the intention when I wrote this code. I had hoped that an alternative open client would be able to coexist happily with the proprietary BitKeeeper client, as has happened with so many other protocols. An open client combined with the ability to accurately import into other source code management tools would have been a big step forward, and should have allowed BitMover to flourish in the commercial environment while still being used by the free software community.

I would also like to say that BitMover is well within its rights to license BitKeeper as it sees fit. I am of course disappointed at how BitMover has portrayed some of my actions, but please understand that they are under a lot of pressure. Under stress people sometimes say things that perhaps they shouldn't.

As I have stated previously, my code was written without using bk. Some people expressed some skepticism over that, perhaps because they haven't noticed that bk servers have online protocol help (just type 'help' into a telnet session). I don't think it is unreasonable to assume that this help was intended for people like myself who wished to implement new clients.

I would like to thank all the people who have supported me in the development of this tool by providing useful advice both before, during and after the development of the code. I tried to consult with a wide range of interested parties and the feedback I got was certainly appreciated.

Finally, I would like to point out the obvious fact that Linus was perfectly within his rights to choose bk for the kernel. I personally would not have chosen it, but it was his choice to make, not anyone elses. Linus is now in the unenviable position of changing source code management systems, which is a painful task, particularly when moving away from a system that worked as well as bk did. If you want to help, then help with code not commentary. There have been enough flames over this issue already.

Not again!

Give it a rest. BK is buried, the first kernel
release with git is done.

Fucking Register is trying to get some pageviews
by trolling again and again.

For the last time - what Tridge did is legal.
But it screwed Linus over because he used BK
which was the best tool for the job.

Lots of "propritery software is crime against
humanity" dudes are crying "we told you so" the
whole mess would have not happened if only Linus
used a free and blessed software.

But the truth is that there was no free software
which did the job.

Reverse Engineer BK

Someone should really reverse engineer BK and publish the results. It would be interesting to find out what all the real problems are with a system that can't handle a rogue client without trashing the repository.

A "reverse engineer"

Apparently, person who reverse-engineers is now called a "reverse engineer":

• According to attendees, Tridgell demonstrated the procedure to disprove accusations that his detractors in the Torvalds/McVoy camp had made against him. Principally, that he was some kind of "an evil genius" reverse engineer.

Linus is right!

I have been following this issue for some time now and cannot really avoid the feeling that the issue isn't really in reverse engineering the BK protocols. Real issue lies in the management of the servers and ownership of the server. What other intentions could an open source implementation of BK have other than access their hosted servers?

In my view the service (whatever it is) is owned and regulated by the company or individual who provides the service. In this case the service was free, and everyone was happy about it. Open source client would destroy this control over the service and enable users to access the service without agreeing to the terms of the service. I cannot imagine how any company would allow this kind of behaviour to happen.

What I have understood is that Linus is against reverse engineering something that sole purpose is to circumvent control mechanisms of this kind of hosted service. Maybe it is not illegal as such but it is not morally correct either as the service provider should have control over their service. One could argue it actually is an intrusion to their server and accessing data without permission.

Anyway comparison to SAMBA is a bit odd as the servers SAMBA was ment to access were mostly maintained people whose sole purpose was to share the data with all legal users. There was not one company maintaining gigantic share containing all the shared data in the world.

BK Source

As a couple of people have pointed out, I too found the whole BK thing with Torvalds, exceedingly bizarre.

Furthermore, I think cvs has some issues, but the decentralized approach bitkeeper portends, is some sort of super secret to doing offline cooperative source code management?

My whole impression with the excommnication of the kernel source code from cvs, was that they had to totally dump cvs for what reason? Kind harsh, period.

What I couldn't understand is why didn't they design or modify cvs to do disconnected distributed updates with similair capabilities such as BK.

Is it NOT logical, to have a tool with source available to modify should it not do what you need it too do? (i.e. if cvs really was deficient, it is open source so it can be fixed.)

Is that not the whole point to this endeavor we Open Source guys are exercising in our daily professional lives?

Revolting against closed source systems because they break far too easily, can't be fixed without going to jail and are owned by companies who have no interest in solving our problems just creating features to keep the upgrade cash cow machine milking continuously?

Whether we like it or not?

?

Instead, they just totally dumped cvs which manages some of the largest projects on the internet that easily rivals the size scope and complex code base of the Linux Kernel, (Mozilla)

Mozilla developers are pretty happy with cvs, and judging from the results, I use Mozilla everyday.

So why did they dump cvs again?

Something else must be going on here and unfortunately, the true reason why Linus would use BK is probably something he is keeping too himself.

We probably wouldn't like the answer anyway, so I am fine with that. :-)

Just for the record, I am in the camp that thinks it is a fundamental error to architect a piece of software that is open like the Linux Kernel number one, number two being its primary proponent of open engineering practices in general like Linus Torvalds, number three then turn around and close off the technology process that builds it and suggest it is a better way to manage the process than the one your using to build number 1.

WTF?

However, Linus is still my hero. :-)

-hack

No wonder.

I now remember why I don't watch soap operas.

Every episode is exactly the same.

so...

So let me get this straight... Jeremy Allison, Andrew Tridgell, Gerrald Carter, John Terpstra etc write a tool that reverse engineers Microsoft/LanMan protocols and I am supposed to feel all warm and fuzzy...

Andrew writes a tool to reverse engineer BitKeeper and I am supposed to be pissed???

So, is this a case of "it's okay to do it to MS, just not one of our own"?

Is Linus in violation of the BitKeeper license...

...by developing a competing product? Wasn't he also bound by the BK license clause that forbid anyone using BitKeeper from creating something like git?

Pat

This was just an excuse

At the risk of getting modded as redundant I'll say it... for those who don't find this obvious -- Tridgell "reverse-engineering" BK was just an excuse for McVoy to pull back the free version. And this article only makes it more obvious. McVoy just needed to point his finger at someone. And Torvalds just followed McVoy's leads (or vice-versa).

freshmeat post

Source code from tridge has been posted to FreshMeat [freshmeat.net]. The SourcePuller project is hosted on SourceForge [sourceforge.net].

Mod parent up, then

Give him back his parent ;-)

Re:Give me a break...

214 qmail home page: http://pobox.com/~djb/qmail.html

So, you're saying that Exchange is qmail?

Re:Using BK's servers

One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it. That's one of the advantages most managers see with going with a commercial company rather than a OSS solution.

This isn't just copying functionality, it's putting a widely used system at risk because you don't agree with their practices. That's the same philosophy espoused by a lot of virus writers.

You're kidding right? If the BK system is so brittle that it cannot protect itself against a hostile client then it should not be hosting any source code.

If a friendly client (trying to obtain interoperability) can fundamentally break a server, just imagine what a script kiddie would do..

Re:Using BK's servers

Just because virus writers have the same philosophy, that doesn't mean reverse engineers are bad. That's a seriously flawed argument.

Also, I believe the kernel source is usually backed up. They'd just have to restore it. And hopefully, if it got hosed, Linus would willingly switch from using BK, because it would prove its inviability as an SCM.

Try this one again, shall we?

Replace "AIM" with "BK" in the above text, and see if you still believe what you're asserting.

Re:Using BK's servers

What if Tridge wrote something that totally hosed the kernel source on BK's server? People would be screaming bloody murder at BK for letting it happen....

And rightly so. If BK's server were so insecure, that it allowed a random person write access to the kernel source code, then people should be screaming bloody murder at BK.

One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it. That's one of the advantages most managers see with going with a commercial company rather than a OSS solution.

You forgot to cite Windows as proof of how well a commercial company provides a secure operating environment.

Re:Using BK's servers

What if Tridge wrote something that totally hosed the kernel source on BK's server? People would be screaming bloody murder at BK for letting it happen. One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it. That's one of the advantages most managers see with going with a commercial company rather than a OSS solution.

Security through obscurity? People are bothering to argue for that on slashdot?

Re:Using BK's servers

You can take accountability for a product when it is used according to a contract and not take accountability for it when it is misused. The manufacturer/service provider takes accountability under specific conditions.
Your suggestion that it is necessary to keep the BK protocol closed because the BitKeeper people want to be held accountable is just plain bogus. They did it to prevent competition.

Re:Using BK's servers

> One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it.

Yeah, I know and I think it is bullshit.
Nobody should rely on the client to be nice.

A while ago, any computer running ICQ could simply be shot down by a wrongly formatted package that ICQ would parse and break on it and (in the days of Windows 9x) take the OS with it.

From what I read, BitKeeper has the same problem : a client can completly trash the repository if it doesnt respect the protocol. Which I call slopy design.
I client shouldnt be able to make more damage than the user has rights and HEY! it's a f*cking version control system. I DEMAND that any change done by any client can be reversed easly (after all, this is what I use a VCS for).

For me, it looks like BitKeeper has a HUGE reliability problem in that it relies far too much on clients respecting the protocol and that they cry out that loud to avoid people from looking closer at this design problem.

Re:Poking a server you don't own

Not if you were invited.

Scenario: Bob is forced to buy a client for a SCM he doesn't like. Bob invites Ted to come over to his house and poke around on the client. Bob has permission to use the client AND interact with the server. Ted is looking at the server from the client that his friend purchased.

I don't think that would be something that could be construed as "illegal". It might be "actionable" in a civil tort sense.

That might be why Tridgell is keeping quiet.

Re:Using BK's servers

What if Tridge wrote something that totally hosed the kernel source on BK's server? People would be screaming bloody murder at BK for letting it happen.

... and rightly so. If BitMover doesn't put a proper authentification protocoll in place and doesn't safeguard against corruption of the BK database (what if some false bytes due to communication errors hosed the database?) then it's their fault. If it was as easy as you suggest in your posting then i'd call that gross negligence on behalf of BitMover.

Most BK servers are part of the internet, opening a simple telnet connection to a well known port is no secret at all. If Tridge could corrupt BKs database any blackhat could. There's really no excuse for implementing poor security or none at all in BK. For the benefit of BitMover i assume that they did put proper security in place and safeguarded against accidental corruption of the BK database. Regardless of that your argument is moot.

LOL, irony too complex, huh?

Maybe it's the absence of audience laughter cues or something, I don't know, but the irony in Tridgell's demo and in The Register's writeup of it was entirely obvious to me. I had a really good chuckle.

Didn't you RTFA, maybe? Here are the relevant sentences:

Tridgell demonstrated the procedure to disprove accusations that his detractors in the Torvalds/McVoy camp had made against him. Principally, that he was some kind of "an evil genius" reverse engineer.

The demo showed that the work was obviously not reverse engineeering in any real sense of the word, nor was it even remotely describable as "genius" work ... so Tridgell made his point admirably that there has been a mountain made up out of a molehill of nothingness.

And he made us laugh at the same time too. You didn't?

Re:Using BK's servers

If some random client "...totally hosed the kernel source on BK's server...", then I would consider that a serious flaw in the software well worth discovering and fixing. Afterall, what's to say a malicious client isn't trying to do this very thing right now. Or how about some random layer 2 or 3 data corruption which exposes the same issues.

As we've well-learned, in watching cross-site-scripting, buffer overflows, and other attacks - you can never trust the connecting client.

Re:Give me a break...

"I hope he has something more substantial to back himself up than a weak joke."

What's suprising is how many people actually believe that's all Tridge had to do reverse engineer the BK protocol. While I'm willing to buy that he didn't need a BK client, the demo is obviously at best a trivial first step.

Unlike most people, I can actually respect McVoy's decision to remove the free client (though not necessarily in the angry way he did it). The SAMBA and BK situations aren't exactly identical. Tridge's reverse engineering for SAMBA is not *that* big a deal to MS. So what if a Windows server gets fooled into thinking that some Linux or VMS box is a Windows machine? While this service is immeasurable to many of us, we represent a small part of MS's customer base. It's unlikely that such a thing will enable anyone to budge MS in it's golden goose OS or office productivity markets.

But I think the situation is a little different with the BitMover guys. It's probably not THAT incredulous to imagine someone coming up with a free BK client that is better than the free version, and at least competitive with the paid-for version. If such a client is released, then no one would have a reason to buy BitMover's non-free client, thus putting a dent in BitMover's income. After all, it's not like BitKeeper has the channels to force their product down people's throats while threatening vendors who dare to sale someone else's product. They don't have the power to articially manipulate the "free" market for their benefit.

So, IMHO, the difference is this: The Free Open Source development community doesn't have the resources to affect a goliath like MS in any significant way. But a smallfry like BitMover? The FOSS bandwidth is there to bring a company like this to its knees and McVoy knows it. No doubt he's reaped many benefits from the free BK client and his company's association with Linux, but now the other shoe has officially dropped...

Now, I'm not arguing that BitMover doesn't deserve such a fate or that I'm siding with them. It is an open market after all and may the best man win. However, I can at least understand why McVoy and crew would be threatened by a free product competing with their non-free product. Yes Tridge building a new client *does* release Linux source from propietary SCM lock-in which is good for the *rest* of us. But let's at least admit that it's also a valid economicthreat to BitMover as well. Again, why buy their non-free client, if I can get a good enough free client off sourceforge? On a purely economic and pragmatic basis, both sides can be right.

For the record, I don't think Tridge is in the wrong and I don't think he's "out to get" BitMover or McVoy. However, I think an unintended side-effect of his development could be the downfall of BitMover.

What part of this don't you get?

Tridgell = Samba = Screws Microsoft = Good

Any questions?

Re:Poking a server you don't own

not in countries where prostitution is legal.

Re:Ethics aside?

The trouble is that you can't set ethics aside unless you're unethical.

Truer words were never spoken, and I thank you for posting them. Sad thing is the rest of your comment indicates you have set them aside already, or perhaps never had them.

There is absolutely nothing unethical in what Tridge did here, at least insofar as has been mentioned in any of the reporting on this in the past few days that we've both had access to. There is absolutely no ethical obligation to keep an agreement you were not a party to. The rest of your rant assumes facts not in evidence, without any source, and has the definate whiff of BS to me.

In fact, what Tridge has done here is the epitome of ethical behavior. Linus is stung now, understandably disoriented and angry because he's been proven wrong and, being human, his first response is to lash out at Tridge instead of thanking him. Give it a few years though... once his wounded pride settles down I'm sure he will, in fact, thank Tridge for this.

Locking your data into a proprietary single-vendor format for the sake of temporary convenience was never a good idea. Everyone told Linus this, but he was too smart to listen. Now exactly what he was warned about has happened. And it was inevitable all along - if Tridge hadn't done it someone or something else would have - McVoy was a ticking time bomb. The fact that the guy isn't very stable didn't help, but honestly - McVoy could have been a saint and the thing would have still been a ticking time bomb. If Tridges actions resulted in it going off a little sooner than otherwise, then he saved Linus and many others trouble in the long run. Replacing BK wasn't going to get any easier...

Someone's defending this as a SECURITY feature?

One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it.

Client-side security is no security at all.

Security through obscurity is no security at all.