Tridgell Reveals Bitkeeper Secrets 373
wallykeyster writes "The Register is reporting on Andrew Tridgell publicly demonstrating how to interoperate with Bitkeeper. During his keynote at the Linux.Conf.Au, Tridgell connected to a BitKeeper site via telnet and used the mostly forgotten "help" tool. Ethical arguments of aside, what really counts as reverse engineering anyway?"
Re:lol @ #buttes, failures. (Score:3, Insightful)
Perhaps a stretch (Score:5, Insightful)
Re:lol @ #buttes, failures. (Score:5, Insightful)
We should have never had the PC revolution, because that resulted from the availability of PC clones.
We should have to pay over $1000 for a system with only 200 megs of disk and 8 megs of RAM. We should eat from the poison tree of reverse engineering.
(end of sarcasm)
Seriously, reverse engineering is legit. It is responsible for a lot of progress. It used to be legally protected, until insane laws (DMCA) and insane judges (Southern District of New York, Federal court system, etc) got involved.
Re:Do this change something? (Score:5, Insightful)
Actually I think it is good for bitkeeper. No one at my company had ever heard of BitKeeper until this controversy started. Now they're looking into using it.
Any publicity is good publicity
Re:Give me a break... (Score:2, Insightful)
So, you're saying that Exchange is qmail?
What counts as reverse engineering BitKeeper? (Score:1, Insightful)
If I reverse-engineered BitKeeper and wrote a client, I would expect my client to be able to seamlessly interact with any other BitKeeper client. Sans license, of course
--LWM
Try this one again, shall we? (Score:4, Insightful)
Re:lol @ #buttes, failures. (Score:3, Insightful)
But, I wonder why he didn't just help improve (or fork) Arch [gnu.org] so it would suit his needs better instead of starting from scratch. Arch is much closer to Bitkeeper in design and operation. It's decentralized, uses change sets, and it's GPLed.
Re:Using BK's servers (Score:1, Insightful)
Security through obscurity? People are bothering to argue for that on slashdot?
Free as in stealing? (Score:3, Insightful)
Why can't BK develop, and sell software under any liscense they choose? Why isn't Linus free to use that solution if he so chooses? Why is it ok for us to rip on the MS type people for behavior that is OK for us to emulate in support of free and open software?
Why is it ok to try and screw BK over, who spent a great deal of money to develop this?
Re:lol @ #buttes, failures. (Score:5, Insightful)
The DMCA specifically allows reverse engineering for compatibility.
I just had a discussion over dinner with some friends about this very subject. What it basically came down to was that even if there is a provision for it, it's gonna take someone with deep pockets willing to go to court over this. Hell even Adobe won't take it on, and they'd need it to use the Nikon raw file format.
The discussion also brought up an interesting point -- When is compatibility not the reason to reverse-engineer something? I mean even if you reverse engineer with the intent to make your own product, are you not technically trying to interoperate with something else?
The DCMA says a lot of things... (Score:1, Insightful)
Tell that to Dmitry Skylarov.
--
AC
Re:Using BK's servers (Score:4, Insightful)
Your suggestion that it is necessary to keep the BK protocol closed because the BitKeeper people want to be held accountable is just plain bogus. They did it to prevent competition.
PC reverse-engineering != typing "help" in telnet (Score:5, Insightful)
Also, you still can't get docs on a whole lot of BIOS stuff which was reverse engineered years ago, because of indefinite-duration contractual obligations.
In any case, certainly, using telnet to type "help" and reading the resulting documentation does not count as reverse engineering. It is instead a form of RTFM/RTFD.
Re:Using BK's servers (Score:5, Insightful)
Yeah, I know and I think it is bullshit.
Nobody should rely on the client to be nice.
A while ago, any computer running ICQ could simply be shot down by a wrongly formatted package that ICQ would parse and break on it and (in the days of Windows 9x) take the OS with it.
From what I read, BitKeeper has the same problem : a client can completly trash the repository if it doesnt respect the protocol. Which I call slopy design.
I client shouldnt be able to make more damage than the user has rights and HEY! it's a f*cking version control system. I DEMAND that any change done by any client can be reversed easly (after all, this is what I use a VCS for).
For me, it looks like BitKeeper has a HUGE reliability problem in that it relies far too much on clients respecting the protocol and that they cry out that loud to avoid people from looking closer at this design problem.
Re:lol @ #buttes, failures. (Score:5, Insightful)
Heck, "reverse engineering" is "figuring out how something works", AKA "hacking" (NOT "cracking"). This is the basis of most good technological progress and, in a different realm, science.
Re:lol @ #buttes, failures. (Score:3, Insightful)
But the BIOS was reverse-engineered the Right-Way(TM). From this article [theregister.co.uk]:
In most jurisdictions, reverse engineering must be performed in a clean-room context. The people performing the reverse engineering may create documentation on the file formats and APIs, and the re-implementation must be performed by a team which has no direct contact (other than the documentation) with the first team. This is how, for example, the original IBM PC BIOS was reverse engineered.
Someone who is an employee of a high-profile licensee of the software in question clearly does not fulfill this requirement.
Re:Do this change something? (Score:5, Insightful)
Worse yet, we've illustrated that here's someone who's willing to do just that...yank his product from under a high profile project.
If your company is looking into using BK, you may wish to take these recent events into consideration or at least bring them up to those making the decisions.
Re:Recycled Comment (Score:3, Insightful)
He could have asked someone to operate Bitkeeper on his network, or gone to a network where someone was using Bitkeeper. I bet at least one kernel developer would be willing to let him do that.
Re:Recycled Comment (Score:5, Insightful)
Because that's the best time to attack someone. I think, despite what you say, Linus didn't believe it must end. He felt this one would be different. Ultimately he made a bad call, he's angry about it, and to distract attention from his misjudgement he's attacking someone who can't respond.
And Perens? This is a slugfest that only Gates, Darl, and RMS would love - all for differing reasons. Why does Perens feel compelled to call out Linus over his treatment of Tridgell?
Because someone had to do it, and it had to be someone with the standing. Linus is doing something horrible, but do you think he or his fans would listen if you or me called him on it? Which I would, in an instant. But probably only Perens and ESR had the stature to do this.
Re:Your premises are wrong. (Score:3, Insightful)
Yeah, I wrote this before the demonstration was published.
The other points are still valid. Why is Linus so pissed? Would he have been equally pissed if it had been done by someone other than Tridgell? etc, etc.
Re:Using BK's servers (Score:4, Insightful)
Most BK servers are part of the internet, opening a simple telnet connection to a well known port is no secret at all. If Tridge could corrupt BKs database any blackhat could. There's really no excuse for implementing poor security or none at all in BK. For the benefit of BitMover i assume that they did put proper security in place and safeguarded against accidental corruption of the BK database. Regardless of that your argument is moot.
Re:lol @ #buttes, failures. (Score:4, Insightful)
Re:lol @ #buttes, failures. (Score:5, Insightful)
Since when is using ideas developed by someone else morally wrong? Just think the moral quagmire we'd be in if scientists did shit like that. There are specific ways to protect ideas (and/or implementations): copyright, patent, trade secrets. You want to now extend these protections to any form of machine without some application process?
This is an understatement (Score:2, Insightful)
Indeed. Imagine, if you will, a Linux-hostile group with some technical ability who wanted to disrupt Linux development. Can you think of a single better way to do this than to screw up the BK repository? This would be one heck of a DOS attack, no doubt accompanied by lots of bad publicity against Linux.
This would've been a lot more effective than Microsoft's SCO lawsuit against IBM; and could be done for just a fraction of the money.
I'm sorry, but the "security through obscurity" argument doesn't work here. And if BitKeeper is indeed as fragile as the creator of it claims, a great service has been done in getting the Linux community to move away from BitKeeper.
Let us hope that Linus' new "git" SCM is much better insulated against a hostile attack.
Re:lol @ #buttes, failures. (Score:3, Insightful)
LOL, irony too complex, huh? (Score:4, Insightful)
Didn't you RTFA, maybe? Here are the relevant sentences:
Tridgell demonstrated the procedure to disprove accusations that his detractors in the Torvalds/McVoy camp had made against him. Principally, that he was some kind of "an evil genius" reverse engineer.
The demo showed that the work was obviously not reverse engineeering in any real sense of the word, nor was it even remotely describable as "genius" work
And he made us laugh at the same time too. You didn't?
Re:Do this change something? (Score:3, Insightful)
How would he make his money? The same way that Trolltech (eventually), PostgresSQL, MySQL, JBoss, or Aladdin make theirs - by offering a GPL version, but offering paid support or spiffy new features in a commercial version.
The ubiquity of CVS (despite its many faults) demonstrates that some could make an absolute fortune this way and be the darling of the open source world at the same time.
Re:Your premises are wrong. (Score:3, Insightful)
Why worry about misleading idiots?
Can you avoid misleading idiots?
Isn't being easily mislead one of the defining qualities of an "idiot"?
Re:lol @ #buttes, failures. (Score:3, Insightful)
Re:lol @ #buttes, failures. (Score:3, Insightful)
The reason the PC BIOS was reverse-engineered that way is likely due to two things
1) The overwhelming power of IBMs lawyers
2) The fact that the BIOS did such simple things that even independently-developed code would end up looking very similar in part.
Not again! (Score:2, Insightful)
release with git is done.
Fucking Register is trying to get some pageviews
by trolling again and again.
For the last time - what Tridge did is legal.
But it screwed Linus over because he used BK
which was the best tool for the job.
Lots of "propritery software is crime against
humanity" dudes are crying "we told you so" the
whole mess would have not happened if only Linus
used a free and blessed software.
But the truth is that there was no free software
which did the job.
Re:lol @ #buttes, failures. (Score:1, Insightful)
No, breaking into BitKeeper's own repositories and taking an illegal copy of the actual BitKeeper source code would be trying to get their proprietary work. Writing your own program that merely happens to have the same inputs and outputs is producing new work, that's all your own work and belongs to you, just like BitKeeper belongs to them. It's taking nothing from anyone. It's not even illegal, let alone immoral.
Re:Reverse Engineer BK (Score:3, Insightful)
If I deploy a BK or CVS, or any other types of repository and allow anonymous writes, which is what's required to "trash the repository", then I deserve what I get. The failure then would be completely mine.
If I lock it down, and the repository can be trashed via anonymous telnet, then there's a very big problem. In any case, your post is both flamebait and off-topic, since it really has no basis in reality in the context of this or other related stories.
Re:Perhaps a stretch (Score:3, Insightful)
With BitKeeper, every repository can be both a clone of one repository -- a client -- and the parent of another repository -- a server. The system is completely distributed, peer-to-peer, whatever you want to call it.
This is not a CVS / SVN workalike where everyone checks things out of and in to a central server instance: the same bk tool can be used to both bk pull changes down from a parent/server and bk push changes back to a clone/client -- and you can do this circularly, so the same two repositories can be both parent and clone of the other.
So what Tridge pointed out can show people what needs to happen to replicate the client-ish aspects of BitKeeper, which would be enough to get BK clients that behave a lot like, say, CVS clients behave. But that's only half of the functionality that the same bk tool is capable of...
Re:Using BK's servers (Score:1, Insightful)
Please explain the illegimacy. (Score:4, Insightful)
Re:Give me a break... (Score:3, Insightful)
Tridge's reverse engineering for SAMBA is not *that* big a deal to MS. So what if a Windows server gets fooled into thinking that some Linux or VMS box is a Windows machine? While this service is immeasurable to many of us, we represent a small part of MS's customer base. It's unlikely that such a thing will enable anyone to budge MS in it's golden goose OS or office productivity markets.
I disagree. Most machines running Samba are servers, not clients. Without Samba, we would all be running Windows fileservers. Once you have to have the Windows server, you might as well put Active Directory on it rather than set up another machine with OpenLDAP, and you might as well run IIS, since it's there and you have the Windows admins to run it. Domain server, dhcp server, on and on.
Samba is huge. It's what lets my company run 500 Win, Linux and Mac desktops with only two Win servers; the one one that runs SUS to patch all those Windows clients, and the payroll server (curse ADP). All the other servers are Linux with a couple of Sun boxes for corprate datastore apps.
Samba lets us not need Windows servers, and I can't believe that Microsoft wouldn't care about that.
Re:Do this change something? (Score:3, Insightful)
What I would dispute is that people would suddenly stop paying McVoy $$$ if he had made the product open source. Other open source projects make a fortune because the source is not enough for many deployments - they want features, support and training. I bet the various sql servers and JBoss do very well out of such an arrangement.
As an open source product BitKeeper would have gotten 10x the exposure it does now. It would be the defacto source control system since people would have migrated to Bitkeeper from cvs years ago, and their enthusiasm would have "infected" the corporate workplace too. I really think it was a dumb move to make the product commercial.
As it is, the open source world has passed Bitkeeper by. It might be a good system but Clearcase is still king and sooner or later something will supplant Bitkeeper. I'd still love it if my company picked Bitkeeper but there's fat chance of that despite the millions they spend on clearcase - source control systems are very "sticky" and hard to get rid of.
I haven't used Arch or Monotone, but I appreciate the concept of a change control set. One thing I miss from the days of CMVC (what IBM *used* to use prior to Clearcase) was that you'd check out files against a bug and check the whole lot in in one action. You can do atomic commits in svn, but it's not mandatory or tied to a bug system. Some kind of uber-distributed-svn-bugzilla could kick some serious ass.
Re:Recycled Comment (Score:3, Insightful)
Re:Recycled Comment (Score:1, Insightful)
Re:lol @ #buttes, failures. (Score:5, Insightful)
I think I understand Linus' thinking about this based on some of his emails that were not as widely circulated as others. Linus is a pragmatist. He doesn't see open source or reverse engineering as intrinsically morally good or bad.
He sees them as good things if they produce good (profitable, valuable) results. He is upset with Tridge because he believes that Tridge had no good (profitable, valuable) end-game. Tridge's actions were destined to destroy the cooperation between the Linux kernel team and BitKeeper. Yet there is no situation in which those actions lead to benefit to either the kernel team, or the open source community or the BitKeeper company (in Linus' opinion). Here he is in his own words.
In other words, it wasn't the act of reverse engineering that is wrong. It is the act of screwing up Linus' life and BitKeeper's advertising scheme without having any beneficial side effects.
Re:Ethics aside? (Score:5, Insightful)
Truer words were never spoken, and I thank you for posting them. Sad thing is the rest of your comment indicates you have set them aside already, or perhaps never had them.
There is absolutely nothing unethical in what Tridge did here, at least insofar as has been mentioned in any of the reporting on this in the past few days that we've both had access to. There is absolutely no ethical obligation to keep an agreement you were not a party to. The rest of your rant assumes facts not in evidence, without any source, and has the definate whiff of BS to me.
In fact, what Tridge has done here is the epitome of ethical behavior. Linus is stung now, understandably disoriented and angry because he's been proven wrong and, being human, his first response is to lash out at Tridge instead of thanking him. Give it a few years though... once his wounded pride settles down I'm sure he will, in fact, thank Tridge for this.
Locking your data into a proprietary single-vendor format for the sake of temporary convenience was never a good idea. Everyone told Linus this, but he was too smart to listen. Now exactly what he was warned about has happened. And it was inevitable all along - if Tridge hadn't done it someone or something else would have - McVoy was a ticking time bomb. The fact that the guy isn't very stable didn't help, but honestly - McVoy could have been a saint and the thing would have still been a ticking time bomb. If Tridges actions resulted in it going off a little sooner than otherwise, then he saved Linus and many others trouble in the long run. Replacing BK wasn't going to get any easier...
Re:Do this change something? (Score:3, Insightful)
The advantage of this is that it's group friendly. You can have four teams of five each merge with their respective team leaders. The leaders then, are the only ones to merge with the main line. It's much more useful than branching alone, and the main line breaks less often.
Anyway, what he *could* do it give away the server and bundle the excellent gui tools and support. Now *that* would work.
Someone's defending this as a SECURITY feature? (Score:4, Insightful)
Client-side security is no security at all.
Security through obscurity is no security at all.
Re:lol @ #buttes, failures. (Score:1, Insightful)
(Attempting to bring this back on-topic) Regarding BK, is "telnet bitkeeper.address 5000" the wrong way?
Re:lol @ #buttes, failures. (Score:2, Insightful)
I'm quite sure that it's the opposite of rms' view stated in the terms of Open Source movement. In Free Software movement we have the terms free and non-free software which would probably suit better for such a statement.
People should have the "FREEDOM" to keep their source closed, open it, or to charge anything they want for it as long as they are not a monopoly.
Keeping source "closed" (which is a term used by the Open Source movement) means that the users don't have freedom. When you deny others their freedom you are using power. Power is not freedom.
Re:lol @ #buttes, failures. (Score:3, Insightful)
You also assume the the BK people will change the protocol for handling the data - if this is so, then Tridge I would assume update his tool to suit. You also assume that the tool as a client would be useless? Why? This makes little sense - remember this is from the person who helped build samba, and that could hardly be called useless. So even based on previous efforts you are being ignorant and pretty rude to Tridges abilities and software. Id suggest you look at some of the things hes done.
You suggest Tridge writes a SCM, well there are many open source alternative, although none to Linus's liking and this is again the main issue. Its not about Tridge at all, hes simply trying to find a solution to the BK mess Linus has produced! If Linus chose an open source source management tool then _ALL_ of these problems would disappear. Its all because he has a friend who now wants to cash in on BK client licenses - which is more 'moral' for an open source.. well.. pretty damn obvious isnt it. Imho it wouldnt surprise me if Linus has even a slight cut for marketing BK clients - this is very common in commercial world, hire high profile users to promote your wares. It looks very much like this here.
In the long run this is all for an _open_source_ development project, and without a free/GPL or open source tool to manage it, you are going to get into all sorts of problems - and unless someone relents (preferably Linus and hit BK obsession) then its going to make a mess of what was originally a good open source project.
Re:Recycled Comment (Score:4, Insightful)
No I see it a bit differently - I think its more than justa about friends its a philosophical clash. I came to this conclusion reading about samba on the samba website and the following statement hit me ...
This contrasts with Torvalds more pragmatic approach in getting things done. Which is more correct is a matter of personal opinion. Pragamatism vs strict GNU adherance.
Re:lol @ #buttes, failures. (Score:4, Insightful)
Once the tool has been developed, Larry has two choices:
* Pull the license (which is bad for everyone)
* Ignore the tool (which isn't so bad)
So, looking at it this way, Larry's action of yanking the license had no good (profitable, valuable) results.
Now of course, Larry can say, but the point of yanking the license is that my threat to yank the license was intended to deter people from doing what Tridge did. I am just protecting my right to make a living off my software. I had to follow through on my threat to protect my credibility; if I didn't, then what would stop people from profiting off my coattails?
But Tridge can say, but the point of reverse engineering the system is that my threat to reverse engineer the system was intended to deter Larry from imposing unreasonable conditions on the community. I am just protecting the the commnity's right to access its data. I had to follow through on my threat to protect my credibility; if I didn't, then what would stop Larry from continuing to refuse to give us the access we deserve?
So, as you see, the "what is practically good (profitable, valuable)" analysis doesn't give us a conclusion here. Either Tridge or Larry could have avoided having the license pulled.
The type of analysis that WOULD decide the conflict is one which looks at who is being treated fairly or unfairly, or one which considered the "rights" of all parties (i.e. my right to make a living off BitKeeper without having it reverse engineered, vs. my right to access the metadata of the Linux kernal development).
For example, if a criminal mastermind had an atom bomb aimed at New York city and demanded your wife and your firstborn child as ransom, and you refused, and he blew up New York, then it wouldn't make sense for someone to say that the mastermind was a good man but that you are responsible for the destruction of New York. But, using Linus's "good (practical, valuable)" analysis, all that can be concluded is that both the criminal and you were responsible. The more sensible conclusion is that your wife and your child have a right not to be ransomed to some criminal, but that the criminal has little right to your wife and child, therefore he is the bad guy here. But this necessarily involves taking a stand on the fairness of each side's demands.
Linus seems to be claiming that he doesn't want to get caught up in a discussion of rights, but by blaming Tridge, he is probably implicitly assuming that Larry's putative right not to have others "ride his coattails" holds more weight than Tridge's putative right to interoperate and to access metadata without signing a license agreement.
Re:lol @ #buttes, failures. (Score:4, Insightful)
I use my power of ownership to keep you from living in my home. From reading my mail. And eating my food if I do not give you permission. My freedom to own what I make overrides your freedom to take what I make. Like it or not but makeing people release their work as open source is slavery. Making sure that people have the freedom to write their own software and the right to give it to others is freedom.
Re:lol @ #buttes, failures. (Score:2, Insightful)
Re:Please explain the illegimacy. (Score:5, Insightful)
Where did you get the idea this agreement exists? What exactly does this agreement say? What evidence is there to show that Tridgell agreed to its terms or did something that required complying with such a clause or be liable for losing a copyright infringement lawsuit?
I'm suspect that Tridgell, who appears to be quite dedicated to software freedom, would realize the implications of agreeing to such a thing and therefore not agree to it.
As it stands, Tridge has said he was not a licensee of the Bitkeeper program [newsforge.com]. Furthermore, I have no reason to believe he's lying.
Re:lol @ #buttes, failures. (Score:3, Insightful)
Of the many rebuttals he received, allow me to give a choice quote:
(note: I had to reformat this because the slashdot gestapo lameness filter is on overdrive today)
Name: Karl Stenerud (kstenerud@hotmail.com) 4/14/05
Linus Torvalds (torvalds@osdl.org) on 4/14/05 wrote:
-
>Tridge wanted to create a tool that checked out BK trees for people who didn't sign the license. But it still
>needed BK to actually do anything useful - since it would not actually do the work that BK did.
>
So basically it would dump the raw BK data?
Or would it recreate a local copy complete with necessary metadata
(is there any metadata that is needed?)
What made the data useless if you didn't have BK? And could that missing functionality be added?
I'm still not sure I understand why connecting to a BK server via a custom tool and dumping the data from the repository contained within is such a bad thing...
>"Hey, that's a useful helper". Yes, except when it isn't.
>
>And it isn't, if releasing it just causes the BK protocols to change, and people who used BK in the first place to have to stop using it,
How would releasing a client tool cause the protocols to change? Isn't it the server that dictates the protocol?
>and when using the tool against a BK repository is a violation of the license that the BK user agreed to.
But wasn't the point of the tool to get the contents of a BK repository without being bound by the license?
>See the problem now? Tridge's tool would have been useful if that usage had been sanctioned by BitMover.
I don't see how sanctioning by BitMover is a criteria for the usefulness of a tool...
>But since that tool ends up invalidating your right to use BK in the first place,
How can it invalidate your right to use BK if you've never agreed to the license in the first place?
You can quite easily stop using the tool and then start using the real BK client should you so choose.
You just have to remember that it's a one-way street.
>and since that tool can not replace what BK did, then yes, the tool is pointless.
From Tridge's description, it doesn't sound at all like he planned on ever replacing what BK did.
However, failure to match feature-for-feature does not make a tool pointless.
Am I missing something here?
>So you have three choices
>- don't use the tool (which makes it useless)
>- use the tool, but stop using BK (which makes it useless)
>- use the tool _and_ use BK, which violates the BK license
Actually, you missed the fourth choice:
- Never use BK, but use the tool instead.
And that makes for an acceptable outcome in both a moral and legal sense, if I understand this correctly.
>and everybody would be happy. If a developer wanted to switch to Tridges hypothetical tool, BK comes with the
>stuff needed to export your own data.
>Do you see? It's really exactly the same thing. The BK license isn't any less relevant than the GPL, and the
>fact that BitMover is a company doesn't make it ok to violate their licenses and continue to use their programs.
Quite correct. You shouldn't violate any license you agree to.
BUT, in order to violate a license, you have to first agree to it.
If you use Tridge's tool, you don't have to agree to the license in order to get the repository contents.
Linus got caught up in a conflict of interest, pure and simple (by maintaining the public linux source code on a closed source, draconian-licensed, for-profit repository system written by a close friend).
Conflicts of interest invariably lead to conflict of ethics, and Linus's ethics have been found wanting of late.