Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Programming IT Technology

Tridgell Reveals Bitkeeper Secrets 373

wallykeyster writes "The Register is reporting on Andrew Tridgell publicly demonstrating how to interoperate with Bitkeeper. During his keynote at the Linux.Conf.Au, Tridgell connected to a BitKeeper site via telnet and used the mostly forgotten "help" tool. Ethical arguments of aside, what really counts as reverse engineering anyway?"
This discussion has been archived. No new comments can be posted.

Tridgell Reveals Bitkeeper Secrets

Comments Filter:
  • by amorformosus ( 781869 ) on Thursday April 21, 2005 @03:03PM (#12304914)
    The main difference is that Linus did not reverse engineer the MINIX kernel in order to write Linux's kernel. It's legit.
  • Perhaps a stretch (Score:5, Insightful)

    by jonnystiph ( 192687 ) on Thursday April 21, 2005 @03:06PM (#12304948) Homepage
    Does anyone remember taking thier first radio apart "just to see how it works". This in the most base form was reverse engineering. Personally if you have the resources and the desire, by all means. Find out what makes it tick. The only reason Bit-Keeper is annoyed is because they see a free product competing with thier own. Not yet persay, but in the very near future.
  • by Frank T. Lofaro Jr. ( 142215 ) on Thursday April 21, 2005 @03:09PM (#12304986) Homepage
    Exactly. He didn't do something immoral, like cloning the IBM PC via reverse engineering.

    We should have never had the PC revolution, because that resulted from the availability of PC clones.

    We should have to pay over $1000 for a system with only 200 megs of disk and 8 megs of RAM. We should eat from the poison tree of reverse engineering.

    (end of sarcasm)

    Seriously, reverse engineering is legit. It is responsible for a lot of progress. It used to be legally protected, until insane laws (DMCA) and insane judges (Southern District of New York, Federal court system, etc) got involved.
  • by stry_cat ( 558859 ) on Thursday April 21, 2005 @03:09PM (#12304988) Journal
    Linus has made his decision and i think that this isn't that good for bitkeeper.

    Actually I think it is good for bitkeeper. No one at my company had ever heard of BitKeeper until this controversy started. Now they're looking into using it.

    Any publicity is good publicity
  • by c++ ( 25427 ) on Thursday April 21, 2005 @03:11PM (#12305012)
    214 qmail home page: http://pobox.com/~djb/qmail.html

    So, you're saying that Exchange is qmail?
  • by lilmouse ( 310335 ) on Thursday April 21, 2005 @03:11PM (#12305013)
    Any process that lets one reproduce BitKeeper's process. That includes things like protocol, data format, etc.

    If I reverse-engineered BitKeeper and wrote a client, I would expect my client to be able to seamlessly interact with any other BitKeeper client. Sans license, of course ;-)

  • by abulafia ( 7826 ) on Thursday April 21, 2005 @03:17PM (#12305077)
    Replace "AIM" with "BK" in the above text, and see if you still believe what you're asserting.
  • by Gleef ( 86 ) on Thursday April 21, 2005 @03:22PM (#12305119) Homepage
    The underlying design of Subversion is centralized. It's probably easier to write something from scratch than to change core design elements of Subversion.

    But, I wonder why he didn't just help improve (or fork) Arch [gnu.org] so it would suit his needs better instead of starting from scratch. Arch is much closer to Bitkeeper in design and operation. It's decentralized, uses change sets, and it's GPLed.
  • by Anonymous Coward on Thursday April 21, 2005 @03:22PM (#12305127)
    What if Tridge wrote something that totally hosed the kernel source on BK's server? People would be screaming bloody murder at BK for letting it happen. One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it. That's one of the advantages most managers see with going with a commercial company rather than a OSS solution.

    Security through obscurity? People are bothering to argue for that on slashdot?
  • by Scott Lockwood ( 218839 ) * on Thursday April 21, 2005 @03:25PM (#12305156) Homepage Journal
    Am I the only one here who things that real freedom is achieved only when you can tollerate an opposing point of vew?

    Why can't BK develop, and sell software under any liscense they choose? Why isn't Linus free to use that solution if he so chooses? Why is it ok for us to rip on the MS type people for behavior that is OK for us to emulate in support of free and open software?

    Why is it ok to try and screw BK over, who spent a great deal of money to develop this?
  • by tzanger ( 1575 ) on Thursday April 21, 2005 @03:25PM (#12305163) Homepage

    The DMCA specifically allows reverse engineering for compatibility.

    I just had a discussion over dinner with some friends about this very subject. What it basically came down to was that even if there is a provision for it, it's gonna take someone with deep pockets willing to go to court over this. Hell even Adobe won't take it on, and they'd need it to use the Nikon raw file format.

    The discussion also brought up an interesting point -- When is compatibility not the reason to reverse-engineer something? I mean even if you reverse engineer with the intent to make your own product, are you not technically trying to interoperate with something else?

  • by Anonymous Coward on Thursday April 21, 2005 @03:27PM (#12305177)
    The DMCA specifically allows reverse engineering for compatibility

    Tell that to Dmitry Skylarov. ;-)
  • by eturro ( 804858 ) on Thursday April 21, 2005 @03:27PM (#12305182)
    You can take accountability for a product when it is used according to a contract and not take accountability for it when it is misused. The manufacturer/service provider takes accountability under specific conditions.
    Your suggestion that it is necessary to keep the BK protocol closed because the BitKeeper people want to be held accountable is just plain bogus. They did it to prevent competition.
  • IBM would give you a map of the pinouts and everything else
    On the contrary, the entire "microchannel archtecture" is still considered a trade secret by IBM (please correct me if I'm wrong, but I think there is a contractual reason that it might always be.)

    Also, you still can't get docs on a whole lot of BIOS stuff which was reverse engineered years ago, because of indefinite-duration contractual obligations.

    In any case, certainly, using telnet to type "help" and reading the resulting documentation does not count as reverse engineering. It is instead a form of RTFM/RTFD.

  • by TekGoNos ( 748138 ) on Thursday April 21, 2005 @03:28PM (#12305194) Journal
    > One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it.

    Yeah, I know and I think it is bullshit.
    Nobody should rely on the client to be nice.

    A while ago, any computer running ICQ could simply be shot down by a wrongly formatted package that ICQ would parse and break on it and (in the days of Windows 9x) take the OS with it.

    From what I read, BitKeeper has the same problem : a client can completly trash the repository if it doesnt respect the protocol. Which I call slopy design.
    I client shouldnt be able to make more damage than the user has rights and HEY! it's a f*cking version control system. I DEMAND that any change done by any client can be reversed easly (after all, this is what I use a VCS for).

    For me, it looks like BitKeeper has a HUGE reliability problem in that it relies far too much on clients respecting the protocol and that they cry out that loud to avoid people from looking closer at this design problem.
  • by rpdillon ( 715137 ) on Thursday April 21, 2005 @03:28PM (#12305197) Homepage
    Reverse engineering is not morally wrong...in fact, it is specifically protected by all the copyright laws in the US.

    Heck, "reverse engineering" is "figuring out how something works", AKA "hacking" (NOT "cracking"). This is the basis of most good technological progress and, in a different realm, science.
  • by Phisbut ( 761268 ) on Thursday April 21, 2005 @03:29PM (#12305210)
    Except for the all-important (at the time) BIOS.

    But the BIOS was reverse-engineered the Right-Way(TM). From this article [theregister.co.uk]:

    In most jurisdictions, reverse engineering must be performed in a clean-room context. The people performing the reverse engineering may create documentation on the file formats and APIs, and the re-implementation must be performed by a team which has no direct contact (other than the documentation) with the first team. This is how, for example, the original IBM PC BIOS was reverse engineered.

    Someone who is an employee of a high-profile licensee of the software in question clearly does not fulfill this requirement.

  • by Eberlin ( 570874 ) on Thursday April 21, 2005 @03:29PM (#12305217) Homepage
    Of course that is until people look deeper into what the publicity is all about. McVoy pretty much illustrated the inherent dangers of not being Open Source -- that at a whim (of a madman?) all your data are belong to them.

    Worse yet, we've illustrated that here's someone who's willing to do just that...yank his product from under a high profile project.

    If your company is looking into using BK, you may wish to take these recent events into consideration or at least bring them up to those making the decisions.
  • by qbwiz ( 87077 ) * <`john' `at' `baumanfamily.com'> on Thursday April 21, 2005 @03:29PM (#12305218) Homepage
    I thought the points made by some posters about just how Tridgell was sniffing packets to see the metadata protocols is extremely insightful. To have BK protocols running on his network would require that he be operating a client and server somewhere where he could see it, no? What network was he sniffing if he didn't have a license?

    He could have asked someone to operate Bitkeeper on his network, or gone to a network where someone was using Bitkeeper. I bet at least one kernel developer would be willing to let him do that.

  • by m50d ( 797211 ) on Thursday April 21, 2005 @03:33PM (#12305259) Homepage Journal
    But why would Linus take him to task knowing that he would not be able to respond publicly?

    Because that's the best time to attack someone. I think, despite what you say, Linus didn't believe it must end. He felt this one would be different. Ultimately he made a bad call, he's angry about it, and to distract attention from his misjudgement he's attacking someone who can't respond.

    And Perens? This is a slugfest that only Gates, Darl, and RMS would love - all for differing reasons. Why does Perens feel compelled to call out Linus over his treatment of Tridgell?

    Because someone had to do it, and it had to be someone with the standing. Linus is doing something horrible, but do you think he or his fans would listen if you or me called him on it? Which I would, in an instant. But probably only Perens and ESR had the stature to do this.

  • by geomon ( 78680 ) on Thursday April 21, 2005 @03:34PM (#12305264) Homepage Journal
    He didn't need to be sniffing anyone's network to do this.

    Yeah, I wrote this before the demonstration was published.

    The other points are still valid. Why is Linus so pissed? Would he have been equally pissed if it had been done by someone other than Tridgell? etc, etc.
  • by gotan ( 60103 ) on Thursday April 21, 2005 @03:38PM (#12305302) Homepage
    What if Tridge wrote something that totally hosed the kernel source on BK's server? People would be screaming bloody murder at BK for letting it happen.

    ... and rightly so. If BitMover doesn't put a proper authentification protocoll in place and doesn't safeguard against corruption of the BK database (what if some false bytes due to communication errors hosed the database?) then it's their fault. If it was as easy as you suggest in your posting then i'd call that gross negligence on behalf of BitMover.

    Most BK servers are part of the internet, opening a simple telnet connection to a well known port is no secret at all. If Tridge could corrupt BKs database any blackhat could. There's really no excuse for implementing poor security or none at all in BK. For the benefit of BitMover i assume that they did put proper security in place and safeguarded against accidental corruption of the BK database. Regardless of that your argument is moot.

  • by digidave ( 259925 ) on Thursday April 21, 2005 @03:38PM (#12305312)
    It's not morally wrong to try to access information from a BitKeeper repository. That's all Tridge did. No attempt was made to clone BK.
  • by blueskies ( 525815 ) on Thursday April 21, 2005 @03:44PM (#12305382) Journal
    Kinda like how openssh is morally wrong because you can buy directly from ssh.

    Since when is using ideas developed by someone else morally wrong? Just think the moral quagmire we'd be in if scientists did shit like that. There are specific ways to protect ideas (and/or implementations): copyright, patent, trade secrets. You want to now extend these protections to any form of machine without some application process?
  • by btarval ( 874919 ) on Thursday April 21, 2005 @03:44PM (#12305390)
    "If the BK system is so brittle that it cannot protect itself against a hostile client then it should not be hosting any source code."

    Indeed. Imagine, if you will, a Linux-hostile group with some technical ability who wanted to disrupt Linux development. Can you think of a single better way to do this than to screw up the BK repository? This would be one heck of a DOS attack, no doubt accompanied by lots of bad publicity against Linux.

    This would've been a lot more effective than Microsoft's SCO lawsuit against IBM; and could be done for just a fraction of the money.

    I'm sorry, but the "security through obscurity" argument doesn't work here. And if BitKeeper is indeed as fragile as the creator of it claims, a great service has been done in getting the Linux community to move away from BitKeeper.

    Let us hope that Linus' new "git" SCM is much better insulated against a hostile attack.

  • by AstroDrabb ( 534369 ) * on Thursday April 21, 2005 @03:45PM (#12305391)
    He is not allowed to write one because of the license
    Linus isn't using BK any more so he is no longer bound by the BK license. Do you think the BK license required Linus to promise to never write a competing product for the rest of his life?
  • by Morgaine ( 4316 ) on Thursday April 21, 2005 @03:55PM (#12305553)
    Maybe it's the absence of audience laughter cues or something, I don't know, but the irony in Tridgell's demo and in The Register's writeup of it was entirely obvious to me. I had a really good chuckle.

    Didn't you RTFA, maybe? Here are the relevant sentences:

    Tridgell demonstrated the procedure to disprove accusations that his detractors in the Torvalds/McVoy camp had made against him. Principally, that he was some kind of "an evil genius" reverse engineer.

    The demo showed that the work was obviously not reverse engineeering in any real sense of the word, nor was it even remotely describable as "genius" work ... so Tridgell made his point admirably that there has been a mountain made up out of a molehill of nothingness.

    And he made us laugh at the same time too. You didn't?
  • by DrXym ( 126579 ) on Thursday April 21, 2005 @03:56PM (#12305570)
    You say that, but I suspect that is Larry McVoy had just open sourced the thing from the beginning, everyone would be using it instead of looking longingly over at Subversion.

    How would he make his money? The same way that Trolltech (eventually), PostgresSQL, MySQL, JBoss, or Aladdin make theirs - by offering a GPL version, but offering paid support or spiffy new features in a commercial version.

    The ubiquity of CVS (despite its many faults) demonstrates that some could make an absolute fortune this way and be the darling of the open source world at the same time.

  • by geomon ( 78680 ) on Thursday April 21, 2005 @03:58PM (#12305602) Homepage Journal
    "hell this is so going to completely mislead idiots."

    Why worry about misleading idiots?

    Can you avoid misleading idiots?

    Isn't being easily mislead one of the defining qualities of an "idiot"?
  • by Moofie ( 22272 ) <`lee' `at' `ringofsaturn.com'> on Thursday April 21, 2005 @04:04PM (#12305692) Homepage
    How do you figure that? What is morally wrong about reverse engineering anything, ever? "Get their proprietary work"? Nonsense. They were re-implementing a communications protocol.
  • by russotto ( 537200 ) on Thursday April 21, 2005 @04:08PM (#12305770) Journal
    Clean-room reverse engineering is not a requirement of US copyright law. Use of it is an ironclad defense against copyright infringement, but failure to use it isn't automatically copyright infringement.

    The reason the PC BIOS was reverse-engineered that way is likely due to two things
    1) The overwhelming power of IBMs lawyers
    2) The fact that the BIOS did such simple things that even independently-developed code would end up looking very similar in part.
  • Not again! (Score:2, Insightful)

    by Anonymous Coward on Thursday April 21, 2005 @04:13PM (#12305846)
    Give it a rest. BK is buried, the first kernel
    release with git is done.

    Fucking Register is trying to get some pageviews
    by trolling again and again.

    For the last time - what Tridge did is legal.
    But it screwed Linus over because he used BK
    which was the best tool for the job.

    Lots of "propritery software is crime against
    humanity" dudes are crying "we told you so" the
    whole mess would have not happened if only Linus
    used a free and blessed software.

    But the truth is that there was no free software
    which did the job.
  • by Anonymous Coward on Thursday April 21, 2005 @04:24PM (#12306024)
    reverse engineering BitKeeper is really just trying to get their propeitary work.

    No, breaking into BitKeeper's own repositories and taking an illegal copy of the actual BitKeeper source code would be trying to get their proprietary work. Writing your own program that merely happens to have the same inputs and outputs is producing new work, that's all your own work and belongs to you, just like BitKeeper belongs to them. It's taking nothing from anyone. It's not even illegal, let alone immoral.
  • by Ih8sG8s ( 4112 ) on Thursday April 21, 2005 @04:28PM (#12306073)
    Come on. I don't use BK, never have, but you can't fault the software for doing what it is configured to do.

    If I deploy a BK or CVS, or any other types of repository and allow anonymous writes, which is what's required to "trash the repository", then I deserve what I get. The failure then would be completely mine.

    If I lock it down, and the repository can be trashed via anonymous telnet, then there's a very big problem. In any case, your post is both flamebait and off-topic, since it really has no basis in reality in the context of this or other related stories.
  • by babbage ( 61057 ) <cdevers@NOSPAM.cis.usouthal.edu> on Thursday April 21, 2005 @04:36PM (#12306218) Homepage Journal

    With BitKeeper, every repository can be both a clone of one repository -- a client -- and the parent of another repository -- a server. The system is completely distributed, peer-to-peer, whatever you want to call it.

    This is not a CVS / SVN workalike where everyone checks things out of and in to a central server instance: the same bk tool can be used to both bk pull changes down from a parent/server and bk push changes back to a clone/client -- and you can do this circularly, so the same two repositories can be both parent and clone of the other.

    So what Tridge pointed out can show people what needs to happen to replicate the client-ish aspects of BitKeeper, which would be enough to get BK clients that behave a lot like, say, CVS clients behave. But that's only half of the functionality that the same bk tool is capable of...

  • by Anonymous Coward on Thursday April 21, 2005 @04:40PM (#12306280)
    Um, yeah. Buggy clients shouldn't crash servers. This is basic.
  • by jbn-o ( 555068 ) <mail@digitalcitizen.info> on Thursday April 21, 2005 @04:44PM (#12306365) Homepage
    Please explain what is illegitimate about reverse engineering Bitkeeper's network protocol in an effort to distribute a free software program which is network-compatible with the proprietary Bitkeeper program.
  • by perp ( 114928 ) on Thursday April 21, 2005 @05:15PM (#12306836)
    Bamafan77 says:
    Tridge's reverse engineering for SAMBA is not *that* big a deal to MS. So what if a Windows server gets fooled into thinking that some Linux or VMS box is a Windows machine? While this service is immeasurable to many of us, we represent a small part of MS's customer base. It's unlikely that such a thing will enable anyone to budge MS in it's golden goose OS or office productivity markets.

    I disagree. Most machines running Samba are servers, not clients. Without Samba, we would all be running Windows fileservers. Once you have to have the Windows server, you might as well put Active Directory on it rather than set up another machine with OpenLDAP, and you might as well run IIS, since it's there and you have the Windows admins to run it. Domain server, dhcp server, on and on.

    Samba is huge. It's what lets my company run 500 Win, Linux and Mac desktops with only two Win servers; the one one that runs SUS to patch all those Windows clients, and the payroll server (curse ADP). All the other servers are Linux with a couple of Sun boxes for corprate datastore apps.

    Samba lets us not need Windows servers, and I can't believe that Microsoft wouldn't care about that.

  • by DrXym ( 126579 ) on Thursday April 21, 2005 @05:15PM (#12306840)
    I agree. I use Clearcase at work and I think it is the worst source control system I have ever used. It's slow, baroque, massively expensive, and really doesn't do much that most companies need or require.

    What I would dispute is that people would suddenly stop paying McVoy $$$ if he had made the product open source. Other open source projects make a fortune because the source is not enough for many deployments - they want features, support and training. I bet the various sql servers and JBoss do very well out of such an arrangement.

    As an open source product BitKeeper would have gotten 10x the exposure it does now. It would be the defacto source control system since people would have migrated to Bitkeeper from cvs years ago, and their enthusiasm would have "infected" the corporate workplace too. I really think it was a dumb move to make the product commercial.

    As it is, the open source world has passed Bitkeeper by. It might be a good system but Clearcase is still king and sooner or later something will supplant Bitkeeper. I'd still love it if my company picked Bitkeeper but there's fat chance of that despite the millions they spend on clearcase - source control systems are very "sticky" and hard to get rid of.

    I haven't used Arch or Monotone, but I appreciate the concept of a change control set. One thing I miss from the days of CMVC (what IBM *used* to use prior to Clearcase) was that you'd check out files against a bug and check the whole lot in in one action. You can do atomic commits in svn, but it's not mandatory or tied to a bug system. Some kind of uber-distributed-svn-bugzilla could kick some serious ass.

  • by Surt ( 22457 ) on Thursday April 21, 2005 @05:43PM (#12307236) Homepage Journal
    You know you can look at the packets going both into AND out of your computer, right? Why would you need physical control of the server to see its packets?
  • by Anonymous Coward on Thursday April 21, 2005 @05:45PM (#12307271)
    Then BK deserves to be binned, because if any random joe can accidentally trash the whole repository from netcat, imagine what someone intending malice could do?
  • by smallpaul ( 65919 ) <paul.prescod@net> on Thursday April 21, 2005 @05:51PM (#12307344)

    I think I understand Linus' thinking about this based on some of his emails that were not as widely circulated as others. Linus is a pragmatist. He doesn't see open source or reverse engineering as intrinsically morally good or bad.

    He sees them as good things if they produce good (profitable, valuable) results. He is upset with Tridge because he believes that Tridge had no good (profitable, valuable) end-game. Tridge's actions were destined to destroy the cooperation between the Linux kernel team and BitKeeper. Yet there is no situation in which those actions lead to benefit to either the kernel team, or the open source community or the BitKeeper company (in Linus' opinion). Here he is in his own words.

    Tridge wanted to create a tool that checked out BK trees for people who didn't sign the license. But it still needed BK to actually do anything useful - since it would not actually do the work that BK did.

    "Hey, that's a useful helper". Yes, except when it isn't.

    And it isn't, if releasing it just causes the BK protocols to change, and people who used BK in the first place to have to stop using it, and when using the tool against a BK repository is a violation of the license that the BK user agreed to.

    See the problem now? Tridge's tool would have been useful if that usage had been sanctioned by BitMover. But since that tool ends up invalidating your right to use BK in the first place, and since that tool can not replace what BK did, then yes, the tool is pointless.

    So you have three choices
    - don't use the tool (which makes it useless)
    - use the tool, but stop using BK (which makes it useless)
    - use the tool _and_ use BK, which violates the BK license

    Two useless cases, and one outright license violation.

    Now, let's look at a _constructive_ case: let's say that Tridge had written a really good SCM. Now the choice would be:
    - use the tool (cool, that works)
    - use BK (cool, that also works)

    and everybody would be happy. If a developer wanted to switch to Tridges hypothetical tool, BK comes with the stuff needed to export your own data.

    In other words, it wasn't the act of reverse engineering that is wrong. It is the act of screwing up Linus' life and BitKeeper's advertising scheme without having any beneficial side effects.

  • Re:Ethics aside? (Score:5, Insightful)

    by Arker ( 91948 ) on Thursday April 21, 2005 @06:05PM (#12307534) Homepage

    The trouble is that you can't set ethics aside unless you're unethical.

    Truer words were never spoken, and I thank you for posting them. Sad thing is the rest of your comment indicates you have set them aside already, or perhaps never had them.

    There is absolutely nothing unethical in what Tridge did here, at least insofar as has been mentioned in any of the reporting on this in the past few days that we've both had access to. There is absolutely no ethical obligation to keep an agreement you were not a party to. The rest of your rant assumes facts not in evidence, without any source, and has the definate whiff of BS to me.

    In fact, what Tridge has done here is the epitome of ethical behavior. Linus is stung now, understandably disoriented and angry because he's been proven wrong and, being human, his first response is to lash out at Tridge instead of thanking him. Give it a few years though... once his wounded pride settles down I'm sure he will, in fact, thank Tridge for this.

    Locking your data into a proprietary single-vendor format for the sake of temporary convenience was never a good idea. Everyone told Linus this, but he was too smart to listen. Now exactly what he was warned about has happened. And it was inevitable all along - if Tridge hadn't done it someone or something else would have - McVoy was a ticking time bomb. The fact that the guy isn't very stable didn't help, but honestly - McVoy could have been a saint and the thing would have still been a ticking time bomb. If Tridges actions resulted in it going off a little sooner than otherwise, then he saved Linus and many others trouble in the long run. Replacing BK wasn't going to get any easier...

  • by dubious9 ( 580994 ) on Thursday April 21, 2005 @06:15PM (#12307665) Journal
    As a lot of people have already pointed out, BK's distributed nature make it so that the clients can become servers. It's more of a peer-peer thing.

    The advantage of this is that it's group friendly. You can have four teams of five each merge with their respective team leaders. The leaders then, are the only ones to merge with the main line. It's much more useful than branching alone, and the main line breaks less often.

    Anyway, what he *could* do it give away the server and bundle the excellent gui tools and support. Now *that* would work.
  • One of the reasons BK kept their stuff closed was so they could take accountability if anything went wrong and now exactly how every client was accessing it.

    Client-side security is no security at all.

    Security through obscurity is no security at all.
  • by Anonymous Coward on Thursday April 21, 2005 @07:38PM (#12308565)
    But the BIOS was reverse-engineered the Right-Way(TM)

    (Attempting to bring this back on-topic) Regarding BK, is "telnet bitkeeper.address 5000" the wrong way?
  • by latroM ( 652152 ) on Thursday April 21, 2005 @08:39PM (#12309017) Homepage Journal
    I do not care what RMS or anyone else says closed source is not immoral.

    I'm quite sure that it's the opposite of rms' view stated in the terms of Open Source movement. In Free Software movement we have the terms free and non-free software which would probably suit better for such a statement.

    People should have the "FREEDOM" to keep their source closed, open it, or to charge anything they want for it as long as they are not a monopoly.

    Keeping source "closed" (which is a term used by the Open Source movement) means that the users don't have freedom. When you deny others their freedom you are using power. Power is not freedom.
  • by Flaming Death ( 447117 ) on Thursday April 21, 2005 @10:24PM (#12309642)
    What you suggest is plain incorrect - you are assuming Tridge had no 'good endgame'. Which is plain silly. His aim was simply to make a tool people could use in lieu of BitKeeper to help manage to source tree, without the use of BitKeepr? How is this _not_ a good endgame? Saving money for people working on open source project? The whole use of BitKeeper in the first place makes the management of a kernel source tree outrageous for an open source project. Initially the clients were free and now the BitKeeper owners want to charge for them - this is the _entire_ crux of the problem! Its the usual, 'oh sorry, there are too many people with BitKeeper clients now, and we think we should now be able to charge for them'. Tridge is doing what the Open Office people did - produce something that can manipulate the _data_ that BitKeeper produces and open source it so something like the open source kernel can be accessed by all. Why is this even vaguely wrong?!

    You also assume the the BK people will change the protocol for handling the data - if this is so, then Tridge I would assume update his tool to suit. You also assume that the tool as a client would be useless? Why? This makes little sense - remember this is from the person who helped build samba, and that could hardly be called useless. So even based on previous efforts you are being ignorant and pretty rude to Tridges abilities and software. Id suggest you look at some of the things hes done.

    You suggest Tridge writes a SCM, well there are many open source alternative, although none to Linus's liking and this is again the main issue. Its not about Tridge at all, hes simply trying to find a solution to the BK mess Linus has produced! If Linus chose an open source source management tool then _ALL_ of these problems would disappear. Its all because he has a friend who now wants to cash in on BK client licenses - which is more 'moral' for an open source.. well.. pretty damn obvious isnt it. Imho it wouldnt surprise me if Linus has even a slight cut for marketing BK clients - this is very common in commercial world, hire high profile users to promote your wares. It looks very much like this here.

    In the long run this is all for an _open_source_ development project, and without a free/GPL or open source tool to manage it, you are going to get into all sorts of problems - and unless someone relents (preferably Linus and hit BK obsession) then its going to make a mess of what was originally a good open source project.
  • by goon ( 2774 ) <peterrenshaw&seldomlogical,com> on Thursday April 21, 2005 @10:42PM (#12309756) Homepage Journal
    '... Linus speaking out against Tridge, is simply that of someone backing up his friend... '

    No I see it a bit differently - I think its more than justa about friends its a philosophical clash. I came to this conclusion reading about samba on the samba website and the following statement hit me ...

    • '... Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. ...' (the emphasis is mine)

    This contrasts with Torvalds more pragmatic approach in getting things done. Which is more correct is a matter of personal opinion. Pragamatism vs strict GNU adherance.

  • by bshanks ( 520250 ) on Thursday April 21, 2005 @10:46PM (#12309786) Homepage
    Sure, but then why not apply that analysis to Larry's action to pull the license?

    Once the tool has been developed, Larry has two choices:

    * Pull the license (which is bad for everyone)
    * Ignore the tool (which isn't so bad)

    So, looking at it this way, Larry's action of yanking the license had no good (profitable, valuable) results.

    Now of course, Larry can say, but the point of yanking the license is that my threat to yank the license was intended to deter people from doing what Tridge did. I am just protecting my right to make a living off my software. I had to follow through on my threat to protect my credibility; if I didn't, then what would stop people from profiting off my coattails?

    But Tridge can say, but the point of reverse engineering the system is that my threat to reverse engineer the system was intended to deter Larry from imposing unreasonable conditions on the community. I am just protecting the the commnity's right to access its data. I had to follow through on my threat to protect my credibility; if I didn't, then what would stop Larry from continuing to refuse to give us the access we deserve?

    So, as you see, the "what is practically good (profitable, valuable)" analysis doesn't give us a conclusion here. Either Tridge or Larry could have avoided having the license pulled.

    The type of analysis that WOULD decide the conflict is one which looks at who is being treated fairly or unfairly, or one which considered the "rights" of all parties (i.e. my right to make a living off BitKeeper without having it reverse engineered, vs. my right to access the metadata of the Linux kernal development).

    For example, if a criminal mastermind had an atom bomb aimed at New York city and demanded your wife and your firstborn child as ransom, and you refused, and he blew up New York, then it wouldn't make sense for someone to say that the mastermind was a good man but that you are responsible for the destruction of New York. But, using Linus's "good (practical, valuable)" analysis, all that can be concluded is that both the criminal and you were responsible. The more sensible conclusion is that your wife and your child have a right not to be ransomed to some criminal, but that the criminal has little right to your wife and child, therefore he is the bad guy here. But this necessarily involves taking a stand on the fairness of each side's demands.

    Linus seems to be claiming that he doesn't want to get caught up in a discussion of rights, but by blaming Tridge, he is probably implicitly assuming that Larry's putative right not to have others "ride his coattails" holds more weight than Tridge's putative right to interoperate and to access metadata without signing a license agreement.
  • by LWATCDR ( 28044 ) on Thursday April 21, 2005 @10:48PM (#12309808) Homepage Journal
    "Keeping source "closed" (which is a term used by the Open Source movement) means that the users don't have freedom. When you deny others their freedom you are using power. Power is not freedom."
    I use my power of ownership to keep you from living in my home. From reading my mail. And eating my food if I do not give you permission. My freedom to own what I make overrides your freedom to take what I make. Like it or not but makeing people release their work as open source is slavery. Making sure that people have the freedom to write their own software and the right to give it to others is freedom.
  • by ThatComputerGuy ( 123712 ) <amritNO@SPAMtransamrit.net> on Thursday April 21, 2005 @10:56PM (#12309858) Homepage
    Ex-fucking-actly. Finally, someone that gets it takes the time to explain why Linus is mad. This has nothing to do with Tridgell's (great) work on Samba - this just ended up producing a mostly useless tool that led to a lot of people getting screwed.
  • by jbn-o ( 555068 ) <mail@digitalcitizen.info> on Thursday April 21, 2005 @11:42PM (#12310129) Homepage

    Where did you get the idea this agreement exists? What exactly does this agreement say? What evidence is there to show that Tridgell agreed to its terms or did something that required complying with such a clause or be liable for losing a copyright infringement lawsuit?

    I'm suspect that Tridgell, who appears to be quite dedicated to software freedom, would realize the implications of agreeing to such a thing and therefore not agree to it.

    As it stands, Tridge has said he was not a licensee of the Bitkeeper program [newsforge.com]. Furthermore, I have no reason to believe he's lying.

  • by Mock ( 29603 ) on Thursday April 21, 2005 @11:55PM (#12310205)
    I've read the same messages, and find it incredibly strange that the previous message would get modded to 5 when it's simply repeating a bunch of tripe that Linus spewed forth on realworldtech.

    Of the many rebuttals he received, allow me to give a choice quote:
    (note: I had to reformat this because the slashdot gestapo lameness filter is on overdrive today)

    Name: Karl Stenerud (kstenerud@hotmail.com) 4/14/05

    Linus Torvalds (torvalds@osdl.org) on 4/14/05 wrote:
    >Tridge wanted to create a tool that checked out BK trees for people who didn't sign the license. But it still
    >needed BK to actually do anything useful - since it would not actually do the work that BK did.

    So basically it would dump the raw BK data?
    Or would it recreate a local copy complete with necessary metadata
    (is there any metadata that is needed?)

    What made the data useless if you didn't have BK? And could that missing functionality be added?

    I'm still not sure I understand why connecting to a BK server via a custom tool and dumping the data from the repository contained within is such a bad thing...

    >"Hey, that's a useful helper". Yes, except when it isn't.
    >And it isn't, if releasing it just causes the BK protocols to change, and people who used BK in the first place to have to stop using it,

    How would releasing a client tool cause the protocols to change? Isn't it the server that dictates the protocol?

    >and when using the tool against a BK repository is a violation of the license that the BK user agreed to.

    But wasn't the point of the tool to get the contents of a BK repository without being bound by the license?

    >See the problem now? Tridge's tool would have been useful if that usage had been sanctioned by BitMover.

    I don't see how sanctioning by BitMover is a criteria for the usefulness of a tool...

    >But since that tool ends up invalidating your right to use BK in the first place,

    How can it invalidate your right to use BK if you've never agreed to the license in the first place?
    You can quite easily stop using the tool and then start using the real BK client should you so choose.
    You just have to remember that it's a one-way street.

    >and since that tool can not replace what BK did, then yes, the tool is pointless.

    From Tridge's description, it doesn't sound at all like he planned on ever replacing what BK did.
    However, failure to match feature-for-feature does not make a tool pointless.
    Am I missing something here?

    >So you have three choices
    >- don't use the tool (which makes it useless)
    >- use the tool, but stop using BK (which makes it useless)
    >- use the tool _and_ use BK, which violates the BK license

    Actually, you missed the fourth choice:
    - Never use BK, but use the tool instead.

    And that makes for an acceptable outcome in both a moral and legal sense, if I understand this correctly.

    >and everybody would be happy. If a developer wanted to switch to Tridges hypothetical tool, BK comes with the
    >stuff needed to export your own data. ... PROVIDED you agree to the license, which a number of people are unwilling to do.

    >Do you see? It's really exactly the same thing. The BK license isn't any less relevant than the GPL, and the
    >fact that BitMover is a company doesn't make it ok to violate their licenses and continue to use their programs.

    Quite correct. You shouldn't violate any license you agree to.
    BUT, in order to violate a license, you have to first agree to it.
    If you use Tridge's tool, you don't have to agree to the license in order to get the repository contents.

    Linus got caught up in a conflict of interest, pure and simple (by maintaining the public linux source code on a closed source, draconian-licensed, for-profit repository system written by a close friend).
    Conflicts of interest invariably lead to conflict of ethics, and Linus's ethics have been found wanting of late.

Matter cannot be created or destroyed, nor can it be returned without a receipt.