Open source v. closed source

[Dann]

I'm not terribly knowledgeable about this, so bear with me here.

So, I'm aware windows is closed source, meaning, i'm not allowed to see the code. But it seems to me and my uneducated mind that the code would need to be on my computer somewhere, or there should be a way to at least reverse engineer it. And if nothing else, i would imagine the code may have leaked from somewhere. It seems it should be available if you wanted it bad enough.

But here's why i wonder; if you truly can't get the code in anyway at all, how does something like the Wine project know they aren't using the same code? I saw ReactOS had an audit not too long ago to make sure all the code was original. So they must have been comparing it to something, right? I know there's more than one way to skin a cat, but if you and another guy are both skinning 500 cats, I'm sure a few times you'll come up with the same way to do it.

And similarly, if we can't see the windows code at all, how would know how much of it is stolen? It could be using huge chunks of linux, bsd, etc and we would never be aware if you couldn't gain access to the code.

And couldn't I feasibly repackage something like GIMP, call it closed source, and refuse to show anyone? Do you think that's a common problem?

Just things I think about on the john, I guess...

[GNU-Fan]

But here's why i wonder; if you truly can't get the code in anyway at all, how does something like the Wine project know they aren't using the same code? I saw ReactOS had an audit not too long ago to make sure all the code was original. So they must have been comparing it to something, right? I know there's more than one way to skin a cat, but if you and another guy are both skinning 500 cats, I'm sure a few times you'll come up with the same way to do it.

There was some leakage of Windows2000 source code some years ago.
Of course, no Free Software project would really want unauthorized code because it is there for everybody to see, but with large projects you will always have somebody who is unconscious about the legal issues.

As for skinning cats, when the GNU project was born, they made an early design decision to favuor speed over size. This was contrary to the philosophy of the Unicies of that time, so it could be expected that the produced code was really "new".

GNU Coding Standards

And similarly, if we can't see the windows code at all, how would know how much of it is stolen? It could be using huge chunks of linux, bsd, etc and we would never be aware if you couldn't gain access to the code.

Actually, Windows contains a considerable amount of BSD code.
Not every free software is copyleft, mind you.

And couldn't I feasibly repackage something like GIMP, call it closed source, and refuse to show anyone? Do you think that's a common problem?

I don't think the discovery is a major effort compared to the lawsuit that follows.

Harald Welte seems to have written in his blog about a common approach, but I can't find it now
Enforcing the GPL Ramadji’s Blog

[techieMoe]

There are ways to legally look at Microsoft's code; you just have to do it under a metaphorical pane of glass. They have something called "Shared Source" which is very poorly named, but it basically allows people who sign non-disclosure agreements the ability to look at, but not touch, the code for the underlying operating system for reasons of compatibility with software development.

Most folks in the open-source community avoid looking at the actual Microsoft code like the plague, lest they later be accused of copying it and become the target of a copyright lawsuit. Microsoft doesn't have a stellar record in this regard.

I don't know what ReactOS was using for its comparison, but there must have been some sort of double-blind safeguard (like a third-party developer who had signed the NDA and was able to look at the source to compare) otherwise they'd be opening themselves up to suit.

[bigtomrodney]

I don't know what ReactOS was using for its comparison, but there must have been some sort of double-blind safeguard (like a third-party developer who had signed the NDA and was able to look at the source to compare) otherwise they'd be opening themselves up to suit.

In Europe at least it is legal to do "clean-room reverse engineering". What this entails is similar to what you suggested; there are two sides to the development. Team one look at the original code/application and document how it works (not actual code) and team two have the task of writing code from scratch that implements these documented features. That way there is no way that the people doing the coding will have seen anything directly and thus cannot be guilty of stealing.

[Rubberman]

I'm not terribly knowledgeable about this, so bear with me here.
.
.
.
But here's why i wonder; if you truly can't get the code in anyway at all, how does something like the Wine project know they aren't using the same code? I saw ReactOS had an audit not too long ago to make sure all the code was original. So they must have been comparing it to something, right? I know there's more than one way to skin a cat, but if you and another guy are both skinning 500 cats, I'm sure a few times you'll come up with the same way to do it.

In reverse engineering there is the concept of clean-room black-box development. Basically it works like this. One team analyzes the code and behavior of the system (the black-box team) you are trying to reverse engineer, and they write up a completely detailed specification of its function (the what, not the how). This specification is then given to the second team (the clean-room team) who have been thoroughly vetted to the fact that they have no knowledge of the system they are reverse engineering, and preferably have never seen the software/hardware in question. This second team takes the specifications and develop an entirely new system that meets as exactly as possible the functionality and behavior of the old system. For something like Wine or Mono, this would be to duplicate the API's and the bahavior of the API's in question. This is all totally legal and done not too infrequently in the electronics industry. For commercial applications, it is sometimes faster and cheaper to license the technology instead of reverse engineering it, but that's a business decision.

That said, I have been involved in software reverse engineering projects in the past. The legal cruft usually takes more time and effort than the technological.

[alpha-X-geek]

Some good info in this thread. I'm gonna get my F/OSS-curious friend to read it. Cheers.