LWN: Comments on "How Tridge reverse engineered BitKeeper"

+++ to secure your transactions use the Bitcoin Mixer Service +++

LWN: Comments on "How Tridge reverse engineered BitKeeper" http://lwn.net/Articles/132938/ This is a special feed containing comments posted to the individual LWN article titled "How Tridge reverse engineered BitKeeper". hourly 2 How Tridge reverse engineered BitKeeper http://lwn.net/Articles/133873/rss 2005-04-28T06:29:42+00:00 bignose > Larry McVoy specifically asked for no reverse engineering. As do Microsoft. > If somebody wants her wishes (as set forth via GPL, BSD, or whatever) to be followed, she should do the courtesy to reciprocate. In both cases (the SMB protocols, the Bitkeeper protocol), Tridge did not use programs from the vendor (Microsoft, Bitmover) to connect to their services. He used programs under terms that he presumably *does* agree with. Users of Samba should and must follow the wishes of Tridge (and its other authors), as set forth in the GPL. That has no hold, moral or legal, on anyone who simply connects their own client program to a Samba service. Understood http://lwn.net/Articles/133227/rss 2005-04-22T15:31:56+00:00 jvotaw If you have time, it would be great. I've heard plenty of buzzwords in the corporate world and am interested in what open source people have to say. Thanks, as always, for all of your hard work, -Joel Simultaneous reverse engineering by the hundreds http://lwn.net/Articles/133206/rss 2005-04-22T11:31:48+00:00 hppnq The relation between BitKeeper and SCCS has been known for ages. Using telnet instead of another program to connect to a remote port is standard practice, nothing fancy about that. So if Tridge only wanted to show what he has been accused of, BitMover must be crazy. If the reverse engineering accusation goes a little further than telnetting to the BitKeeper port, Tridge must be crazy. Strange in any case. Or I am crazy. ;-) How Tridge reverse engineered BitKeeper http://lwn.net/Articles/133160/rss 2005-04-22T01:42:58+00:00 akumria Might be. I'm not sure. Why not see for yourself? Tridge released his code this morning. <a href="http://sourceforge.net/projects/sourcepuller/">http://sourceforge.net/projects/sourcepuller/</a> How Tridge reverse engineered BitKeeper http://lwn.net/Articles/133158/rss 2005-04-22T01:34:54+00:00 akumria Andrew, during his talk, said (paraphrased) "People keep believeing I'm a reverse engineering wizard. I'm not. Let me show you the process for BitKeeper" All the commands Tridge subsequently ran, were shouted out by the audience. The talk was recorded but I am not sure if/where it is available though. Software engineering techniques http://lwn.net/Articles/133118/rss 2005-04-21T22:34:32+00:00 corbet I have the notes, and I do plan to write up the session. There just wasn't time...had to do my talk right after Tridge did his, and by then LWN was already a little late... How Tridge reverse engineered BitKeeper http://lwn.net/Articles/133117/rss 2005-04-21T22:28:56+00:00 dvdeug There's reasons why BSD and GPL are legal licenses, and not wishes. I want to be independently wealthy; Larry wanted no one to look at his program. I don't see why people should jump to fulfill either wish. How Tridge reverse engineered BitKeeper http://lwn.net/Articles/133102/rss 2005-04-21T20:31:00+00:00 vonbrand This report just doesn't match the claims that Linus tried to disuade Tridge from working on bk. If this is truly all Tridge did, there simply was no time to try to convince anybody in between. In any case, Larry McVoy specifically asked for no reverse engineering. If he was right or wrong, if it was or not legal to ask for it, etc. just doesn't matter to me. If somebody wants her wishes (as set forth via GPL, BSD, or whatever) to be followed, she should do the courtesy to reciprocate. Simultaneous reverse engineering by the hundreds http://lwn.net/Articles/133084/rss 2005-04-21T18:06:05+00:00 flewellyn The evidence would seem to point to it being the case, so yes. Given the ease with which this feat was accomplished, can it even be called "reverse engineering"? You don't even need to know to enter 'help'. http://lwn.net/Articles/133068/rss 2005-04-21T16:40:14+00:00 AJWM If you telnet in to port 5000 and just hit 'enter' (or 'return', depending on your keyboard ;-) BitKeeper helpfully tells you: ERROR-Try help Not exactly rocket science. Software engineering techniques http://lwn.net/Articles/133048/rss 2005-04-21T15:35:46+00:00 richardr As would I. Richard. Software engineering techniques http://lwn.net/Articles/133044/rss 2005-04-21T15:19:19+00:00 jvotaw I for one would be very interested in hearing about Tridge's talk about software engineering techniques, if you have the time to write it up. -Joel How Tridge reverse engineered BitKeeper http://lwn.net/Articles/133009/rss 2005-04-21T14:52:34+00:00 jamesh It depends on what you are trying to clone. It would help you interoperate with BK repositories, but I'd guess there is still a fair bit of smarts in the client (merge algorithms, etc). So it is probably enough to work out how to mirror a bitkeeper repo for use with some other SCM tool, but not enough to make a clone of the bitkeeper tool. How Tridge reverse engineered BitKeeper http://lwn.net/Articles/133035/rss 2005-04-21T14:19:23+00:00 vmole So, what interests me, is why would Tridge want to share this with us? Perhaps because he's tired of being accused of doing something wrong? In particular, "How could Tridge possibly investigate the Bitkeeper protocol w/o violating the BK license?" Well, here's how you do it. Simultaneous reverse engineering by the hundreds http://lwn.net/Articles/133030/rss 2005-04-21T14:07:24+00:00 hppnq Am I missing something or are you all thinking that Larry McVoy thought that using port 5000 and the extremely cunning bk:// protocol would be enough legal and practical protection against reverse engineering BitKeeper?! And that Tridge argued with OSDL and Larry about *this* kind of reverse engineering? Come on. ;-) How Tridge reverse engineered BitKeeper http://lwn.net/Articles/133027/rss 2005-04-21T13:50:52+00:00 hppnq Of course not. Telnet to port 80 at your favourite site and GET /whatever_url_seems_right and then draw the conclusion that, because you get HTML, the webserver simply spits out (static) HTML. That would be a stupid conclusion for most sites/webpages. So, what interests me, is why would Tridge want to share this with us?! Simultaneous reverse engineering by the hundreds http://lwn.net/Articles/133016/rss 2005-04-21T13:32:55+00:00 cworth I attended Tridge's talk today. The best part of the demonstration was that he asked the audience for each command he should type in. And the audience instantly called out each command in unison, ("telnet", "help", "echo clone | nc"). So, not only was the so-called reverse engineering effort demonstrated, but it was also independently replicated by hundreds of people in about two minutes. How Tridge reverse engineered BitKeeper http://lwn.net/Articles/133022/rss 2005-04-21T13:29:49+00:00 nhasan I think Larry should hide behind the good old DMCA. Just add rudimentary encryption, ROT13 would do, and his job is done. Seriously though, why is Tridge reverse engineering the CIFS wire protocol OK and not Bitkeeper? How Tridge reverse engineered BitKeeper http://lwn.net/Articles/132983/rss 2005-04-21T10:13:42+00:00 kleptog It continues to astonish me how often companies try to hide their systems behind a thin veneer and claim that running an XOR algorithm (or ROT-26) is enough to protect them, when it's trivial to make a foolproof system. Generate a public/private keypair, stick one in the server, one in the client and encrypt using that. If anyone manages to write a client, you know they copied your key and you can get them. Libraries like libssl even take out all the work for you. Hell, even symmetric keys would do it. Not exactly rocket science. Overhead? Sure, no such thing as a free lunch, right? How Tridge reverse engineered BitKeeper http://lwn.net/Articles/132964/rss 2005-04-21T07:35:16+00:00 Duncan Why was the "help" command there, indeed. Could it be from an earlier era when Larry wasn't so paranoid? Perhaps it too is to be removed from upcoming versions (especially now, eh?), now that the unfreedomware but still zerocostware version is being removed. As others have observed, the continuously more enslaved era of BK did allow the kernel to advance faster, over a shorter period, than it would have otherwise, particularly with Linus headed for burnout. However, as they say, all good things come to an end, and regardless of how it ended, the "good" of this relationship was already ending, with an ever more draconian license to the ever more slaveware that BK was becoming. Whatever his reasons, I'm glad Tridge's actions in combination with Larry's reactions forced the issue now. There's never a good time for such a forced change, and now, with 2.6 fairly stable and development set to continue on at a brisk but steady pace, this little detour is less disruptive than it would have been since mid 2.5, and likely less disruptive now than it would have been had the current development model been allowed to continue to get more dependent on BK than it already was. While it may not have looked like it in the first few hours/days, and despite Linus' ravings as someone obviously too close to the action to have a sane perspective (much as it hurts me to say this due to his famed ability to step back and view the action from a neutral perspective in other cases), I expect a year from now Linux will be the stronger for it. BK may be as well, but as it's a proprietary product, that's nothing I'm concerned with. It can go its own way, and I believe we should let it do just that, breaking the increasingly unhealthy if symbiotic dependence we had on it. Still, very interesting to see just what sort of "reverse engineering" Larry was attacking, here. Interesting indeed! Duncan How Tridge reverse engineered BitKeeper http://lwn.net/Articles/132962/rss 2005-04-21T07:06:30+00:00 beejaybee Oof. Does it never occur to software designers that this is the sort of stunt pulled every day by hundreds if not thousands of people with an excess of curiosity and time to indulge it? An excellent example of why we need pure open source tools - the point being that OSS definitively exorcises the phantom of security by obscurity. How Tridge reverse engineered BitKeeper http://lwn.net/Articles/132951/rss 2005-04-21T04:27:30+00:00 njhurst So was all of LM's bluster just a way to distract people from looking too closely at bitkeeper? Surely there is more to bitkeeper than a simple wire protocol for transfering SCCS files? Is the rest of bitkeeper now easy to 'clone'?