People visiting the ReactOS website today were in for a shock. “Accusations have been made by some of ReactOS’ own developers about certain parts of ReactOS code. The project is suspending development pending legal council. The project will resume once the issue has been rectified.” I could not find any more information, as the links to the mailinglist archives are dead.
Does the accusations have link with Microsoft reclamation ?
I hope this doesn’t mean death for the project. I was really looking forward to a stable release.
There is new info available on the status of the project in the form of a news release at the site. You may find it interesting and possibly reassuring.
http://www.reactos.org/xhtml/en/news_page_14.html
These are bad news
This is one of the projects that I look more frequently, and I expected too much from it.
I read on the forums, before they were suspended too, that devs had stopped working on ROS and had started to look at code to find that code, and the developer that wrote it.
I hope this suspended state of the project is due to the searching and replacing of the code, so they can start coding again…
I don’t see on their site what the accusations are, but i suspect it has something to do with copy/pasted code from Microsoft’s headers.
Let it not be about the leaked Windows 2000 code. This project is too promising to be killed by unprofessional tainting.
If the problem is tainting, well, I think they could just rewrite the offending parts. Just like BSD did.
I also hope they reopen the project soon.
This was a really great project. Hopefully, it still is.
I wish the developers the best of luck in rooting out the problem and rectifying the situation as quickly as possible.
They’ve made some really great leaps forward!
Does anyone have downloadable sources + binaries ? Why the hell did they disable download page, many people downloaded it so far, so what’s the point ?
The issue is about less then 50 lines of asm in one or two files that are very similar to the related disassembled windows code, the developer that submitted them swears there is no other way to do it, others doubt it. The developer that submitted it also admits to disassembling relevant Windows code to look at the asm.
The argument is about what constitutes valid reverse engineering and what code theft, the main problem before this was taken of the public mailing list was policy, since most developers believe that even if the code was the only valid way to go, the way it was derived violates ReactOS policy and needs to be removed, and so on.
In short, it’s not the end of the world or ReactOS, but there probably will be developer fallout.
“Rest assured that the project will live on. Every developer I have
spoken with wants the project to survive and be a success. In the
meantime we are filtering email discussion on this matter because we
do not want rumor and hearsay to be spread.”
Thanks Thom…
EDIT: The author of the above text is Steven Edwards, ReactOS’s project leader.
Edited 2006-01-26 19:04
“In the
meantime we are filtering email discussion on this matter because we
do not want rumor and hearsay to be spread.”
Thanks Thom…
Yeah sure, blame it on me… As if I put that big notice on top of their front page. As if I took down their mailinglists when I tried to check the opinions of the people involved. As if I took down the forums when I tried to get the opinions of the ones involved [1].
Get real. They made a fcuk up, it’s their fault, not mine.
Woah, you’re being a little apprehensive Thom. I’m sure that wasn’t directed at you personally. Anyway, this is just a bump in the road and I’m sure once they get everything straightened out they’ll be right back to coding. They are just being very careful to cover they’re asses.
Yeah sure, blame it on me… As if I put that big notice on top of their front page. As if I took down their mailinglists when I tried to check the opinions of the people involved. As if I took down the forums when I tried to get the opinions of the ones involved [1].
Get real. They made a fcuk up, it’s their fault, not mine.
OK, that’s fine, you’re a journalist, that’s your job/hobby/whatever. You aren’t obliged to act for the good of a project.
Two more questions: what’s their fault? How did they fcuk up? Have they stolen or reverse-engineered your code? Or did you sign a contract with them, or at least donated some money?
And what’s the purpose of writing ‘fcuk’? It’s interesting to see an administrator working around bad language filters…
Two more questions: what’s their fault? How did they fcuk up? Have they stolen or reverse-engineered your code? Or did you sign a contract with them, or at least donated some money?
They made an error in putting up big signs on their website, while on the other hand they say they didn’t want this to get out– and the only way to know this, was by reading their m-l… Which they took down. So how was I supposed to know? THAT is their error.
And what’s the purpose of writing ‘fcuk’? It’s interesting to see an administrator working around bad language filters…
I’m not working around filters. I write it that way because that’s they way I write it on my personal blog, IM, emails, etc. (for some odd reason), and as such it has become a habit.
There is nothing irresponsible in linking to the site and giving the news. Once it has been put up on the site, its in the public domain. The lesson for the team is, give enough information at the time of the announcement, on the site. What has been posted here about the 50 lines of code would have been fine.
They come out of it quite well in terms of managing the issue, but maybe could have handled the initial release of the information a bit better by being more specific. The other thing that usually helps is to have a date when you will release a further bulletin – and then always release that bulletin on that date, even if it is only to say, nothing more to report until x.
Anyway, I’m sure everyone wishes them well.
I definitely agree that if they didn’t want people to spread rumors, they could have been less conspicuous.
What’s funny, though, is Thom’s reaction to two simple words. Do you flip out when people tell you to drive safely, or to have a good day?
Funny like eating-a-hippie funny.
I’M NOT FLIPPING OUT!!!!!
Certainly appears they found something pretty damning, or they wouldn’t have gone public with the story, temporarily shuttered the project, and removed downloads. Needless to say they are concerned about their own actions and possible liability.
This speaks well for the integrity and honesty of the developers working on this project. Better to correct issues, before they become the target of lawsuits. They will be back…….
Now would be a good time to confess.
yeah they need to hav as clean a slate as possible or there will b no chance at winning all the lawsuits MS comes up with…. asembly is hard but thas not the way to go about finding answers, maybe seek help from the OSS comunity??
… that if there is tainted code, you remove it, no matter how painful that is. You can’t put the project at legal risk.
This is how things work in the US.
Will WINE and crossover office be next?
This has nothing to do with patents. It has to do with copyright.
Put DOWN the crack pipe. This has nothing at all to do with patents.
The breach was Kernel level, Wine is a lot higher on up, so No this should not affect Wine or Crossover. We should just let it blow over, not blow it up. The issue is more what constitutes correct reverse engineering and how to enforce ReactOS policy, if there weren’t problems with some developers not getting along the issue would have long been resolved.
The code issue is minor, very very minor, it’s the people issue that needs working out. At the moment I’d be more concerned about a NetBSD/OpenBSD type split then anything else.
Edited 2006-01-26 21:13
…Paparazzi
Just to clear things up a bit.
1) This has nothing to do with Wine. The issues that concern the developers at the moment reside in the kernel. Wine does not use the Reactos Kernel.
2) The project will not end. This is simply a bit of house cleaning by the ROS developers to make sure that thier code base is clean.
3) ROS developers are in a meeting right now to decide on future actions. I’m sure that they will release an announcement when the meeting is over.
johndaly. You’re making many comments which are based on guess work.
Everyone should wait until the press release is available before speculating.
Guesswork? No, I’m on the mailing list (as a lurker) and have fallowed the project for more then 5 years. I do not guess, there are two camps right now one that condones the act, believing it to be a valid form of reverse engineering and another condemning the act, believing it to be wrong on multiple levels. The breach is small, that much was clear form the mailing list and if the offending developer can be believed (and at the moment I do believe him on this) he produced most of it before he disassembled the corresponding windows section.
The code in question is the fast call code, and the developer claims that part of it is form Linux. What I would be interested in code wise is a comparison of the ReactOS code with the Linux code, that would show a few things a) are they related as claimed by the developer and b) is there an alternative implementation. Neither have been proven before the discussion went of the mailing list. The problem is that the ReactOS developers don’t have the expertise for this. The code is rather esoteric and in asm, So if anybody has the expertise here I would appreciate your opinion.
I claimed the issue to be more a people issue, and I stand by that. The testing coordinator left the project over this (or so it appears from timing and argumentation previously to leaving) the core and old ReactOS developers are all on the clean room track but the project did accumulate lots of people in the last year or so. All we can do about the people issue is let it blow over.
ok, your going off the mailing list, which is also an incorrect source of information.
No one besides the developers know the extent of what is happening.
We will release a statement when a resolution has been reached. Shouldn’t be too long now
Know is an abstract idea (sorry you got me on my philosophical foot today) how do you know? Fact is the basis for knowledge (knowing) and how can fact exist for anything but the most basic of ideas. This is helium, that is iron. In anything more complicated personality and opinion figures in. Your hair looks like crap today, you have a nice car.
I will wait for a statement, but it won’t change my state of knowing. If the person that supposedly caused the taint did his act out of ignorance and insists he did no wrong what is there to know? It’s a people issue and it blows over, always. If you have a fight with another person you either get back together or not.
WTF?
You shouldn’t go around deleting people from the mailing list because they told your litte secret.
Mailing lists are public in there nature.
My fault. I read your as “you’re.”
“going off” = “going by” not you’re going off = being deleted
Just ignore that last post
lol, of course not, that would be obsurd.
my posts are meant as clarification, they aren’t meant in and aggressive manner.
I’ll use more smilies
I’ve done a lot of x86 assembly programming in my day, but I’m wondering what “fast call” means. To me a call is CALL <proc> (or INT xx, which is anything but fast, and you wouldn’t want to do that in Windows — grin). I understand the idea of protected-mode calls that involve the CPU performing a lookup into the global and/or local descriptor tables (and I’ve done some neat things with them back in the old EMM386.EXE days). Does the fast call concept have to do with this?
It’s probably function call with some of arguments put in the CPU registers instead of stack.
It’s in reference to fastcall entry point code
This has piqued my curiosity. I did some Yahoo! searching and found this article from 2001. Is this closer to the issue?
http://www.informit.com/articles/article.asp?p=22445&redir=1
Normally you enter the kernel by executing an INT. Newer (actually, non-ancient) processors have a special instruction, SYSENTER, which make the transition to kernelmode much faster. The “fastcall” stuff refers to the handling of this SYSENTER instructions.
Why not move to OS/2 ?
Wanna remember all of you that today Windows comes from NT that was something a “backdoor into IBM’s a$$”.
Many petitions (mine too) and a little little baby: os3ree (www.osfree.org)
Microsoft has just released their code, so ReactOS goal now sounds like “reinventing the weel”.
If i remember well, IBM can’t relese ‘some parts of the code’ so: why don’t we ‘revive the phoenix’ ?
(I think that IBM would be proud to ‘open a backdoor’ into a MicroSoft “world”…)
Edited 2006-01-26 23:20
MS did not release thier code to the average OSS programmer, they released to people willing/able to pay thier fees, and you know that won’t be cheap.
Moving to wouldn’t gain you much if your focus is to reproduce NT internals or the Win32 API, since OS/2 and NT diverged almost completely around 1992 (IBM wrote its own 32-bit OS/2 kernel, and NT was made more VMS-like by Cutler and associates when MS hired them from DEC).
When i first read this on the ROS forums this is what i said.
Ms could havepaid a developer just to say tho code is in there
Ms could pay a developer to actually put the code in there
Ms probably pays devs to take their time coding so that by time a stable release is out it will be irrelavant compared to the new ms os ie vista 64bit or a newer os
Ms Probably pays devs not to code at all one way todo so is to give them jobs….
think about it would MS allow a product to become fast secure and stable that will take billions of dollars from their pockets i highly doubt it Look at what theyre doing to linux over the years and ROS is a DIRECT competitor so they will do every underhanded thing they can. Call this a conspiracy theory or whatever you like but while you do look at ms track record look at the holloween documents etc…
For anyone curious, Linux code for system call on x86 using sysenter instruction is here:
http://lxr.linux.no/source/arch/i386/kernel/vsyscall-sysenter.S
http://www.reactos.org/xhtml/en/news_page_14.html
good, looks like reactos is in no danger, though this will likely make it progress slower for quite some time.