David
it was frozen, and audited, yes
帕沙
So the question is
帕沙
How did you check whether it has ms sources without ms sources? 😆
David
I may be wrong, but I believe that, rather than check directly for the presence of code that is identical to one microsoft wrote, the team scanned for commits from unexplainable origin, and no research/tests/sources to back it up — something that could only have been copypasted from there
David
alternatively, they could have looked for code snippets online, to see if it brought up pages with leaked sources
David
you'd need to ask someone with better knowledge — I wasn't on the team back then.
帕沙
But all my core edits, for example, can be called as "no research/tests/sources to back it up"
帕沙
It sounds impossible to check these ways
帕沙
alternatively, they could have looked for code snippets online, to see if it brought up pages with leaked sources
Leakers will never allow search engines to index their sources. Because this way they can be found by Microsoft. They would better be published on closed forums
David
yeah well
David
just google certain undocumented function names
David
there's plenty of sites hosting publicly-accessible windows source code
David
we have to be careful to avoid them when looking for information ;P
帕沙
So if I, for example, have actual windows ten source code (non-public) I can easily use it and no one will ever suspect anything, can't I?
David
If y ou did it right, I suppose. but if you did that, and thne someone DID suspect something
David
it couldeasily destroy the project
David
forever.
帕沙
The whole react os?
David
Every single line of code would immediately be suspect.
David
The repository was closed for months on the previous audit
David
and nothing was found
David
imagine if something was
David
Even if the code wasn't useless, the reputation would receive an immense hit
David
we'd lose the ability to submit any patch to wine, since anything coming from a "known reactos contributor" would be suspect
David
many opensources news sites would probably refuse to post news about us, and if they did, they may speak in bad terms, rather than as a good project worth supporting
David
overall, we have to be extremely careful
帕沙
many opensources news sites would probably refuse to post news about us, and if they did, they may speak in bad terms, rather than as a good project worth supporting
Why? If someone has posted "dangerous" code it's his own fault
帕沙
Not fault of the whole team
帕沙
So wine will just refuse to take patches from this person
帕沙
And news will be about him
Victor
And what if ms use code from ReactOS ?
帕沙
It will become less buggy
帕沙
Then
帕沙
I mean, Windows
David
I'm talking about a worst-case scenario
David
where someone does find windows sources, and we can't explain how they got there
帕沙
I'm talking about a worst-case scenario
In worst case scenario earth will be destroyed but alien's guns
David
all the external patches are reviewed one by one, but one of the core team members
David
so our hope is that we can spot any code that looks "too Microsoft-y"
帕沙
where someone does find windows sources, and we can't explain how they got there
How can it be possible? Are not Autors of every commit known?
Anonymous
Yes all are known
David
Yes — each commit has a "Patch by <name>" in it
David
so we known who provided the code, and who merged it
Anonymous
Even more you cant commit the code directly but through ReactOS Devs as David Quintana :)
David
if Microsoft uses reactos code, then all they have to do is comply with the license, and opensource anything they do with it ;P
Anonymous
If suddenly a newcomer gives us a patch with dozen of implemented and undocumented functions plus no errors all perfect plus microsofteisms...then bet it it's a leaked code
Anonymous
Usually patches are pretty small
Anonymous
Backed with kmtests
Anonymous
(Kernel mode tests)
Anonymous
For us is pretty easy to find if aomeone is trying to plug into ReactOs leaked code
David
Specially if you are like a certain someone, and the patch contains "Copyright (c) ... Microsoft corporation"
Anonymous
Hahaha
Anonymous
Yeah, if you include the microsoft header....
Anonymous
That is a good proof
Anonymous
😘
Anonymous
Ok, now our Bot is an admin finally
Anonymous
Lets hope it will tell us about any news coming
David
The worst situation for us is someone who does have access to the sources, but doesn't follow the right clean-room procedures, and writes the code themselves — if Microsoft wanted to destroy the project, and they could prove that happened, it would be one of the stronger ways of attack.
Anonymous
/twitter
Anonymous
Ok
Anonymous
/commanda
Anonymous
/commands
Anonymous
Nothing haha
David
/help
Anonymous
Yeah
Anonymous
I will modify that
Anonymous
With the commands and so on
Fo
You may disagree with me, but how about to make (leaked) code impossible to use? To use different techonology, like Rust, etc, enforce internal code style (ReactOS uses "objects" already) etc, so copy-paste is a no thing. Hypotetically, may it mostly (techically) solve the problem?
Fo
Risks are a bit scary for now
Anonymous
Dunno if i understood you, but if you are suggesting to move our C code into Rust...then you are missing 9,000,000 of points..err..lines of code
Anonymous
On the other hand Rust, React, etc are not suitable for kernel development
Volodymyr
Rust actually is (kinda?) https://github.com/redox-os/redox
Volodymyr
But why'd you want to do this anyways?
Victor
You may disagree with me, but how about to make (leaked) code impossible to use? To use different techonology, like Rust, etc, enforce internal code style (ReactOS uses "objects" already) etc, so copy-paste is a no thing. Hypotetically, may it mostly (techically) solve the problem?
Just technology change seems to be nothing. The thing is to remove bugs and shit from them 😊