All the Perl that's Practical to Extract and Report

when open source aint ?

tinman on 2004-03-02T21:02:49

It all started with Security Protocols published a flaw in Trillian's Yahoo and AIM code here. The pointed reference to the Yahoo packet handling code mentions that

The code below is part of Trillian since version 0.71 which was released on the 18th december 2001. It was manually decompiled. The variable names were taken from the GAIM source code. If you compare the decompiled code with the code in yahoo.c (revision 1.12 from 15th nov 2001) you will realize that it is more or less identical. It is up to the reader to find an explanation how this GPL licensed codesnippet ended up in Trillian.

That started off a mini firestorm in the Trillian forums. Several people wanted to know how a payware (they do have a free basic version) product got hold of the code and used it with no citations or references to GAIM. Then one of the developers of GAIM got in on the act and responded.

Apparently, he's satisfied that the code is sufficiently different.

The problem is that there are literally dozens of GAIM clones popping up all over the net. How many of them have been scrutinized in this way ? Who would bother ? What is to stop some unscrupulous company from using GPL-ed code in their own product? Who's going to enforce the license? How can you expect all commercial for-profit entities to be honest and respect copyright ? Maybe more of these cases are not far away.

It's also worth noting that a Cerulean Studios forum thread here has a reply from the person who spotted it (posting as "user1704") saying that it's stretching the bounds of coincidence to have 4 bugs in that same small section of code and not have "code sharing".

Interesting case.. if someone swipes GPL-ed code, who'd know?Maybe companies do this regularly, who can tell..

getting away with stealing

jmm on 2004-03-03T15:36:55

Companies will get away with copying open source code as easily as they get away with copying closed source code. As long as they are not successful in their business endeavour, it is far more likely that their copying will pass unnoticed. However, the more successful they become, the more likely it is that their product will be noticed by someone able to detect a similarity and call for careful scrutiny.

That is a pretty strong reason to not copy in the first place. Copying can be seen to be a case of "heads you lose" (company never succeeds because of natural failure) or "tails we win" (company becomes successful causing the copying to get detected, so the profits are diluted drastically as a result).

There are differences between copying from open source and closed source in this scenario. Copying from open source is easier (since the source is available, so you can adapt it rather than simply using a binary copy in its original form), but it is more detactable (detecting copies is yet another "bug" that is made shallow by having many eyes).