Feeds

Freedom loving lawyers prime primer on open source code

Penguin army forms in India

Providing a secure and efficient Helpdesk

Aaron Williamson and Matt Norwood presented a thorough analysis of reverse engineering and clean-room development - a remarkably dry run through a seemingly fascinating topic. "Reverse engineering" carries a magical allure to it, a mystique that’s destroyed by a blow-by-blow breakdown of the best practices procedure behind the technique and its legal ramifications.

“When Sega’s code was reverse engineered so that someone could build game cartridges that competed with Sega’s cartridges, the courts decided that if you were reverse-engineering to get to the idea within the cartridge, than the engineering was fair use,” Williamson pointed out. The now ubiquitous end-user license agreement prevent simple reverse engineering with blanket provisions - a fact iPhone hackers would be wise to take note of.

To avoid those legal pitfalls, hackers can buy pre-activated iPhones on eBay, thus avoiding the EULA, or follow the procedure Williams outlined for proper reverse engineering: First, there are developers in the clean room, people with no prior access to the code in question and who won’t have access to the rest of the team. For them, isolation is key.

As Norwood joked, “The first rule of clean room is you do not talk about clean room. Less obvious is the second rule of clean room, which is you do not talk about clean room.”

The other two groups are the specification team, people who have access to the potentially infringing code that the project aims to replace, and the liaison, who works between the other teams and ensures their separation.

Successful reverse engineering projects are usually planned out in advance and executed according to these stringent guidelines. But often, open source developers don’t think about these issues until it’s too late.

Eben Moglen, chairman of the Software Freedom Law Center, wrapped up the evening with a passionate restatement of the Center’s goals. He’s excited about the new office that should open in New Delhi next year and support for the millions of open source coders he envisions coming out of the subcontinent in the immediate future.

Moglen sees it as his mission to defend the world’s free software programmers. As he put it, “the kid’s gotta code . . . and he can’t defend himself against the man who says, 'you’ve gotta pay me for my idea which you just had.'” ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.