Hacker News new | comments | show | ask | jobs | submit login

My aim is to make skype open source.

Isn't that decision up to the folks who own the rights to the original code?

Personally, I'd be hesitant to get into a project that has more need for lawyers than coders.

I think that claim would be better off if rephrased as "my aim is to make a skype compatible open source software"

That still doesn't mitigate the need for lawyers. The protocol is still intellectual property, and reverse engineering it may not be without consequences.

I don't believe it's possible to secure any sort of intellectual-property protection for a mere protocol. The usual way of protecting them, though, is to patent some essential feature needed to implement the protocol, which may or may not be the case here.

Actually, as I've said elsewhere, one easy way of protecting a protocol is to explicitly restrict the right to reverse engineer in in the Terms of Service of the client that implements the protocol. Without that client, there's nothing to reverse engineer.

I'm not sure that's necessarily enforceable everywhere; it can be interpreted as an illegal barrier to competition.

That might be true; but do you want to be responsible for hiring the team of lawyers to go head-to-head against Microsoft's lawyers on that point?

Thanks for reminder to contribute to the EFF this year.

We have strength in numbers.

The extent to which ToS are enforcible has to be tested yet, especially wrt people who aren't even using the client. I mean hackers who just take advantage of the information released by someone who actually broke the ToS. How are they even bound by the ToS?

What about if a developer were to now download the source code available here? Could they, in theory, develop with it as they've never attempted to reverse engineer it themselves?

By using ToS, you're limiting enforcement to the people who do the RE, rather than an implementation, surely?

Actually, no. If you look at those files, you're "tainted" and can't be the one who writes a new implementation. The correct way to do reverse engineering for compatibility is to have to completely separate teams. The first does the reverse engineering and writes the specification/documentation. The second completely separate teams takes the specs/docs and writes an entirely new implementation.

This is the process used to achieve the "IBM PC Compatible" system you're probably using right now (including your Mac). Reading up on the development of the Compatibles is a good way to understand how to do reverse engineering correctly.

> The correct way to do reverse engineering

You should always emphasize that its the correct way _in the US_. As somebody already mentioned, HN readership is international, and said restrictions on reverse engineering do not apply everywhere. Also the author, judging by his name, doesn't seem to be a US citizen.

Of course that was not the way the "IBM PC Compatible" market arose. IBM published a rather complete set of documentation of the system, including all interface signals and the BIOS source code. I still have several of those documents on my shelf. It is completely different from the complete lack of Skype technical documents.

IBM released documentation after the PC had been cloned through "clean room" reverse engineering.


Then the cloners moved at warp speed. According to Wikipedia, the PC AT shipped in 1984. For nostalgia, I kept my copy of IBM Personal Computer Hardware Reference Library Technical Reference, Pub #1502494.

"This manual describes the various units of the IBM Personal Computer AT and how they interact. It also has information about the basic input/output system (BIOS) and about programming support.

The information in this publication is for reference, and is intended for hardware and program designers, programmers, engineers, and anyone else who needs to understand the design and operation of the IBM Personal Computer AT."

It includes the source listing of the PC AT BIOS, as well as complete interface pinouts, etc.

The colophon for this manual reads

First Edition (March 1984)

So what is your time line for IBM only publishing this manual after the PC AT was cloned?

I was an early Compaq employee. The documentation produced by the research team was vetted for anything not descriptive of behavior, then forwarded through lawyers, who logged each document, to the engineering team designing Compaq's compatible BIOS from the functional specs. A weird side effect: the process reproduced BIOS-level bugs for complete compatibility.

The first IBM PC was publicly released for sale on August 12, 1981.

The first "100% Compatible" was the Compaq Portable in 1982. It wasn't the first "compatible" to market, but it claimed to be the first that hit the "100%" mark and validated the clone market.

Technically the "tainted" attack could even come from programming books that offer code snippets. Unless you have a signed release from the copyright holder of the book, you are also tainted.

Abstrd, but true according to what you're saying, if you can prove that I copied it. Now, assuming you did download and peruse the source code for Free_skype: fine. Now prove it.

Any software available for free will end up on rapidshare-like page where you can get the binaries and analyse them without accepting ToS or even installing the software. ToS is pretty useless for protecting against RE, since you don't need to look at it.

I think there's a potential precedent in the reversing of the original PC BIOS - it was deemed that what was effectively a reimplementation of a closed protocol was permissible.

And, IIRC, there are still mixed results regarding the extent to which EULAs are enforcible.

"intellectual property"

That's a really muddy term. How exactly can you protect a protocol? Trade secret? Patents?

Copyright shouldn't apply if it's a reimplementation.

Edit: s/since/if/

While copyright wouldn't apply to an independent reimplementation, the article included links to decompiled versions of the Skype binaries, which would definitely fall under Skype's copyrights. Nothing wrong with using those decompiled binaries to reverse-engineer and document the Skype protocol, and I hope this produces useful results there, but that doesn't make it OK to directly redistribute the decompiled binaries.

The easiest way to is to restrict the right to reverse-engineer in the Terms of Service of the Skype client (which he needs to use, in order to have something to reverse engineer.)

Terms of Service don't necessarily have any legal force, and many jurisdictions have legal protections for the right to reverse-engineer, particularly for interoperability purposes.

This being illegal in the US does not mean it is illegal everywhere. People (Americans?) often seem to forget this. US law is not world law.

IANAL, but might the DMCA exemption on reverse engineering for program-to-program interoperability possibly apply in the US?[1]

Of course I have NFI what country the skype-open-source poster is in. FWIW the blog host (blogspot) is obviously in the US, the depositfiles.com file host has DNS registered in Seychelles but seemingly resolves to a US server...

[1] http://www.chillingeffects.org/reverse/faq.cgi#QID210

(Follow up: JCR's comment seems to make it clear that's what is being distributed here doesn't constitute reverse engineering in the legal sense. I hadn't actually looked at the files. Ah well.)

And what are jcr's credentials? Not everyone that posts on HN is an expert or should be assumed to understand their subject matter.

No, but he seems factually correct that the files are IDA Pro output from Skype binaries, and a patched/modified version of a Skype binary.

This is as opposed to publishing observations/specifications from looking at such dumps, or from a black-box observation of Skype's behaviour. In this case I believe jcr is 100% correct that what's being distributed isn't protected reverse engineering output, it's a derivative work of the original.

In short: Decompiling or cracking a program and posting it online with notes is not the same as reverse engineering it, although it's a step in that direction.

Hmm, so you aren't smart enough to attack JCR's ideas, so you go after his character? Are you stupid or what?

Can we even believe anything that cookiecaper says? I mean, what's HIS credentials?

(see what I did there? Ad hominem attacks are just that: logical fallacies. Please don't do them.)

It wasn't an ad hominem attack and I have nothing against jcr. I don't even disagree. I just felt it was important to advise people to check their sources since the parent comment seemed to be putting a lot of trust in a comment that could easily contain misinformation.

No offense intended. :)

> No offense intended. :)

None Taken. :)

But to answer your question:

- I have no credentials, and don't want any.

- I am not an expert, and don't want to be one.

- For every bit of the subject matter that I've learned, I can name at least a half dozen people who know that bit better than I do.

I would suggest not wasting your time trying to authenticate me, the source, but instead, put your effort into finding outside authentication of the statements. The source in this case really doesn't matter, but outside confirmation really does matter.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact