I don't believe it's possible to secure any sort of intellectual-property protection for a mere protocol. The usual way of protecting them, though, is to patent some essential feature needed to implement the protocol, which may or may not be the case here.
Actually, as I've said elsewhere, one easy way of protecting a protocol is to explicitly restrict the right to reverse engineer in in the Terms of Service of the client that implements the protocol. Without that client, there's nothing to reverse engineer.
The extent to which ToS are enforcible has to be tested yet, especially wrt people who aren't even using the client. I mean hackers who just take advantage of the information released by someone who actually broke the ToS. How are they even bound by the ToS?
Actually, no. If you look at those files, you're "tainted" and can't be the one who writes a new implementation. The correct way to do reverse engineering for compatibility is to have to completely separate teams. The first does the reverse engineering and writes the specification/documentation. The second completely separate teams takes the specs/docs and writes an entirely new implementation.
This is the process used to achieve the "IBM PC Compatible" system you're probably using right now (including your Mac). Reading up on the development of the Compatibles is a good way to understand how to do reverse engineering correctly.
You should always emphasize that its the correct way _in the US_. As somebody already mentioned, HN readership is international, and said restrictions on reverse engineering do not apply everywhere. Also the author, judging by his name, doesn't seem to be a US citizen.
Of course that was not the way the "IBM PC Compatible" market arose. IBM published a rather complete set of documentation of the system, including all interface signals and the BIOS source code. I still have several of those documents on my shelf. It is completely different from the complete lack of Skype technical documents.
Then the cloners moved at warp speed. According to Wikipedia, the PC AT shipped in 1984. For nostalgia, I kept my copy of IBM Personal Computer Hardware Reference Library Technical Reference, Pub #1502494.
"This manual describes the various units of the IBM Personal Computer AT and how they interact. It also has information about the basic input/output system (BIOS) and about programming support.
The information in this publication is for reference, and is intended for hardware and program designers, programmers, engineers, and anyone else who needs to understand the design and operation of the IBM Personal Computer AT."
It includes the source listing of the PC AT BIOS, as well as complete interface pinouts, etc.
The colophon for this manual reads
First Edition (March 1984)
So what is your time line for IBM only publishing this manual after the PC AT was cloned?
I was an early Compaq employee. The documentation produced by the research team was vetted for anything not descriptive of behavior, then forwarded through lawyers, who logged each document, to the engineering team designing Compaq's compatible BIOS from the functional specs. A weird side effect: the process reproduced BIOS-level bugs for complete compatibility.
Any software available for free will end up on rapidshare-like page where you can get the binaries and analyse them without accepting ToS or even installing the software. ToS is pretty useless for protecting against RE, since you don't need to look at it.
While copyright wouldn't apply to an independent reimplementation, the article included links to decompiled versions of the Skype binaries, which would definitely fall under Skype's copyrights. Nothing wrong with using those decompiled binaries to reverse-engineer and document the Skype protocol, and I hope this produces useful results there, but that doesn't make it OK to directly redistribute the decompiled binaries.
IANAL, but might the DMCA exemption on reverse engineering for program-to-program interoperability possibly apply in the US?
Of course I have NFI what country the skype-open-source poster is in. FWIW the blog host (blogspot) is obviously in the US, the depositfiles.com file host has DNS registered in Seychelles but seemingly resolves to a US server...
No, but he seems factually correct that the files are IDA Pro output from Skype binaries, and a patched/modified version of a Skype binary.
This is as opposed to publishing observations/specifications from looking at such dumps, or from a black-box observation of Skype's behaviour. In this case I believe jcr is 100% correct that what's being distributed isn't protected reverse engineering output, it's a derivative work of the original.
In short: Decompiling or cracking a program and posting it online with notes is not the same as reverse engineering it, although it's a step in that direction.
It wasn't an ad hominem attack and I have nothing against jcr. I don't even disagree. I just felt it was important to advise people to check their sources since the parent comment seemed to be putting a lot of trust in a comment that could easily contain misinformation.
- For every bit of the subject matter that I've learned, I can name at
least a half dozen people who know that bit better than I do.
I would suggest not wasting your time trying to authenticate me, the
source, but instead, put your effort into finding outside authentication
of the statements. The source in this case really doesn't matter, but
outside confirmation really does matter.