Hacker News new | comments | show | ask | jobs | submit login

Actually, as I've said elsewhere, one easy way of protecting a protocol is to explicitly restrict the right to reverse engineer in in the Terms of Service of the client that implements the protocol. Without that client, there's nothing to reverse engineer.

I'm not sure that's necessarily enforceable everywhere; it can be interpreted as an illegal barrier to competition.

That might be true; but do you want to be responsible for hiring the team of lawyers to go head-to-head against Microsoft's lawyers on that point?

Thanks for reminder to contribute to the EFF this year.

We have strength in numbers.

The extent to which ToS are enforcible has to be tested yet, especially wrt people who aren't even using the client. I mean hackers who just take advantage of the information released by someone who actually broke the ToS. How are they even bound by the ToS?

What about if a developer were to now download the source code available here? Could they, in theory, develop with it as they've never attempted to reverse engineer it themselves?

By using ToS, you're limiting enforcement to the people who do the RE, rather than an implementation, surely?

Actually, no. If you look at those files, you're "tainted" and can't be the one who writes a new implementation. The correct way to do reverse engineering for compatibility is to have to completely separate teams. The first does the reverse engineering and writes the specification/documentation. The second completely separate teams takes the specs/docs and writes an entirely new implementation.

This is the process used to achieve the "IBM PC Compatible" system you're probably using right now (including your Mac). Reading up on the development of the Compatibles is a good way to understand how to do reverse engineering correctly.

> The correct way to do reverse engineering

You should always emphasize that its the correct way _in the US_. As somebody already mentioned, HN readership is international, and said restrictions on reverse engineering do not apply everywhere. Also the author, judging by his name, doesn't seem to be a US citizen.

Of course that was not the way the "IBM PC Compatible" market arose. IBM published a rather complete set of documentation of the system, including all interface signals and the BIOS source code. I still have several of those documents on my shelf. It is completely different from the complete lack of Skype technical documents.

IBM released documentation after the PC had been cloned through "clean room" reverse engineering.


Then the cloners moved at warp speed. According to Wikipedia, the PC AT shipped in 1984. For nostalgia, I kept my copy of IBM Personal Computer Hardware Reference Library Technical Reference, Pub #1502494.

"This manual describes the various units of the IBM Personal Computer AT and how they interact. It also has information about the basic input/output system (BIOS) and about programming support.

The information in this publication is for reference, and is intended for hardware and program designers, programmers, engineers, and anyone else who needs to understand the design and operation of the IBM Personal Computer AT."

It includes the source listing of the PC AT BIOS, as well as complete interface pinouts, etc.

The colophon for this manual reads

First Edition (March 1984)

So what is your time line for IBM only publishing this manual after the PC AT was cloned?

I was an early Compaq employee. The documentation produced by the research team was vetted for anything not descriptive of behavior, then forwarded through lawyers, who logged each document, to the engineering team designing Compaq's compatible BIOS from the functional specs. A weird side effect: the process reproduced BIOS-level bugs for complete compatibility.

The first IBM PC was publicly released for sale on August 12, 1981.

The first "100% Compatible" was the Compaq Portable in 1982. It wasn't the first "compatible" to market, but it claimed to be the first that hit the "100%" mark and validated the clone market.

Technically the "tainted" attack could even come from programming books that offer code snippets. Unless you have a signed release from the copyright holder of the book, you are also tainted.

Abstrd, but true according to what you're saying, if you can prove that I copied it. Now, assuming you did download and peruse the source code for Free_skype: fine. Now prove it.

Any software available for free will end up on rapidshare-like page where you can get the binaries and analyse them without accepting ToS or even installing the software. ToS is pretty useless for protecting against RE, since you don't need to look at it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact