Hacker News new | past | comments | ask | show | jobs | submit login
EU court rules no EULA can forbid decompilation, if you want to fix a bug (europa.eu)
938 points by aleclm 14 days ago | hide | past | favorite | 224 comments



IMHO this is a sensible decision, one that reflects the clear underlying intention of the statute. Article 5(1) of the Directive says:

> [certain acts] shall not require authorization by the rightholder where they are necessary for the use of the computer program by the lawful acquirer in accordance with its intended purpose, including for error correction.

Essentially, they have ruled that other Articles in the Directive do not supersede this Article, and that reverse engineering to correct an error can be necessary.

This court, the CJEU, has good form on sensible decisions regarding computing. For example, SAS vs World Programming (C‑406/10) allowed reverse engineering for interoperability. That case, also, was the court upholding the clear intention of the statute. Moreover there was UsedSoft vs Oracle (C-128/11), allowing the resale of software licences, including the right to download the software where necessary, upon purchasing a second hand licence.


So patching it to work without company servers after they've been shut down might be ok too!

You'd hope so.

There's also the CJEU case of Ninetendo v PC Box & 9 Net (C-355/12), which sets out circumstances where it's lawful to sell a device which circumvents DRM.

Alas in that case, the bar is set too high: it's not enough for there to be legitimate reasons to break the DRM; that has to be weighed against the 'rights' of copyright holders.


This is sensible because it's the same as taking laptop apart to replace failing RAM or disk.

Absolutely agreed, morally it's the right decision.

I was just focusing on the law because copyright expansionists have a lot of institutional capture, or at least the ear of legislators. So even though the intention of the Directive was clear, I wouldn't have been entirely shocked if the court had decided against decompilation being allowed for fixing bugs.


I'm really not sure why software is treated differently from eg. hardware.

Am I allowed to modify my washing machine, if i want to eg. use it for sous-vide? Sure. I might lose my warranty, I might not be able to resell it as a washing machine without disclosing the not-up-to-electrical-code work, but I'm pretty sure the manufacturer can not sue me for modifying it and/or posting an instructional video of how to do it.

Buying software and treating it as a "borrowing" is something that has to be stopped.


> Buying software and treating it as a "borrowing" is something that has to be stopped.

Yeah. Their marketing is all lies too. They show people a "buy" button, obviously leading them to believe they'll own what they pay for. Then they bury people in these insane license agreements nobody even reads much less understands. In these agreements they explain that no, you're not actually buying anything from us, we're just doing you the favor of allowing you to use the product provided you follow these rules, and we reserve the right to take the product away for any reason including no reason, and in that case we'll still keep your money.

Seriously, why is this allowed? In a just world, courts would simply invalidate these contracts in their entirety. It's simply not possible to believe that a normal person consented to anything written in there. The vast majority of people don't even read this stuff. They're trying to buy something but the company keeps showing them these licensing terms they know nothing about so they click next to get rid of it. That's what it means when the company says someone has "agreed to their terms". They annoyed them so much with popups they just clicked accept to make it all stop. They just wanted to buy the product.

Why are normal people even being exposed to the complexities of copyright law and licensing to begin with? This should not be allowed. Nobody should have to care about this insanity. They should just own the stuff they bought, just like they own physical items. People understand buying and ownership. It should be literally illegal for companies to confuse laymen with these legal buzzwords. If they're dealing with other companies, it's fine since it's safe to assume they know better. Consumers on the other hand absolutely deserve protection.


> In a just world, courts would simply invalidate these contracts in their entirety.

As I understand it, the EU essentially does this, deeming EULA terms to be unenforceable if they are unreasonable and/or hidden.

I'm no lawyer though, and unfortunately I couldn't find a great article on the topic, just scattered HackerNews and reddit discussions.


I could not agree more with this.

If software companies want to pretend that I agreed to licensing agreements, they can change their advertisements to "Rent our software for $60!".

Most of them seem unwilling to do that, so I will continue being unwilling to adhere to any of their fine print.


Blame Bill Gates. He's largely responsible for changing people's perception of software from it being seen as math to some sort of "property".

What did he do?


The buying is being replaced by renting so it probably will stop.


Problem is that when you buy software you often get more code than you paid for, and that code is hidden by a feature flag. Reverse engineering the code and fixing that feature flag is therefore illegal, because otherwise that business model wouldn't work. In practice nobody will sue you as an individual for doing that, but lets say that Microsoft does it to avoid millions in licensing fees, then you have a reasonable legal case against them.

If what you say would be completely legal then many big companies would absolutely start doing that. Do you think that would be a good thing?


It's easy to compile (or transpile in interpreted languages) the code needed to implement a feature flag entirely out of the binary you distribute to customers who haven't paid for it. I don't see that this is a problem.

So what?

If they sold a feature, it's yours.

If I buy a car containing eg. heated seats, but the feature is disabled, because I didnt select the proper addon package, who is going to sue me, if I add a switch, and connect the heating elements to 12V supply myself? Or buy an addon controller? Or even buy addon seat heaters?


In practice, if you buy the car hypothetically containing heating seats but the feature is disabled, then the hypothetical company (that is probably Tesla) will void your warranty and refuse repairs.

Which is a great argument for Right to Repair, but makes everything a hassle on the consumer side - any future interaction with the company around the vehicle is a landmmine waiting to be triggered.


That's certainly the companies' problem. If they don't want code to end up at the customer they can easily remove it from compilation. Not doing that is just laziness.

How does this interact with yesterday's facebook story.

Facebook has a buggy UI that makes it hard to unfollow everything. Some dev created a plugin to fix this. Facebook banned him and lawyered up.

Is the plugin legal in europe or not? Is fixing a dark pattern a bugfix?

https://news.ycombinator.com/item?id=28801908


The author made a post explaining the plugin was almost certainly legal, but facebook can exploit the legal system make it too expensive to be worth defending.

https://slate.com/technology/2021/10/facebook-unfollow-every...


And unfortunately, the author comes from the UK which is now no longer under the jurisdiction of the CJEU. That might have provided him some protection.

In this case, I suspect that wasn't the concern.

The UK currently replicates almost all the same provisions as the EU (because, it was part of the EU, and in leaving it was easier to just say, yes, we're keeping the rules the same).

It will inevitably diverge from the EU rules, but most of these are identical for now.

The case in the OP was against the Belgian Government, who do have the resources to fight silly lawsuits. Random individuals in most jurisdictions can't really entertain such things over something that doesn't make them any money against a trillion $ company.


The law in these areas won't have diverged significantly yet so he wouldn't have any less protection from the UK justice system compared to the EU.

Ah yes, “rights”, the privileges of the man with enough wealth to file suit.

History will not look back well upon this charade.


"In its majestic equality, the law forbids rich and poor alike to sleep under bridges, beg in the streets, and steal loaves of bread." - Anatole France

If only that were the reality if things.

In practice, the rich are not even as forbidden as the poor from that.


Sounds like two distinctions. Not sure if either is legally relevant

1) browser extension (which I guess is kind of a client side JS modification?) vs decompilation 2) bug vs feature addition

My uninformed take is that Facebook's claim is weak to begin with, but that this judgment doesn't really influence anything


It reminds me of the issue of whether game cheats are legal or not. Activision is losing a lot of money because cheats are ruining the game for everyone. Here, the only "victim" is Facebook itself. And it's not cheating as much as automating a manual process. My opinion is that Facebook overstepped here. A net negative move with all the bad PR they got, of which they already have plenty. And the attentionthe plug-in got.

IANAL, but FB never made any direct or implied promise in its EULA that you could mass unfollow everything, and there probably ARE terms against scripting their API in an unauthorized way, so I don't think there is a case.

> FB never made any direct or implied promise in its EULA that you could mass unfollow everything

Why does this have to be explicitly allowed? Everything not prohibited is permitted.

> there probably ARE terms against scripting their API in an unauthorized way

The extension is not bound by any terms. It's the user's choice whether to violate these conditions by installing and using it.

In any case, users should have every right to do this. It's essentialy self-defense against corporate abuse. They can get us addicted to content feeds so we spend hours looking at ads but we can't script their site? That's abuse and we have every right to defend ourselves. These stupid terms are like a drug dealer that makes us promise not to go to a doctor and seek help for addiction before giving us our free sample.


Any EULA agreement is between Facebook and the End User not the creator of a Chrome plugin.

If they have a case it is against the individuals who use the plugin.


If Facebook tells me I can only browse their website in Google Chrome, then can they sue me if I open Facebook in Mozilla Firefox?

EULA doesn't mean anything as it's a one-sided contract. It doesn't allow the user to provide their terms in an input field. So it can't be taken seriously.

It's basically 10,000 employee company against single consumer. No judge would think that is a fair way to go about these things.


Why wouldn't it be legal?

When did you acquire or purchase the Facebook app?

All the time with my personal data. You don't even need to install anything. Many applications and websites will do share your data to Facebook. Friends too. It's great.

Wait, I thought we were all paying with our data and the general state of surveillance on the web.

generally by searching Facebook on duckduckgo and following links, for some people it might be preinstalled on their phones so they literally bought it.

in any case it was given willingly to me by Facebook


True enough. I uninstall it from my phone and after every update it magically reappears. Ah Facebook, like U2 in ITunes, will they never learn.

This becomes incredibly interesting in terms of e.g. Denuvo. This anti-piracy middleware has been shown to make games unplayable, and this EU law seems to support removing it.

I can't believe studios let their publishers force this kind of tech into their run loops.

It's understandable from a publishers perspective.

Even if it only lasts a month before being cracked, it allows the publisher to capture that first month of sales without competition from TPB. That first month is typically the most important time in a game sales lifecycle.

Counter to that, it should be a policy to remove Denuvo 90days post launch, as it does, in fact, cause performance issues and such.


Ah yes, the publisher's perspective. They can't deal with the fact it's the 21st century and copyright makes no sense, so they offer an inferior version of the product with performance issues, dependency on company servers they'll certainly turn off at some point, etc.

Nothing like humiliating your loyal consumers by making them pay for a game that's inferior to what pirates get for free.


Actually copyright and all IP legislation is ever more important for businesses as ever more of the wealth companies have is in IP. But this is legally delicate time, companies don't want to squeeze so hard it raises public ire, but sure as anything they don't want to let go of a drop of IP 'leverage' they don't have to.

Right. It's all about the companies, isn't it? It's all about their leverage, their power, their profits, their god given right to eternal rent seeking.

They forget that copyright is part of a social contract. In its original form, it was something like this:

> we'll pretend your work is scarce so that you can make money

> after a while, it will enter the public domain

Copyright only works because we allow it. We're all pretending this stuff can't be copied and distributed infinitely and at zero cost. We're the ones doing them a favor. We were duped. They assured us that eventually the works would become public property. All of it will one day belong to all of us. That was a lie.

Of course they don't want to let go of their imaginary property. They want their copyrights to last forever so they can extract their rent out of their state granted monopoly for all eternity. So they lobby the governments and systematically rob us of our public domain rights.

So I will no longer pretend this stuff is scarce. It's not. It's data, nothing but a huge number stored on a hard disk. Not a single person on this earth owns that number. It's trivial to copy and distribute it. Everyone needs to know this truth. We need technology that makes it painfully obvious and easy for everyone. Technology that proves it by subverting the business models of these rent seekers. Services like Sci-Hub.

The whole notion of companies hoarding intellectual property is absurd. Intellectual property was never meant to give leverage to companies, it was meant to give them an incentive to create new products and works. Intellectual property expires. At least it would expire if the system worked properly instead of being co-opted by corporations with deep pockets and lots of lobbyists.

If these companies are hoarding wealth in the form of IP, the only just outcome is the one where they lose it all.


> They forget that copyright is part of a social contract. In its original form, it was something like this:

>> we'll pretend your work is scarce so that you can make money

>> after a while, it will enter the public domain

That is not even close to the original form of copyright. In its original form, copyright was a monopoly held by the crown (and granted to printers) for the purpose of censoring works the crown didn't want published.


The people that pirate games are not the one that would have bought it day one. It's always the same wrong reasoning about piracy, they think that if one person pirates the game the same person would have gone and bought it. It's not, someone that wants to play the game but not pay for it doesn't care about waiting a month (but sometime even just a couple of days) to find the crack online.

DRM was proved to not work, and only impact on people that buy the media with restrictions such as reduced performance, making the game size bigger, requiring an internet connection even for playing offline, having to activate again the game when they change hardware or reinstall the operating system, have even DRM that are basically malware and reduce the stability of the whole operating system and reduce its performance by installing some low level components that are active even when you are not playing the game, and so on.

In my opinion if games are all DRM-free people would still buy them, game studios would still make money, and users will be more happy (and possibly buy more games).


> The people that pirate games are not the one that would have bought it day one

There is also a nonzero number of people who would buy a game if piracy was not an option, or if there was significant enough friction in pirating it.

Denuvo and other DRM of varying levels do work in their intended function, for some period of time. Sometimes it's cracked before release, and sometimes it takes a while, depending on interest in the game, the current status of cracking groups and all sorts of other things.

So the calculation is pretty simple: Will the sales gained from the few pirates who would buy if they can't pirate, be higher than the sales lost due to the impact of a bad DRM implementation and/or the "stink" of it?

Publishers think that's a gamble worth taking every time, because 1) they assume their devs will get the DRM implementation right, or right enough 2) gamers don't really vote with their wallets, and/or the ~15% performance loss of a bad DRM implementation doesn't really eschew or discourage the supermajority of buyers. The market simply doesn't care.

There's also the PR and sales bump from the later "Denuvo has been removed!" patch (and it gets the game back in the news, after all) but I'm going to assume that it's negligible for this discussion.


Funny how everyone seems to think DRM doesn’t work except the professionals actually applying it

In most cases/industries you'd assume the professionals would be right, but we're talking about the games industry - legendary for its shortsightedness and general idiocy - far too many obviously bad ideas get way too much money behind them. Very similar to the movie industry in that regard

And oh look at the one other industry still shooting itself in the foot with regards to piracy. Streaming is changing that for movies - you can see why so many are going for games streaming style services - just nobody has figured out the model


There's simply a gap between the games and media one wants to play and the games and media one wants to buy. Whatever the reasons are (I'm not sure I'll like it, DRM or bugs might make the game unplayable, I'm unwilling to pay full price to have a look, I don't want to commit to a subscription, I'm an irresponsible freeloader...) piracy fills the gap in a way that is impossible with material goods, and it will always be so. There's no way out, and DRM just erodes goodwill. For example, I stopped buying Sony audio CDs, even from artists I like, after the rootkit scandal of many years ago.

It's a little more complicated than this. Sometimes media (or games) are easier or a combination of easier & cheaper to pirate/workaround drm than obtain legally. E.g. Netflix notoriously has location restrictions on where their licensing applies, and people use vpns to work around these. They literally can't pay Netflix more money to e.g. watch the US catalog from Australia. Or see also how much game of thrones was pirated, especially before hbo had a standalone streaming service. For a while you could get it only as a cable add on, so some cord cutters turned to piracy.

When content is available easily and at a reasonable cost, it's often a better experience to buy than pirate. Sure, there are some people who will still pirate everything but there's a lot in the middle who are willing to pay something.


People who are "willing to pay something" typically have an entertainment budget and are willing to spend that money on high-priority beneficiaries (e.g. struggling publishers and starving indie artists that they'd like to see more work from, works so great that they inspire gratitude, live entertainment that cannot be pirated, gifts for someone else).

Choices of entertainment to pay for diverge from choices of entertainment to consume, and piracy accommodates the difference.


Yes, but if someone is set on pirating the game, they'll just wait until its cracked in a month before playing it. So really, publishers aren't going to gain any sales compared to not including DRM to begin with. If they do it's going to be a tiny, tiny fraction.

On the other hand I don't buy games with denuvo so that's a lost sale right there.

same, why should i get punished for buying something... when pirates get a better product in the end?

There's games I want to buy (like tales of berseria), which I cannot because they have yet to remove Denuvo, despite years.

I might get tired of it and just "pirate" these games.


Out of curiosity, is there any data to support this mindset? It's probably true, but Curiosity(TM).

I don't have sources, but I believe that half the sales happen around the first few weeks.

A closely related topic is "the tail of game sales." You will probably find game developers talking about it if you search for that. Honestly, though, the (frankly ridiculous) propensity for pre-order success radically upsets this argument.

Publishers are the ones with the money.

Already enshrined in my country's copyright act: decompilation for purposes of interoperability, bug-fixing, or education is exempted from copyright protection, and I don't see how a legal provision could be overridden by a contract.

It's definitely legal in Russia to decompile something for the purpose of interoperability. Though you do have to remember that this is Russia, and the interpretation of laws changes depending on who and how rich you are.

Nobody ever in Russia gets prosecuted for doing anything to any software for their own personal use. And actually there's been very few cases when someone was prosecuted let's say for using pirated software for their business. A couple of guys got unlucky and that's basically it.

And this is how it should be everywhere, the copyright model was beneficial for the society maybe up until 300 years ago. Today, the whole copyright thing is bizarre.


> the copyright model was beneficial for the society maybe up until 300 years ago.

The copyright model is more recent than 300 years ago. It cannot have provided any benefit to any party before then.


> this is Russia, and the interpretation of laws changes depending on who and how rich you are.

show one legislation where this is not true


Lots of western countries, including the US. The way rich people end up exploiting the legal system in the US is not a different interpretation of the laws.

Corruption is not yet prevalent enough that a rich person can get away with murder by bribing judges/prosecutors to interpret the laws differently.


i kind of get what you want to say and admire your trust in humanity, but on the other hand am certain that there have been cases of murder that were "bribed away" in any country.

"steal a million dollars and you go to jail, steal a billion dollars and they name a business shool after you"


Ditto in Poland. Also, it’s legal to use decompilation or even cracks to make and use backup copies of the software you purchased legally.

Here in Russia there's federal law (since 1992):

"A person who lawfully owns a copy of a computer program or database has the right <...> to carry out any actions related to the operation of a computer program or database in accordance with its purpose, including <...> correcting obvious errors."


if an EU country, obviously, since this court ruling is just confirming the 1991 EU copyright directive for a specific case.

Yes, an EU country, but as far as I can tell, we've already had these provisions since before our accession to the EU in the 2000s.

EU law supersedes local law. So if your country one would prohibit such actions, EU law would take precedence and allow it.

I may be wrong but I was under the impression that local law would have to be harmonized to comply with it in this case anyway. So at that point you have no contradiction of the two. That the local law would diverge instead sounds highly hypothetical.

"EU law" can refer to several different things.

As far as I understand, this is a ruling about Council Directive 91/250/EEC. A directive is like a template from the EU that gets copied into local laws. So there is no distinction between local an EU law here.

https://ec.europa.eu/info/law/law-making-process/types-eu-la...


In practice the enforcement of laws happens at the national level, and EU precedence doesn't always bridge the gap between theory and practice.

While I welcome this decision, it is absurd that the law places any limits whatsoever on the act of examining how an artifact you legally own functions.

What they like to call "reverse engineering", because describing in plain language what is being forbidden would reveal what a severe limit on personal rights this is. Especially as we are being surrounded by devices where "reverse engineering" is the only way to determine what they do.

Such laws are no less than restrictions on what we are allowed to discover about our environment.


> it is absurd that the law places any limits whatsoever on the act of examining how an artifact you legally own functions.

You’re just smuggling in your own implicit definition of “legally own”.

As you’ve pointed out, “ownership” is a legal construct. One that can feature any number of limitations or clauses through the execution of a contract.


> You’re just smuggling in your own implicit definition of “legally own”.

I suppose before trade secret laws were effectively expanded to items in our own homes, the commonly accepted definition of "own a thing" was "you are allowed use of the thing, but not to examine how the thing works"?

It's not I who is doing the smuggling, and there's a reason the law uses obfuscatory language.


I don't think "you can't examine how a thing works" has ever been a condition of ownership. And even current trade secret laws carve out exceptions for information that can be obtained via other means. The Uniform Trade Secrets Act (with 1985 amendments) explicitly mentions reverse engineering being OK and includes references to relevant case law.

It would be interesting to know how they would classify modern "rented" software like the Adobe CS Suite or Office 365. They are installed on your machine but works like SaaS.

It's kind of a gray area for me at least, does it mean you own a copy or not? I'm sure it doesn't but I also know that legal system do not generally deal in shades, they are binary, either a or b.

If it legally means that you own a copy, this would in theory allow you to patch the online checking out of it to keep it running.


You can still decompile the binaries for Office products today, they are desktop products after all. Same for the Adobe CS suite, AFAIK.

What you can't do is decompile the server-side stuff. In case that stopped working somehow, you could find a way to remove the dependency on online stuffs from your desktop product, it's been done before, often in cracks.

If they fully move to web based SaaS and abandon desktop implementations completely, then yes, you'd be right, you'd no longer be able to modify it in any way.


I'm thinking of an analogy: Renting a house. If the house needs repair, I'd probably give the landlord a fair chance to fix it, but would also feel entitled to fix it myself if the problem interfered with the functioning of the house.

Same question goes for an unwanted FinFisher installation on your machine. After all, you're somewhat of a licensed user if a licensed user installed it lawfully on your machine. And since it has bugs in it, it should meet the criteria.

Nice to see the court confirm the law is as broad as it was taken to be, and that it can't be worked around with EULA bullshit.

The EULA is still an agreement. Potential end users have an opportunity to not accept the agreement and walk away.

I think this ruling is populist pandering that ends with reduced incentive for commercial software. Undermining property rights has never resulted in freer societies.


> The EULA is still an agreement.

Agreements can't violate the law. They most certainly cannot deny people their rights.

> Potential end users have an opportunity to not accept the agreement and walk away.

No, they can and should be able to use the software regardless of any abusive clauses included in the contract. Companies should be punished for even thinking they could get away with confusing laymen with their illegal conditions.

People have the right to reverse engineer. Companies are just gonna have to deal with it. It doesn't matter if they lose money.

> Undermining property rights has never resulted in freer societies.

Real property rights, yeah. Intellectual property is not real property. It barely makes sense in the 21st century.


> The EULA is still an agreement.

I can't agree to anything that is impossible for me to understand or even to read.


This is the exact opposite of undermining property rights. You sold a thing to me. Your control over that thing ends when I hand over the money. I may be forbidden from patching in a new logo and reselling it, but you that's about all you can expect me NOT to do with it.

Wait is decompolation ever forbidden anywhere? Why? I’m not reproducing anything until I use anything I learned producing something similar, at which point I might be in trouble (at least if I publish the reproduction).

But forbidding decompilation? That’s like forbidding someone to buy a car to take it apart and learn exactly how it was put together - which is what every manufacturer does with competitors’ cars.


Decomplication isn't forbidden, however a lot of acts related to decomplication are forbidden. Similarly you cannot reverse engineer a car and use that knowledge to build a replica to sell or to mass produce copies for your company to use. The special case here is that the information gained from decomplication can legally be used to fix bugs.

So basically the law is there to protect small shops from having their product stolen or their licence agreement circumvented by big companies. Otherwise a big company could just buy a single licence of your software, reverse engineer it, change it so that they get features for free they otherwise would have to pay for etc.


Similarly you cannot reverse engineer a car and use that knowledge to build a replica to sell or to mass produce copies for your company to use.

Yes, actually you can... that's why the whole aftermarket exists. AFAIK it is trademark law that prevents you from selling a true replica, but otherwise how do you think all those compatible parts --- in fact many of them better than OEM --- were created?

You can build an entire small-block Chevy and not use any parts manufactured by GM, for example. The same goes for the rest of the vehicle. Even replacement body panels are available.

The main difference is that software has zero cost to copy, whereas trying to create an entire car from 100% aftermarket parts would cost many times more than the real thing.


But either something is patented or otherwise protected, or it isn’t. You can’t sell a car whose secret sauce to high margin sales is a fender production method that will be obvious to anyone taking it apart and then cry foul when someone does take it apart.

> buy a single licence of your software, reverse engineer it, change it so that they get features for free they otherwise would have to pay for etc.

That seems like standard licensing? The forbidden part about unlicensed use of software is using it.


People are definitely gonna use this ruling to justify reverse engineering games to modify the game design, claiming that the balancing/mechanics are "buggy". Some of that will be in earnest, some of it will be cover for pirates. The stuff that will be in earnest will make for some interesting arguments about who really owns a game design once it's out in the world, and what constitutes a bug vs a design choice/flaw

Can someone share cases/anecdotes of decompiling software to fix a bug? Never done it myself nor heard someone doing that. Unless you consider not being able to run a program without license a bug :)


And there was some talk about that previously:

On HN: https://news.ycombinator.com/item?id=26296339 (703 comments)

On Lobsters: https://lobste.rs/s/jzj4q9 (25 comments)

And Reddit: https://www.reddit.com/r/programming/comments/luq9oz (1022 comments)

P.S. these threads where found with a site I'm building: https://discussions.xojoc.pw/?url=https%3A%2F%2Fnee.lv%2F202...


For one of the early iPhone jailbreaks, I made a patch for libtiff that fixed the bug that the jailbreak exploited. I didn't want to be pwned while browsing the web with my iTouch.

I gave the patch to someone named "pumpkin" on IRC, and it got integrated into the jailbreak. Kinda fun to be part of that, even though I only contributed a few bytes of code. (And I got to learn a little arm assembly.)

It's been a long time, but the tricky part was trying to shoehorn a if / return in there. I remember having to rewrite some existing code in a more efficient way (might have been jump table -> conditionals) to gain an extra couple of bytes.

I've also reversed java class files a few times to patch issues for work, but those usually have source these days. The one I remember, years ago, was a bug in the ftp code that could cause hangs with some servers. Something about sockets being closed in the wrong order.

The rest of my decompiling/disassembly has been for interoperability, trying to figure out stuff like the Notes.app or Numbers.app file formats.


I didn't want to be pwned while browsing the web

Oh I remember that bug. It was insane that a button on a web page could do that.


It wasn't proprietary software, but I used to work with a sustaining engineer who ran Firefox in a gdb session. He was a "tab hoarder" and this was before the days it would save your session; when it reset he complained that he'd lose days of context. I watched him hand-repair a SIGSEGV from a null pointer dereference. As he was doing so he explained he'd reported this particular bug a few weeks ago but "Mozilla's triage was taking a while." A few keystrokes later he'd backed up a couple of frames, set a condition variable to avoid the bad code, and continued the process without interruption. Hugely impressive.

I’m surprised the performance overhead of running a whole web browser inside a debugger was remotely tolerable for daily use.

Wouldn’t it have been easier (and way more performant) to just whip up a quick extension that dumps the list of open tabs to disk every time a tab is opened/closed? I recall session savers being some of the very first extensions available for Firefox.


If you don't set breakpoints, it's not slower than running the software normally.

Impressive indeed, but what is a sustaining engineer?

An engineer dedicated to bugfixes and crash investigations, rather than feature development. Not a common title anymore, but you'll still find them attached to products that use their own kernel, like switches and network storage.

I have decompiled AppKit on macOS occasionally to debug issues in my app.

For example, in one case I discovered that double clicking a cell sometimes only selected part of the contents. With Hopper I was able to verify that the bug is that AppKit just selected the range from 0 to 32000, assuming that would be enough. I was able to work around the issue by manually selecting a bigger range. (I also reported the bug to Apple, they told me they won't fix it because it's a deprecated API. Doesn't matter that 100s of apps, including Apple's own, were still using it...)

In another case, I found out that an obscure feature (text attachments with custom cells) was crashing because AppKit called -release too often, so it was impossible to use the feature. Apple had apparently broken it when implementing the force touch functionality for dictionary lookups.

Another time Cornerstone, the SVN client, was broken on a prerelease version of macOS. I don't recall the details, I think they called -registerDefaults: too early. I was able to fix it by writing a dynamic library that changed the -registerDefaults: implementation so that it ignored the first call (today with hardened runtime this fix wouldn't be possible anymore without disabling system integrity protection).


One of the first times I did it, was 15-20 years ago. I had a digital camera, a Canon IXUS S110, and wanted to have some pictures printed. There were some sites where you could upload pictures, but they all used som proprietary Windows program, and I had Linux. Except the supermarket chain Føtex which had a website with a Java applet. But it failed when I tried to use it throwing an exception about a missing directory.

So I downloaded the JAR file, decompiled it with the JAD decompiler and found that they had hardcoded the file separator as backslash. So that was easy to fix. I compiled it, ran the JAR file and uploaded my pictures and picked up the prints a few days later.


You may enjoy https://apple.stackexchange.com/questions/414688/how-can-i-r..., in which I figured out what was keeping modern Unity games from working on a very outdated operating system, and got them to run. I'm really quite proud of the writeup! :)

Many years ago I had a after school job working at the local newspaper office. They used some very expensive and somewhat quirky accounting software. It turned out to have a hard coded(!) percentage baked into the binary for the country's sales tax rate when issuing invoices.

Of course the government eventually decided to change that rate, and it sounded like the vendor wasn't going to be able to get them upgraded to a corrected version in time. I overheard the discussion and offered to try and help by seeing if I could hack in a fix. Rather surprisingly they agreed, and after a bit of debugging I found the problem and patched the binary. It did the trick and they successfully used that patched version for a couple of weeks until they got their upgrade.


In the 90s (or maybe 00s) the company I worked for had a self-hosted web app (they mostly all were self-hosted, then) that did various things, but was also supposed to be able to send email via whatever mail server you already had.

But it didn't work for us. I forget the exact reason, but it was like some kind of text encoding issue where the mail server was expecting ASCII but the software was sending some weird non-ASCII character from EUC or SJIS that borked it. (It was a Japanese workflow app for internal company processes like calendaring, expense approvals, etc., so it had lots of user-entered strings that were in Japanese. UTF-8 existed, but... this product had legacy issues.)

Unfortunately the vendor delivered that software (in part, but the significant part for this story) as compiled Perl modules. I think they maybe did that to make it harder for third parties to customize their shit, and therefore make it easier to get any related customization/integration contracts, but possibly it was just innocent performance enhancement.

Regardless, though, a dude I worked with decompiled those modules and figured out how to fix the bug by doing some kind of text/encoding transform.

And then it could send email.


"Unless you consider not being able to run a program without license a bug"

There are certainly cases where the license server quits working, even when the software isn't yet abandonware. I'd consider that a bug.


I've done it with games many times. Well, disassembling rather than decompilation, but close enough.

For example, changing hardcoded key bindings to be more dvorak friendly in Touhou games.

I've fixed many Quake engine based games that have the infamous OpenGL extension string overflow bug.

There's another old game (possibly Soldier of Fortune 2: Double Helix?) that refuses to run if you have the string "generic" in your OpenGL driver name. This is common on Linux distros that ship a "generic" kernel.

Painkiller crashes if your uptime is too high, due to overflow on division. That's another easy fix.


I bought a super cheap Goke SoC based security camera unware that it does not function without big brother connections to some chinese ip. A bit of looking around late it turns out someone cracked the password of the telnet server and some guy on a russian forum (4pda.ru i think) has already made a patched binary that works fully offline. I ran radiff2 on it and it was quite a few modifications to make it work. Without knowing much about ARM, would've taken me ages to figure out.


This is common in achievement-hunting communities - when a game is uploaded with bugs that prevent achievements from being possible and the developer/publisher can't be bothered to actually fix it, community members will decompile the game, write a patch for the bug, and then forward it to the developer so that it can actually get resolved.

Could be useful in finding and confirming a bug in the first place. If you can decompile the code then you may be able to systematically find some types of bugs that would otherwise be opaque to easy discovery.

Personally, I did it once on a very old game with DRM that no longer functioned, though the game ran fine. I wasn't about to trust a random crack download, so I decompiled and removed the DRM check.


My old Brother printer has an installation utility for OSX that doesn’t run under modern Java for a trivial reason. I recompiled it and swapped in a library to make it work. The only point of the tool is to configure the printer (over USB) to talk to the right wifi.

I can't do one for Decompiling, but I reverse engineered a Pole-line drafting application in order to write utilities to fix the data corruption it sometimes caused.

A long time ago, I was building a payment integration between shopping cart software and a e-check processor. I was testing my half-done work, and got an inscrutible error; finding access to the server source (because IIS exposed the data fork of the VBS) made it a lot quicker to figure out what I did wrong. Not exactly the same scenario, but close enough.

I did a fair amount in the early 2000s, mostly unmaintained software that I wanted to return to life

IANAL but what's the point/use of having a rule (like an EULA that forbids decompilation) that cannot be enforced?

Because when you threaten users with it, most of them will comply to avoid legal actions, even if they are clearly in the right.

Then add cases where "are clearly in the right" is a lot murkier to decide, and they will comply even more. Hell, the company itself might have had their lawyers figure out the user is in the right but the cost of proving it would be so high they won't succeed.

Then add cases gravitating around massive sanctions if you're wrong, like copyright infringement.

No every day individual is risking insane sanctions if they're wrong, even if they're 99. 9% sure they're right, and the eula allows the company to manipulate them without even committing to a legal action.


> Because when you threaten users with it, most of them will comply to avoid legal actions, even if they are clearly in the right.

> Then add cases where "are clearly in the right" is a lot murkier to decide, and they will comply even more.

And this is why courts should be inherently biased against the corporation. They simply have more power than individuals and without checks and handicaps they will abuse the justice system in order to essentially bully people into compliance.

In my country, the laws and courts recognize the power differential between consumers and corporations. It's a simple concept but it essentially means corporations must prove their innocence when challenged in court. It's great, especially since everyone has access to legal counsel. Anyone who feels their rights have been violated can hold the companies accountable for it and it's up to them to produce documents and other evidence showing they followed all consumer protection laws.


What sanctions? I've never seen one even fined for pirating software or any other kind of media, let alone someone fined for decompiling or altering software in general. Is something that everyone does.

The only thing that can get you into trouble is if you that kind of things for a profit, and that is right, but if you do that for personal use or to share it on the internet without profiting for it, nobody will ever do you anything...


> never seen one even fined for pirating software or any other kind of media,

It has happened in the US. Se https://www.theguardian.com/technology/2012/sep/11/minnesota...


Does Aaron Schwartz count as a counterexample? I realize he was never formally convicted but they were in the process of throwing the book at him when he died.

A few reasons.

One, you can have one blanket EULA for all markets, with a clause saying “except where it contradicts local law” or some such. More specifically, it’s often the case that the clause is too broad, but significant portions of it might still be applicable. In this case: you’re not allowed to decompile code as a blanket rule. The clause as a whole is still valid and applies to all other circumstances even if it can’t forbid this particular case.

Two, it might be an honest mistake (probably not the case in this particular instance, but definitely a possibility)

Three, you might cynically leave it there to discourage the behaviour. Readers might either not know the clause is unenforceable or be scared away by the possibility of costly litigation that would bankrupt them even if they’re in the right.


“Chilling effect.” I see the same thing with unenforceable employment contract clauses, where people still avoid violating them just to be safe.

You can use it to issue DMCAs and as a basis for lawsuits even if you wouldn't actually win - most victims don't have the resources to exercise their rights.

Let's say you want to share your fix with people so you write a blog post with instructions. Without this ruling, you could be sued and forced to take it down.

Like ripping the tag off a mattress?

I think it's probably aimed at a business that claims it can fix software bugs by reverse-engineering.


I have never seen a tag on a mattress that forbids the end user/consumer from removing it.

Have you?


Old joke.

I never got the memo it was a joke. I thought people just can't read.


Because benefits outweighs risks.

Maybe we need to pool some money for motivating people to defy these things in court. Precedent bounties or somesuch, to motivate people to call the establishment's bluff.

This sounds incredible, does it allow for redistribution of the fixed product? Or is it just for the purposes of notifying the creator of the problem and its solution in one go?

I doubt you can redistribute the fixed product, that would definitely be a copyright infringement.

But I don’t see why you couldn’t distribute a patch file, which people could apply to their own (legitimately acquired) copy of the original binary.


This is actually legal under US copyright law. There was a case involving the Game Genie which Nintendo sued to stop distribution of, in which it was ruled that modifying a program for personal use was fair use. If your EULA forbids you from decompiling, that's still binding because the EULA is the only thing that authorizes you to use the software to begin with.

The problems creep in where if you, say, decompile Windows to fix bugs in it, and then go to work on the Linux kernel (or other core system component). You are now tainted and probably shouldn't work on code similar to Windows because you can't prove that you didn't copy Windows code from your head into the new code.


because the EULA is the only thing that authorizes you to use the software to begin with

Do you have a source for this claim? I'd say that the primacy of having (legitimate) access to the software trumps any EULA provision concerning its use. The logical consequence of your assertion would be that software without an EULA can never legally be used.


Under US law, EULAs are binding per Vernor v. Autodesk. This does not apply to the EU which may forbid certain restrictions in EULAs.

Generally US law gives primacy to contractual agreements, and the EULA is a contract in which you give up some of your rights in exchange for not being sued for copyright infringement for copying the software from disk into RAM. This is copying under copyright law and the 1976 Copyright Act does not protect copies made for personal use.

Note that this does not apply to open source software; OSS licenses are bare licenses under common law and do not have the force of contract.

Proprietary software without an EULA cannot legally be used except by the copyright owner. That's why EULAs exist.


>the EULA is a contract in which you give up some of your rights in exchange for not being sued for copyright infringement for copying the software from disk into RAM. This is copying under copyright law and the 1976 Copyright Act.

That sounds ludicrous, I can't believe it. Is there a precedent of this argument being used in court that you know of?


IIRC it has come up in various Blizzard lawsuits around bots and cheat software.

From MDY Industries v. Blizzard:

> As with most software, the client software of WoW is copied during the program's operation from the computer's hard drive to the computer's random access memory (RAM). Citing the prior Ninth Circuit case of MAI Systems Corp. v. Peak Computer, Inc., 991 F.2d 511, 518-19 (9th Cir. 1993), the district court held that RAM copying constituted "copying" under 17 U.S.C. § 106.[4]

That one is more about another program accessing the ram and reading it (the act itself meaning that data in memory is "copied" again) but it's not a big jump to apply the same logic to a regular player's usage of the game.


"in exchange for not being sued for copyright infringement for copying the software from disk into RAM"

I am not a lawyer, but this sounds very wrong. If you buy a book or a painting, and take a photo with it , you have not violated copyright


You have done so if the painting is under the copyright of someone else, surely?

I’m afraid the argument that copyright is infringed when a copy is made within computer memory has long standing in the courts & is well established at this point in time (to my lay legal understanding).


>> This is actually legal under copyright law.

Presumably you meant under US copyright law. This based on my observation that only people referencing that particular jurisdiction would write as though there were only one. It's particularly galling in comments on an article about EU laws.


Sorry, I did leave out the US when I typed it. An innocent typo.

Thanks for understanding

"the EULA is the only thing that authorizes you to use the software to begin with"

Can you override a law with a EULA?


No, but you can get people to waive some of their rights under law, in exchange for not being held liable under other laws, which is how EULAs work.

It's difficult for me to imagine how this would work in my country's case. As a user of a product, you can't just say that the law doesn't apply to you even if the vendor wants you to say that.

> in exchange for not being held liable under other laws

And what other laws would apply here?


This is pretty standard for trespassing. It’s illegal to be on someone’s private property if they don’t want you there. “Wanting you there” can very much be conditional on other agreements.

That's not suppressing the law, though. That's just using it the way it's written. And definitely doesn't qualify as an example of a threat of "being held liable under other laws" IMO.

Galoob v. Nintendo is so narrow in scope that it probably doesn't even cover games made today. Hell, people trying to resell Duke Nukem mods tried to rely on it and the courts said no.

Nowadays the business model for most games is not to sell the game, but to sell unlock keys or other subscription items that could be trivially unlocked with a cheat device. Furthermore, just using that cheat device almost certainly requires defeating a DMCA 1201 technical protection measure. So my gut feeling is that it's probably already been overturned simply by shifting business practices and changes to the law.

"Tainting" isn't necessarily how the law works, either. The standard for copyright infringement in the US is access plus substantial similarity. If you have access, then you need to make sure any code you write is different enough (as determined by a jury) from what you've seen. Merely having seen NT kernel code doesn't mean you legally can't write any kernel code at all - you don't have to prove a negative of "well I didn't remember X". The court (and jury) is going to look at what you wrote and what Microsoft alleges you copied, and then try to determine if it's actually a copy or not.


> the EULA is the only thing that authorizes you to use the software //

Piffle. The seller had an offer of sale, so I purchased the product outright - easy to tell as otherwise it would have been a lease or limited license agreement rather than a sale - I purchase it and have rights to use it (as I see fit) as long as they don't infringe the law.

Sure, they can choose to make a further contract, and I can sign that and return it if I wish to be bound by it.

Companies need to be brought to heel. I don't know why we play along with their nonsense.


> You are now tainted and probably shouldn't work on code similar to Windows

This doesn't make sense to me. If I "decompile" my Toyota, should I never work on cars because I now know what Toyota did to make mine? Of course not. That's absurd. I'm not sure how it being Software changes that.


It makes even less sense when you consider that people working with the actual source code of the software can (and do) just go and work for another company making similar software anyway. Same goes for your car analogy.

Is there any difference legally between the user applying the patch file themselves and them being provided a script to automatically patch it for them?

I would argue that the user running a script to apply the patch is them applying it themselves.

I believe the important part here is that the patch does not include the copyrighted software, only the modifications.


Well, so far it's how Fan Translations of videogames have largely avoided legal scrutiny: they distribute the translation as a ROM patch, but it's up to the end-user to track down the actual ROM / game dump.

That seems shady from a legal perspective - unlike a patch, a translation is obviously a derived work (being one of the explicitly listed examples in law of what is defined as a derived work), and you need permission from the author to distribute or even make a translation.

It's probably not legal but it's in the "no one really cares territory" since to actually enjoy the translation, you need to either buy a copy of the game or pirate it. In the former case, great, a sale made to a person that would've never otherwise bought the game and in the latter it makes no real difference since you were never marketing to that person anyways.

The English release of Steins;Gate is actually an edited version of the fan translation, so the property owners couldn't have been that upset with the fan translators.


I can't see a difference between these two things. I would think the `patch` command and a (bash?) "script" are legally equivalent.

No, this doesn't neccessarily imply that. The copyright owner possesses multiple rights and some of those rights only apply to distribution of altered works while still allowing alterations. E.g. you buy a house from an architect. Can the architect sue you if you add another door?

When you buy some media from the copyright owner, you can distribute it freely. This is called first sale doctrine in the USA, and is also present in certain forms in EU copyright law.

https://en.wikipedia.org/wiki/First-sale_doctrine

The first sale doctrine is not present for digital goods though, at least in the USA. In the EU, there has been a court case in 2012 UsedSoft GmbH v. Oracle International Corp which established something like that for digital goods too. But I'm not an expert on this.


> you buy a house from an architect. Can the architect sue you if you add another door?

You are the owner of the house not the architect why would the architect sue you?


Well, here in UK it's common when buying a house from a developer that the house comes with a covenant of some kind that stipulates that you can't make modifications to the front of the house without obtaining permission from the developer first. Yes, even though the house is entirely yours. The given reason being that they don't want you making the house "ugly" and ruining their reputation as a house builder.

That is such bullshit. It is not their house! Does it actually ruin their reputation? Or would it if people knew people could do anything to their own damn house? Still, I find not being able to do such things to my house without their permission silly. What is the most minor modification that is disallowed?

In my experience the point of such covenants is not about the reputation of the builder, it's about preserving the character of the neigbourhood... it can be inconvenient for you, yes, but your house is more valuable if you know your neighbours aren't going to ruin your view by turning the front of their house hideous...

Yeah, I was thinking of this and I thought this was mainly the reason but then they should start being honest about it, IMO. I wonder what modifications this disallows that do not actually do any "reputation ruining".

Well, the same argument applies to software, I already bought a copy videogame, so why should I be prevented from altering in any way I want?

There has been a huge corporate landgrab in software under the guise of cipyright


Seems like you can distribute it. But you can't create a competing product based on it. See point b here, that should let you send patches.

> 2. The provisions of paragraph 1 shall not permit the information obtained through its application:

> (a) to be used for goals other than to achieve the interoperability of the independently created computer program;

> (b) to be given to others, except when necessary for the interoperability of the independently created computer program;

> (c) to be used for the development, production or marketing of a computer program substantially similar in its expression, or for any other act which infringes copyright.

Edit: The point of the ruling was that this clause can be interpreted to work for fixing bugs and not just interoperate with other programs. So everything here goes for fixing bugs as well.


I can't tell, but it'd never be allowed. Grab an AAA game, fix a bug in it, and now you're free to redistribute the game without consequences. That'd be insane.

My idea wasn't to redistribute the whole thing, but to distribute a patch that other owners of the game can use by themselves? Now that's a win.

I also love the idea of adding newer OS compatibility to old software, seeing old video games running on Windows 10 would be thrilling. Perhaps do the same for drivers of old hardware? Also a win, IMO.

Another big question, in these patches, can I do only the fixes I can justify? Or can I go wild and remove the parts I don't like? I'd love to remove telemetry from my TV and all those weird apps it comes with that are in Chinese and are unusable outside China.


Yeah a patch should be fine though

AFAIU the second part of the ruling states that you don't need to warn/get permission by the author. Basically, you can fix it for your own consumption.

Surely you can't redistribute copyrighted material.


Yes, through you might(?) distribute a tool to help people "fix" their thing themself.

Like bundling a open source decompiler, recompiler, code to work around decompilation restrictions and a patch into a single binary you can then use to fix the actual binary.


Usually, to patch a program, a binary patch is enough. Decompiling and recompiling is hard (even that's what we do at rev.ng!) :)

It looks like you can fix it yourself, or ask someone, as long as you have a legal copy.

I think (IANAL) redistributing is okay as log as it requires a lawfully acquired copy of the program.

I wonder if that would help the open source GTA remake case. They can argue it now runs on ARM for instance, which would be okay given the text.


>I wonder if that would help the open source GTA remake case.

Doubt it because they were distributing the entire decompiled codebase. The part that was missing was just the game assets.

If they were just distributing a binary patch that fixed the game, then they would probably be safe.


From skimming it, a legal purchaser can decompile it only to the extent necessary to fix errors affecting operation, and copyright remains with the original rights holder. It's very limited.

> does it allow for redistribution of the fixed product?

Nah, that would almost certainly infringe upon the exclusive [power] of the copyright holder to distribute the original product.

But I presume this may allow you to redistribute a minimal binary patch, or allow you to describe how to make the modifications manually.


You probably can buy, fix and re-sell software. I recall about some EU court ruling that made it clear that you can definitely sell the software you bought.

It's been ruled this way over and over and over again - you can definitely resell OEM software no matter what the licence says, it's your right as a consumer in the EU. My company bought a 50-user MSSQL 2019 licence for cheap(like €1000) because a company was going into bankruptcy and software was being sold off separately to all hardware.

I hope somebody in the EU uses this to sell kits that rid Deere & co. equipment of its notorious maintainability bugs.

Or cars... Or washing machines... Everything has some form of computer in it nowadays...

Oh yeah, absolutely.

But I have a special place in my heart for someone who would use the law to ensure that less food is available.


I don't see how the ruling helps.

1. The copyright holder can include a dummy clause in the contract that prohibits decompilation, except if there is a written permission from the copyright holder, or in cases where existing local laws permit it. This is sufficient to turn down the part of the law that applies only where there is no such clause.

2. The copyright holder can always claim that decompilation is never necessary for the user to have the errors in the program corrected, or to achieve interoperability. "Indeed, all the user had to do is to pay $1000000000 for UltraPremium support".

P.S. I am not a lawyer.


You can correct any errors regardless of any contractual provisions. In the absence of contractual provisions, you can perform additional changes to the software.

So if there is a bug, you can fix it yourself, whether or not the provisioning company has a(n) (un)paid plan for you that fixes it. This makes sense - otherwise you could once in a while let a bug "slip" to production intentionally and then ransom your users for more payment.

The relevant part of the law:

> Whereas this means that the acts of loading and running necessary for the use of a copy of a program which has been lawfully acquired, and the act of correction of its errors, may not be prohibited by contract; whereas, in the absence of specific contractual provisions, including when a copy of the program has been sold, any other act necessary for the use of the copy of a program may be performed in accordance with its intended purpose by a lawful acquirer of that copy;


Next step: extremely large fines for putting such provision on EULA.

Why not just simply decline the EULA?

If the legal system was anything but a farce all EULAs and TOSs would be declared invalid, as all parties are aware that they aren't being read before being agreed to.

Fact is, they are invalid in many countries.

One major rationale is that the EULA/ToS is only visible after purchasing the product, which makes it void automatically. How could the customer agree to something they are not aware of and cannot read?


What about Fonts? Can someone find a "bug" in the font and fix it according to their taste?

Only one way to find out: get sued by a foundry and wait for the court's opinion.

An obvious bug would be fonts unsuitable fir visually impaired, low contrast, etc

I thought EULA's are not really worth anything anyway, cus if a case actually comes to court any EULA is usually ignored, cus all users ignore them + they often have loads of illegal stuff in them.

Well, cool. It’s nice that it’s allowed now. Now please make it feasible or, better yet, unnecessary.

This will definitely encourage the production of bug-free commercial software.

Meta: .jsf? I thought Java Server Faces died a decade ago.

will this allow decompilation of EU politicians so we can fix them?

>the act of correction of its errors, may not be prohibited by contract

what is considered an "error" here? If I think Spotify made an "error" by calling up ads on their free tier, am I still following their ToS if I decompile and patch the app to remove ad code?


In a court case, you should probably be prepared to argue how that is an error, based on the legal mechanism that allows you to use Spotify in the first place. Then the court would answer your question.

(No, I think you would not get away by that)


No, that would not work.

Hopefully

And suddenly it became legal to decompile code to find exploits. Awesome!

Reverse engineering for interoperability has been legal in the EU since at least the 1991 Software Directive.

Yes, there's a requirement for interoperability, but "interoperability" is construed broadly. Interoperability in law relates to "interfaces", including APIs, and compatible file formats. Conceivably the term could also be used to describe an antivirus program which protects the program in question.

That's good this is allowed. Besides, bad faith actors will reverse engineer for malicious purposes, regardless of the law.


Do you really believe that anyone who has the intention to find exploits cares about whether decompilation is legal or not?

No, not really. I like that it is legal to do so now.

why is this a bad thing? If someone company like google/microsoft ships backdoors due to government then decompiling and finding bugs will help humanity right?

I didn't say it was. I am genuinely happy that it is now legal.

One man's exploit is another man's accessibility feature.

Exploits by themselves aren't good or bad - their use for malicious purposes is.

See also: adversarial interoperability.


Indeed, we are not disagreeing. I'm very happy that it is now legal. That's what I wrote, I think people have read into my comment that I'm being sarcastic, where I'm not.

Nothing stopped you from doing it before, only difference is, now you can do it openly. Hopefully for good purposes.

Indeed, I quite agree.

It did not become legal to decompile code to find exploits. This EU ruling affirms the legality only in the EU to decompile code only for the purpose of fixing bugs.

As this would stop someone writing exploits from decompiling

</sarcasm> ?

No, I was actually happy about this.

this has always been legal in a lot of countries.

I am not a legal expert at all, but I guess this blurs a bit more the separation between open source and closed source...

It looks like the only remaining issue is the licensing model, which would need to consider the legislation on where the software is acquired or executed.

EULAs will probably be rewritten, lawyers will profit.


I dislike this ruling, because:

1. It affirms the legal right of people or abstract entities to prevent you from copying information - that is, to have the state punish you for copying information from one page to another or from one file to another. This is immoral, anti-social.

2. It affirms the legal right to prevent you from creating modified, adapted, combined or partial versions of a piece of software or text, when you have a copy of the entire original.

3. It only allows decompilation by someone who has paid for the right to hold a copy of a program, and then only for the purpose of getting the program to work properly.

Now, you could say "but that's EU law" - and while that's true, but it doesn't make it any better. People should face no negative consequences for making copies of things, whether exact or modified.


You were hoping that the court would find the very concept of copyright to be invalid?

So you admit that the problem is the law, but you dislike the fact that the judges correctly interpreted it.

If you want judges to be able to rewrite laws to your liking, you should be aware that other people with worse views on copyright might also want judges doing that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: