From: W Yu <ma...@wl...> - 2004-05-02 21:43:05
|
Thank you for the reply. I think I now understand the scoop of the issue. However, I also read that there's been two independent developments on the QQ protocol. One of which got quashed by the service provider (Tencent) at some stage for probably the reason you listed. The other is still active, and one branch of it is now named "OpenQ" in the form of a Linux Gaim plugin. This one seemed to have continued without objection. Is OpenQ from a legitimate method per your description? Does anyone know? -- Luke Schierer at lsc...@us... wrote on 03/5/04 05:18: > I, and others, are not so much concerned about the _fact_ of reverse > engineering, but by the _methods_. A reverse engineering process in > which you sniff packets, modify libraries the official client uses, even > pretend to be the server are all legit, and in fact used by us. A > reverse engineering process by decompilation on the other hand is very > objectionable. Sean summarized things well: > > " > Try to follow this: > > The GPL's power comes from copyright law. Because only the copyright > holder has any right to do anything with his code, anyone else who wants > to use, modify, distribute, whatever, his code has to be licensed to do > so. Without a strong copyright, the GPL is powerless. > > Of course any attempt to fix Yahoo auth will be reverse engineered. The > protocol is not published, and therefore it can only be cracked through > reverse engineering. What "Amatus" did was to "decompile" the Yahoo > executable itself. > > Decompiling takes the machine code in Yahoo's official client and simply > translates it to C. It shouldn't be hard to see that the resulting C > code is not "Amatus's" intellectual property, and that for that reason > he can not claim copyright over it. Think of a music score. If someone > writes and records a song, you can't transcribe it to sheet music and > call it your own. > > Trillian's code came to me with a "Copyright 2003 Cerulean Studios, > LLC." I honestly have no clue how they reverse engineered Yahoo. When > I reverse engineered the last Yahoo auth protocol, I did so with a > hacked version of openssl and my own Yahoo server to give it challenges > I wanted to test. There are many ways to reverse engineer something > that results in original source code. As Cerulean Studios claims > copyright over the code, I can only assume that it's copyrightable. > > As for the "License Unknown" deal, it has been licensed to me to release > in Gaim under the GPL. I will mark the new files to indicate that, such > that there's no confusion. > > Do you really think I would violate the GPL so publicly and blatently? > That seems to be the trend of late. *sigh* > " > > While the above is addressing a debate that occured as to our choice > between two different revsere engineering attempts made on the yahoo > authentication process, much of it applies to any attempt (successful or > not) to reverse engineer any protocol. > > luke > > On Sun, May 02, 2004 at 10:13:53PM +1000, W Yu wrote: >> Dear all, >> >> New to this list and greetings to all! >> >> I read on the dev site archive that there's been some recent discussion for >> QQ support by Gaim. >> >> Any more follow ups on this? >> >> I understand there was some concern by some that the code was reverse >> engineered. But how is that different to all the other codes that support >> AIM, MSN, Yahoo etc etc on Gaim and many other 3rd party clients? |