Through an intriguing article on Slashdot I have read that ipods are
now being used for things other than audio. They are being used to
obtain data from a computer, and computer network obtaining business
documents and such in seconds.
One way to make ReactOS a safer operating environment is to use a
virtual encrypted file system that would restrict the copying of
files to any usb, or network device via an encryption algorithm. So I
propose a VEFS that would restrict this. The VEFS would disallow the
passage of documents to any removable device unless the user has
permission to archive them, which would be the "a" attribute. The
VEFS would make use of two AES encryption algorithms which would
encrypt the file's contents. One being a key another a lock, however
the user must provide a password to unlock and decrypt the files.
This would allow the user to unlock the files, only if they have the
password. This would also allow users to secure their personal and
corporate data.
Any ideas?
Has anyone looked at the Haiku Project lately. There hasn't been much
change in status but I do think the status page has a great graph
that reactos should implement.
http://haiku-os.org/learn.php?
mode=status&haikuusersession=80b7ab5450deadb0c18c136376ee33d0
This is a script you can use to switch your current repository to the
new one. It won't save much dl time at this point, but might help.
It's experimental, and it might claim that some directories 'already
exist'. If so, you have to delete the old version of the directory.
Of course, you'll be able to get your diffs out by doing svn diff on
those directories beforehand.
In any case, use with caution.
run like this
python change-repo.py <reactos-dir> svn://svn.reactos.com/trunk/reactos svn://svn.reactos.ru/reactos/trunk/reactos 97493ccd-5924-5043-b1f5-66cb403b36ce
--
Discordant is the murmur at such treading down of lovely things while
god's most lordly gift to man is decency of mind. Call that man only
blest who has in sweet tranquility brought his life to close.
If only I could act as such, my hope is good.
-- Aeschylus' Agamemnon (translated by H. W. Smyth)
--
Discordant is the murmur at such treading down of lovely things while
god's most lordly gift to man is decency of mind. Call that man only
blest who has in sweet tranquility brought his life to close.
If only I could act as such, my hope is good.
-- Aeschylus' Agamemnon (translated by H. W. Smyth)
Hello!
As for recent changes with SVN repository hosting, the active ReactOS
repository now is being placed on svn://svn.reactos.ru/reactos.
I thought it would be wise not to copy passwords from the old
repository, so
All developers with commit access, please send me your exact matching
svn commit name (though I can look it up easily of course ;-)) and a
password you would like to use in the repository.
Right now there is only directory/files moving operations are going,
without any features being added or deleted until the voting on files-
locks in SVN for non-audited parts will be resolved.
This doesn't touch modules which are clean apriori - like rbuild for
example.
Thank you,
Aleksey Bragin.
At 15:11 17/02/2006 -0000, you wrote:
I apologize for this second intrusion, but i have some difficulties
to really understand this:
>Define 'MS code'. If we're talking about leaked source code, then that is
>true.
But you said elsewhere that there was _no_ leaked source, so that
the only problem should be with your next words:
>If we're talking about small chunks of assembly from dissasembled MS
>binaries, then that is what the audit hopes to uncover and remove. Once the
>audit is complete, we can also say we know this to be true, at the moment we
>don't know.
... and this one sounds strange to me, because i saw several messages
talking in terms of *year* (?!), for the audit.
Well, i just downloaded the ReactOS Sources, and searched for all the
Files having an "__asm__" Statements inside, after having saved in a
dedicated Directory, the folders: bootdata / Drivers / hal / include /
lin / media / modules / ntoskrnl / regtests / services / subsys and
win32api.
I did not considered the other ones because, for example, i suppose
that there can be no "problem" with the [apps] Folder. ;)
The search of the Files with "_asm_" inside shows only around 80 Files
found. Opening several of these Files, shows that the occurencies of
"_asm_" seem to be from 1 to, say, 10. Most usually around 2 or 3. It
also shows that many of these Statements cannot be any problem. Example:
{
__asm__("int $3\n\t" : /* no outputs */ : /* no inputs */)
}
Some other ones, a little bit more significative look like, for
example:
__asm
{
mov edx, Port
mov edi, Buffer
mov ecx, Count
cld
rep ins byte ptr[edi], dx
}
... that do not seem to me big enough for demonstrating anything,
particulary not for a so trivial code... Not considering that most
of the ones i saw, were simple LOCK or INT instructions, and the like,
that do not even diserve a reading.
I did not search inside _all_ files, but i had to search inside many,
(say, 1/3), before i could point out an Asm Routine with more than 10
Instructions...
I stopped there, because i said to me that it was stupid to read that
way, and that i was possibly missing the Files of real interrest for
the Audit. But all i have seen does not explain to me, how it could
ever take one year for proof-reading so few, and so small, "__asm__"
statements.
What am i missing?
Betov.
< http://rosasm.org >
Hi!
I am now very confused.
It seems for me, that the current informations about ReactOS´s situation is
poor. And if there existing informations, they are IMHO contradictorily.
On 27.1.2006 Steven Edwards wrote "Reset, Reboot, Restart, legal issues and
the long road to 0.3"
http://www.reactos.org/xhtml/de/news_page_14.html
In this text there is no word about leaked Windows-code. So it seems, that
the main problem is revers engineering, which is not clean room rev. eng.
One day later a developer says in the forum
http://www.reactos.org/forum/viewtopic.php?p=13239&highlight=#13239
"The biggest problem isn't disassembled code. The fact is that 4 of the
developers have had a copy of the leaked Windows source."
So, the biggest problem is, that some ROS-developer have looked in leaked
code.
He have said that, and nobody have contradicted it.
But at
http://www.reactos.org/archives/public/ros-dev/2006-February/007832.html
a developer says to me
"The leaked source code was never an issue here, that was an escalation of
the mail which was posted on the public list. The rumours which materialized
from that were unfounded and untrue."
and the cvs tree will be completly re-opend.
In an other mail, I don't find it at the moment, anybody says, that there is
still no Microsoft-Code found in ROS. All is clean.
On the following
http://www.reactos.org/pipermail/ros-dev/2006-February/007717.html
a developer says
"I am told that the sources for FreeLdr are all okay, except for the
some of the bootsectors having been pretty much just disassembled from
MS's. Is this true?"
The answer comes from an other developer
http://www.reactos.org/pipermail/ros-dev/2006-February/007722.html
"crashfourit has posted a patch here:"
That means, that it is possible, that MS-bootsector-code have found the way
in ROS, if I understood it right.
And at
http://www.reactos.org/archives/public/ros-general/2006-February/002128.html
somebody cite something where a Codewaever chef says, that in ROS is stolen
code.
I have at the current no links, but I have the feeling, that there existing
a lot of more comments like these, which me all confused very much.
And then ReactOS gives for me more questions then answers.
What does the Audit-process mean?
You have - as somebody says - already seen, that no Windows-Code is in
ReactOS.
But you want with the audit look for code, which are integrated by (not
clean room) reverse engineering.
But how do you want to find it?
The clean room inverse enginering is like re-writing an existing book,
without reading the existing book itself. Only reading review, critiques and
summaries about the book are alowed to read.
But there existing some people who have reverse enginered, but not clean
room. This is like someone, who have completly read the book itself and
tries to write the book what he read then down in mind.
But how do you want to become out, who have read the original book and who
not?
Steve Edwars have written "and the long road to 0.3". Is it still true, that
it needs now longer, until 0.3 comes out? The tree will already be opend.
Does it mean, that 0.3 comes only after the end of the audit-progess out? If
this is true, comes then before the end of the audit other releases out
(0.2.10, 0.2.11, .... etc) ?
You see. I am very confused.
I don't expect that you answer to my mail here.
I only want, that your public clarification,
http://www.reactos.org/archives/public/ros-dev/2006-February/007832.html
Murphy have written "The whole tree will be reopened in the state it was in
before it closed.
More details will follow when this happens.", will really clarify all. So
that no longer confuseness for anyone exists.
Greatings
theuserbl
theUser BL wrote:
> I am now very confused.
I'll try and clear some other areas up for you.
I don't have web access at the moment, so I am only going off what you have
pasted under the links.
> On 27.1.2006 Steven Edwards wrote "Reset, Reboot, Restart,
> legal issues and
> the long road to 0.3"
> http://www.reactos.org/xhtml/de/news_page_14.html
>
> In this text there is no word about leaked Windows-code. So
> it seems, that
> the main problem is revers engineering, which is not clean
> room rev. eng.
Correct.
> One day later a developer says in the forum
> http://www.reactos.org/forum/viewtopic.php?p=13239&highlight=#13239
> "The biggest problem isn't disassembled code. The fact is
> that 4 of the
> developers have had a copy of the leaked Windows source."
>
> So, the biggest problem is, that some ROS-developer have
> looked in leaked
> code.
This isn't much of a problem, the problem is the integrity / validity of our
code.
i.e. how was the information to write the code obtained.
See above.
> But at
> http://www.reactos.org/archives/public/ros-dev/2006-February/0
> 07832.html
> a developer says to me
> "The leaked source code was never an issue here, that was an
> escalation of
> the mail which was posted on the public list. The rumours
> which materialized
> from that were unfounded and untrue."
Correct.
> In an other mail, I don't find it at the moment, anybody
> says, that there is
> still no Microsoft-Code found in ROS. All is clean.
Define 'MS code'. If we're talking about leaked source code, then that is
true.
If we're talking about small chunks of assembly from dissasembled MS
binaries, then that is what the audit hopes to uncover and remove. Once the
audit is complete, we can also say we know this to be true, at the moment we
don't know.
> On the following
> http://www.reactos.org/pipermail/ros-dev/2006-February/007717.html
> a developer says
> "I am told that the sources for FreeLdr are all okay, except for the
> some of the bootsectors having been pretty much just disassembled from
> MS's. Is this true?"
> The answer comes from an other developer
> http://www.reactos.org/pipermail/ros-dev/2006-February/007722.html
> "crashfourit has posted a patch here:"
>
> That means, that it is possible, that MS-bootsector-code have
> found the way
> in ROS, if I understood it right.
This code hasn't been audited yet. It's possible that parts of the
bootsector have been derrived from an MS dissasembly. The audit will reveal
the answer, and it will be rewritten if nessesary.
> And at
> http://www.reactos.org/archives/public/ros-general/2006-Februa
> ry/002128.html
> somebody cite something where a Codewaever chef says, that in
> ROS is stolen
> code.
Incorrect. There is no stolen code in ROS and more than there is stolen code
in Wine.
> And then ReactOS gives for me more questions then answers.
>
> What does the Audit-process mean?
It means all suspect code will be proof-read and documentation must be made
available to prove it's validity.
If not, the will be either rewritten, docs written or removed dependant on
the circumstances.
> You have - as somebody says - already seen, that no
> Windows-Code is in
> ReactOS.
> But you want with the audit look for code, which are
> integrated by (not
> clean room) reverse engineering.
> But how do you want to find it?
Any code that is questionable. i.e. a reason cannot be found as to why it is
included.
I agree it's difficult to tell what is clean room and what it not.
As KJK said, if we don't question it's validity as all appears well, then it
would be up to a 3rd party to proove otherwise.
> Steve Edwars have written "and the long road to 0.3". Is it
> still true, that
> it needs now longer, until 0.3 comes out? The tree will
> already be opend.
> Does it mean, that 0.3 comes only after the end of the
> audit-progess out? If
> this is true, comes then before the end of the audit other
> releases out
> (0.2.10, 0.2.11, .... etc) ?
Decisions on new policies havn't been reached yet.
It's true that it is still a long road. The audit is still going to happen,
it's just that we're doing it in a slightly different way now.
It is hoped that this new method will ensure the project stays alive during
the audit.
> You see. I am very confused.
I hope that cleared some things up for you.
> http://www.reactos.org/archives/public/ros-dev/2006-February/007832.html
> Murphy have written "The whole tree will be reopened in the state it was
in
> before it closed.
> More details will follow when this happens.", will really clarify all. So
> that no longer confuseness for anyone exists.
The current vote will decide the outcome of that. There are currently 2
options.
Read the mail entitled 'Vote: Code Auditing' for more details.
Regards,
Ged.
************************************************************************
The information contained in this message or any of its
attachments is confidential and is intended for the exclusive
use of the addressee. The information may also be legally
privileged. The views expressed may not be company policy,
but the personal views of the originator. If you are not the
addressee, any disclosure, reproduction, distribution or other
dissemination or use of this communication is strictly prohibited.
If you have received this message in error, please contact
postmaster(a)exideuk.co.uk
<mailto:postmaster@exideuk.co.uk> and then delete this message.
Exide Technologies is an industrial and transportation battery
producer and recycler with operations in 89 countries.
Further information can be found at www.exide.com
At 20:21 17/02/2006 +0100, you wrote:
>I think this only applies to the bootsector, wich has asm directly taken
>from disassemblies in it.
Ah. Then it should be the [Boot] sector. I see 5 files in there, with
asm statements. Only one could be a problem, that is named "longhorm.h".
52,000 Bytes long // 105 "_asm__". Outchhhh...
But did not another guy said that there was a possibility of complete
replacement? And, if i miss-undertood, or if not possible, would it
take one year for proof-reading 52,000 bytes of C Source?
>I think what Ged was talking about was disassemblies converted into C.
>And this can be found by looking for typical things of that kind of code:
>- Magical number inside C code. Normally constants are used or the
>numbers are commented or really obvios. But when you don't know why
>there's a constant 0x2342 then you don't really know how to call it. In
>disc.c there's a constant called PARTITION_MAGIC ;-)
>- excessive gotos: You would normally not use any gotos, but it can be
>hard to identify complex structures of for, if, while,... inside asm
>code, so you do it like it's done in asm: with gotos. It doesn't look
>good, but it works.
Ah! C simulating Assembly and hard coded unknown numbers...
OK, i see the problem better, with these points, as long as there is
really a _lot_ of Files with "goto"s inside, and i can imagine how
sorting all of these out, might be a boring task. But this was not,
at all, what was first said.
Thanks for the explanations. Betov.
Which is why I stated a couple weeks ago thaqt politics has NO place in
an engineering project.
At all.
Ever.
-----Original Message-----
From: ros-dev-bounces(a)reactos.org [mailto:ros-dev-bounces@reactos.org]
On Behalf Of mf
Sent: Friday, February 17, 2006 1:55 AM
To: ReactOS Development List
Subject: [ros-dev] Re: Vote: code auditing
Brandon Turner wrote:
> That was the orginal plan, and we just voted against it.
>
> Brandon
>
That's the idea with politics, you amend a proposal until the original
purpose of the proposal is completely reverted, and you end up with a
new set of useless silly rules with possible flaws, loopholes etc. If
you can't get people to accept something, just confuse them with even
more proposed rules, preferably vague but essentially the same as what
they originally voted against.
mf
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev
Murphy, Ged (Bolton) wrote:
> Incorrect. There is no stolen code in ROS and more than there
> is stolen code in Wine.
Sorry, that should read 'There is no stolen code in ROS _any_ more than
there is stolen code in Wine.
************************************************************************
The information contained in this message or any of its
attachments is confidential and is intended for the exclusive
use of the addressee. The information may also be legally
privileged. The views expressed may not be company policy,
but the personal views of the originator. If you are not the
addressee, any disclosure, reproduction, distribution or other
dissemination or use of this communication is strictly prohibited.
If you have received this message in error, please contact
postmaster(a)exideuk.co.uk
<mailto:postmaster@exideuk.co.uk> and then delete this message.
Exide Technologies is an industrial and transportation battery
producer and recycler with operations in 89 countries.
Further information can be found at www.exide.com
