Another favorite quote: Just because you are paranoid, doesn't mean they are NOT out to get you!
There was talk similar about IBM and their old mainframe OSes. Many of the large clients did purchase 'source code licenses'. I worked for some that had them. To be able to see the source as an employee we had to sign NDAs. So it didn't get as much scrutiny as open software can get. But we did view and review it in tracing down problems repeatedly. On RARE occasion we did on the fly code fixes, but by then we were already talking to the top level support (aka developers) at IBM. All that being said, even 'properly licenses' individuals are often allowed to see the source code at some software manufacturers. Back in the day I did a significant amount of reverse engineering (we called it dis-assembly, turning executable object code back into assembler. It took a LOT of work to do non-trivial programs, but it could be done), and yes, we found back doors left in code, un-documented 'features', as well as code that did not do what the manufacturer said it did. Lots of dead code (old code that was never taken out). Code that was intentionally written over and modified on the fly was the hardest, but it too was busted. (That kind of self modifying code was never considered good business practice, but there was a day when running code that did overlay itself was considered good coding on very limited hardware ... to get it to run programs it would not have been able to run otherwise.) There seem to be far fewer that have the skills, knowledge, ability, and TIME to do that than there were. That is probably a good thing. A friend wrote a generic dis-assembler and was sued by a former employer for the code. He did write the code, but they couldn't find anyone that could understand how it worked (he did obfuscate it a bit, but not so much that he couldn't maintain it). So he never put it on the market, and the company (a very litigious hardware/software development company) never used it after 'winning' the law suit ... but no one else did either. .. bummer. The real reason for his program was to disassemble it, and automatically re-code any object code into C. Then it could supposedly be re-compiled and targeted to any hardware or hardware emulation platform. If you have ever maintained some computer language translated code (I did, an accounting system, initially written in PL/I, translated into COBOL. We wrote in-house modifications by re-translating by hand back into PL/I as needed, from the COBOL source), the computer generated variable names obfuscates the code even if you can recognize the structure of coding elements (loops, comparisons, etc). For most people there are only so many language to language translators, or machine code disassembly projects that are fun. I left most of mine long ago. I have known several folks who flat burned out with that kind of project. I moved on before I got to that level. When doing it, it became like an addiction, so that tells me there are still several windowless cubes that have folks buried in them with the door way blocked by old Twinkie wrappers and stale coffee cups. - Ugh, the imagery. -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
