Do you have a right to privacy of your source code?

BigG said:

Hence I see great value in publishing code for the purposes of getting the code improved upon.

Ah there in lies somewhat of a caveat for 'constructive and co-operative' feedback. Publicly sharing doesn't always equate to that, there's a bit of a human interaction element to it.

cstanton said:

Edit: If you're picking up on spelling errors rather than the topic and context of the post, you're easily distracted. ;)

Quite the opposite - I thought you may had found a new tool that I was unaware of

Have you had a play with Ghidra yet ?

cstanton said:

Comparatively in the art world

Comparatively in the engineering world, I guess you could buy an engine, strip it down, see how it works, modify it to improve its performance/reliability and then re-sell it for a large profit as a 'tuned engine'.

Back in the art world, if you took a photograph of a sculpture of an engine and tried to sell it, you could be found to be in breach of copyright.

Gough Lui said:

This is a tricky one, but short of having a license agreement which forbids it, I can’t see reverse engineering being a problem.

There definitely appears to be a line drawn here and in your example, between reverse engineering something, and then iterating upon a new version of that and making it anew. Which is somewhat protected in various ways, and reverse engineering something, or decompiling it and then simply sharing that source code without permission or rights to do so.

My takeaway is that there are still nuances in the sweeping statements of "all code should be shared regardless" where perhaps it shouldn't be, but looking at it is fine.

beacon_dave said:

Quite the opposite - I thought you may had found a new tool that I was unaware of

It's fine, the comment was more for the peanut gallery to make sure we were on track for a conversation. Thank you.

beacon_dave said:

Have you had a play with Ghidra yet ?

It's such a great tool! I played with it for a DEF CON badge with its firmware when trying to solve its "puzzle". Thanks for mentioning it. I'm certainly not adept at using it.

beacon_dave said:

Comparatively in the engineering world, I guess you could buy an engine, strip it down, see how it works, modify it to improve its performance/reliability and then re-sell it for a large profit as a 'tuned engine'.

I always find physical comparisons interesting because there are definitely more exacting restrictions on them compared to digital ones. For example, you can modify one engine and sell it, and possibly no one would bat an eyelid, but start up a business doing it en masse and there may be a greater issue, but that's not one I necessarily have examples of.

Part of the problems with digital works as deemed by courts can often be that it's so readily and easily distributable and available so as to more readily cause damage and alleged loss of revenue, etc. These are of course very specific scenarios and examples, but it's certainly why circumventing Digital Rights Management on software is illegal, even though there are laws claiming you can "backup for personal use", circumventing that protection still legally prevents you from doing so except in certain exemptions which are usually for the case of museums or those with disability.

beacon_dave said:

Back in the art world, if you took a photograph of a sculpture of an engine and tried to sell it, you could be found to be in breach of copyright.

Yeah, that's definitely a close comparator, and I've seen arguments of "because there's no loss of quality in the copy it behaves the same or similar to the original" and that's what tends to apply to digital 'copies'.

shabaz said:

So many scenarios, e.g. people deliberately sitting on firmware with no updates for users, going out of business, etc.

One area that I'm currently faced with is with engine management systems in classic cars. The manufacturer no longer supports their product or releases updated tools and documentation to allow owners to maintain it. The EEPROMs in the meantime are starting to lose their data and will soon prevent the vehicle from running. Owners however need to get the current config data out of the ECU and reflash it in order to keep their investment on the road. Those with ECU diagnostics kits have another problem in that the software no longer runs on modern laptops. The binaries need to be modified in order to adjust the timing for the data comms.

cstanton said:

Part of the problems with digital works as deemed by courts can often be that it's so readily and easily distributable and available so as to more readily cause damage and alleged loss of revenue, etc.

One issue is that with tuning an engine is that you have to purchase an original engine for each one you want to tune and sell. It's not a case of were you can just buy one engine and then tune and sell an infinite number of tuned engines.

Whereas with software, you only need to buy one original product in order to be able to sell an infinite number of modified versions.

However, what if you bought an original software product for each modified version you sold. Is that not the same as the tuned engine scenario ?

Reminds me that I was banned from a Community for calling out a soundcard company for indirectly planned obsolescence by not releasing updated drivers for their soundcards, they've since moved onto external hardware that requires the software to change functions of the soundcard (eg. from analogue to SP/DIF output) and if you don't have the right software 'codes' to send those instructions, your hardware's stuck in one mode. It also limits the hardware to one operating system (because of course they don't support all operating systems).

Even with Linux software (wine, proton, bottles, etc) there can still be restrictive limits to how far you can overcome these purposeful limitations (laser cutters have also seen requirements of people to produce new laser controller boards as a similar example).

beacon_dave said:

The EEPROMs in the meantime are starting to lose their data

This's simply awful

I can completely understand the incentive in your first two examples where the company goes out of business or fails to release firmware updates.  The underlying principle probably still applies though and it still wouldn't be right to disassemble the code.

I have experienced similar with expensive AV equipment which doesn't provide a full documented API to all you to configure it once the manufacturer no longer supports the original software.

It's going to get a lot worse as more and more equipment is headless being controlled wirelessly via a custom app on a tablet device rather than having any of the the UI built into the device itself. As soon as support for the app is discontinued and it gets removed from the app store, your expensive hardware is now useless.

EEPROMs have a floating gate which has a charge applied when programming. Over time this charge leaks away and then the contents eventually become corrupted. Some devices lose their charge quicker than and classic cars fitted with early ECUs are now having this problem. Not all owners are aware of this issue either so by the time the problem comes to light, the engine data can no longer be recovered from the ECU.

Some people are 'milking it' of course. I've seen companies charging around £4k for a serial interface box which is basically a MAX232 RS-232 driver potted in an aluminium box. Or $80k to hire an 1980's  diagnostic kit for a day to reprogram the EEPROM.   

The problem will only likely get worse as more modern cars are fitted with the likes of HMI touch panels to control functions.

Unfortunately the legal system doesn't appear to do much to protect the consumer from this.

If I recall correctly, actual breaches of copyright can only be determined by a court of law which complicates things further.

Two people could reverse engineer the same binary, modify it in the same way and sell it. One could be found guilty of breach of copyright, and the other found not guilty depending on which court session heard the case.