Reactos participation and windows source leaked

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

paulphoenix
Posts: 2
Joined: Fri Jan 11, 2019 5:39 am

Reactos participation and windows source leaked

Post by paulphoenix »

Hello,

Supposedly someone had an access and seen leaked windows source code few years ago. At the time he/she do not have any idea of the code and had forgotten since about the code, does he/she allowed to contribute to ReactOS development?

This is due to the following statement on the participation page (https://www.reactos.org/participation)

"Getting involved with ReactOS is easy and straightforward! We only ask that you have not had access to Microsoft source code for the area you want to work on. This includes either having worked at Microsoft, obtaining the source code through an academic program or from the illegal leakage of Windows source code several years ago. Having viewed the source prevents you from contributing to avoid undermining the legality of our source code"
User avatar
EmuandCo
Developer
Posts: 4722
Joined: Sun Nov 28, 2004 7:52 pm
Location: Germany, Bavaria, Steinfeld
Contact:

Re: Reactos participation and windows source leaked

Post by EmuandCo »

In general you always are allowed to participate, only parts where you might be tainted by leaked code are a lil problem. Unless you can verify the correctness of your code by test cases or sources where you got the information from which are not copyrighted by MS, you will have a problem there. We have to be better safe than sorry in this case. So I recommend you to join the dev ml and get in touch with our bunch of devs and tell them what you analyzed in the leaked code and where you wanna help and they will decide what to do ^^ Or maybe @ThFabba in here will see that and take over from now on ^^
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.

If my post/reply offends or insults you, be sure that you know what sarcasm is...
paulphoenix
Posts: 2
Joined: Fri Jan 11, 2019 5:39 am

Re: Reactos participation and windows source leaked

Post by paulphoenix »

I have joined the mailing list and asked basically the same question but didn't get any proper reply yet. Thanks.
Quim
Posts: 257
Joined: Wed Jul 04, 2018 11:45 pm

Re: Reactos participation and windows source leaked

Post by Quim »

https://github.com/reactos/reactos/blob ... #L803-L804

It is just an April fool joke or could be real?

Is 100 % of ReactOS code 100 % clean?
Where are certificates that prove it?
hbelusca
Developer
Posts: 1204
Joined: Sat Dec 26, 2009 10:36 pm
Location: Zagreb, Croatia

Re: Reactos participation and windows source leaked

Post by hbelusca »

Surprising; this comment seems to have been added by: https://github.com/reactos/reactos/comm ... 2d5a759b69
(Note: you can use the "Blame" button to view who committed what in this file, and in others as well.)

I'm wonder where and how this commit happened because:
- I currently cannot find this instance here: https://git.reactos.org/?p=reactos.git& ... ource&sr=1
- neither in the history of the incriminated file: https://git.reactos.org/?p=reactos.git; ... AD;hb=HEAD

I also tried to search to which branch that commit belongs (using "git branch --contains <commit_hash>"), no result is found.
So I'm really wondering where and how you did find that commit. Also note that this guy "PeyTy" never contributed to ReactOS. The only thing he did is to create this "GreenTea" OS that originally started as a ReactOS fork, and then is currently turning into a kernel written in "Hexa" programming language.

I would suggest you to ask in the ros-dev mailing list for how this could happen.
karlexceed
Posts: 531
Joined: Thu Jan 10, 2013 6:17 pm
Contact:

Re: Reactos participation and windows source leaked

Post by karlexceed »

This really doesn't make sense...

- The commit has a misleading description, "Update README.md"
- The commit doesn't show up in the user's commit history for December
- The commit doesn't show up in the reactos commit history for December 29
- I just downloaded the entire ReactOS source as a ZIP from Github, and this comment isn't in that file.

And yet... It's there in the file's commit history and looks like it's part of the file here on GitHub.
User avatar
EmuandCo
Developer
Posts: 4722
Joined: Sun Nov 28, 2004 7:52 pm
Location: Germany, Bavaria, Steinfeld
Contact:

Re: Reactos participation and windows source leaked

Post by EmuandCo »

@Quim, where did you get this blob link from? Don't tell me you used some random chars and picked a strange random blob by doing so. Someone gave this to you and I'd like to know who.
There is no code linkage to any of our commits, there is no commit access for that PeyTy and never will be due to the sources he uses and there is no Pull request committed by him either. Thus this whole thing smells fishy!
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.

If my post/reply offends or insults you, be sure that you know what sarcasm is...
karlexceed
Posts: 531
Joined: Thu Jan 10, 2013 6:17 pm
Contact:

Re: Reactos participation and windows source leaked

Post by karlexceed »

karlexceed wrote: Mon Jan 21, 2019 5:07 pm And yet... It's there in the file's commit history and looks like it's part of the file here on GitHub.
Scratch this. It only appears that way if you follow from the link posted by Quim above.

If you manually navigate to the file in question from https://github.com/reactos/reactos/ you'll see that these comments aren't present. Yet the blob's URL/file path seems to indicate that it exists somewhere in the ROS github repo, which I find concerning.

I think I smell a troll...
hbelusca
Developer
Posts: 1204
Joined: Sat Dec 26, 2009 10:36 pm
Location: Zagreb, Croatia

Re: Reactos participation and windows source leaked

Post by hbelusca »

Ok we know it's a dangling commit, since it is know that GitHub can keep dangling commits. The question is from where does it originate? Because if it was from guy's branch, it would not be in "reactos/reactos".
It may be possible to ask GitHub support to perform a "git gc" on the hosted repo in order to clear all that bullshit.
User avatar
dizt3mp3r
Posts: 1873
Joined: Mon Jun 14, 2010 5:54 pm

Re: Reactos participation and windows source leaked

Post by dizt3mp3r »

karlexceed wrote: Mon Jan 21, 2019 5:46 pm I think I smell a troll...
Given that recent spat with that kerneli... troll, I suspect this is the result.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
justincase
Posts: 441
Joined: Sat Nov 15, 2008 4:13 pm

Re: Reactos participation and windows source leaked

Post by justincase »

dizt3mp3r wrote: Mon Jan 21, 2019 8:08 pmGiven that recent spat with that kerneli... troll, I suspect this is the result.
I don't know that this necessarily has anything to do with that, though I suppose it might. Given the manner in which that person deals with people on their forum, I wouldn't put it past them to try something like this.

Anyway, on to the technical.
As an experiment, I copied the commit id from the latest commit to ReactOS' master branch, and went to a few random forks people have made that haven't been updated in a while (therefore this commit shouldn't exist on the fork under their name), opened a link to a specific commit on their fork, and replaced the commit id in the url with the one copied from the ReactOS master branch, and each time it showed up exactly like the commit linked above did.
I suspect that someone did effectively the same thing (but in the opposite direction) to create the link shared above: Push the commit to a GitHub fork of ReactOS, copy commit id, go to ReactOS' main GitHub repository, open a link to a specific commit, replace commit id in url, post it somewhere for people to freak out about, watch and laugh.

I wouldn't bother freaking out about it, as that's exactly what that person wants, and if they can cause a panic, they're more likely to try a similar stunt in the future, whereas if we handle it gracefully and let their attempt fall flat, it won't be as fun for them to keep trying this stupid stuff.
hbelusca wrote: Mon Jan 21, 2019 6:26 pmIt may be possible to ask GitHub support to perform a "git gc" on the hosted repo in order to clear all that bullshit.
Requesting that they run garbage collection on our repo may or may not help, depending on if there's a branch on GitHub (in one of the many forks of our repo) that includes it, but if we can open a dialogue with GitHub about this issue, perhaps they could implement a method of keeping the commits on someone's fork from being viewed as if they're part of the main repository so as to prevent this kind of abuse in the future.
EmuandCo wrote: Mon Jan 21, 2019 5:22 pm@Quim, where did you get this blob link from? Don't tell me you used some random chars and picked a strange random blob by doing so. Someone gave this to you and I'd like to know who.
Yes, @Quim, please do tell.
I reserve the right to ignore any portion of any post if I deem it not constructive or likely to cause the discussion to degenerate.
karlexceed
Posts: 531
Joined: Thu Jan 10, 2013 6:17 pm
Contact:

Re: Reactos participation and windows source leaked

Post by karlexceed »

justincase wrote: Mon Jan 21, 2019 8:59 pm As an experiment, I copied the commit id from the latest commit to ReactOS' master branch, and went to a few random forks people have made that haven't been updated in a while (therefore this commit shouldn't exist on the fork under their name), opened a link to a specific commit on their fork, and replaced the commit id in the url with the one copied from the ReactOS master branch, and each time it showed up exactly like the commit linked above did.
Confirmed. Any fork will work, just add "/blob/59b78b4756da02e275e35bd40a27962d5a759b69/ntoskrnl/ke/i386/exp.c#L803-L804" after the fork's URL and you'll see the same thing.

As an example, this fork by 0xBADCA7 (picked randomly) is 3337 commits behind master: https://github.com/0xBADCA7/reactos/blo ... #L803-L804
PurpleGurl
Posts: 1790
Joined: Fri Aug 07, 2009 5:11 am
Location: USA

Re: Reactos participation and windows source leaked

Post by PurpleGurl »

EmuandCo wrote: Mon Jan 21, 2019 5:22 pm @Quim, where did you get this blob link from? Don't tell me you used some random chars and picked a strange random blob by doing so. Someone gave this to you and I'd like to know who.
There is no code linkage to any of our commits, there is no commit access for that PeyTy and never will be due to the sources he uses and there is no Pull request committed by him either. Thus this whole thing smells fishy!
Could this be our poison pen blogger from the locked thread? Checking the dates, the last thing he posted before one of us found it was 12-30. And that puts the repository vandalism or whatever closer to then.

In the first link, I couldn't access his profile, but I finally was able to, and it makes sense. This could be the same guy, but we have no way of knowing. This guy is presumably Russian and working on GreenTeaOS... maybe he didn't like us criticizing his project and how it might be tainted, and thus going after us was supposed to be a preemptive strike or something.
Last edited by PurpleGurl on Tue Jan 22, 2019 12:19 pm, edited 1 time in total.
karlexceed
Posts: 531
Joined: Thu Jan 10, 2013 6:17 pm
Contact:

Re: Reactos participation and windows source leaked

Post by karlexceed »

The GitHub user implicated made two other commits on the same day with the same commit title, but different descriptions:
https://github.com/GreenteaOS/Greentea/ ... 632337cf15
https://github.com/GreenteaOS/Greentea/ ... 423f9c8782

But I can't find any evidence as to where the commit in question originated.

The commit is marked as 'Verified', which means it was signed, but that doesn't necessarily mean that it was the GreenTea contributor that did this. See: http://www.jayhuang.org/blog/tag/impersonating/

Literally anyone could have forked ReactOS and made this commit. Someone is definitely trying to stir things up.
User avatar
EmuandCo
Developer
Posts: 4722
Joined: Sun Nov 28, 2004 7:52 pm
Location: Germany, Bavaria, Steinfeld
Contact:

Re: Reactos participation and windows source leaked

Post by EmuandCo »

Not the time to flame at PeyTy. As long as noone explains us how that could happen at all, I don't recommend to accuse anyone of anything!
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.

If my post/reply offends or insults you, be sure that you know what sarcasm is...
Post Reply

Who is online

Users browsing this forum: No registered users and 25 guests