tinman spent a few years mucking around industry before going back to school for a Masters. Currently not enjoying the weather in North England..
He wrote Perl that looked suspiciously like C code in 1998, while working as an intern, and has been trying to cure that bad habit ever since.
It all started with Security Protocols published a flaw in Trillian's Yahoo and AIM code here. The pointed reference to the Yahoo packet handling code mentions that
The code below is part of Trillian since version 0.71 which was released on the 18th december 2001. It was manually decompiled. The variable names were taken from the GAIM source code. If you compare the decompiled code with the code in yahoo.c (revision 1.12 from 15th nov 2001) you will realize that it is more or less identical. It is up to the reader to find an explanation how this GPL licensed codesnippet ended up in Trillian.
That started off a mini firestorm in the Trillian forums. Several people wanted to know how a payware (they do have a free basic version) product got hold of the code and used it with no citations or references to GAIM. Then one of the developers of GAIM got in on the act and responded.
Apparently, he's satisfied that the code is sufficiently different.
The problem is that there are literally dozens of GAIM clones popping up all over the net. How many of them have been scrutinized in this way ? Who would bother ? What is to stop some unscrupulous company from using GPL-ed code in their own product? Who's going to enforce the license? How can you expect all commercial for-profit entities to be honest and respect copyright ? Maybe more of these cases are not far away.
It's also worth noting that a Cerulean Studios forum thread here has a reply from the person who spotted it (posting as "user1704") saying that it's stretching the bounds of coincidence to have 4 bugs in that same small section of code and not have "code sharing".
Interesting case.. if someone swipes GPL-ed code, who'd know?Maybe companies do this regularly, who can tell..