MS Pulls Windows 7 Tool After GPL Violation Claim 186
Sam notes an Ars story on Microsoft pulling the Windows 7 USB/DVD Download Tool from the Microsoft Store website after a report indicating that the tool incorporated open source code in a way that violated the GNU's General Public License. Whether the software giant is actually violating the GPL, a widely used (including by the Linux kernel) free software license, is not confirmed. "We are currently taking down the Windows USB/DVD Tool from the Microsoft Store site until our review of the tool is complete," a Microsoft spokesperson told Ars. The fact the company pulled the tool doesn't bode well, so we'll have to watch closely to see what the company puts back on its servers.
So, this is about as damning as you get, isn't it? (Score:2, Insightful)
Oooopsies.
Seriously, preview your own posting editors! (Score:5, Insightful)
Seriously, preview your story summaries editors!
"...so we'll have to watch closely to see what the company puts it back on its servers."
Who thinks that "it" makes sense?
Re:So, this is about as damning as you get, isn't (Score:5, Insightful)
Now now, calm down a moment. Imagine what would happen if they *didn't* pull the code- there would be a veritable shitstorm in the Free Software community. This is the smart, rational thing to do.
On a side note, this really acknowledges the power of the GPL- if even a single report says that there is a GPL violation and this causes Microsoft (its 'arch nemesis) to pull a tool for their newly launched apple-of-their-eye.
Re:So, this is about as damning as you get, isn't (Score:5, Insightful)
Replying to my own post here, but also remember that this is exactly what ReactOS did when there was a similar allegation by Microsoft- and were largely applauded for it. Again, it's the sane, rational thing to do and in my eyes doesn't admit any guilt whatsoever. That doesn't mean a GPL violation isn't there, mind, but it means that if there is one this is exactly how it should be handled.
Re:So, this is about as damning as you get, isn't (Score:5, Insightful)
Right... or they are being smart, pulling the tool, and investigating whether they are violating the GPL. Like they said.
It was a "Jump to Conclusions" mat. You see, it would be this mat that you would put on the floor... and would have different CONCLUSIONS written on it that you could JUMP TO.
Re:Seriously, preview your own posting editors! (Score:3, Insightful)
Or the "what". Substitute "when" or "whether" and "it" makes sense, too.
Re:Excellent example of why MS hates GPL. (Score:4, Insightful)
Re:Excellent example of why MS hates GPL. (Score:3, Insightful)
Yes, because Microsoft's mode of operation is to steal GPL code and try to claim it's theirs until they get caught, at which point they fess up and pretend it was a mistake. Right... I mean, just look at all the other times they stole GPL code!
If in fact that tool used GPL code, it was just some lazy or dishonest developer who used a bunch of code from the Internet and pretended it was his. No proprietary software company would let that slide. Yes, that includes the company we all love to hate.
Re:!Widely used , Widely despised.. (Score:3, Insightful)
Pft. Clearly even MS are using GPL software. Doesn't get much more mainstream than that.
Re:Excellent example of why MS hates GPL. (Score:5, Insightful)
The same problem applies to any license? Suppose MS accuses someone of using their code, how can that be determined? If an author or musician accuses someone of copying them how can that be determined? It is an intrinsic problem of copyright, not a problem with the GPL.
Re:Excellent example of why MS hates GPL. (Score:1, Insightful)
Well, I'd generally say that Codeplex is MS's version of the open source community, and it looks like that didn't stop the GPL from doing its thing. Ignoring their somewhat-slimier licences that no one pays attention to these days, the MS version of open source appears to be that the GPL holds true, and they'd rather take it down than have a PR incident starring Microsoft as Emperor Palpatine and Codeplex as the Galactic Senate. Most likely the program was something that developers were passing around the MS offices, as a fork of the original Codeplex project that they felt was more useful. It fell through the cracks enough for someone in a different department to pick it up and say 'hey, this is great!', and it ended up on the 'net without its heritage by accident. There are so few MS products where you can find a list of developers for them--it's not surprising that they'd have trouble tracking the ownership of one little internal tool, either.
Re:Excellent example of why MS hates GPL. (Score:5, Insightful)
When I was working in an MS technology shop I found many cases of our programmers cutting and pasting code from other sources on the internet. Quite a lot of it came from MS itself and explicitly said that it could not be used. What do you do now? Rip the code out? But we've already shipped the code. Should we demand that the customers give it back until we can rip the code out? What if we still want to use the code? Should we approach MS and try to negotiate a different license? What if they say no?
There's no difference here. The GPL is quite easy to understand as licensing documents go. I think we can all agree that if code licensed only under the GPL was in the application, it would be a breach of the licensing terms; just like when various people in my company appropriated MS code. The resolution is exactly the same.
The moral of the story is: don't use code whose licensing terms are unacceptable to you. It doesn't matter what the license is. It doesn't matter what political forces caused the terms of the license to be created. If you don't agree to it, don't use it. This is the one thing that is the same for all licenses.
You could say that about any software (Score:3, Insightful)
This is actually a good example of why Microsoft (and others) may dislike the GPL - how precisely do you determine that it is not a GPL violation?
You could say that about any software, not just GPL and not just FOSS. Sure it's easier to pass off publicly available source as someone else's code because it's much easier to get hold of, but that doesn't mean it can't be done with leaked or stolen code.
This isn't a "reason" for any company not to like open source. "Lame excuse" would be a better discription.
Re:This might be a double-edged sword (Score:4, Insightful)
What you forget is that GPL code is owned by the author, not some magical GPL entity. One author might well want to kick up a fuss, while another may want to deal with it quietly. Others might go to the SFLC, whose policy *is* discretion first (and that's what I believe the earlier articles were referring to).
Whether or not to kick up a stink, demand compensation/removal of the tool, prosecution etc. is in the hands of the copyright holder, not the SFLC (although the holder may choose to hand it over to them for the purposes of dealing with the case).
Re:So, this is about as damning as you get, isn't (Score:5, Insightful)
And no it's not enough to pull the application, if you've distributed the binary and you've used GPL code you're obligated to release that code.
No, you're not automatically obligated to do any such thing. What happens is that you may be infringing on the copyrights on the GPL'd code, so it's up to the copyright holders to decide what to do: ignore it, negotiate a (presumably non-GPL) license agreement with you, or take you to court. And if the latter, the judge will decide what the punishment should be--most likely it'll be "stop distributing the software and pay the copyright holder $$$$$". It's unlikely that the punishment would be "publish the source code to your app that used GPLed code."
Re:Not a bad move (Score:5, Insightful)
Re:!doesn't bode well (Score:3, Insightful)
I think taking the software down is a very boding/bodeable/bodeful/whatever thing to do.
I completely agree. The guy who posted the original story was just wrong to say it "doesn't bode well".
By saying that, he was basically condemning Microsoft's actions before they'd even done then. I dislike MS as much as the next guy here, but - please! - what have they done in this case to warrant not boding well? As soon as they found out there was a potential problem, they pulled the software so they could investigate. Absolutely the right action.
What would you have preferred them to do? The only two other options were (a) ignore the problem, and (b) release the code. Ignoring the problem was clearly never going to happen -- even MS isn't that arrogant. And while I'm sure we'd have loved them to have just released the code, they would certainly need to check it first, because there's a very high probability that it also contains code which is licensed in a way that can't be released (especially since this is a DVD tool). So pulling it while they investigate is the right thing to do.
The most likely scenario I would suggest is that MS will re-launch the tool in a few months with the GPL parts replaced so they don't have to release any code. Not what the masses of slashdot would want, but likely to be the most sensible and pragmatic way for MS to deal with it.
Re:This might be a double-edged sword (Score:3, Insightful)
A lot of code is voluntarily handed over to some magical GPL entity since the author doesn't have the time/resources to enforce it himself. My magical GPL entity, I of course mean the FSF.
Re:more info (Score:4, Insightful)
They do have strict auditing practices in place, specifically regarding interoperability, buffer overflows (and the like), and checking to ensure the code hasn't been wholesale copy/pasted from public libraries.
However, they cannot ensure that someone hasn't copied a dozen lines of code from some other obscure program. They don't have the worlds entire source-code archive sitting in a database waiting to do comparison searches.
Furthermore, i find the ENTIRE situation very, very unlikely. It's almost as if it was all orchestrated. The story that we're supposed to buy is that:
1. Some random pundit was rooting through Microsoft functions because he "felt there was too much code there".
2. Pundit noticed some code that, despite it not having any reference to ImageReader, and despite this individual having nothing to do with ImageReader, immediately recognised that a dozen-line ReadBytes method was "obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project".
3. No evidence is ever produced that there are any references to ImageReader, CodePlex, or anything else in the source. The researcher simply magically recognised the source code from a project that he'd had nothing to do with and never seen before.
I'm not buying it at all. This feels intentional.
Re:So, this is about as damning as you get, isn't (Score:3, Insightful)
Yes you are obligated to do such a thing, and if you don't comply you can be dragged to court where you could be sentenced to pay for copyright infringement.
You are wrong, in the case of unwilfull infringement, positive action to cease infringement is enough - you are not obligated to release the code, and you are not bound by the licence. The copyright holder can still persue damages for prior infringement, but thats it.
Unwilfull? You see that's where our difference is. You seem to be so naive to think that Microsoft developers are unaware of the GPL. And also, of course one can refuse to release the code, but then one would get fined. What did you think I meant? Somebody will force you to release the code with a gun pointed at your head?
Re:So, this is about as damning as you get, isn't (Score:3, Insightful)
"if you've distributed the binary and you've used GPL code you're obligated to release that code. Your mistake, your mess. MS wouldn't be so forgiving, why should the GNU community be? You'd think that the worlds largest software producer, in 2009, would have a better understanding regarding the GPL."
If only the world was that simple. The fact is, in a large software corporation there is absolutely no way to ensure that some incompetent developer hasn't just gone on the net and copied some code no matter how hard you try. I understand your sentiment but it's also not really fair to penalise and entire company for the actions of one developer either.
The GNU community should be more forgiving because it's about showing that GPL'd code is useable in business as long as the rules are followed rather than trying to screw companies over if they go anywhere near GPL because that's a sure fire way to turn many other companies away from GPL - why touch if it's such a dangerous minefield? Having to pull software is a pretty big, costly and embarassing punishment in itself and is more than enough to put most companies including Microsoft off knowingly and intentionally violating the GPL.
Regardless, even if they do take it further what do you think will happen? It'll result in a court case and any judge is going to see that by pulling it Microsoft recognised it's mistake and tried to deal with it reasonably. You'd most likely see the case get kicked out as a waste of time because Microsoft were already making a good effort to rectify the problem.
"Oh and the only troll I see here Sopssa is you for posting repetetive bullshit posts like the one above."
Having a different viewpoint to you is not trolling, get over yourself, you're not the international dictator of opinion that decides what everyone's "correct" opinion on everything should be.
Re:Excellent example of why MS hates GPL. (Score:3, Insightful)
How do you determine that ANY 3rd party bit of software wasn't created in bad faith?
How do you determine that you aren't "receiving stolen goods".
This is a general problem not just limited to the GPL. The open nature of the GPL just means that violations might be easier to spot and more people will have the tools to make such a determination.
IOW, the GPL just makes it easier to get caught.
Re:So, this is about as damning as you get, isn't (Score:4, Insightful)
Uhh.. Your logic is at best... strange.
Being aware of the GPL does not mean you are aware that any given piece of software is licensed under it, much less a few snippets of code from said application.
There are three possible scenarios I can think of off the top of my head that are all highly likely here, none of which would make Microsoft aware of the fact they were violating the GPL (if that is even the case, which isn't even proven yet).
1) Microsoft hired a contractor or 3rd party to produce the code. The 3rd party used GPL code, but did not tell them. Yes, Microsoft is still liable, but they're not willfully liable.
2) Microsoft produced the tool for internal use. This is a valid use of the GPL'd code and doesn't require source to be distributed with it. Some other department, unaware that GPL'd code was used, got ahold of the tool and decided to use it externally. The original developers are unaware of the new use. Again, Microsoft is not willfully infringing.
3) An employee decides to take a shortcut and use GPL'd code without telling his bosses, takes credit for the code, and thinks nobody will ever find out. Microsoft is unwillful because even thought the employee wilfully infringed, the company had no knowledge. Yes, they're still liable, just not willfully so.
There are probably many other possible scenarios too... but I can't be bothered to spend more than a couple minutes thinking about it.
So perhaps you should think your arguments through before jumping to the conclusion of "it must be willful".