Forgot your password?
typodupeerror
GNU is Not Unix Microsoft Windows Technology

MS Pulls Windows 7 Tool After GPL Violation Claim 186

Posted by kdawson
from the least-they-could-do dept.
Sam notes an Ars story on Microsoft pulling the Windows 7 USB/DVD Download Tool from the Microsoft Store website after a report indicating that the tool incorporated open source code in a way that violated the GNU's General Public License. Whether the software giant is actually violating the GPL, a widely used (including by the Linux kernel) free software license, is not confirmed. "We are currently taking down the Windows USB/DVD Tool from the Microsoft Store site until our review of the tool is complete," a Microsoft spokesperson told Ars. The fact the company pulled the tool doesn't bode well, so we'll have to watch closely to see what the company puts back on its servers.
This discussion has been archived. No new comments can be posted.

MS Pulls Windows 7 Tool After GPL Violation Claim

Comments Filter:
  • MS is practically saying, "Oops, we violated the GPL!"
    Oooopsies.
    • by Sasayaki (1096761) on Wednesday November 11, 2009 @03:28AM (#30057228)

      Now now, calm down a moment. Imagine what would happen if they *didn't* pull the code- there would be a veritable shitstorm in the Free Software community. This is the smart, rational thing to do.

      On a side note, this really acknowledges the power of the GPL- if even a single report says that there is a GPL violation and this causes Microsoft (its 'arch nemesis) to pull a tool for their newly launched apple-of-their-eye.

      • by Sasayaki (1096761) on Wednesday November 11, 2009 @03:29AM (#30057236)

        Replying to my own post here, but also remember that this is exactly what ReactOS did when there was a similar allegation by Microsoft- and were largely applauded for it. Again, it's the sane, rational thing to do and in my eyes doesn't admit any guilt whatsoever. That doesn't mean a GPL violation isn't there, mind, but it means that if there is one this is exactly how it should be handled.

        • by sopssa (1498795) * <sopssa@email.com> on Wednesday November 11, 2009 @03:56AM (#30057370) Journal

          Dear Sir or Madam,

          The responsible Anti-Microsoft Troll that should have replied to this post by now is on sick leave and was unable to prepare a custom flaming reply to this particular post. In lieu of that, attached is our generic template which we use to write all our flaming responses.

          1. Make a general anti-Microsoft jab
          2. Blame Microsoft for it's stance against Free Software (and also for lack of network neutrality, the current state of patent laws, the Iraq war, and the extinction of the dinosaurs)
          3. Accuse the poster who wrote something positive about Microsoft of being either a fanboy or a Microsoft employee. If the poster in question made a comment about Microsoft's actual support of Free Software in a particular instance, accuse the poster of being an oblivious idiot unable to see through their Embrace-Extend-Extinguish approach
          4. State that the Linux revolution is inevitable
          5. Finish off with another outpour of flames

          We hope you will be able to infer the potential content of the post that should have been done by the respective Troll. Please accept our apologies.

          Sincerely,

          Assistant Secretary,
          Anti-Microsoft Trolling Association, Ltd.

          • It was funny the first time I saw this, and a little less the next time I saw it.

            That was many moons ago. Time for something fresh?
      • The rational thing to do is to check first the licensing of any software you are not writing yourself.

        Of course the most rational thing would be to use GPLed software as needed and comply with the requirements, but it is Microsoft we are talking about here.

      • by msormune (808119)
        Actually, the arch enemy of GPL, especially GPL v3, is Google. You just haven't figured it out yet...
    • by RightSaidFred99 (874576) on Wednesday November 11, 2009 @03:31AM (#30057244)

      Right... or they are being smart, pulling the tool, and investigating whether they are violating the GPL. Like they said.

      It was a "Jump to Conclusions" mat. You see, it would be this mat that you would put on the floor... and would have different CONCLUSIONS written on it that you could JUMP TO.

  • by Anonymous Coward on Wednesday November 11, 2009 @03:22AM (#30057198)

    Seriously, preview your story summaries editors!

    "...so we'll have to watch closely to see what the company puts it back on its servers."

    Who thinks that "it" makes sense?

  • more info (Score:5, Informative)

    by Anonymous Coward on Wednesday November 11, 2009 @03:55AM (#30057364)
    A friend of mine works at the borg. He's a penguin at heart and generally a good guy. This is what he told me. I believe him, but you can make up your own mind. There is/was a GPL violation, but MS didn't do it directly. They licensed some code from a third party. The third party was responsible for the GPL violation (they licensed the GPL code under a non-GPL license).
    • Re:more info (Score:5, Interesting)

      by Malc (1751) on Wednesday November 11, 2009 @04:30AM (#30057536)

      If this is a GPL violation, I'm sure it wasn't deliberate by Microsoft. People around here no doubt think differently. I'd be interested to know what processes they have in place - at our company, any use of third party code (whatever license) has to be sign-off by the CTO, and the details get put away in a file somewhere. There's more to it than that, but in theory, something like this would be a screw-up by somebody or a break-down in the process.

      • by jkrise (535370)

        If this is a GPL violation, I'm sure it wasn't deliberate by Microsoft.

        That doesn't reduce their guilt however. If they got something written by a 3rd party, they need to have strict auditing practices in place. The responsibility solely vests with Microsoft.

        • Re:more info (Score:4, Insightful)

          by black3d (1648913) on Wednesday November 11, 2009 @08:39AM (#30058824)

          They do have strict auditing practices in place, specifically regarding interoperability, buffer overflows (and the like), and checking to ensure the code hasn't been wholesale copy/pasted from public libraries.

          However, they cannot ensure that someone hasn't copied a dozen lines of code from some other obscure program. They don't have the worlds entire source-code archive sitting in a database waiting to do comparison searches.

          Furthermore, i find the ENTIRE situation very, very unlikely. It's almost as if it was all orchestrated. The story that we're supposed to buy is that:
          1. Some random pundit was rooting through Microsoft functions because he "felt there was too much code there".
          2. Pundit noticed some code that, despite it not having any reference to ImageReader, and despite this individual having nothing to do with ImageReader, immediately recognised that a dozen-line ReadBytes method was "obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project".
          3. No evidence is ever produced that there are any references to ImageReader, CodePlex, or anything else in the source. The researcher simply magically recognised the source code from a project that he'd had nothing to do with and never seen before.

          I'm not buying it at all. This feels intentional.

          • It is my understanding that random pundit didn't even have the source code for the MS portion, only variable names and such.
          • by makomk (752139)

            Furthermore, i find the ENTIRE situation very, very unlikely. It's almost as if it was all orchestrated.

            Not really that unlikely.

            1. Some random pundit was rooting through Microsoft functions because he "felt there was too much code there".

            It was .Net code. People often seem to rummage through Microsoft's .Net-based code for no real reason, mostly because it's so easy to do. (In this case, though, it appears he was looking at the code because it had an annoying bug [withinwindows.com].)

            Pundit noticed some code that, despite it not having any reference to ImageReader, and despite this individual having nothing to do with ImageReader, immediately recognised that a dozen-line ReadBytes method was "obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project".

            There are these things called code search engines. They search publicly-available code for stuff. The code has all its identifiers intact, so it's not exactly hard to find. Since other code was copied - not just the ReadBytes method, which was just given a

        • by sjames (1099)

          If it was a 3rd party, It does reduce their culpability. Even there, they have taken the appropriate action thus far.

      • > If this is a GPL violation, I'm sure it wasn't deliberate by Microsoft.
        > People around here no doubt think differently.

        Yes and no.

        > I'd be interested to know what processes they have in place...in theory,
        > something like this would be a...break-down in the process.

        Microsoft doesn't have a great history with "process", of whatever sort, being followed by all business units. This is true with security, and using "other people's code", not specifically open source.

        They don't seem to be that organ

      • If this is a GPL violation, I'm sure it wasn't deliberate by Microsoft.

        Precisely.Why blame malice when plain incompetence would suffice?

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      I worked once for a company where I was ask for a common stack implementation that would be ready to be used, I recomended to modify a BSD implementation instead of developing it ourselves from scratch or to buy one from a third party.
      Answer was "no no no, no free code in our software". I tried to explain the various free licenses policy that are currently used and to describe avantages of the BSD one, but finally my employer of that time decided to buy the stack it needed from a third party.

      So we received

  • by mwvdlee (775178) on Wednesday November 11, 2009 @04:03AM (#30057406) Homepage

    What if it IS a GPL violation?

    Will they release the source code?
    And if not, if they just replace the GPL parts and release a new version, will people who downloaded the first version be legally able to demand the source code? Will the mere tainting of the code with GPL code cast a shadow on any future releases; "did they really replace the GPL parts or did they just refactor it"?

    • by msimm (580077) on Wednesday November 11, 2009 @04:50AM (#30057640) Homepage
      If it is a violate they'll remove the code and put the application back up. The same thing that usually happens in a GPL violation, I don't see any reason to treat Microsoft differently.
    • And if not, if they just replace the GPL parts and release a new version, will people who downloaded the first version be legally able to demand the source code?

      Here's my guess, but I'm only a lawyer in the armchair sense (i.e. not at all, but I try picking up an understanding of the law).

      If it's found to be a GPL violation, Microsoft has violated the law regarding copyrights.

      It'll be up to the party (or parties) who can sue Microsoft (only the copyright holder? Only the people who have lost something by MS breaking the (C) law?) to either settle the matter between themselves, or to take it to court and have the matters settled by a judge.

      The FSF's position is tha

    • by XaXXon (202882)

      you can't demand the source code. It was never offered to you.

      The only thing that can be done is that the copyright holder of the original software could sue. However, you can't sue for the software to be released, you can only recover monetary damages.

      That's a big thing that people think that you can be forced to release your source code. The only thing you'll be forced to do is pay money to the copyright holder.

    • What if it IS a GPL violation?

      Will they release the source code? And if not, if they just replace the GPL parts and release a new version, will people who downloaded the first version be legally able to demand the source code?

      I doubt that. Replacing the GPL'd code ought to be enough; especially if the incorporation was accidental or the result of a third party's actions (as another poster pointed out it may be code they licensed from another company who claimed ownership of the rights.) I would not want someone to be forced to relseas code for such violations.

      Why? Because it would be a bad precedent - what if someone used copyrighted code without permission in a GPL'd project? Should everyone who subsequently uses the code be

      • by mwvdlee (775178)

        If somebody has an illegal copy of a music CD, would it be enough to simple destroy the copy after you've been caught in order to comply to copyright law?
        Why would destroying the illegally copied code (e.g. rewriting the GPL code bits) be sufficient? It's the same copyright law that's being broken, shouldn't the same rules apply?

        I'm not talking about what would be morally correct, but what would be legally correct.

  • by Korin43 (881732) on Wednesday November 11, 2009 @04:33AM (#30057546) Homepage

    the GPL, a widely used (including by the Linux kernel) free software license

    Good thing they cleared that up. I never would've known what the GPL is without this explanation.

    • by vlm (69642)

      the GPL, a widely used (including by the Linux kernel) free software license

      Good thing they cleared that up. I never would've known what the GPL is without this explanation.

      I wonder if its time to stop referring to the GPL as a "widely used free software license" and refer to it as "THE most widely used software license".

      A combination of

      http://www.dwheeler.com/sloc/ [dwheeler.com]

      and

      http://en.wikipedia.org/wiki/Source_lines_of_code [wikipedia.org]

      would seem to indicate "around 180 million LOC in Debian" vs maybe 50 MLOC for windows. Not everything is in Debian (believe it or not) and not everything MS is in Windows, but everything else that is MS licensed probably doesn't add up to more than 3 times the si

  • !doesn't bode well (Score:3, Informative)

    by jamesh (87723) on Wednesday November 11, 2009 @04:54AM (#30057656)

    I think taking the software down is a very boding/bodeable/bodeful/whatever thing to do. I wouldn't expect anything else unless they had concrete proof that there was absolutely no chance at all that there was even the remote possibility of a GPL violation, and unless the software was developed completely in house and the claim of GPL violation was made with no evidence at all they can't be sure of that.

    • Re: (Score:3, Insightful)

      by Spudley (171066)

      I think taking the software down is a very boding/bodeable/bodeful/whatever thing to do.

      I completely agree. The guy who posted the original story was just wrong to say it "doesn't bode well".

      By saying that, he was basically condemning Microsoft's actions before they'd even done then. I dislike MS as much as the next guy here, but - please! - what have they done in this case to warrant not boding well? As soon as they found out there was a potential problem, they pulled the software so they could investigate

      • What happens if there is code in there that was in fact original, but happened to be the same as GPL'd code? What I mean is that for a few lines of a simple function, it is completely possible for two programmers to come up with the exact same solution, or at least near enough. Doesn't happen often, but it can happen. This is especially true if you are working from a spec. You have an open standard you are implementing (like the ISO spec) and it may even have sample code.

        So this leads to the question of wha

  • by crocodill (668896) on Wednesday November 11, 2009 @05:02AM (#30057700)

    they pulled their tool

    huhuhhuh

  • by hairyfeet (841228) <bassbeast1968 AT gmail DOT com> on Wednesday November 11, 2009 @06:57AM (#30058276) Journal

    It is currently on Major Geeks [majorgeeks.com], but who knows for how long. From the sound of it all it does is make a USB drive bootable like the HP format tool and then copy the ISO files to the drive.

    Hell something that simple...why would they need to steal GPL code,unless they got themselves a seriously lazy programmer/contractor?

    • Hell something that simple...why would they need to steal GPL code,unless they got themselves a seriously lazy programmer/contractor?

      The real question is why waste your time reinventing the wheel when you can take GPL code for *FREE*?? All you have to do is give credit and release your modifications (if any). Especially when you're trying to make the world believe that you are a friend to the open source community.

      • by hairyfeet (841228)

        Why bother with that and having to deal with RMS and a bunch of pissy SCoN! (Source Code or Nothing!) Linux hardcores who frankly wouldn't be happy unless MSFT burned the Windows source code and then jumped in the fire with it, when they already have a business partner (HP) that has a nice proprietary tool (HP USB Formatting Tool) that does most of what they want, and a simple .bat file can take care of the rest?

        Lets be honest here, okay? Linux fanboys think MSFT is the antichrist, and frankly anything th

  • I say everyone should stay quiet. Little by little open source code will leak in to all MS applications. Then in a few years from now, we can all file thousands of massive class action law suit that force MS to either go out of business or open source their entire OS and everything on run on it. The only problem with this plan that I see is that if they steel sufficient amount of quality open source code, their software might actually start working in a respectable manner and we will all end up back using w

The sooner you fall behind, the more time you have to catch up.

Working...