Forgot your password?
typodupeerror
Microsoft GNU is Not Unix Software Windows

Microsoft Takes Responsibility For GPL Violation 364

Posted by Soulskill
from the owning-up dept.
An anonymous reader writes with an update to the news we discussed last weekend that a Windows 7 utility seemed to contain GPL code: "Microsoft has confirmed that the Windows 7 USB/DVD tool did, in fact, use GPL code, and they have agreed to release the tool's source code under the terms of GPLv2. In a statement, Microsoft said creation of the tool had been contracted out to a third party and apologized for not noticing the GPL code during a code review."
This discussion has been archived. No new comments can be posted.

Microsoft Takes Responsibility For GPL Violation

Comments Filter:
  • Good on MS (Score:4, Insightful)

    by CokoBWare (584686) on Friday November 13, 2009 @08:04PM (#30093452)
    Awesome!
    • by sgbett (739519) <slashdot@remailer.org> on Friday November 13, 2009 @08:07PM (#30093480) Homepage

      First I read some article about Gates praising Jobs [appleinsider.com], and now this?

      I think the Mayans might be on to something.

      • by khallow (566160) on Friday November 13, 2009 @08:20PM (#30093622)

        I think the Mayans might be on to something.

        The Y2012 bug is exaggerated. There isn't much Mayan code in reality and what's there probably won't generate any irrecoverable errors. Besides if there were going to be problems, we'd see systems that depended on dates after 2012 failing now. You'd see things like extremely unlikely coincidences and bizarre flukes of fate. Since we don't see th%@HG%#@%YG@$^[CARRIER LOST]

        • by jackspenn (682188) on Friday November 13, 2009 @08:57PM (#30093884)
          The main reason (as I understand it) that Mayan code never really caught on is because it regularly sacrifices files based around SUN java and mayaSQL code.
        • The New Age spiritually aware around the world are running up against the end of the Mayan Long Count Calendar [today.com]. Mayan date 12.19.19.17.19 will occur on December 20, 2012, followed by the start of the fourteenth cycle, 13.0.0.0.0, on December 21st.

          The event was first flagged by megalith scientist Terence McKenna. The end of the thirteenth cycle would break many megalith calculations — which conventionally use only the last four numbers to save on standing stones — with fears of spiritual collapse, disruption of ley lines, Ben Goldacre driving the chiropractors back into the sea and the return of the great god Quetzalcoatl and the consequent destruction of all life on earth.

          Megalith programmers from 4000 years ago are being dredged up from peat bogs and pressed into service to get the henges updated to handle the turnover in the date. “It could be worse,” said one. “I could still be programming COBOL.”

          Sceptics may choose the Winter Solstice on December 22nd (13.0.0.0.1) to attack, to take advantage of weakened qi. In case vital services are temporarily cut off, spiritually aware persons should stock up on crystals, copies of Sun Signs, a duly blessed tarot deck and other essentials. “They should get as well a suitable selection of blessed Hopi ear candles,” said Y2012 consultant Ravenwoo Granola, DD, 31, Ph.D (Univ. P.T. Barnum Mail-Order), “unicorn posters, holistic medicines, Silver RavenWolf books, purple clothing, protective pentacles — earrings for the ladies, pendants for the gents — make sure the house is absolutely robust in feng shui, your energetic vibrations are aligned and your Eostre rituals are up to date and keep only homeopathic quantities of money around. I’ll be happy to take on the danger of handling the rest. Here’s a price list. Everyfink for the spiritual survivalist.”

          Others dismiss the problem. Sandra Noble of the Foundation for the Advancement of Mesoamerican Studies considers the Y2012 problem “a complete fabrication and a chance for a lot of people to cash in.” However, Y2012 consultants deride “2012-deniers” for having their heads in the sand as to the vast and overwhelming spiritual importance to humanity of keeping their consultancies rolling.

      • Re:Good on MS (Score:4, Informative)

        by Rip Dick (1207150) on Friday November 13, 2009 @08:45PM (#30093802)
        Why wouldn't he praise Jobs? Last I heard, Bill owned a decent share of Apple's stock.
      • Re: (Score:2, Interesting)

        by mysidia (191772)

        Except 2012 was a miscalculation [slashdot.org] and the real year is supposedly 2220.

    • Re:Good on MS (Score:4, Informative)

      by Svartalf (2997) on Friday November 13, 2009 @10:07PM (#30094320) Homepage

      Indeed. I applaud them for swiftly and appropriately handling the problem- to the point of taking the high-road for a change and offering the changed source code up instead of simply pulling it all out.

      It doesn't make up for what they've done over the years (and apparently still doing...sadly...) but it's a good start in the right direction.

  • by someone1234 (830754) on Friday November 13, 2009 @08:05PM (#30093454)

    Microsoft 7 legally contains GPL code.

    • Re: (Score:3, Informative)

      This was a USB/DVD burning tool offered on by Microsoft to help people install Windows 7 by burning the iso to USB/DVD. As far as I know, it is not included in Windows 7.

  • by cpicon92 (1157705) <kristianpicon@gmail.com> on Friday November 13, 2009 @08:05PM (#30093466)
    I have to say, my opinion of MS gets better everyday...
  • Code Review (Score:3, Insightful)

    by Romancer (19668) <romancer@@@deathsdoor...com> on Friday November 13, 2009 @08:06PM (#30093472) Journal

    IDEA:
    When you're that big a company you should review all of your code as much as you think the patent office should review others patents.

    • by srealm (157581)

      They do - why do you think big companies use their patent portfolios as a THREAT rather than use them? If the examiner had done their job I am betting nowhere NEAR as many software patents would be granted as have been.

      ala. http://yro.slashdot.org/article.pl?sid=09/11/11/2055226 [slashdot.org]

    • Re:Code Review (Score:5, Insightful)

      by jim_v2000 (818799) on Friday November 13, 2009 @08:55PM (#30093858)
      Question: how can you tell GPL code is GPL code unless you know that it's GPL code? My point is that code reviews are cool, but they cannot catch things that the reviewers don't know to look for. And it's impossible for anyone to be familiar with every piece of GPL'd code out there, and it's impossible to build a database of such code. The best way to handle it was the way that they handled it. Someone found the error, told MS, and MS became compliant by releasing the code.
      • Re:Code Review (Score:5, Insightful)

        by Krishnoid (984597) * on Friday November 13, 2009 @11:21PM (#30094702) Journal

        And it's impossible for anyone to be familiar with every piece of GPL'd code out there, and it's impossible to build a database of such code.

        Well, at least one company [blackducksoftware.com] is trying to do just that, and to help companies avoid this very problem.

      • Re: (Score:3, Interesting)

        by GregNorc (801858)

        Question: how can you tell GPL code is GPL code unless you know that it's GPL code? My point is that code reviews are cool, but they cannot catch things that the reviewers don't know to look for. And it's impossible for anyone to be familiar with every piece of GPL'd code out there, and it's impossible to build a database of such code. The best way to handle it was the way that they handled it. Someone found the error, told MS, and MS became compliant by releasing the code.

        It's called MOSS [stanford.edu]. Free for educational use, though a company like Microsoft would need a site license, but it would probably pay for itself when you factor in the money paid to PR firms to compensate for blunders like this.

        I mean, I don't think anyone seriously thinks MS intended to steal GPL code. But if you have subcontractors writing shitty code, and you're forced to acknowledge this publicly, that have a very real cost - it undermimes your image as a respectable software company.

    • Re:Code Review (Score:5, Insightful)

      by bitt3n (941736) on Friday November 13, 2009 @09:43PM (#30094212)

      IDEA: When you're that big a company you should review all of your code as much as you think the patent office should review others patents.

      so I should just stamp 'REJECTED' on the first page and call it a day?

  • by SerpentMage (13390) <[ChristianHGross] [at] [yahoo.ca]> on Friday November 13, 2009 @08:06PM (#30093474)

    Hey folks, did you see that pig fly?? It was quite impressive. So fat, and trumped. Never thought it would get off the ground... But there it went...

  • Give some credit (Score:5, Insightful)

    by onyxruby (118189) <onyxruby&comcast,net> on Friday November 13, 2009 @08:12PM (#30093532)

    Give some credit, they did a code review, noticed the accusation was factual and did the right thing. As many times as microsoft has done the wrong thing, it's only right to credit them for doing the right thing this time.

    The interesting question now is if they will retain this tool going forward, or replace it with another that is not GPL'd. It certainly sounds like an accident, so I am curious if good production code has any chance of trumping internal politics.

    • The interesting question now is if they will retain this tool going forward, or replace it with another that is not GPL'd. It certainly sounds like an accident, so I am curious if good production code has any chance of trumping internal politics.

      Why not retain it? It was offered for free in the first place.

    • by the_humeister (922869) on Friday November 13, 2009 @08:32PM (#30093714)

      This is Slashdot! Everything MS does is bad. Everything, no questions asked! I mean, they won't even answer allegations that they sacrifice babies at the altar.

    • by Kjella (173770)

      If we think of them a little bit as a company and not the anti-RMS, why would they bother now? They're complying, the tool works.... what's the business case? Big companies like to use open source when it's to their advantage. like one vendor I'm familiar with, they are now pushing Linux, Tomcat and many open standards but they're very clearly closed source on top.

  • by khallow (566160) on Friday November 13, 2009 @08:12PM (#30093534)
    I predicted that they'd just need to make minor corrective action [slashdot.org]. Looks to me like that's exactly what happened. A replier to that post noted that as a prominent member of the Business Software Alliance, Microsoft would need to act above board and that this, if true, could be a serious problem. My take is that they just did that with this choice a mere week or so after the GPL code came to light.

    So it appears to me that we're both right. Microsoft didn't need to fix much, but due to their leading position in an anti-piracy lobbying group, they needed to fix it quickly.
  • Implications (Score:5, Informative)

    by Bruce Perens (3872) * <bruce@perens.com> on Friday November 13, 2009 @08:16PM (#30093582) Homepage Journal

    I wouldn't want to be the consulting company that provided Microsoft with this code. They're in some deep doo-doo now. Unfortunately, a lot of engineers are so clueless about licensing, as are their managers, that it is really possible that the person who did this didn't know it was a problem.

    But this is not anything new for Microsoft. Microsoft started contributing to GCC around 10 years ago, for the former Unix services product. And this really serves their purpose if they are trying to scare people away from the GPL. "Microsoft forced to give up source code."

    Where they are really hurting us now is in government policy and patented technology in interoperability facilities. Like the European Interoperability Framework going proprietary, and the MS-patented filesystem in next-generation FLASH devices. Consider stuff like that before you decide they are a "good citizen".

    • I don't buy that excuse. I write code. I don't have to understand the intricate licensing law to know when I've included code that I didn't write. It doesn't take a genius level IQ to know that when I do that (use code I didn't write) I need to tell the person who hired me to write code. Once that happens, it is the responsibility of a manager to find out the licensing issues.

      • by Bruce Perens (3872) * <bruce@perens.com> on Friday November 13, 2009 @09:31PM (#30094132) Homepage Journal
        Yes. But you'd be shocked at the testimony I read, as an expert witness, from engineers and their managers. Incompetence is rampant. Unfortunately, the cases are settled and sealed, so I can't show you.
        • Re: (Score:3, Insightful)

          by CFD339 (795926)

          I've done my share of expert witness work (usually on the security side) so no, not surprised. But usually pleading ignorance doesn't necessarily mean there was actual ignorance.

          A programmer knows when he didn't write the code.

      • Re: (Score:3, Insightful)

        by transiit (33489)

        More to the point, as a software engineer, or code monkey, or code master, whatever, you should be well aware that if it's code you didn't write, don't use it until you're clear as to the ramifications.

        I avoid using any example code I see unless I can understand it and there's a clear statement of "Hey, this is example code, by writing this tutorial, we kind of expect you'll be making a derivative of it."

        Treating GPL-licensed code (or some open source license) under the same regard is poor thinking. Passing

  • ...gulp (Score:5, Funny)

    by binarylarry (1338699) on Friday November 13, 2009 @08:17PM (#30093590)

    Wha wha what just happened?

    Someone hold me, I'm scared.

  • by rewt66 (738525) on Friday November 13, 2009 @08:17PM (#30093594)
    If I recall correctly, MS at one point tried to say that, if something like this happened, you'd have to release all your source code. Now we find that MS knows that you only have to release the source code of the program in question. Big difference. (Of course, if this was in Windows itself, the difference would not matter much to MS...)
    • by Toonol (1057698)
      Hopefully, no loon will start demanding just that... "MS is legally required to opensource all their code, now". All that would do is convince people to NEVER touch anything GPL'd.
      • Nope; Actually I hope "some loon" specifically and in a court of law demands that Microsoft release "all their code". Trust me, Microsoft will loudly and clearly and successfully defend themselves, creating a very clear answer to all the people trying to claim that the GPL forces you to do such a thing.
    • by Willbur (196916)

      If I recall correctly, MS at one point tried to say that, if something like this happened, you'd have to release all your source code. Now we find that MS knows that you only have to release the source code of the program in question. Big difference.

      I don't believe that's correct. You need to stop infringing the copyright - that means either obey the terms of the license or stop distributing (and deal with the consequences of the limited distribution you already made).

      I hope this doesn't help the bogus 'GPL is dangerous, an outside contractor can make you reveal your code' meme to spread.

    • Re: (Score:2, Insightful)

      by jim_v2000 (818799)
      >MS at one point tried to say that, if something like this happened, you'd have to release all your source code.

      [Citation Needed] [Context Needed]
    • And if the program in question happened to be MS Word? Then they'd have had a big problem. Of course, they probably don't let outside companies contribute code to Word, but this still works as good PR from Microsoft's point of view. They had to release the code for a fairly unimportant tool that they got a third party to write and they got to point to this as an example of the GPL forcing a big company to release their code. ('if even Microsoft is forced to release their code by the GPL then we'd better
      • And if the program in question happened to be MS Word? Then they'd have had a big problem. Of course, they probably don't let outside companies contribute code to Word, but this still works as good PR from Microsoft's point of view. They had to release the code for a fairly unimportant tool that they got a third party to write and they got to point to this as an example of the GPL forcing a big company to release their code. ('if even Microsoft is forced to release their code by the GPL then we'd better mak
  • ...2012 is almost upon us. Microsoft open sources code including GPL code that they had not noticed was included. Slashdotters praise Microsoft for correct response.

    And now for the Four Horsemen....
  • by beej (82035) on Friday November 13, 2009 @08:46PM (#30093806) Homepage Journal

    "I'm going to take back some of the things I've said about you, Microsoft. You--you've earned it."

  • by cptnapalm (120276) on Friday November 13, 2009 @09:06PM (#30093946)

    "have agreed to release the tool's source code under the terms of GPLv2."

    Anyone know where I can buy some new eyes? Mine just exploded.

  • so you expect us to install your operating system in computers in corporate environments, government offices, whereas you contracted stuff out to third parties.

    just exemplary.

  • and 'Microsoft did that', I think some people forget how big the company is. Yes, the top brass are ultimately and formally responsible for everything the company does, and they set the tone. But its not like its possible for everything that any peon decides to do can get reviewed by a single central authority. This applies, for example, to stupid patents.

    The same principle applies to stupid things done by any national government.

  • Fair Play (Score:2, Interesting)

    by Dartz-IRL (1640117)

    That's all that need be said. Microsoft realised it was in the wrong, and took steps to correct it. They didn't stonewall, they didn't hide. I must admit to being pleasantly surprised. Microsoft themselves place great importance on respecting software licenses/copyright, and it's nice to see them practice when it comes to other people's copyrights.

  • by sphantom (795286) on Friday November 13, 2009 @10:35PM (#30094472)

    Why is Microsoft farming out the programming of a relatively simple tool when they have 10s of thousands of programmers and consultants on their payroll? Issues like this are exactly why you shouldn't outsource work when you already have employees that could do the job.

    • Re: (Score:3, Insightful)

      You answered your own question -- it's a "relatively simple tool". The tool has relatively little value-add or innovation compared to their other work. They'd rather spend their employees' time on developing software more core to their business.

      The fact that this particular utility isn't particularly core to their business or seen as critically valueable or innovative is evidenced by the quick turnaround in releasing the source code. It's so far from their core business that it's just not worth their dev

The Universe is populated by stable things. -- Richard Dawkins

Working...