Slashdot Mirror

Hotmail is/was powered by a mixture of FreeBSD and Solaris. NOT Linux.

Hmmm ... I decided to check. A few probes of hotmail.com turned up only headers like:

HTTP/1.1 302 Redirected
Connection: close
Date: Tue, 03 Feb 2009 14:10:32 GMT
Server: Microsoft-IIS/6.0
Location: http://lc2.bay0.hotmail.passport.com/cgi-bin/login
HTTP/1.1 302 Found
Date: Tue, 03 Feb 2009 14:10:33 GMT
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
xxn:28
MSNSERVER: H: BAY124-W28 V: 13.2.260.1209 D: 2008-12-09T21:13:20 ...

So where are the signs of any *BSD or Solaris system here? It looks very much like a typical Windows server running IIS.

This isn't to say that they aren't also running Solaris or FreeBSD servers. But my probes didn't turn up any evidence of such systems during this brief time window.

Microsoft should focus on basic email platform. Today, I tried to login to my hotmail account and guess what? Server is busy. http://lc1.bay0.hotmail.passport.com/toobusy.html? s=BAY0-LC2-000

and they needed the account anyway to use MSN (I know you can sign up for MSN with another email address, but it's really hard to find that site)

I'm sure like that would be extremely successful

*sarcasm alert*

Use a Passport Limited Account, and you get a passport without any personal information.

http://www.passport.com/

(The last option under 'Sign Up Today' has the option to create a Limited Account, and information about it.)

Or get a regular passport and put in fake information.

If was [sic] really important it would allow me...to change my password.

In its infinite wisdom, Microsoft did make it possible to change your password. Here's how:

1. Visit http://www.passport.com/ and sign in, if necessary. I even made it clickable here.
2. Click "Member Services."
3. Click "Change my password."
4. Type your current password. Then, type your new password, and type it again to make sure you typed it correctly.
5. Click "Continue."

Or just head on over to passport.com and register your e-mail address as a passport, no windows machine required.

ND

You know what made ICQ ? The search. ICQ has / had an AMAZING search. You wanted to find someone all you had to do is look. There e-mail name etc etc. I think it's the spam that hit people HARD. I remember connecting and constantly getting those "forward this to everyone thing" and later on even like spam spam. "Click here for hot girls" etc etc.

Your comment on not remembering ICQ is quite strange. EVERY time I bring up ICQ everyone remembers there number. I know mine is 26262929 (lucked out on that one). It's a simple string of numbers that most people can remember.

By the time ICQ had server side lists, and supported firewalls as mentioned above. MSN and AIM kicked in.

I know in norhtern ontario the thing to use is MSN. Everyone and there dog has a MSN account and uses it to chat. I know noone that I physicaly meet who use AIM or ICQ or even yahoo in that matter.

Most of the convienece is hotmail. Most people and there dog have a hotmail account. Why not simply sign in with MSN and boom your hotmail is all nice and simple with a messaging app.

Don't want to have a hotmail account. Click Here and simply add your e-mail address (They just simply mail you a URL to click). Then sign onto MSN with your new mail address.

Yahoo I find isn't a very nice network to talk with. It's too bloated on the windows end and looks to be a haven for "picking up". If you want a laugh go on one of the romance channels and say your 19/F/Wherever and you get literally enough msg's for yahoo to boot you off. AIM is ... AIM it seems popular in the US but I don't know since im canadian.

Too bad for ICQ but people moved on

A Microsoft Passport doesn't have to be from hotmail.com or msn.com or even passport.com. Hotmail and MSN email addresses are automatically Microsoft Passports, but you can register any email with www.passport.com.

You know what I had the same issue. Just goto Passport.com Then sign up your current e-mail address too it.

Log in and then simply get that "Verification E-Mail" so you can change your MSN name.

Now simply log in with the real MSN client. Export your list ... then import it into your new account.

I did this when I got my domain and thought I would have less people accept me but I found people on my list I have not talked to for years. Plus it's good to see who's account is still active

Some idiot signed up for a passport account and gave them a dummy e-mail address that he just made up. Unfortunately it happens to be for a mailbox that I've used for years. The MS "welcome to .NEt passport" letter doesn't even give you an option to tell them that this address was subscribed in error and to take ou off their lists. I've tried sending e-mails to addresses of real people there, but everything has been ignored. I continue to get crap from them as a result of this bogus sign-up, and can't get rid of them.

What's the problem? The passport account is under your e-mail address, which means it's yours. Go to the Passport main site, follow the links to get the password for that account either mailed to you or reset (Follow the Member Services link, then "I forgot my password", follow the on-screen instructions), then login, go to Member Services, and close the account (the "Close my .NET Passport account" link). Done.

I know you kidding, but... (from Passport terms of use)

You are responsible for maintaining the confidentiality of your password and account information.

Clearly, by sharing your passport account you are in violation of the passport user agreement. Congratulations, you just became Bill Gates towel boy...

What does it matter? Anyone using Mozilla can't register with Hotmail or Passport anyway. Go ahead, click on the register link.

Microsoft® .NET Passport no longer supports the Web browser version you are using. Please upgrade to a current Web browser, such as Microsoft Internet Explorer version 4.0 or later, or Netscape Navigator version 4.08 or later.

Frankly, I'd be very happy if public key encryption became standard, and there were government-registered companies to certify people's public keys. How do you know that this key purportedly from John Smith is really from John Smith? Why not welcome the government's seal of approval that the company verifying John Smith's identity isn't "Fly-By-Night Enterprises"? Or are you happy trusting Microsoft to verify this stuff for you?

I've just finished reading through the overview in detail, and skimming the other documents.

Before everyone starts bringing out their copy of 1984 (sorry - not going to link to Amazon, thank you very much) to compare lets take a good look at what they're doing.

First, a Service Provider (some place you might want to use your "Liberty" ID) has no requirment to use the Liberty IDs exclusively. The Service Provider can authenticate you with a 'local' username/password as well. (It's up to them.) The examples they use indicate this as well.

Second, if you don't trust an Identity Provider (The entity that you have your cross-site identity with), you don't have to use them -- there can (and hopefully will) be others. There's no built in monopoly, like some other system.

Lastly, if you're worried about your Identity Provider (who holds your 'master account') knowing all sorts of jucy information about you, you can relax (mostly). Other then when and where you signed on, or re-signed on, no personal information gets transferred from Service Provider to the Identity Provider. (With the exception of information needed to verify the identity you give.) This is unlike this system who wants to hold alot of information for itself. The key here is that there is no requirment forcing the Identity Provider to do this, and if you don't like it - don't use it.

If enough people stand up and say "NO", we can affect change.

On the positive side, if the Identity Provider has reasonable policies regarding the use of my personal information, and a compelling base of like-minded Service Providers using it's authentication service, I would likely avail myself of it's use. At the same time I'd burn a monopolistic Identity Provider in effigy.

I've just finished reading through the overview in detail, and skimming the other documents.

Before everyone starts bringing out their copy of 1984 (sorry - not going to link to Amazon, thank you very much) to compare lets take a good look at what they're doing.

First, a Service Provider (some place you might want to use your "Liberty" ID) has no requirment to use the Liberty IDs exclusively. The Service Provider can authenticate you with a 'local' username/password as well. (It's up to them.) The examples they use indicate this as well.

Second, if you don't trust an Identity Provider (The entity that you have your cross-site identity with), you don't have to use them -- there can (and hopefully will) be others. There's no built in monopoly, like some other system.

Lastly, if you're worried about your Identity Provider (who holds your 'master account') knowing all sorts of jucy information about you, you can relax (mostly). Other then when and where you signed on, or re-signed on, no personal information gets transferred from Service Provider to the Identity Provider. (With the exception of information needed to verify the identity you give.) This is unlike this system who wants to hold alot of information for itself. The key here is that there is no requirment forcing the Identity Provider to do this, and if you don't like it - don't use it.

If enough people stand up and say "NO", we can affect change.

On the positive side, if the Identity Provider has reasonable policies regarding the use of my personal information, and a compelling base of like-minded Service Providers using it's authentication service, I would likely avail myself of it's use. At the same time I'd burn a monopolistic Identity Provider in effigy.

A passport. No more fumbling around for yet another document while travelling.

I think you will have to spell that with a capital "P" soon.

Is microsoft abandoning their drive to make Passport the authentication mechanism for *everything*, Starbucks and such, or are they just going to drop the pretense of making it an open system?

Passport was a seperate initiative from .NET MyServices (aka Hailstorm). Passport is an authentication mechanism while .NET MyServices was supposed to be a centralized repository of user information (calendar, preferences, inbox, contacts, bookmarks, etc) which could be queried by various vendors who would receive restricted access to the data based on the user's settings.

Is it possible for people to take the hailstorm protocol, if they so desire, and set up an independent, decentralized hailstorm network that just happens to not be affiliated at all with microsoft?

There are a couple of things to consider here. The first being whether there are any intellectual property(IP) issues, I have no idea about this but wouldn't advice anyone to start something like that without at first ensuring there aren't any patents or anything like that being violated. The second thing is exactly how one would use the technology. Personally when I first saw a Hailstorm presentation last summer I kept on thinking that it may face difficulty in gaining widespread acceptance for exactly the same reasons listed in the article; there was no justification for vendors to give up so much control to user information to a third party. One example touted was the ability to move music preferences from website to website but the question never asked is why Amazon.com [for example] would make it easier for users to grab all their painstakingly entered personal preferences and music ratings to CDNow.com or some other online site. I remember emailing the presenter about my thoughts but couldn't follow up since it happened close to the end of my internship. However, it may work within a closed environment like a corporate intranet but then again MSFT already has Exchange which has a lot of the important functionality that would be provided by .NET MyServices like an inbox, contacts, calendar etc.

Was GNOME MONO planning on implementing hailstorm as part of their .net workalike? Are they still going to?

Gnome is not related to Mono. Miguel De Icaza may have founded both but he no longer maintains any packages for Gnome nor does he do much (if any) active development but instead spends most of his energy on Mono.

As for your question, Mono is not interested in Passport or Hailstorm and went as far as creating a page about it because people kept on getting misconceptions about it.

Disclaimer:This post is my opinion and does not reflect the views, opinions, intentions or strategies of my employer.

This is wrong, if you have a passport account you can delete it. Visit the Contact Us help page, and select the 'delete my account' from the list of things in the I need to list. They'll then send you a mail asking for answers to the secret questions. They were very responsive when I tried.

Let us now put this into the context of the passport scheme - the EPIC letter states "Microsoft has indicated that the company's goal is to have every Internet user possess a Passport account", which I deem a fair summary of the situation (although, ideally, everybody would also use a Hotmail account too). Trundle along to, say, http://www.passport.com and look! See how you can sign up with ease! Get it now! Calooh! Callay!

Now let us try to pull the same trick that was pulled on me, and that I have fortunately not seen on any well-organised mailing list outside of Redmond. Enter an e-mail address, any e-mail address (excepting MS-specific ones such as Hotmail) - even make one up that obviosuly doesn't exist, and then... Carry On! Yes! There's still no security! At least, I guess, an e-mail gets sent to the e-mail address asking you to verify it, but this seems to be purely for service embellishment:

Please take a moment to help us verify your e-mail address. This ensures that .NET Passport can respond to you if you contact us about a service issue. In addition, some participating .NET Passport sites may require you to verify your e-mail address to take full advantage of their own services.

To conclude, I say get out there, fight it from the other end - the end that consumers will understand. Sign up as many fake and real accounts as you like to demonstrate just how fallible the system is. I'm off to see if they prevent scripting...

Now I'd like to get out of the system, because I don't trust it to be secure, but because I've forgotten my password, I can't.

Go to the Passport site (http://www.passport.com) and look; there's no FAQ or other document that tells you how to cancel your account. Nor is there any e-mail address of anyone who might be able to help you do it manually.

So, when you hear Passport adoption statistics, subtract at least one. I've never used my Passport a second time, but can't get rid of it, after trying for weeks.

a) - You are right - IE still crashes my systems (in windows, of course...), but mozilla, when it crashes, leaves windows alone just fine...and it's laughable to watch me try and middle-click to open a new page in IE. I still curse that little move-thingy. arg. Mozilla is awesome for win, and in linux it's pretty good too.

b) - streaming audio - does it really matter? everyone I know who needs audio uses p2p. Internet radio is dying. what else is there? seriously, I just don't know, and i'm curious if there is anything.

c) - A friend of mine runs apache in win98. A lot of people use it. Wait until 2.0, or read this slashdot article if you don't believe me. I agree with the parent i'm replying to. MS hasn't done too much to impress me with their internet stuff. It's mostly bloated and insecure.

- dave

There's a mirror of the site here

I see many people ranting about how if they have to use a .NET passport in order to play premium games, where they have to pay, suddenly their privacy is compromised and every site that uses .NET will know that information. That is hardly true. Before talking about what you don't know, try reading the .NET passport privacy policy, found at:
http://www.passport.com/consumer/privacypolicy.asp
For anyone who is worried, I highly recommend reading it, but for those who don't want to, I'll highlight a few points.

1. The normal .NET passport only stores the following:
Personally identifiable information, which is information that either personally identifies you or allows others to contact you. The personally identifiable information collected by .NET Passport includes your e-mail address, because your .NET Passport is based on your e-mail address. .NET Passport may also collect your name and/or phone number depending on which .NET Passport Services you register for.
Non-personally identifiable or "demographic" information, which by itself does not identify you or allow others to contact you. The non-personally identifiable information that .NET Passport collects may include your country, state/region, ZIP/Postal Code, time zone, gender, birthday, and occupation.

2. Any information about credit card and address is stored in the .NET Wallet which is an optional part of the .NET. Only stores that actually use that information for purchasing purposes have access to the Wallet and they get access by having a privacy policy that matches the MS .NET Wallet privacy policy.

3. Other information (such as sizes if you buy clothes) are stored by the retailer, not by MS on your .NET account, the same goes for the zone, everything besides what is stated is stored by the .NET is stored by the zone, not .NET.

Anyone who was already playing premium games on the zone had already given MS their credit card info and their name, along with a valid e-mail address, so why should it matter if they can now go other places and not have to re-enter it? That information will now just be stored in the .NET wallet which in no way tells other zites that someone uses the zone for gaming.

There are two specific cases, however, in which a .NET Passport participating site will receive your profile information (except your password and secret question and secret answer) regardless of your check-box settings:

The participating site where you registered for your .NET Passport will receive the profile information you provided during registration. If you registered an @msn.com, @hotmail.com, @webtv.net, or @compaq.net .NET Passport, then those e-mail domains will always receive your profile information when you visit their sites.

In general, the e-mail address associated with your .NET Passport account is not shared with .NET Passport participating sites or services. However, a few sites currently require your e-mail address in order to provide you their services. (For example, Hotmail requires your e-mail address to provide your requested e-mail services.) In those cases, .NET Passport will provide your e-mail address to those sites when you sign in to them.

My wife works at Microsoft and she's afraid to open a Passport account! (then again, she's tolerant of my Linux habit, so perhaps she's the exception)

Interesting stats from the article: 200 million people use Passport as a sign-on service, but according to the first paragraph on the second page of the article, only 2 million users have created "wallets". So their uptake rate is pitiful.

The next stat I'd like to see is how many of the 2 million have actually (and voluntarily...) performed a financial transaction using the thing. And how many of those were just people who created the stupid wallet so they could do business with one of the 70 sites that MS has signed up.

BTW, I just spent a few minuts nosing around the passport site, and I could not see any information (at least, without signing in) about how one might go about deleting a wallet or an entire account.

Actually the existing hype is pretty funny now in it's own right - from the passport site

Use .NET Passport from any computer on the Internet. Your .NET Passport is protected by powerful online security technology and a strict privacy policy. You control which sites access it.

wow! with powerful online security like this - who needs anything else .. Passport - "One Name, One Password, One way for everyone else to steal your identity and shop online!"

---
Linux - what else would you like to do today?

Just out of curiosity, I checked out the Hotmail version of the Passport signup page.

What I found there was truly frightening, given the context of what's been discussed here. Check out the "Secret Question and Answer" section. I dunno, maybe it's just me, but the idea of them prompting Joe Sixpack to enter any part of his Credit Card info or SSN...

Does anyone outside of Microsoft actually use passport for authentication?

All these companies use Passport as one of their authentication methods.

Passport is an online service that makes it possible for you to use your e-mail address and a single password to sign in--securely--to any Passport participating Web site or service.

You may not display the Logo on any site that disparages Microsoft or its products or services, infringes any Microsoft intellectual property or other rights, or violates any state, federal or international law.

This way, when you give someone your phone number you are giving them your social security noumber, tax number, medical identity, etc.

Oh, but I hear there's a system to manage all that.

• I suggest you go get one

Yup, I just got me postmaster@fbi.gov and postmaster@usdoj.gov (all of the system_accounts@microsoft.com have already gone). I bet we can think of a few more good ones for when they start spamming their victims and/or sending out the "Nobody panic, but there is a tiny chance that your account may have been compromised..." shrieks.

The only information you have to give to get a passport is an email address, (it dosn't even have to be valid) a password and an answer to a stupid "what's your favorite pet?" question. I uggest you go get one yourself, then you might appreciate the risks a little more.

For those that are interested here are links to the:

Passport EULA

Passport Privacy Policy

For those that are interested here are links to the:

Passport EULA

Passport Privacy Policy

Well, not nearly that painlessly. Right now C# for Windows will be the only language with a standard library supporting Passport (as far as I know anyway).

This link says that Passport 1.1 is supported by everything from solaris/netscape to free bsd, linux, hpux, and aix running apache.

While I'm sure that once passport.NET comes out, windows languages will have libraries for accessing it, because it's just xml over http, implementation on any other platform should be a relatively trivial matter. Shake yourself of any mistaken belief that MS must provide a library for every language that any developer cares to code in. Their only responsibility is to provide the interfaces to the service. Anything else is only a convenience to those implementing it.

We need an open successor to Passport immediately. It's inevitable anyway.

Don't bet on it. Sure, there will be competing efforts, but they'll need to provide a compelling model for developers (and the business masters they serve). Realize that Passport will be the lynchpin holding together all of the Hailstorm services. If all a competing service has to offer is SSO/Authentication, it will fail. More than likely, DOTGNU services will have to support both their own auth and Passport auth, assuming they want to have the maximum market reach possible. For DOTGNU services to support only their own auth is as stubborn and stupid as MS supporting only Passport, except that MS has valid reasonse (I'm not approaching whether they're good or not, just that they're valid business-wise) for only supporting Passport.

Yes, you could except I just created 'tomcruise@actor.com' as a passport account, so actually you can't. Why don't you just go to the passport site and try for yourself?

The payment systems they want to use are often cumbersome, and require disclosing far too much information for my comfort. If I'm paying for the right to search for and download articles, why do they need to know what my job is or how much I make every year? No real-world business asks that kind of stuff before they'll let me pay for things.

Ah, but they're starting to. I was in Micro Center the other day to buy a new ethernet card(finally getting DSL) and they're asking me for all kinds of info, and I'm paying cash. I walk into Staples to buy a new trackball(that's all I bought) and they're asking me for info, again, my green is on the counter and that's not good enough. They want to know who I am, not just the color of my money. Radio Shack has done this for years. Because of progenitors like Radio Shack, there are huge databases out there. All Staples asked for was my zip code, but I bet that with that and my name they can access tons of other info about me. Even if I'm paying cash, they ask for this info. Pretty soon the online systems will catch up and they won't ask you for your info for every site anymore. Know why? This is why. Once that is done the online sites won't have "cumbersome" pay systems anymore. But you won't have privacy either.

Steven

Most of the comments that have been modded up have been of the "relax, it's no big deal" variety. This is completely wrong. The issue isn't that this one guy is forced to use Passport. It's a sign of things to come -- sneaking this in under the radar of unsuspecting citizens. I think it's safe to assume Microsoft is going to end up requiring everyone to use Passport in order to use services like Hotmail.

By doing this, they are going to artificially grow their user base by leveraging the web monopoly, which was leveraged from their browser monopoly, which was leveraged by their OS monopoly. This is illegal, because it prevents new entries into the market. It reduces choice and increases the amount of control that a single corporate entity has over the population.

Technology is so complicated that the general populous has no idea what they're doing. Things like this don't get nearly as much attention as political activity but the reprocussions will eventually have just as much impact on our lives. Once the user base gets large enough, they are going to claim the largest membership numbers for this type of service, and will convince other corporations that they have to get on board to survive. It's a perpetual cycle until someone slaps their ass down.

All of this is concerning because it's obvious that Microsoft has no self-control in terms of how far they will go to establish things like HailStorm and Passport. They don't want to bother with whether consumers actually want these services. It's easier to just sign a bunch of deals and use various other corporations to do the enforcement. Some people claim that Passport is a natural way to log into various Microsoft services, and therefore shouldn't be questioned. Trojan horse, folks! Microsoft wants other sites to adopt Passport . Do you think they're give a damn when an ActiveX control is required to log in?

The most important issue here is one of scale. All of this behavior wouldn't be nearly as big of a deal if Microsoft wasn't already a hulking juggernaut. Implementing a prioprietary authentication service isn't dangerous if your company isn't that big. It's up to the market to decide if it's worthy to be adopted. But when you're as big as Microsoft you can force standards on people whether they want them or not.

- Scott
--
Scott Stevenson
WildTofu

Prompted by the last SPAM article I saw on /., I decided to do a little test.

I signed up for a new hotmail acount and nothing else. I sent no mail, I gave the address to no one!
After 2 days, I checked the account. I had received 25+ articles of SPAM!!

Here is what hotmail's privacy policy says about SPAM:
Hotmail: No "Spam"
We do not tolerate our members being the victims of unsolicited e-mail (aka "spam"). We are equally intolerant of Hotmail members sending junk e-mail. Sending junk e-mail from a Hotmail account is cause for that account's termination.

Hotmail promotes responsible Net Commerce and is actively boycotting unsolicited e-mail. Our efforts to fight unsolicited e-mail on the Internet have been noticed by organizations such as spam.abuse.net, who find Hotmail's anti-spam policy to be aggressive and effectual.

No one new that email address, accept for a database tucked away somewhere behind that policy!!
I wonder what spam.abuse.net would think of that?.... See it for yourself at Hotmail Policy

The Passport architecture supports exactly this kind of scenario. Read about how they do it here. You could either have your sites use Passport Single Sign-In, or try to implement something similar yourself.

Agreed.
The pre-pubescent, ill-informed posts by the regular cowards towards MS is clearly proof that they are as blind to these technologies as AOL users are to the internet. But we're all used to mis-information, just use your own mental filter.

I recently implemented Passport into a site and found that the authentication system used is very limited. The object used to call information from the Passport servers is restricted to the information provided by the user when they first register with Passport. You can associate information within your own user information db, but the only real common element is the PUID - a 64bit unique ID. That's it. No credit cards, no addresses, nothing!
For a brief description of what is stored, see http://memberservices.passport.com/HELP/MSRV_HELP_ profile.asp. Of course, if you want to more details, you have to register :(

MS' legal team has obviously done their homework (as they always do), and while this seems like a horror and shock to the lowly users of the internet, it just shows what kind of hype can be generated by actually reading EULAs, contracts, and disclaimers.

"Store information in your Passport wallet that will help you make faster, safer online purchases at any Passport express purchase site." - from Passport.com main page.

Quoting your own advice, perhaps you should "...consider learning about what you're talking about before you go spewing at the mouth."


-

I don't believe the language is as aggressive and overreaching as noted in these posts or in the Register article (http://www.theregister.co.uk/content/4/18002.html ). The language, which is found in the Passport Web Site Term of Use (http://www.passport.com/Consumer/TermsOfUse.asp?P Plcid=1033), states that "By posting messages, uploading files, inputting data, submitting any feedback or suggestions, or engaging in any other form of communication with or through the Passport Web Site . . ." This doesn't say anything about using the Passport technology, just the Passport Web Site. There aren't even any language traps such as "or associated Web sites." I think the subtle distinction is that the language granting MS all rights in the content is limited to content provided specifically "with or through the Passport Web Site," not with or through the Passport technology. Since Hotmail and .NET works independently of the Passport Web Site, MS would have a difficult time claiming ownership of the email or its content even though the Passport technology is used on Hotmail, .NET, etc.

The offensive language is notably absent in the MSN Web Site Terms of Use (http://www.hotmail.msn.com/cgi-bin/dasp/hminfo_sh ell.asp?content=tos&_lang=EN), which govern the use of various MS properties including Hotmail. While I have not seen the Hailstorm terms of use, I would be surprised if MS attempts to alientate its early adopters by including the overreaching language that's in the Passport terms.

In short, I think there's a strong argument against the position that MS owns everything that touches Passport. If MS were to attempt to assert ownership, they would have a dificult road trying to prove to a judge that ownership ever passed from the author to them, since it appears to me that the Passport terms don't do it.

At least that's my argument ;)

See http://www.passport.com/Business/SingleSignInOverv iew.asp?PPlcid=1033 for a high level overview, or http://www.passport.com/DevInfo/Start_Goals.asp?f= 0 for implementation details (requires Passport)

See http://www.passport.com/Business/SingleSignInOverv iew.asp?PPlcid=1033 for a high level overview, or http://www.passport.com/DevInfo/Start_Goals.asp?f= 0 for implementation details (requires Passport)

I just finished reading the orignal posting, and find it very disturbing. I am aware that Hotmail has it's own Terms of Use, and many people has pointed that fact out, but in a quick search I found this line in the Terms of Use for Hotmail. "Some MSN Sites/Services automatically provide you with a Microsoft Passport account when you open an account (e.g. Hotmail, MSN Explorer), to learn more about what a Microsoft Passport is please visit the Passport web site at www.passport.com " I belive this answers the orignal posters question as to weather or not Hotmail is affected, but how does it affect Explorer? How can a Online portal's TOS affect a application? Since I am not a M$ Guru, I am only assumeing that Explorer is refering to the application.

So let's say I'm discussing something techie via e-mail or a discussion forum using the Passport site and by way of example I include a snippet of GPL'd code. My reading of MS's Passport terms tells me that they now have the right to use that snippet of GPL code, create derivative products, etc. Doesn't that collide with the GPL? Sounds like a lawyer's wet dream...

It does not collide with the GPL, because the GPL is the license under which you release your (implicitly) copyrighted work.

The Passport Terms of Service is an attempt to re-hack the copyright issue in their favor by saying that, when you use their service, you are agreeing to give them a free (an is no-compenstation) unlimited license to do whatever they want with any copyrighted material that passes through any Passport-"affiliated" service. (Note the section labeled "License to Microsoft" to see what I mean.)

So in essence, your code could be considered to be under two licenses; the GPL and the MS-specific "AYBABTU" license. (Hey, I like that name...)

Dual-licensing is possible -- IIRC, Mozilla is offered under both the MPL and the GPL now. And I believe Troll Tech still offers Qt under the GPL and the QPL.

Jay (=

heehee - Konqueror has no trouble, assuming this is the page in quo. IIRC that's yet another old Netscape stylesheet bug, where a missing sheet makes an awful mess instead of just being ignored.