Slashdot Mirror
Microsoft vs. Slashdot Update
But, sadly, I can't really tell you much more right now than "we're still working on it" for two reasons:
- We're exploring a lot of angles and doing a lot of research, and in order to maintain attorney-client privilege we must keep all discussions with our lawyer *extremely* private.
- Microsoft's legal people (obviously) read Slashdot.
Meanwhile, Andover.net's management has been totally supportive. Our President, Bruce Twickler, deserves special thanks for his staunch backing and general coolheadedness. And our VP of Corporate Communications, Janet Holian, has done an excellent job of getting information out to other media while letting us work (comparatively) undisturbed.
There are also rays of light from the other end. I've gotten a small but steady trickle of e-mailed support messages from Microsoft workers who are embarrassed by their employer's actions both in rudely extending Kerberos and their attempt to "publish" their proprietary Kerberos extensions while still trying to keep them hidden behind a non-disclosure agreement.
Please bear in mind that many Microsoft employees are perfectly nice people. For all we know, the nice people at Microsoft may yet persuade the not-so-nice ones that there are times when it's better to work with others to establish industry-wide standards than it is to act as if the freedom to innovate belongs only to Microsoft.
(Special message to nice Microsoft people: Here's a quote you may wish to call to your bosses' attention: "...Kerberos is a multivendor standard, so it allows secure interoperability and the potential for single sign-on between the Microsoft world and other vendor environments." If they ask where you got these words, please refer them to this Microsoft.com page.)
Anyway, once again, please accept my personal apology for not being able to share more information with you right now. This is an uncomfortable situation for everyone involved, and we hope that Microsoft chooses to give this story a happy ending as soon as possible.
- Robin "roblimo" Miller
It is often easier to villify an entire organization and all those associated with it rather than take the time to reason out the inner divisions that most likely exist. Thank you for acknowledging those that are trying to take the empire down from the inside :)
Look at it this way. What is Microsoft's greatest asset other than its brand? Its people. The engineers who work there.
How does Microsoft keep them there? Stock options, mostly. The pay is decent, but the main draw is a chunk of the company that is always going up.
What happens when the stock is wounded? People leave. As simple as that. There are tons of other companies out there who would love to have Microsoft's talent (and yes, even though they make a lot of shitty products, the engineers are usually not to blame in the end). By wounding their stock price, you deal a blow far greater than a perceived drop in faith in Microsoft's stock.
- Jeff A. Campbell
- VelociNews (http://www.velocinews.com)
- Jeff
There are several answers. First, as you've already seen, Kerberos provides several features that aren't available in NTLM. Delegation and mutual authentication are both available with Kerberos, but neither is possible with NTLM today. Also, Kerberos is typically faster than NTLM, since each NTLM client authentication requires a server to contact a domain controller. In Kerberos, by contrast, a client can supply the same ticket over and over, and the server can use just that ticket to authenticate the user. There's no need for the server to contact a domain controller each time a user needs to be authenticated. And finally, Kerberos is a multivendor standard, so it allows secure interoperability and the potential for single sign-on between the Microsoft world and other vendor environments.
Any way you look it, Kerberos qualifies as progress. It's nice to see this powerful, secure, but long-neglected protocol move into the limelight. After years of languishing in relative obscurity, Kerberos is about to go mainstream.
This is from the above referenced URL at http://www.microsoft.com/msj/defaulttop.asp?page=
Kerberos is a multivendor standard, so it allows secure interoperability and the potential for single sign-on between the Microsoft world and other vendor environments.
Actually, from what I've seen, The Microsoft 'version' of Kerberos doesn't allow interoperability "between" Microsoft and other vendors....it only allows operability from Microsoft OUT to other vendors, and not IN. (This was plugged into their crappy 'enhancements' to Kerberos.)
After years of languishing in relative obscurity, Kerberos is about to go mainstream.
What? There are two points to be made here. 1.) Kerberos was never really in obscurity. It was a widely used protocol, and was CREATED for the purpose of authentication. NTLM was a piece of crap, and Microsoft admits that now. 2.) Because Kerberos is being woven into Windows, THAT makes it mainstream? Oh please, give me a break. What's funny, is that Microsoft states that "Any way you look at it, Kerberos qualifies as progress.", yet their implementation (If you can call it that) takes a step backward by locking out functionality. Progress? Nah...
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
Hopefully, in the meanwhile, someone will send them a few love letters!!!!
--
Here's my mirror
> I have to admit, I also wonder about the intelligence involved in putting up confidential material on the Web and then getting their knickers in a twist when it's spilled to the masses.
I suspect that, among other motives, MS is hoping to establish a precedent for "clickwrap" to be a valid mechanism for a binding NDA, in addition to being a mere EULA.
--
Sheesh, evil *and* a jerk. -- Jade
I know I'm probably not the first person to think of this, but I want to post it anyway:
Even thought Slashdot/Andover is obviously on the side of right here, you may well lose a long and protracted legal battle. Andover IPO money is great, but Microsoft has misplaced more cash than that. Lawyers cost money and good lawyers cost a LOT of money.
My suggestion- kick them in the PR department. MS has been hit with a tsunami of bad press lately with DOJ rulings, security holes, and general bastardness. Reporters would love to follow those stories up with "Microsoft subverts standards and strongarms little guys". What Roblimo and the crew need to do is run to every media outlet that will listen to them. Also, strike while the iron is hot. The top of the list needs to be The Wall Street Journal. If Monday's front page includes a story about this situation, it would be very damaging. If one mutual fund manager reads about this and says to himself "These are the actions of a company grasping at straws to keep themselves on top of an industry" and sells a ton of MSFT, it's going to put a dent into the net worth of every honcho in Redmond.
Bottom line: Roblimo needs to make this into a battle that Microsoft has no interest in continuing.
Keep fighting the good fight.
-B
It is often easier to vilify an entire organization and all those associated with it rather than take the time to reason out the inner divisions that most likely exist.
It's an interesting question, actually as to whether you should do that or not. On the one hand, a lot of the people there have only a small responsibility for what there doing, unfortunately, that is still a small responsibility. Vilifying an entire organization may be an overstep, but on the other hand it isn't.
The reason is that people in the organization do the same thing. Everyone in Microsoft can say, "I'm not responsible, I'm just doing a little, I'm just following directions" A person in an evil organization feels no guilt, no one there does. So the organization itself doesn't.
Take as example Nazi Germany (not that I'm comparing M$ to The Nazi party, or BillG to Hitler). Everyone there was able to slug off personal responsibility for there actions, it was the organization, not them. But in the end, their efforts led to the death of millions of people. Similarly, everyone at M$ must have some culpability. Ether that, or no one does, and the organization can continue to operate without a conscious.
Everyone at microsoft bares some responsiblity for this, wether they agree with it or not.
ReadThe ReflectionEngine, a cyberpunk style n
I apologize if this doesn't sound very coherent, as I'm having a bad day.
With strict copyright laws, congress is indirectly legislating censorship of the people. By strengthening copyright, companies are able to use legal means to censor anyone they wish, be it other companies, competitors, or consumers. While congress wasn't actively attempting to legislate censorship, inadvertantly they have, to the advantage of corporations who it can now be argued are agents of the government.
That last statement might seem a little strange, so bear with me. It is in the best interests of the government for its companies to do well, to strengthen the economy and keep it strong. They are essentially employing the companies to remain profitable, which they do by censoring others using copyright laws.
Anyway, I'm not against intellectual property; what I *AM* against is congress' obsession with 'protecting' the rights of corporations regardless of the consequences on people's rights. I don't have a problem with copyright per se, but excessive protection of intellectual property is in my opinion unconstitutional: laws passed for a purpose that is not censorhip, and inadvertantly cause censorhip, *are* unconstitutional. The courts have ruled this way before. Government mandated "ratings" on speech are a form of censorship, and aren't tolerated, so it shouldn't be much of a stretch to say government delegated protections on property that promote censorhip are too unconstitutional.
72656B636148206C72655020726568746F6E41207473754A
So anything that is distributed for free can automatically be redistributed? This would mean that it would be possible to record a TV show and then rebroadcast it yourself. This would mean that you can copy articles from your local free weekly newspaper and put them on the Internet at will. This would, essentially, be a complete perversion of the copyright system and would encourage people to charge money for things (if they didn't, they wouldn't get copyright protection).
The Kerberos spec includes empty fields for vendor use. Microsoft used one of these fields; they have no obligation to make info on their use of it public. Yes, it's against the spirit of cooperation, but did you honestly think that Microsoft was a believer in cooperation? I don't think that it's a good or smart move by Microsoft, but in comparison it's not all that evil. It's similar to taking BSD-licensed software and releasing a proprietary modified binary of it. Not great, but not satanic.
Anyway, whether or not what Microsoft did is compatible with open-source ideals has nothing to do with reproducing it illegally. If I believe in open source and get my hands on the MS Office source code, I can't distribute the source code openly. Or, conversely, if I believe in closed source, I can't sell binary-only copies of modified GPL software.
Even after all the hot water the boys in Redmond have been in recently, why do they STILL persist in engaging in various types of manipulation of questionable legality? One would think they would think twice and three times about any moves they would make at this point.
I have to admit, I also wonder about the intelligence involved in putting up confidential material on the Web and then getting their knickers in a twist when it's spilled to the masses. Besides, this is basic 'trade secret' law. If you don't want it on the front page of the Sunday paper, DON'T put it on the Web, encrypted or not! If this was really a 'trade secret' (as opposed to simple 'intellectual property'), then don't they have the responsibility not to hang it out in the wind for all and sundry? Seems to me, they were setting themselves up for this one.
--TC
Think long and hard. Does the Microsoft "extension" to Kerberos merit such coverage?
Does a change to an open, public standard which benefits only its pervertor, merit any protection whatsoever by this clause? If not, does any power which Congress has under the Constitution enable such protection? Do the laws even apply?
I'm not a lawyer, but I'd love to see an answer from one :-)
... who complained when /. got bought by Andover, this should go to show you that it's not necessarily a bad thing. Had they not been, the resources most likely wouldn't be there to fight MS, and we'd probably have to just give in.
Way to go, guys. Keep fighting this.
-- Dr. Eldarion --
It's not what it is, it's something else.
Just so you know, it's no longer 'alleged.' He didn't give much info, but roblimo confirmed the rumors here.
Quick, somebody adapt the gnutella serverless network to a Slashdot-esque forum, just in case MS takes this to court and wins.
We could even have a wall-of-shame with the IP #s of trolls...
---
Dammit, my mom is not a Karma whore!
As for Kerberos, I don't know the details, but I'd guess it's very unlikely that Gates and Ballmer sat in a room cackling somewhere and decided to make a non-interoperable version. MS is too big and -- gasp -- has too many autonomous units doing their own thing for that image of complete totalitarian control to have all that much truth to it.
Personally, I work for a pretty damn ethical group. Where there are standards or standards drafts, we adhere to them. It's only where there aren't standards already coming along in the pipeline that we go our own way.
Actually, one of the posts very blatantly violates Microsoft's copyright.
Actually, it is an interesting legal question as to whether this is true, and I hope it is addressed by a judge. I hope the poster of the entire document steps forward and appeals any decision to remove that post, and fights in court (with our help) this blatant censorship attempt.
It is not illegal to distribute a copy of a copyrighted document if the license that comes with the document specifically allows this (as, for example, the GPL does, and, furthermore, the EULA here does, for purposes of security analysis).
Next, it is not clear whether the alleged copyright is of a PUBLISHED work or an UNPUBLISHED work. The treatment of each is different under the law (the former is allowed more fair use). The letter from Microsoft does not clarify this point, but one might infer from the document itself that it claims to contain trade secrets and thus is UNPUBLISHED, while the fact that it is openly available on the web would indicate that it is a PUBLISHED work. I hope that a judge will find that Microsoft intended this work as unpublished, but because of poor legal advice, posted it as published, and therefore the DMCA does not apply.
Next, it is not clear just what Microsoft claims is covered by its alleged copyright. If it is the Kerberos spec itself, that is copyright MIT, and any later changes to the spec are not necessarily covered by copyright unless they are sufficiently original creative expressions. The document itself only contains arbitrary API data and references to mathematical algorithms--can they truly be protected? Can Microsoft enforce a patent on cascading style sheets if it participates in standards setting with other corporations on this very subject? It is possible that this case might have to be joined with the antitrust case under expedited review so a new remedy is found before appeal of the antitrust case.
Copyright is not an absolute natural right. It has to give way in cases where it is abused by monopolists convicted of antitrust offenses--and guess who that might be here? Kerberos is an open standard that Microsoft appears to be trying to take over for its own monopoly purposes of excluding competition in the network server market. Any attempts to privatize this open standard can been seen as monopolistic and thus not covered by standard intellectual property claims.
If you agree that posters to /. have the right to discuss this whole affair, how is it possible to exclude them from discussing the very document itself and referring to it? And what better way is there, than to post the entire document, or to make a deep link directly to it?
Consider that if Microsoft prevails here, /. will have to monitor all postings and censor them. And /. might have to abolish anonymous postings to comply with Microsoft's demands. Such actions would definitely impede free speech on /. and impose on our First Amendment rights. A judge needs to consider these points under heightened First Amendment scrutiny and not just accept Microsoft's prima facie claim of copyright under the DMCA. (If she does, then the DMCA itself might be overturned.)