Michael Chaney asks Microsoft to Open Kerberos

Remember Michael Chaney? He's the Nashville-based Linux consultant who saved Microsoft's Hotmail service from a Christmas 1999 outage by kindly paying a $35 NSI registration fee for them. Michael has always humbly maintained that this little act of bacon-saving was more of a Slashdot thing than a personal act on his part. Now, in the same spirit of generosity, Michael has some suggestions for the World's Largest Software Company about how to back gracefully away from its most recent attempt to keep its proprietary Kerberos Protocol extensions secret while still appearing to "publish" them.

On Microsoft, Kerberos, Slashdot, and Trade Secrets

A few months ago at an NLUG meeting, I jokingly asked a presenter to reveal his root password to the assemblage, adding "it's just us, we won't tell anybody." The "us" in this case referred to the 50 or so people in the room, and we had a chuckle while the presenter wisely decided against giving us his password.

The point of this story is something that we all know to be obvious: the level of secrecy afforded a piece of information by a recipient of that information is directly related to the way in which the secret piece of information is passed along. A password freely given to all in a user group meeting wouldn't be held in much confidence by the people present; they wouldn't really consider it a secret.

Likewise, it's difficult for anyone to consider a document to be a trade secret if it's posted on a website for anybody to freely download. Yet this is precisely the manner in which Microsoft is distributing their "Microsoft Authorization Data Specification v. 1.0 for Microsoft Windows 2000 Operating Systems," which we know is nothing more than a slightly modified version of Kerberos.

In a click-through (aka "ignorable") license, Microsoft states that their specification is "confidential information and a trade secret," and that "you must take reasonable security precautions... to keep the Specification confidential." Who, exactly, must I keep from knowing this "secret" information? Presumably someone without internet access.

Contrary to [what seems to be] popular opinion within Microsoft, they have nothing to lose from making their products compatible with existing standards. As a matter of fact, strict compatibility actually raises the value of all products, including those from Microsoft. Given that fact, it makes no sense for Microsoft to create an incompatible version of Kerberos. And if they do make an incompatible version of Kerberos, it makes even less sense to restrict access to documentation concerning your "extensions." (I can imagine a Microsoft internal memo: "Embracement achieved, on to step two.")

So the situation as it stands is that Microsoft has released a document that they're claiming is a trade secret and copyrighted, parts of it have been posted to Slashdot, and Microsoft is pulling out the DMCA to get those posts removed. Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.

But I really take offense to the fact that they go a step farther and request that a link be removed, and that instructions on bypassing their goofy EULA be removed. First, we've had plenty of discussions on here about the dangers of sites being forced to remove links; specifically at what level do we decide that a chain of links is no longer offensive. If I link to the Slashdot article that links to an "Unauthorized Copy of the Specification," is that a "crime?" How about a link to a link to a link? At some level, I'm sure I could find a chain that I could follow from Microsoft's own website to the offending Slashdot post (for those of you who wish to try, search for "samba" on Microsoft's site, it'll link to www.samba.org, try to find Slashdot from there).

As for posts "Containing Instructions on How to Bypass the End User License Agreement and Extract the Specification," I'd like to see someone from Microsoft explain how that constitutes a copyright violation, as J.K. Weston has stated (under penalty of perjury, no less). Self-extracting zip files are nothing new, J.K. Weston, nor is the concept of using WinZip to extract their contents.

The most offensive part of this whole ordeal, though, is that it's just been five months since Slashdot bailed Microsoft out when Network Solutions mistakenly shut off the passport.com domain on Christmas Eve. How soon Microsoft forgets! If it wasn't for Slashdot, it's likely that Hotmail would have been down for another day or more after Christmas, and that surely would have been a bigger blow, in terms of PR, than a bunch of Linux advocates solving their problems for them.

It's my not so humble opinion that Microsoft is in the process of making yet another major PR blunder. The company is famous for them, and it couldn't come at a worse time than as the Justice Department is trying to get them split up for doing exactly what they're doing right now: changing the specifications of an open protocol to reduce interoperability with other products.

Here's my advice to Microsoft: drop the silly EULA and make your Specification freely available under the terms of the new GNU Free Documentation License, or something like it. You'll gain some PR points, which you desperately need. This provides you with a way out that allows you to save face.

And my advice to anyone who talks to the press regarding this issue: remind them that it was Slashdot that saved Hotmail over Christmas.

- Michael Chaney

Arrogance.

[Alarmist]

Microsoft's arrogance with regards to the federal government, its customers (prospective and actual), and more or less the world in general is well-known and documented.

If we abide for a moment with the legal fiction that MS Corporation is an entity, then the only reasonable conclusion is that said entity is certifiably insane and not competent to enter into legally-binding contracts.

Really, how could this hogwash stand up in any court of law anywhere that wasn't being bribed senseless by Microsoft?

Who do we tell?

[richardbowers]

As Michael points out, this behavior is exactly what should interest the forces that are right now deciding on Microsoft's future. How do we let them know? Alternately, is this something the mainstream press would be at all interested in?

what I want to know is..

[medicthree]

what makes him think he's someone to be taken seriously? just because he sent in a $35 check and got a lot of publicity? This may sound like flamebait, but it's a serious question. I don't know.. just because someone has gained fame among a particular crowd doesn't mean that he can start preaching to that crowd. Yes, it was neat that he sent a check to NSI. But does that really make him an expert on anything?

Re:what I want to know is..

[pinka]

what makes him think he's someone to be taken seriously? just because he sent in a $35 check and got a lot of publicity?

Essentially yes. Isn't that what goodwill is all about? It struck me as a goodwill post rather than an "expert opinion".

Re:what I want to know is..

[Cyberdyne]

just because he sent in a $35 check and got a lot of publicity?

ISTR he paid by Mastercard :-)

On a more serious note, I live in a country where, IIRC, reverse engineering is specifically permitted, regardless of license conditions, provided it is done for interoperability reasons only. So, I could, perfectly legally, reverse engineer the Win2k bug in order to make Samba+MIT Kerberos interoperable with Win2k. The question is, does the possibility I might be using MS's "secret" published documentation make this more difficult? Equally, is this "EULA" even legally valid? I suspect it wouldn't stand up...

Re:what I want to know is..

[J+Story]

Who cares what device raises a person's public stature? What matters is what he does with it.
His argument seems cogent, and if he alludes to a certain episode in Microsoft's memory of recent embarrassments, so what? There is a small, but finite, chance that it will change Microsoft's mind.

Re:what I want to know is..

[guru_magi]

I think the concept is, it's supposed to be a "favor for a favor." He helped MS out, by doing them a favor, wouldn't have been the end of MS if he didn't do it, but it did make their life a little easier. Now he's asking them to back off on the Kerberous issue.

Re:what I want to know is..

[medicthree]

but he already got a favor back.. they sent him a $5,000 check, which he ended up auctioning off for much more than that (although he did do it for charity).

Re:what I want to know is..

[TufelKinder]

Fame is never a reason to be taken seriously. Which is the reason I ignore most celebrities. (i.e just because Sharon Stone dumps her firearms, does that mean I should?) However, to Microsoft, Michael _should_ mean something, as he saved their ugly little keisters a few more days of embarrassment a few months back.

The reason that I respect what he has to say is because he is right.

Re:what I want to know is..

[Remote]

does that really make him an expert on anything?

Yes, on Ethics.

Re:what I want to know is..

[Kryptonomic]

No, it doesn't make him an expert on anything.

The point is that he has moral high ground and is using it to urge Microsoft to do something that's unnatural to it. If this were a more public and important issue (to general public), Microsoft would have a no-win situation here.

Re:what I want to know is..

[medicthree]

Are you kidding? I'm sorry, but that's just ludicrous. His action was in no way driven by ethics. Just because it wasn't "unethical" doesn't make it an "ethical" action.

Re:what I want to know is..

[saridder]

Then what was driving him? Financial gain? Power? Fame? Sexual appeal? Come on, now. If performing an act of kindness is not considered ethical, then I don't know what is.

Re:what I want to know is..

[Remote]

Just because it wasn't "unethical" doesn't make it an "ethical" action.

What kind of logic is that?

As to what may have driven his actions, Ethics are not about motivations, but about behaviour. The fee was overdue, so the domain was available, he took it, so as to read his e-mail, and gave it back, for he considered it not to be fair to keep the domain. Otherwise, he could have:

• Struggled to keep it or sell it to someone else

  Settled for a good amount of cash

  Framed the check

  Auctioned the check and kept the money

He may have gotten a lot of exposure out of this thing, no doubt, but he played pretty fair against MS, and that fully entitles him to ask MS to follow suit.

Re:what I want to know is..

[Plasmic]

Are you unable to judge an argument based on its logic and rationale? You don't have to be an expert on anything to be able to present intelligent concepts in an eloquent manner. I take people who are unknown, but make sense, more seriously than I take people who are well-know, but wrong.

You seem to take offense to his comments.. "preaching"? He's not preaching to anyone; he's formed an opinion, presented it, and proposed a solution. The basis of his argument is not "I saved the day once, so you should do what I say!" No part of the article hinges on the fact that he's smart man for doing what he did. He lets its merit stand for itself. Why don't you?

Re:what I want to know is..

[lbrlove]

The reputation factor got him in the door, but read his comments to decide whether he is credible or not. The fact that you publicly ask rather than evaluating tells me you have not read his comments in the first place.

-L

Re:what I want to know is..

[348]

Well said! +5 We could use a few more MC's.

Re:what I want to know is..

[Oarboat_7]

He wanted to read the mail in his Hotmail account. He said as much at the time. That's it.

Re:what I want to know is..

[medicthree]

What kind of logic is that?

Very sound logic, actually. If you've ever thought about or studied the subject of ethics at all, you'd know that there are more conditions that need to be met for an action to be ethical other than it just "not being unethical."

Re:what I want to know is..

[Moofie]

Why should he be taken seriously? Umm...perhaps because of the well-thought-out nature of his commentary? Geez...since when do you have to have credentials to write an essay?

Take the arguments for what they are...arguments. They stand on their own, apart from the politics or qualifications of their expressor.

Re:what I want to know is..

[bmasel]

what makes him think he's someone to be taken seriously? just because he sent in a $35 check and got a lot of publicity?...

But does that really make him an expert on anything?

It makes him an expert on publicity, an area in which M$ hired expertise fails.

Re:what I want to know is..

[sumana]

Authority -- what is it? It's what makes you feel like someone is "somebody," a person to be followed, a person whose commands/suggestions you should obey.
Where does authority come from? Tradition -- we've always followed the Brak family. Charisma -- his eyes burn into me, I have no choice but to follow him. And our preferred method in the US, "rational-legal" -- We elected him fair and square, so he has the right to write laws, etc. The last category isn't one of those three classic Weberian ones: authority based on expertise. Well, you're the doctor/engineer/scientist/expert, you know best.
But Mr. Chaney claims none of that. He's not making commands, only suggestions. So he has, let's say, a softened form of authority...he has influence. Yes, the most obvious reason why he has influence is the "fifteen minutes of fame" that come from his saving Hotmail. But behind that is a person who is obviously kind and not entirely selfish, not to mention experienced with Microsoft's behaviour.
In the US especially, anyhow, we tend to believe (more than in some other countries) that people's ideas can be good, no matter whether they have credentials or the right family name. Heck, half the great hackers (maybe more, maybe less) are mostly self-taught. And how is someone going to develop a reputation as "someone to whom we should listen" in the first place without such egalitarianism?
What would it take for you to think of him as authoritative? As someone to hear? Credentials? What kind? Fame? How much?
And why should I listen to you?

Re:what I want to know is..

[I+R+A+Aggie]

what makes him think he's someone to be taken seriously?

Ummm...perhaps because one should judge the message upon the message, not the messanger? That is the point of the web: content is king.

James

Re:what I want to know is..

[medicthree]

Exactly my point. I don't give a crap if his paying the $35 was ethical or unethical. I was trying to bring that to the attention of the poster who claimed he was legitimate because his actions were ethical.

The DMCA

I have to give props to everyone who supports the DMCA. Only in this wonderful USA could we create a law that allows corporations to sue and harrass it's own customers...

The DMCA: Redefining Customer Service

Chaney for president !

[thegreatbadger]

Chaney for president ;-)! Seriously though, Michael's saving of Hotmail hopefully shows the public that it's not just the "rabid Linux zealots" that think that Microsoft's stand on the Kerberos incident is ridiculous.

a kindler. gentler Microsoft

[fred_the_slow]

the ultra-competitive, take-no-prisoners attitude that Microsoft has displayed for most (all?) of its existance is both an asset and a liability. the kerberos issue is just one more example of how that attitude is diffused throughout the organization, and how a systemic remedy is needed.

i doubt that microsoft takes linux, /., and open source very seriously. that is not to say that there are microsoft employees who do takes these matters seriously, but that on the whole it it an insular, self-referential, and arrogant institution.

Re:a kindler. gentler Microsoft

[deuteron]

But aren't the Halloween documents proof that they *are* at least somewhat scared or uncertain? From what I read, they looked at OSS, Linux, etc. as something that was up and coming and a real threat.

Falling on Deaf Ears

[BoLean]

This is a really great letter. Unfortunately we're talking about a company that practices deciept as a standard business tactic. Even if they did release the document under an open licence, they would simply install another catch elsewhere. Perhaps modify the standard yet again or find another method to stop W2K from "hearing" other non-MS applications. I surely don't blame all MS employees. I surely do blame MS managment.

Question for Michael Chaney

[JamesSharman]

If M.C. is reading this: we know that Microsoft sent you a $500 check for your kind restoration of Hotmail. I also remember that you attempted to auction the check of on eBay to raise some money for charity. Can you tell us how much you managed to raise (I expect you had a fair number of fake bids) and where the money went.

Re:Question for Michael Chaney

[kperrier]

If you go to his website linked to in the intro to he request (doublewide.com?) you will see his account of the "saga"

Re:Question for Michael Chaney

[kperrier]

Oops, its http://www.doublewide.net

Re:Question for Michael Chaney

[sampson]

I am not M.C. but from his website, you can see that he gave the check to John of SwiftView inc, which did the following (from their website here):
The nearly famous $500 Chaney Microsoft Hotmail domain registration check was purchased by SwiftView for $7,100. We are donating this money to the Sisters of the Road Cafe' in Portland, Oregon, a small non-profit restaurant feeding hundreds of homeless and low-income residents of Portland's Burnside Community.

Michael Chaney is the original owner of this check and auctioning it for charity is his idea. He is also contributing an additional $2,500 for a total of $9,600. As noted on his site and the links below, he hopes that Microsoft will make an additional contribution.

What Microsoft Has Isn't An open protocol

[SirStanley]

Can't Microsoft be sued for applying the Name Kerberos to their Closed Product. Since it is an Open system, and Microsoft has changed it to NOT work with others. Doesn't that eliminate the whole point behind it? And if so, then isn't this an example of Microsoft Using its power to eliminate Competition?
No never your way, always the Microsoft Way. You have no choice

Offtopic:By the way, I WANT MY QUICKTIME 4 FOR LINUX ALREADY

Re:What Microsoft Has Isn't An open protocol

[xrayspx]

It didn't look like they were calling it Kerberos, now it's "Microsoft Authorization Data Specification v.1.0 for Microsoft Windows 2000 Operating Systems". Of course it would be very nice if it was "...2000 and *nix Operating Systems".

Why is nothing ever easy with these guys. I can still buy an "upgrade" to MS-DOS 6.22 or Win3.1 from PCConnection for like $30 something. JUST LET IT GO.

A session with Mr. Gates

[tcd004]

Assistant: Mr. Gates, a Mr. Michael Chaney is on the phone.

Gates: Who?

Assistant: Chaney, you know, the guy who saved hotmail for us?

Gates:Michael who?

tcd004

Here's my Microsoft Parody, where's yours?

More 15 Minutes a good thing...

[AntiPasto]

I think it's a good thing, that someone in the position of irony can use it... Lots of /. readers would probably want to say the same things, but its good to have a name saying the voice, and it's quite cool that it's a guy with a record in M$ side-jabs ;)

Interoperability is a net negative for MSFT

[sigmond]

As a monopoly MSFT clearly has much to gain from poor interoperability. They control the vast majority of desktops which need to authenticate to network resources. If authentication the Microsoft way becomes the de-facto standard for many organizations MSFT benefits by being the vendor with the best interoperability with its own products. Other vendors can interoperate, but only as long as MSFT releases the specifications for their "enhancement" and only _after_ MSFT has implemented the enhancement in their own product. MSFT benefits as the "first mover" in a situation where only they can move first.

Re:Interoperability is a net negative for MSFT

[Borealis]

I agree with your comments in spirit, but I think that such a viewpoint would be flawed (not that this has stopped MS in the past). Many large IT departments don't have the flexibility to adopt a pure microsoft solution, nor is it likely that MS will be able to provide a reasonable solution for many business/operating needs.

To enforce this will actually drive markets away from them. Interoperability is a foundation of so much business that they could well disqualify themselves by failing to be interoperable.

Re:Interoperability is a net negative for MSFT

[medcalf]

Having just finished a project where I was designing a method to integrate Win2K into an existing mixed-platform UNIX/NT environment, let me add a few things.

When attempting to integrate Active Directory with existing LDAP directories, MicroSoft's position is that Active Directory is LDAP. Technically true, since LDAP is an access protocol, but MS is monkeying with the system deliberately in order to prevent data synchronization unless you use not only Active Directory, but also MS's recently-acquired meta-directory (formerly Zoomit Via). Their directory can accomodate LDAP clients, but adds a lot of extensions and doesn't replicate well with systems that don't extend LDAP in ways not permitted by the standards.

When attempting to replace NIS (for scalability reasons), and attempting to get to a single authentication method for UNIX and Win2K, the only real answer is to use kerberos from the UNIX boxen with AD as the KDC, or to use Services for UNIX (an MS product), which will allow you to use AD as your NIS server. This of course won't work if you want to use someone else's KDC (since Win2K needs ACL information in the auth_data field of the kerberos cert) or if DCE is part of your product mix. MicroSoft's position is that it will work. Again, it will do so until you consider the real world.

I could go on, but I think that the point is made. MS has made it so that if you implement Win2K, you will also turn control of DNS, DHCP, LDAP, Kerberos, NIS and a number of other products over to MS, because Win2K will not work and play well with others. What scares me is what happens when Windows 2004 comes out and redefines name services, address assignment and the like. Do MS's enterprise customers then have to roll over and take it, because the cost of pulling out Windows will be higher than the cost of surrender?

A little quid pro quo, Agent Starling?

[M-2]

For those that ask "who is this guy and why should we care about this?":

He may be hoping that someone at Microsoft will remember who he is and what he did... and their brains will kick in and they'll listen to him speak in a pleasant, calm, rational, grits-free, petrification-free tone of voice.

And if it works, great. There has to be someone rational inside Microsoft....

....right?
----

EULA

[PopeAlien]

I know that this has been gone over and over.. But how can a EULA in an EXE be binding? Using an unzip program is hardly "cracking".. This sounds like one of those nice items thrown into the UCITA.. Agree to the terms.. THEN we'll show you the terms that you are agreeing to.
-

Re:EULA

[bauble]

I know that this has been gone over and over.. But how can a EULA in an EXE be binding?

You're confusing technical issues with legal issues. Consider these analogies:

I have a book that says "No part of this publication may be reproduced ..." on page 3. Skipping directly to page 5 does not mean that I'm exempt from this legally binding statement.

I cover my eyes during the FBI warning at the beginning of videos. I still can't copy them.

They are not required to force you to read and agree to a license. That's just to drive the point home and to make it harder for you to say "license? what license?" on the witness stand.

Re:EULA

[orcrist]

I have a book that says "No part of this publication may be reproduced ..." on page 3. Skipping directly to page 5 does not mean that I'm exempt from this legally binding statement.

I cover my eyes during the FBI warning at the beginning of videos. I still can't copy them.

The illegality of copying the above mentioned book and movie does not derive from the warnings; the warnings are just to remind you of that fact that it's illegal to copy them.

They are not licenses and they do not restrict fair use; thus a movie about MS's extensions to Kerberos could not be reproduced in whole without permission, but you could still use the description therein to implement them.

Chris

Re:EULA

[rlk]

"No part of this publication may be reproduced..." isn't a EULA any more than the GPL is. Copyright in general allows non-holders only very limited reproduction rights, and the statement at the beginning of the book doesn't forbid anything that copyright law already forbids. Likewise, the GPL grants strictly more rights than copyright law does.

If the book stated something like "the information contained herein may be used only for purpose X" or "this book may not be resold without written permission of the publisher", on the other hand, the situations would be more comparable. Part of US copyright law (the "first sale doctrine") allows someone who owns a legal copy the right to resell it and otherwise dispose of it. The INSTANCE of the book is entirely owned by the person who bought it. What isn't allowed is copying it, beyond certain points (e. g. excerpting short passages for review).

The problem here is that Microsoft is putting something on an open web site, offering it for download, and then claiming that use of the information contained in it is restricted (as opposed to merely stating that copying of the information is out).

I think that it's reasonable for Microsoft to ask that the actual copies posted to Slashdot be taken off. They do hold the copyright on the particular expression of the specs. On the other hand, asking that links be removed, or the fact that it can simply be unzipped, strikes me (who's not a lawyer) as ridiculous.

Re:EULA

[platypus]

I have a book that says "No part of this publication may be reproduced ..." on page 3. Skipping directly to page 5 does not mean that I'm exempt from this legally binding statement.

Let's forget the books are always copyrighted without written disclaimer.
But what if this "No part of this publication may be reproduced ..." was written in arabic letters while the rest is in english, is it still legal binding in the US?

IOW, tell me how to read the EULA in Linux (without vmware and wine). IIRC it's possible to unpack that thingy in linux, there's a cab-library for linux and that document was a self extracting .cab (not .zip!)

Re:EULA

[bauble]

Don't get me wrong. I am making no statement about the validity of the EULA. I understand that there are problems with the EULA. I was simply stating that the mechanism of the EULA's publication (in an EXE rather than ascii, or paper) does not diminish its power.

The original poster was suggesting that the license was invalid because it was in an EXE and others have suggested that they were not affected by the EULA because the avoided it via winzip. These suggestions are incorrect.

The analogies were only meant to point out that ignoring a legal statement (copyright notice, licence agreement, whatever) does not free you from it. That is the ONLY way that I meant the EULA and book examples are similar.

Re:EULA

[0x0000]

there's a cab-library for linux

No doubt the CAB library is illegal, as well. Now that you've mentioned it in public, they'll be after that as well.

M$ wants to be able to scan your filesystem for "illegal" software and data. Do you think they'll skip your system just because you're running Linux?

The GNU Document License idea is a nice idea. If M$ picks up on it, they'll be due some slack from the Open Source community, but I have small hope that will happen. The Open Source community as a whole still has no idea just how serious Gates & Compnay really are about Total World Dominion.

When legal and governmental processes depend on your systems, you don't need PR. M$ demands that you obey, not that you like it.

Is the M$ monoculture an example of inbreeding or replication by division?

Re:EULA

[phil+reed]

But what if this "No part of this publication may be reproduced ..." was written in arabic letters while the rest is in english, is it still legal binding in the US?

Yes. As was pointed out above, it's a reminder, not a license.


...phil

Re:EULA

[remande]

Do not confuse a license with a copyright.

Copyright notices only inform the reader (viewer, listener, etc.) of restrictions that are already in place. There is nothing to agree to; the copyright is enforced by law.

A license agreement, OTOH, is by definition something you either agree to or do not. And a license is a restriction on use, not reading or viewing.

If I own a book, the book has a copyright on it but no license. By law (not agreement), I am forbidden from doing things like ripping out the pages and photocopying it, or scanning it onto the Web. I am expressly forbidden from copying it.

However, there are no end to things I can do with that book. I can give it to somebody. I can lend it out. I can resell it. I can mark it up with a highlighter. I can even use the author's own words against him or her.

Imagine this: I buy a book written by somebody I dislike. I can then write an editorial, tearing his views apart, using little pieces from the book to do so (this is "fair use", so I don't violate copyright law). This is all completely legal.

Now what if he puts something in the introduction: "By reading this book, you agree not to critique, insult, or inconvenience the author in any way".

Guess what? I can do exactly what I intend to do just as if that wasn't in the book. I read the agreement, I am aware of the agreement, but I don't agree with the agreement. Reading a book doesn't require me to agree with anything written in it. There is no law backing that statement up, unless UCITA applies to books as well (and then only in Virginia?).

If there is such a law, we're all in for a world of hurts. Consider the following scenarios.

You go to a movie. The film company got a huge investment from Pepsi. Not only does the movie show a number of people drinking Pepsi products, but an opening crawl before the opening credits states "By watching this film, you agree never to purchase products by the Coca-Cola Company". And if you think that's bad, wait until it comes out on video and they start playing it on transcontinental flights (where you can't walk out of the theatre).

You tune in a Pearl Jam song on the radio. The latest hit has Eddie Vedder singing the chorus "By listening to this song/you agree to not do wrong/to stop paying those bastards/that work at TicketMaster".

And my personal favorite:

By reading this post, the Slashdotter agrees to pay me $20. $30 for Anonymous Cowards.

Re:EULA

[Alex+Belits]

As I see it, EULA is only valid if it is presented at the moment before transaction is performed -- Microsoft may think that running self-extracting executable is a transaction that makes the text of specification available. However then ff transaction can be performed without the user doing anything that may indicate that he accepts the license (uncompressing the file without running it), then only copyright applies, with all fair use provisions untouched.

Of course, there are other issues that may invalidate the EULA even if it was accepted, and may invalidate the claims about trade secrets (you can't call something a secret and distribute it to everyone undiscriminately, so if something was taken from Microsoft, it definitely wasn't a secret).

Re:EULA

[rlk]

Well, suppose the end user can't actually see the EULA? A Linux user unzips it (the most reasonable way to try to access it). How can he see the EULA to even know the terms?

Give them enough rope...

[Zordak]

I think we should let M$ go on their merry way. Let them have all the rope they need to hang themselves. If they keep doing what they're doing, they'll get split up, people will get sick of them, and the software and OS market will once again be competitive. Competition stimulates growth. I for one look forward to MS-Office for Linux (produced by a software division uleashed from the OS division).

Re:Give them enough rope...

[dbrutus]

Given that Office for the Macintosh is going to go to Carbon or Cocoa for the next version, it is likely to be trivial to make it run on other Unix operating systems beyond the Darwin based Mac OS X.

If Microsoft wanted to maximize revenue, they could always outsource the port to a software house that specializes in such things and just watch the checks come in.

DB

Microsoft's Fear of Innovation

[Analysis+Paralysis]

The only companies who need proprietary extensions are those who know that the competition could produce better products with them.

This level of reasoning probably explains the Microsoft PR babble we have had to suffer about how breaking them up will harm the computer industry, damage the economy, speed up global warming, cause the death of every first-born child, rant, rant...

pr points needed indeed

[geekpress]

MS does indeed need some serious PR points these days. But it seems that the left hand of their legal department doesn't know what their right hand is doing. Or the left hand doesn't care. Or it is stupid. Or something.

Being a libertarian, I don't believe that anti-trust laws are a good thing at all. Most monopolies exist as a result of government mandate. In the case of other near-monopolies (such as Standard Oil), consumers didn't benefit at all by government intervention. (The price of oil rose, in fact.)

But really, MS has this absurd attitude of "I will do what I want, everyone but us be damned!" So really, waht Bill Gates needs is a good tuning up by Andy Sipowitz in some grungy interview room of the 15th squad.

Cool stuff on GeekPress: Chinese engineer wins site's jackpot, but collecting is tricky / How to Hack a Bank / Helmet o'Death, Almost

-- Diana Hsieh

Re:pr points needed indeed

[axolotl]

So you're a libertarian and yet you're moaning because Microsoft do what the hell they please? That sounds kinda stoopid to me. Duh...

Re:pr points needed indeed

[adb]

Just out of curiosity, do you, as a libertarian,
support copyright law? After all, it is a
government-imposed monopoly on the production
and distribution of a particular class of good --
i.e., physical works sufficiently similar to
some other physical work.

Microsoft's Problem

It seems to me that Microsofts biggest problem in this issue is trying to keep the life-blood of the technical community from being knowledgeable about there products. How can they expect IT professionals to be able to fully support their system if they can't have access to all the protocols, ect. used by the system. I think we would all agree that Microsoft needs to get their heads out of their "buttocks" and get with the program.

Re:Microsoft's Problem

[Alarmist]

It seems to me that Microsofts biggest problem in this issue is trying to keep the life-blood of the technical community from being knowledgeable about there products. How can they expect IT professionals to be able to fully support their system if they can't have access to all the protocols, ect. used by the system.

That's the point. If nobody but Microsoft knows how to fix it when it breaks, and it breaks all the time, then Microsoft can charge an arm and a leg for it and make tons of money.

It's sad how transparent that little plan is. What's sadder is that it's working.

"under penalty of perjury"

[FascDot+Killed+My+Pr]

This is the second or third time I've heard J.K. Weston's claims being referred to as false and therefore illegal themselves.

So who is suing him?
--
Have Exchange users? Want to run Linux? Can't afford OpenMail?

Re:"under penalty of perjury"

[MarkKomus]

As I understand it "under penalty of perjury" just means that you are saying legally what you said is true, and if it is proved that what you said is false you can be convicted of perjury.

It does not mean the claims are false, or anyone is suing you.

Re:"under penalty of perjury"

[dbrutus]

IANAL but I believe that you have to know that it was false or have a reckless disregard for the truth. If he honestly thought it was true, he's pretty well covered from a perjury rap.

DB

Microsoft In The News(TM)

[ryan360]

Is it me, or is Microsoft been getting some bad publicity lately? Kerberos-this and Outlook-that... whatever happened to the Slashdot headlines like "Microsoft donates $50,000 to open source development" or "Microsoft plants a tree" or "Microsoft implements cross-platform media initiative"?

Re:Microsoft In The News(TM)

[Black+Parrot]

> Is it me, or is Microsoft been getting some bad publicity lately?

Yes. And no. The regular media is still lapping up their... whatever.

For example, I watched a bit of CNN on the telly this morning. Their "coverage" of E3 was essentially a three minute commercial for the X-Box.

And MS didn't even have to pay for the coverage.

--

Re:Microsoft In The News(TM)

[jafac]

Well, they've done something about one of my pet peeves:

http://dailynews.yahoo.com/h/ap/20000516/tc/micr osoft_virus_block_2.html
(making it harder for someone to unwittingly execute a trojan horse email attachment - thus curtailing their global spread. Sure it makes SOME email functionality a bit less convenient, but it's a small price to pay)

and:
http://biz.yahoo.com/rf/000516/l16495316.html
(to fight a really nasty parasite)

All in all, not bad, really, and I'm as rabidly anti-Microsoft as they come. Way to go, Bill, you're not all bad. Now just get rid of these bogus "out of virtual memory" errors.



I just remembered this old Metallica song. . .

Re:Microsoft In The News(TM)

[dazed-n-confused]

SatireWire (formerly FNWire) has the Good News: Gates' "Kindness" Unrelated to Trial: Company Says It's Not Behind Spate of Charitable Works Stories in Press.

LMAO

[Black+Parrot]

> Oops, its http://www.doublewide.net

From the link:

On January 15, 2000, I received the check from Microsoft for $500, in addition to a new copy of Visual Studio 6.0 (which I need to compile and run the decss program to decode my DVD's so that I can play them under Linux).

It doesn't get much funnier than that.

--

Re:LMAO

[penguinicide]

which I need to compile and run the decss program to decode my DVD's so that I can play them under Linux

Does that mean that Microsoft could be held liable in the DeCSS thing? Visual Studio was needed to compile DeCSS. Wouldn't that make it a tool to help circumvent copy protections? (DeCSS won't run when it's not compiled)

Think of it as linking to a site with the offending content (or a link to a link). "Auxiliary offender".

Maybe Try Reverse Psycology

[iv]

Microsoft will never open Kerberos now that Slashdot has suggested it. Taking advice from Slashdot would be a sign of Microsoft giving in.

Maybe next time we should try reverse psycology on them. You know, sarcastically say "Microsoft, don't open up Kerberos...... that would be a BAD thing. No, really, stop it. Don't split. Don't fire Billy Gates. Don't make a reliable OS that doesn't crash every half hour.....".

Maybe, just maybe, they'll fall for it. ;-)

Now, now, play nice...

I don't think it has anything to do with MC's quest for fame. He raises a serious issue, and he does it because he's an interoperability advocate, not because he bailed MS out. He probably would be doing this in any case. It's because he saved MS that it's ironic.

Akardam "Waiting for Slashdot to mail me my password..." Out
Everything but TheKitchenSink - www.akardam.net

Re:Isn't your...

[levl289]

christ people have a sense of humor!

Q: What do you think about American Culture?
A: I think it's a good idea.

Still don't get this internet thing, eh?

[HarryCaul]

Yes, that is in fact how things work now. You get some attention for yourself and then people listen to you. Of course, it's always been this way, it's just easier to leverage attention with the net. Good or bad, it's the way of the future- embrace and extend this model for yourself

Great Article

[WebTurtle]

This is a very well articulated and well argued article. When I read the headline and who it was from, I thought as many other posters seem to : just because he saved M$'s bacon doesn't make him qualified to start handing out advice. But, after reading his article I am willing to judge him by its merit. And It was a great article. He makes several good points, particularly in regards to the obvousness that this can hardly be considered a trade secret.

However, I would like to address one part of his post that he left open:

Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.

It is clearly a challenge to the concept of OSS and the GPL. If they can prevail over the community by succeeding in keeping their kerberos "extension" closed source, they win. If they can simultaneously do a little media spinning that shows how lawless OSS advocates are, they win twice. By this I mean that "everyone" knows that Slashdot is a haven for rabid OSS zealots who do nothing but pirate software, trade illegal MP3s on Napster, and read that damn anti-corporatist Noam Chomsky all day long. If M$ can show that these types of people will stop at nothing, including violating license agreements, publishing trade secrets, and being generally abusive towards all things corporate, then they will help stem the tide of converts. It will damage the reputation of OSS and the Free Software movement. It will make conservative businessmen (who outnumber the liberals) baised against OSS in their organizations, etc.

We as a community need to be on guard against these tactics. One good court case taht goes against OSS on top of everything else that is happening regarding the RIAA, MPAA, DeCSS, MP3.com, Napster, etc. and we will have taht much more difficulty gaining broad acceptance. And M$ will have that much more sway over people's opinions.

Certainly they can try to slow the OSS movement down, and give it a bad name, but it can never be stopped unless precedents and laws get in the way of progress and evolution.

Re:Great Article

[flibbertigibbet]

You're scaring me.

Re:Great Article

[phee]

You're scaring me.

Good.... for when one becomes scared, one's eyes become their most open, and suddenly things which were hidden before become clearly visible, as if you had taken the red pill....

"The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness."

Re:Great Article

[phee]

Some of you idiot moderators wouldn't know a good post if it poured hot grits all over your keyboard. Here I am, telling you how to Save The World, and you moderate it down.

It sure as hell won't shut me up, though.

"The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness."

Re:Great Article

[squee]

i'm not sure i completely agree with your standpoint... i need to think more on it. But this is interesting: the boston tea party was actualy acting against a Corporation directly, NOT a government. A MONOPOLY non the less. sound like anyone we know?

Re:Great Article

[0x0000]

Sounds like civil disobedience at its best to me... except the target is a corporation instead of a government. Why shouldn't it apply? The Boston Tea Party was the beginning of the end for the British oppressors... perhaps the Kerberos De-Licensing Party could be the beginning of the end for Microsoft. Hey, we had to sit through World History in school; might as well get SOME use out of it.

This idea seems basically sound, to me, and you may as well skip the rest of this if you don't agree... I think it is time to make a statement of total dissatisfaction with the situation.... however...

Seriously. What if every Slashdot reader put up a web site with the M$ Kerbero$ spec on it? Or any of their other "trade secrets" that are designed to keep us all under their thumb so they can continue to dictate to us what we're allowed to consider "innovative?" Would they sue ALL of us?

I think posting the K spec would be a bit like what would have happened if the participants in the Tea Party had each taken home a crate of tea and displayed in front of their house. The tea was destroyed as a demonstration of contempt for unfair laws. The participants remained anonymous to the authorities until the shooting started. A boycott of tea was also part of the plan, if iirc.

If you talk about boycotting the K spec, you have played into M$ game, since they don't want you using it anyway. If you you could assure a corporate boycott of kerebros, that would be a bit different, since that would disrupt the M$ plan to destroy the unix server market. Unfortunately, individual users cannot assure a corporate boycott of any M$ product.

I think this is important to remember. M$ is basically amused about individual users. To M$ the user is a regrettable necesity. They don't give a shit if you run Linux, as long as you are forced to use M$ at work. If you want to do any damage in an attack on M$, the corporate market has to be the field.

I do want to point out, though, that if the corporate servers do succumb, there will be an impact on private users that I have not seen mentioned yet. I.e. logon authentication/authorization to ISP/telco servers running M$ may no longer be available to *nix users, legally. I am not enough of an expert in the field to say with certainty that this would be the case. Could someone with more expertise in the field comment?

It occurs to me that, with M$ ongoing effort to control telcos and service providers world-wide, there will be move en masse to M$ servers in that industry. We're already starting to see this. If *nix can't authenticate/authorize, access is denied, and the platform dies.

That's the brilliance and the power of Civil Disobedience: so many people are acting up that they can't possibly control them all and eventually the "troublemakers" change popular opinion 180 degrees. All it takes is to get everyone to listen to your point of view long enough to change theirs. Sure, some people do get martyred along the way, just like in all wars, but to minimize the losses we could even put a copy of the EULA at the top of the page;

Casualties. The Boston Tea Party took place before the actual start of the war, iirc, and is considered a seminal event leading up to the "Shot heard round the world." Before shots were fired at Concord Bridge (I'm doing this from decades old memories, btw, feel free to correct my Amerikan history) a militia was formed, trained, armed, and readied to act at a moments notice.

I think the concept of a militia is important. I see no reason to believe that M$ is not already fully prepared militarily for eventualities such as this. Once shots are fired, retaliation will be immeadiate and probably devastatingly strong from the POV of an individual or community of individuals.

Use your imagination. Push button DDoS attacks. They certainly have the resources. Databases of known dissidents. Backdoor access to government and corporate data. You will be able to rely on neither anonymity nor accuracy of the information about you in public or private databases. Any thing running M$ software could be corrupted.

Remeber, we are talking about a multinational corporation with resources unmatched by any world governent. They have nothing better to do with those resources than to spend a few $100k per individual wiping a few thousand dissidents off the face of the net. It's chump change to M$ if they feel their market share is threatened.

You won't have legal recourse once GW is elected, either. M$ will have the feds in their pocket to a substantially greater extent than they already do. I suspect that it is currently only a few black-budget special-ops agencies, right now (think Waco), along with some portion of the legislative branch. After November, they will have the Executive branch, as well.

Expect to see the rise of a "Brown Shirt" movement as well. I expect that they will have a significant political agenda aside from computer networking issues, but I don't expect "pinko-commie-hacker-faggot Linux users" will be very popular with them either (Finland is a "furrin cuntry", after all).

My crystal ball also tells me that the Brown Shirts will be a populist movement, probably fronted by a popular right-wing media figure, probably Rush Limbaugh or somebody of his ilk, who will, in passing, defend the oppressed amerikan capitalist corporation as an institution. These activities, while not eliminating more than a few of the non-Microsofties, will lend popular media support to the idea that the *nix community are undesirables, and should be made to wear pictures of Penguins on their forheads, or something. This will give rise to legislation that will make using "Open" operating systems (servers), illegal for private individuals, since non-M$ boxen will be "known centers of anti-social/illegal activities".

Expect that creation of virii will be definitively tied to the open source community in the public's mind before the end of the summer of 2000.

"Don't read below this line unless you agree with this license!" Wouldn't that keep them happy? It's just as much "protection" as they gave it themselves... which is, after all, all the EULA asks of you; if a freely-downloadable self-extracting ZIP file is "reasonable security precautions," an adult porn site type of disclaimer should be as well. If I had more than just a T1, I'd use my own site... but alas, a single T1 cannot withstand the full fury of the Slashdot Effect. If someone wants to donate a nice OC-3 line to the cause...

Face it, we've been set up. Nothing is going to satisfy M$ at this point.

Civil Disobedience is the reason America exists today. It ain't a perfect country, but it ain't all that bad either; it's just Big Busine$$ and the Government that are screwing it up for all of us. There are some damn nice, considerate, freedom-loving people living here... it's just that most of them have grown so complacent living in their big homes with the couch in front of the TV and the refrigerator and the well-worn path in the carpet connecting the two that they don't think it's worth it to cause trouble because it'll lead to a lessening of their personal comfort and safety. "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." Ben Franklin. A very wise man.

There is another key difference between this revolution and the first amerikan revolution: The British were not a fascist people. The monarchy may have been corrupt, the tea companies huge and powerful, but there were ethical limits to the atrocities which they could stomach. M$ knows no such limits.

M$ has been practicing fascism for fun and profit. They like it so much, they are financing a fascist movement within the US Federal Gov, much as GW Bush's ancestor's did in Germany before and during WWII. The new regime will favor the M$ model of "business as a cult" in both the economic and social sense. Linux users and Open Sourcers who think they are "geeks" now, will learn the meaning of the word "ostracized".

So what's it going to be? Put corporations in their places and keep MICROS~1 from doing things like this to us for all eternity, or just keep wearing that path in the carpet thinner and thinner until we're too old and tired to do anything about it and leave it for our children, grandchildren, great-grandchildren, etc to deal with?

A very austute question. Wish I had a good answer. One thing I know is, to win, you will need a way to threaten M$ with significant damage. That means a serious threat to their cash flow. Furthermore, you will be going up against the feds over it after Nov 2000. That can be nasty, as any veteran of the 1960's can tell you, and frankly, I don't see a snowball's chance in hell of winning it. We are watching the rise of the Fourth Reich (sp?).

WE are the people who give the government its power; we pay to keep it in operation, and we expect it to work in our best interest. Hence the phrase "...of the people, by the people, for the people." Who here still thinks the government is for people? Nope; not unless the definition of "the people" is "big business".

I don't think any thinking person at this point could legitimately claim that the amerikan government has any use for the citizens except as cannon fodder and/or a source of revenue. The purpose of government at this point is to maintain order so that revenue continues to flow. Anything that disrupts that will be dealt with harshly. The amerikan people no longer own their government, the coroporations do.

WE are the people who contribute vast portions of our income to Big Business in this country; without our support, they wouldn't exist. Are we "contributing," or is it being "contributed" for us?

I think when the selection of goods upon which we spend our incomes is limited to the point where choices are premade for us, money ceases to be a value. We are simply machines producing an output. This is symptomatic of totalitarianism. The economy is an artificial construct....

How many of you think Windows 2000 is worth $1,000? $500? $100? $1.79? [etc]

It has been said that information is the currency of the day. How much information are you willing to give up to run M$ products? Note that M$ has gone into content production for encyclopedias, etc, the traditional repositories of information. Does the phrase "re-write history" signify? Our losses stand to be significantly more serious than dollars and cents, especially with the book-burning mentality so popular with the right-wing fundies.

So here we are, paying the Government and Microsoft to screw us over. They're both doing it, trust me. And why? WHY? Why do people keep buying into the bullshit? Why can't they just open their eyes, look at their Blue Screens of Death, and realize that the automotive industry is only ONE place where Lemon Laws should apply? The fact that they all think there are no other options (something all of US know is patently ludicrous), that's why.

[truly eloquent rant snipped for space; this is really terribly long]

I think it is critically important to realize that M$ goal is not wealth per se, it is power. Recall, M$ is a cult. Wealth is only a means to an end. Computers and networking are evolving into what the power brokers can only see as the ultimate propaganda machine, complete with full feedback loop.

This whole scenario is the stuff of nightmare, imo. I am curious about what sort of international support the US Open Source movement will be able to garner. What sort of trade sanctions would other nations be willing to endure to see us get our country back? The WTO has already threatened Germany with sanctions if they do not open their telcos to foreign (M$) investment...

What elements of government and industry within the US are willing to contibute to the return to a free society? It has to be obvious to the US military at this point that our national security has been compromised my the absorption of M$ products into the operations of federal and state governments. M$, not the government, controls the computers that are used to perform the day-to-day tasks of governing.

These are questions are critical to survival of the movement.

How much of the bombing in the balkans took place in order to open markets to "upgraded" systems and software? Can linux-freindly countries that may be willing to accept refugees during the coming conflict expect to have to engage in actual military war in order to protect their freedom to choose?

The counter-culture of the 1960's folded on the question of "you say you want a revolution?" If anyone now chooses to answer in the affirmative, understand that you are going up against an entrenched establishment that a previous generation back away from. This establishment has had 40 years to develop the tech and the psych techniques to make certain they are not threatened in the same manner again. They are willing to kill you to make their point: Obey.

All they want is the entire output of your productive labour for the duration of your life. Money is irrelevant as long as you keep producing. M$ has gained power by providing a channel for that work. Sure, you can program, but only within the M$ paradigm if you want to make a living at it. Otherwise you might produce something dagerous to the status quo. Something that will show their money for the lie that it is. Something that will point out in no uncertain terms that we are all just slaves to the system, expendable at some precalculated limit.

Finally, note that if conflict is eliminated, the need for a centralized power structure goes away. We will be served up heapin' helpin's of tailor-made opportunities to spend our energy on trivial issues which dissapate our power. All such will be made much of in the media, in order to assure us that it is important, while the real issues pass us by unnoticed.

So, the short answer is no, I don't think posting the K spec anywhere will do any good. In fact the K spec itself is probably irrelevent. We should look around, find out what they're doing with their other hand, and try to do some real damage.

...and if you made it this far, you probably understand what I am going to say next, to wit...

This entire post is a pack of lies. I made it up out of whole cloth, and anyone who believes any of it is probably a sociopath who should carefully consider what is meant by the term "satire".

Paranoia: How much of VA Linux stock is owned by M$ proxy corps?

Kudos

[Dr+Caleb]

Once again I appaud Mr. Chaney for his act of selflessness at trying to resolve a conflict between parties.
IMHO, it's no different that helping a stranded motorist change a flat tire. An act that in itself expects no rewards. Just the feeling of doing something right for your own piece of mind.
The only trouble is, you're dealing with Microsoft here. During that selfless act, you never expect that motorist to hit you over the head with a tire iron and steal your wallet and car :-)
I truly hope they get themselves out of the corner they've painted themselves into. It would save them face, Slashdot lawyers fees and us techs quite a few headaches in trying to get this to interoperate with standard versions of Kerberos.

Perhaps Win2k SP2 will include changes to Kerberos to put it back to the standard operability that it was designed for.

Why don't we just get it over with?

[Tony+Hammitt]

What at this point is stopping us from just reverse engineering the stupid M$ extension and removing their last possible thing to say about this issue? Is anybody working on this already?

The way I see it, when the disputed, disturbed specification is in GPL'd source code, they won't have any legal recourse. Why sue someone to remove a link to something that is already implemented?

How badly could they have screwed it up? This is _microsoft_ we're talking about here! They couldn't code their way out of a wet paper bag. How much work could it possibly be? A couple of days for some UberhHacker?

Once the fix is GPL'd, with no authors mentioned anywhere, who could they sue? What would they sue? It's like Gnutella; who do you persecute?

Maybe I'm just naive but this seems pretty obvious at this point.

Re:Why don't we just get it over with?

[MarkCC]

>What at this point is stopping us from just reverse engineering the stupid M$ extension and removing their last
>possible thing to say about this issue? Is anybody working on this already?

The problem is that Microsoft has made that nearly impossible. To publically release a reverse engineered version of Microsoft's Kerberos extensions, the authors would need to be able to prove that they had no access to Microsoft's trade secrets. The "public release" of that information, and its posting to slashdot has made it effectively impossible for anyone to prove that they did a true "clean room" reverse engineering based reimplementation.

The GPL trick also won't work. GPL is a copyright license; without an author who owns the copyright,
the copyright is meaningless. An owner of the copyright must be established in order to make the
copyright enforceable.

Second, even if you could GPL it, that still wouldn't make any difference. A piece of software
which was implemented by violating a trade secret will not be protected in any meaningful sense by copyright; any company who used it would still be subject to a lawsuit from Microsoft, GPL or no GPL.

Re:Why don't we just get it over with?

[Tony+Hammitt]

OK, fine. Post it to usenet from a Library computer.

The point is that there is no trade secret at this point anyway. The spec has been published, there was no reasonable precautions taken to keep the spec from getting published.

Once some enterprising hacker actually distributes source code that undoes M$'s screwed up misimplementation, anonymously, they won't be able to undo it. If it gets published on Usenet fully anonymously, like from a fake acount on some bootable CDROM Linux distro in some computer lab somewhere, it will be too late to do anything but spin control. 'Oh no! h4x0rz stole my spec!'

Who gives a shit at that point? The source code is public domain... The standards complied to in the public domain source code are whatever they end up being. If they happen to coincide with M$'s standards, so be it. Who could say that the code was designed to follow M$'s spec?

M$ did this itself last year trying to break the AOL IM format. AOL kind of won that one, but it was because M$ gave up once AOL broke its own code, not wanting to use broken code on purpose, for once.

I still think that the issue for /. goes away once a program that happens to work like the spec says gets to be public domain.

Re:Why don't we just get it over with?

[platypus]

The problem is that Microsoft has made that nearly impossible. To publically release a reverse engineered version of Microsoft's Kerberos extensions, the authors would need to be able to prove that they had no access to Microsoft's trade secrets.

No. It's the other way round. And if they really reverse engineered it it's easy to proove that anyway (500 postings to a mailing list discussing various problems; showing some dissassembly blabla...).
\begin{paranoia mode} %Using tex here so /. cannot fuckup anything
But maybe they suspect someone (for instance samba developers) has a "contact" into microsoft which leaks some "hints". In this case they have silenced that source w.r.t their kerberos stuff because now every developer is aware that he may have to present a stringent documentation of his reverse engineering work and that there mustn't be any "intelligent guessing" involved
\end{paranoia mode}

Re:Why don't we just get it over with?

[RGRistroph]

I think when you said "It's like Gnutella; who do you persecute?" you hit the nail on the head. But reverse engineering is not the best tactic. Like pirating the music files, it's best to pass the alledgely illegal act downward to the masses.

But the trick is not to implement the Microsoft extensions; after all, to follow the analogy, the Gnutella authors didn't pirate all the mp3's. Even if the authors are anonymous, let's keep it hard to claim the product itself is illegal.

What you want to do is make a kerberos implementation in which one may specify the meaning of that the key "extension" bytes on the command line. As in "kinit -byte26 128" instead of just "kinit". (Actually, I'm not sure how it would work on the command line, the above example is surely wrong -- the key here is that any information gleaned from MS trade secrets is specified by the user, not in the program which you distribute. Perhaps it won't be in the command line, but in a configuration file the user will have to generate. Perhaps a generic kerberos like protocol description language is needed.)

If users around the world look up the spec and make bash aliases for kinit so they don't even have to remember it or waste the keystrokes, it's a widely distributed crime, let MS go after all of them. You just passed the ability to comply to the MS extension to the world, and let them choose whether or not to do it.

This strategy fits in with the general trend of successful challenges to these restrictions: just make it easy for people to do it, provide them the tools.

The open publication of the extension spec is a bait to get someone into a position vulnerable to legal harassment. We can trump this by simply passing on the trick to more people than all the lawyers in Redmond can list in a Excell spreadsheet; don't nibble at it yourself, for God's sake.

House of cards

[Dark+Paladin]

Some time ago, I read a book by Orsen Scott Card I believe called The Worthing Saga. Part of the book deals with a man who wanted to engineer the destruction of civilization, since he saw humanity and its culture as stagnating.

He proceeded to enginner the total collapse of society, first by purposly angering the "lower people" just enough so that they would be angry, but not revolt. Then he alienated the "upper people" so that they were incinsed, but would not withdraw support. He sent messages out that "All is well, do not worry" while issuing secret messages to people about "how bad things really are."

And when all the pieces were ready, he finally pushed everybody over the edge at once, and everything fell apart all at once, like a house of cards toppled by a child.

I don't hate Microsoft. I've used DOS as far back as I can remember, I've used Windows when that's all I knew. Indirectly, I have a good living as a professional geek and now game reviewer. I like my life, and I owe a part of that to companies like Microsoft.

But the more they act, the more it seems like they are engineering their own demise. They upset people just enough with their competitive practices- and I'm not just talking about making new products, but giving them away to put other people out of business. They upset government officials by continueing to engage in monopoly practices while they are under investigation- from the Kerberos issue to "renting" software at university's at such a low price that college students can't resist, then jacking up the prices after everyones standardized. They put on commercials saying "We innovate, we work hard for you!" while they have "Holloween E-mails" that talk about how scared they are of Linux.

Microsoft is not a bad company. I'm going to say this again: Microsoft is not a bad company. I may not like all of their products, but others I think are great. I like Internet Explorer, I just don't like how it was rammed down my throat.

But with each new story, I become a little angrier at Microsoft, to the point that I'm about to install Linux on my machine at home and only use the Windows partitions for games (hey, I've still got to write my reviews.) And if Microsoft keeps up this behavior, they'll find thier carefully built house of cards all falling to the ground at the same time.

John "Dark Paladin" Hummel
We don't just like games, we love them!

Or alternatively...

As an alternative to MSFT's non-compatible Kerberos, how about downloading the Windows version from M.I.T ? Should be guaranteed compatible, being "from the horse's mouth", as it were...

Just go to M.I.T and enter Kerberos in the search box. When I tried it, the top link that came up was "Kerberos for Windows"...

I didn't take it any further - is anyone actually using M.I.T's own Kerberos for Windows ?

Good question

[joss]

Though this guys credentials are as good as anyone's as far as I'm concerned. If his arguments make sense then he is as worthy of attention as the next man.

Of course, there are many people with such low self esteem that they will only listen to opinions from some "authority" on the subject. How else could they possibly know what to think ? Heaven forbid they should actually try judging the worth of the arguments irrespective of where they come from. That would involve thinking for themselves. That's not how things are done in a civilised society - it's not efficient. Instead we must have experts on every topic under the sun who decide these things for us.

Not to defend M$ or anything but...

[RoadKnight]

Everybody seems to be acting like M$ NEEDS good publicity and HAS to behave like a good citizen and is in need of some sort of redemption. Well, they don't. When your software is used on 90-95% of the world's computers you don't have to have a heart or a conscience or a soul or a brain. You get to do whatever you want. Until somebody takes you down. Period. Their whole legal strategy shows this. Deny everything, admit nothing, brook no comprimise and wait until you can appeal the case to a new administration which will most likely let you weasel out of the whole thing. Then vengeance is yours. Is this a good or sane or proper or responsible attitude? NO! But Lawyers and law and the kind of money and power that is at stake here have never been about making sense or being a good citizen or being responsible. They've always been about Their Way and nothing else until you can put Their head on a platter. And that's all they have to(and probably will) do.

Re:Not to defend M$ or anything but...

[nomadic]

I think their OS share is a little smaller than that, like 70-80, and with the exception of Office and IE for macs, I can't recall any of their software that runs on any non-MS OS. As for the PR thing, a little good PR might help them a little; it would at least give their lawyers something to work with regarding their business practices. But they have a habit of gleefully shooting themselves in the foot again and again in their bizarre inability to come to grips with reality over the trial. Remember when they "integrated" the OS and browser in the middle of it? I mean, they must want to annoy the judge.

Re:Not to defend M$ or anything but...

[SoftwareJanitor]

I think their OS share is a little smaller than that, like 70-80

Everything I've read states that 90+ percent of x86 based PC's sold ship with a MS OS installed. Now, whether that means that more than 70-80% actually run a MS OS once they are put into service may be another thing, since a lot of servers are purchased to run Linux, BSD, commercial UNIX, Novell Netware, OS/2, etc, and a growing number of desktop machines are going to other OSes as well, albiet not nearly as many as the server market.

I think in terms of desktop machines, you'd be hard pressed to push Microsoft's market share numbers down much below 90% even if you counted in all of the non-x86 machines like Macs and RISC UNIX workstations.

Its hard to tell though, as Microsoft tells different stories depending on who they are talking to. When they talk to the DOJ and/or the court, they have major competition, but when they talk to their shareholders and business partners, they don't have any serious competition. When they are talking to themselves, then they are worried about OSS, but only a little, and mostly only because they have difficulty understanding it.

The REASON M$ is really screaming the P word

[Militant+Elf]

If this version becomes Proprietary, then Microsoft controls who can use it. I may be wrong here but... if they control who can use it, they can use their dominance in the desktop market to extend their market share in the *SERVER* market. (By the need to authenticate using M$ proprietary inbred bullshit)

Hmm. Using a monopoly to extend another monopoly... isn't that a law somewhere?

-Militant Elf (A PFY for a BOFH)
remove the sos for deliverable flames

Re:The REASON M$ is really screaming the P word

[fReNeTiK]

The "antitrust department" (don't know what it's called precisely) of the European Union is investigating this matter. (sorry, in german, run it trough babelfish)

The main allegation is that Microsoft has designed Windows 2000 Workstation in such a way that it only interoperates well (full functionality) in conjunction with Windows 2K server. Basically, that they're trying to leverage their dominance on the desktop to conquer the server rooms (duh).

Re:Why Microsoft can't settle anything ;)

[Fyndo]

If you're going to post material copied from Brunching Shuttlecocks you should at least credit them...

Giving credit to the Brunching Shuttlecocks

[ferat]

Here is the link to the original Brunching feature: Why there's no Microsoft Settlement

Legality of links....

[rjnerd]

The copyright office specifically says bibliograpic references are always legal -- you may not be able to use the text itself, but you can always tell someone where to find the originally published text. The only difference between "Journal of Irr. Results Vol 3.14159 number 1.735 (June 2003) pp 10-12" and www.JIR.joke/volpi/number_sqrt(3)/joes-stuff is one of formatting. I could write either down on the back of a biz card, and take it to a good research library, and be looking at the text in short order... In the case under discussion, posting the actual text (so it comes from a /. drive) is likely a violation for the user. Posting the URL of the page on the MS site, so the acutal bits of the article come from a drive in Redmond, is just citing the published article... (it meets the copyright definition of "fixed in a tangible form", so it counts as "published" -- published for copyright purposes includes so-claimed trade secrets)

This is stupid

[Hard_Code]

This is stupid. Both Microsoft and Slashdot are at fault. Microsoft is at fault by perverting an otherwise open standard, then claiming to have published the changes by forcing anyone wishing to view the documentation through a non-disclosure agreement (faithfully supported by brilliant UCITA legislature). Shame on Microsoft, although it can hardly be called unexpected. But even more shame on Slashdot. The core of the "information wants to be free" meme, is copyright, whether you like it or not. If you want information to be free, you must at the same time respect the same copyright that upholds the GPL (until such copyright laws are done away with). Refusing to remove blatently illegal material is not a first amendment issue...it is a juvenile snub to Microsoft. I'm sure Microsoft has no reservations from unleashing its legaldroids upon Slashdot. It is just dumb. Just as we would not like someone to violate GPL, we cannot at the same time violate an analogous legal (BUT STUPID!) binding. Slashdot should remove the stupid text. We should work to change the laws...not peurily snub our noses at it and then go crying that big bad Microsoft is opressing our first amendment.

Re:This is stupid

[lbrlove]

I respect your opinion, but humbly disagree.

If Slashdot removes the objectionable material on the basis of Microsoft's editorial censorship, then they are guilty of suppressing free speech on the word of questionable legal and ethical authority, and without suitable review.

If Slashdot removes material that they evaluate themselves based on Microsoft's complaint, they establish a precedent of a medium being fully responsible for the content posted thereto.

Either of these is a dangerous position, and the desire by editors of Slashdot to ruminate and consult is respectable and reasonable. I appreciate further that we posting, reviewing, and (in some cases) moderating members have some input into their final concession (if applicable).

Now as to the Microsoft part, I whole-heartedly agree ;)

-L

Re:This is stupid

[jd]

As I understand it, no actual illegal material was ever ON Slashdot. Information on how to unzip a file is hardly on-par with detailed instructions on how to rob a bank, and (as it's generic) is not even specific to Microsoft's file. The same stuff could have been put in ANY other thread, and nobody would have thought twice, but the information would still have been there. As for revealing that the agreement is on the bottom of each page... WOW! That's like, oh so serious a breach of Copyright! I'm scared! Sorry, but Microsoft declaring an EULA itself as a copyrighted trade secret is pathetic. Who did they hire to handle this case? Mojo Jojo?

Re:This is stupid

[Hard_Code]

It was my impression that some ACs on Slashdot actually copied and posted the spec verbatim. If that is NOT the case than Microsoft does not have a leg to stand on and can go bugger off.

Re:This is stupid

[gargle]

Just as we would not like someone to violate GPL, we cannot at the same time violate an analogous legal (BUT STUPID!) binding

Firstly it's not clear at all that MS's silly "read this and you agree to everything I say here" EULA is valid, especially when they're trying to claim that something publicly distributed on the web is also a trade secret (as I understand it, if you want something to remain a trade secret, you've to take reasonable steps to keep it secret).

Secondly, even if MS were legally right, they would be morally wrong. There's such a thing as civil disobedience. I believe it was John Stuart Mill who went to jail rather than pay taxes to support a war he believed was wrong. We can still win by placing moral pressure on MS, and refusing to back down.

Re:This is stupid

[yugami]

It was my impression that some ACs on Slashdot actually copied and posted the spec verbatim

well it is true, but microsoft cannot prove that they aggreed to the EULA. If a simple way around viewing the EULA exists, then microsoft did not take sufficient measures to protect its IP.

Re:This is stupid

[divec]

The core of the "information wants to be free" meme, is copyright, whether you like it or not. If you want information to be free, you must at the same time respect the same copyright that upholds the GPL

I respectfully disagree. I may wish to (illegally) smoke cannabis; yet I might get extremely pissed off if a dealer tried to give heroin to my seven-year-old daughter outside school. Just because I disagree with one part of copyright law, it doesn't mean I shouldn't uphold and utilise another part.

Have you ever illegally copied music? Does that mean I can assume you want to bring all copyright law crashing around your head?

I think using the GPL, but opposing copyright law as it stands, is just sensible modularisation and segmentation.

Speaking of Copyrights

[acaben]

So, you decided to rip off this post from Brunching Shuttlecocks, huh? It was originally posted the week of March 20. How appropriate that this kind of stuff gets posted without credit on a story that has at least some content about copyrights.

Yeah, sure, information wants to be free yadda, yadd. But, if you're going to quote someone else, at least give them credit where credit is due. It's only fair.

--

``Confidential Information''

[Kitanin]

Who, exactly, must I keep from
knowing this "secret" information? Presumably
someone without internet access.

Well, put the pieces together...

• MIT is where Kerberos came from
• (An) NIC is required to view the information
• And finally, a K for Kerberos.

M-I-T-N-I-C-K... :-)

Re:``Confidential Information''

[molog]

Jack the Ripper? That is hardly a fair comparison. He broke into quite a few systems. He did not though profit or destroy anything thus, in my mind, causing no damage but they treated him worse then they treat wife beaters. In my home town, a guy beat his wife so bad that her left eye came lose from the socket but he only got two nights in jail. Mitnick did what? 5 years? Does anyone else see something wrong here?
Molog

So Linus, what are we doing tonight?

Re:``Confidential Information''

[Kitanin]

Mitnick is allowed to know it, but only if he sees it on paper.

Which would, of course, constitute divulging Microsoft ``secrets''. Q.E.D.

@>-`--,--
I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me.
-- Hunter S. Thompson

Re:``Confidential Information''

[PanDuh]

He was being sarcastic.

A matter of fact?

[NaughtyEddie]

Contrary to popular opinion within Microsoft, they have nothing to lose from making their products compatible with existing standards. As a matter of fact, strict compatibility actually raises the value of all products, including those from Microsoft. Given that fact, it makes no sense for Microsoft to create an incompatible version of Kerberos.

Quite clearly Microsoft do not think this is the case, and it's not a clear "matter of fact" to me either. Microsoft have done extremely well with their current philosophy; it goes to the core of their anti-competitive nature, which has made Bill Gates a multi-billionaire and the richest man in the world.

Why do Slashdot readers insist they understand the industry better than the single main player in it? Yes, strict compatibility "raises the value of all products", but Microsoft do not want to raise the value of all products, only theirs. They are unique in that this actually poses an advantage to them - no other software company makes a full complement of interoperating software, so these companies are forced to interoperate with each other's stuff properly. Not so Microsoft; they have a vested interest in only interoperating with their own software. You can buy a complete enterprise software setup and never pay a dime to anyone but Microsoft. And that's exactly what their non-interoperability encourages you to do.

The rest of the article seems a little naive given the real matters of fact.

Re:A matter of fact?

You're right, but there is one thing you cannot buy from them, and it is paradoxically necessary if you own the rest:

Good virus protection!

Re:A matter of fact?

[Pinball+Wizard]

Here's an excercise in futility here for you:

Go to the Microsoft web site and search for "slashdot"(I did this to see if they had their side of the kerberos story posted on their site.) Click on the first story that comes up and search the page for "slashdot".

If you'd rather not follow the link, the paragraph reads as follows:

"Understand that I love technology and I love to keep up with technology, including ones that are alternatives to Microsoft. I check sites like Slashdot every day. I find the postings out there to be very thought provoking, and they cause me to think about balancing our entire solution. I am also fortunate to have so many customers who are willing to tell me what they think we should be doing and what operating systems and Web servers we should be using. But at the end of the day, our customers have given us a responsibility, and we are accountable for the technologies on which their businesses depend. We must have solutions that work-not just cool technology, but ones that really work-and we found those through Microsoft."

So, obviously, MS wants you to think their way is better than listening to some /. poster for a balanced opinion. I don't think this article is going to change their minds. However I do like the tactic of taking the high road, as Chaney has done.

Instructions on *reading* the license

[hrm]

The bit about posts "Containing Instructions on How to Bypass the End User License Agreement and Extract the Specification" really cracks me up.

How about instructions on how to read the damn license?!

I downloaded that EXE thing and wondered on how to get it "installed" while running Linux. I went about it in the usual Unix way. First I ran "file" on it, which told me it was a windows executable (saw that coming somehow, not a complete dummy me) as well as a "RAR archive".

That's an animal I hadn't heard of, but a quick inspection showed that there was something called "unrar" on my SuSE distro. I ran that and was presented with some sort of .doc file, which I knew StarOffice could probably handle.

I never did get to see that license. Too bad, because I was kind of curious about the wording.

get a life

Kerberos as a standard is open. Extensions to that standard doesn't have to be open. It's nowhere stated they should. Therefor every company who makes extensions to the Kerberos protocol for whatever reason may keep these extensions closed and is then not doing ANYTHING illegal whatsoever.

So, what's the fuzz? it's not MS' implementation not working with Unix' implementations of kerberos, but about Samba that wants to replace win2k servers and wants to act like a win2k server.

Does this have anything to do with kerberos at all? no. A company which is totally entitled to keep things closed or release their extensions in a way THEY LIKE, is flamed and slaughtered to death here... by whom? well I'll tell you: by the unknowing..

Get a life, your actions don't help anybody, not Linux users nor potentional linux users or enthousiasts. But hey... it would be a total shock to the world if the majority of the /. community suddenly acted like an adult with brains in a Microsoft-related thread ....

Re:get a life

[bfree]

it's not MS' implementation not working with Unix' implementations of kerberos, but about Samba that wants to replace win2k servers and wants to act like a win2k server.

for me it's about choice, using a windows or linux client on a network with linux and windows servers. I won't let a company dictate to me how I must secure this, that is the route to "I LOVE YOU".

Re:get a life

[EricEldred]

every company who makes extensions to the Kerberos protocol for whatever reason may keep these extensions closed and is then not doing ANYTHING illegal whatsoever.

Absolutely. I haven't seen anybody here claim anything to the contrary, though.

The undisputed facts are that Microsoft "published" the description of their implementation on their website, and invited discussion and security review.

When this happened on Slashdot, Microsoft had Mr Weston write to Andover a letter claiming that /. posters "blatantly" infringed on Microsoft's copyright. In addition, Microsoft apparently claims that the document is a trade secret, and that posters who refer to Winzip are in violation of the DMCA.

Yes, Microsoft is entitled to "keep things closed" if they want to, but should they be able (1) to deny all fair use of the document (under the DMCA), (2) use government power to prohibit any discussion of the document (links and other postings they object to, which did not even quote the document), in violation of our First Amendment rights, (3) demand that Slashdot remove postings (in violation of its First Amendment rights as a publisher), and (4) manipulate the open standard with its publication in such as way as to prevent Samba implementors from reading the document and performing their own implementation (in violation of antitrust law)?

I believe if you understand all that you will realize that /. is being quite fair to Microsoft. This attempt to use copyright law to strip us of our rights may yet provoke us to sue Microsoft--and maybe then Microsoft will not like the consequences. Instead, Microsoft ought to realize it has make a mistake and try to correct that in order to regain our confidence and that of its customers.

Microsoft Certification

[chompz]

What's scary is that as long as MS educates potential administrators, many of which have little computer experience, that MS products are the way to go, thier proprietary extensions will be able to stand.

Selectively educate the uneducated and they will believe what ever you tell them. Microsoft Certification exams are pathetic, and many busineses actually believe that it means something.

I should take one of those exams again, its been a while since I laughed during a test everyone thought was hard...

I just want to send a big "Unix is GOD" poster to microsoft, with the caption, "Windows is mortal"

Hrm

[Bad+Mojo]

I don't know if reading this article and resulting posts makes me sad or not. Someone stands up to voice the same opinion as many people on Slashdot hold and he gets attacked. No wonder OSS has such a lingering bad taste in people's mouths. Nothing like trying to help out and having the people on your side question your motives and character. Face value people. It still exists.

Bad Mojo

Re:Hrm

[Wah]

Discussion here is usually a bit on the raw side that's all. Expressing personal opinions is always a risky business. It opens oneself to counter opinions. Besides I'm sure many of the counter opinions were trolls and Bil^H^H^Hdevil's advocates. ;-)


--

Re:Slashdot spellcheck

[hadron]

Licence is the noun
License is the verb

Whilst USA usage may be different, it's inappropriate to correct the spelling used in the rest of the world to the USA form in an international forum.

Ignorable

[YU+Nicks+NE+Way]

In a click-through (aka "ignorable") license...

Police Officer: Sir, did you not see the stop sign?

Motorist: Of course I saw the stop sign! It was drive-through (aka "Ignorable").

Police Officer: Sir, would you please get out of the car?

Just because you can ignore something does not mean that you may ignore it.

Re:Ignorable

[kel-tor]

Officer: did you see the sign Me: no its not visible from the superhighway, I think it must only apply to private propriatary roads like that one over there... 'One Microsoft Way.'

Re:Ignorable

[billybob+jr]

Ignorance of the laws is of course no excuse for breaking them. Never has been, never will be.

That's part of the problem with eula and such is there doesn't seem to be a good analogue of the situation for joe consumer to understand.

What I find interesting is that no software company (that i know of) has taken steps to actually make people enter into a contract when buying their software. Would it be so hard to actually get people to sign a contract when they purchase software? Or could it be that joe consumer wouldn't go for this, recognizing it for the bs that it is...

They are just trying to slide one in the back door with these eula and such without joe consumer noticing or realizing.

Re:Ignorable

[TeChYMaN]

but what if the sign was red, octagonal, but all it had on it was an O? You xcan click OK without seeing the whole thing AFAIK

Re:Ignorable

[drewness]

As someone pointed out in another post, you could even accidently bypass the EULA. In his case he used unrar, and didn't even know that there was a EULA until reading about it later.

Re:Ignorable

[YU+Nicks+NE+Way]

Unfortunately for the guy who used unrar, seeing the EULA makes the case better for the him, and bypassing it makes it worse. Without the EULA, he has no rights to reproduce the text at all (beyond those implicit in fair use for review): unless otherwise specified in writing (that is, under a license), any copyrighted document is issued with all rights reserved. (To forestall your next objection, no, a document doesn't have to include the notice, the bug or the year of copyright to be copyrighted. Under the most recent international treaty on copyright, any document is copyrighted, unless the copyright has been explicitly released or has expired. So, for instance, you hold the copyright to the post to which I'm responding...so including the entire text could, technically, be construed as an infringement.) The License actually grants him rights not implicit in copyrighted usage.

Re:Ignorable

[driptray]

Ignorance of the laws is of course no excuse for breaking them. Never has been, never will be.

This is true for criminal law, but a software license is contract law. Contract law is based on the two parties agreeing to a set of terms, but they can't agree to a term if they are ignorant of it.

The catch is that a term does not have to be explicitly stated - it can be implied. So for instance if both parties are aware (or should reasonably be aware) of a particular fact, and that fact is a significant element in the agreement, but is not explicitly stated anywhere, it can be construed as a legally binding term of the contract.

The EULA in this case can't apply to people who don't read it, unless its considered that a reasonable person should have and could have read it.

I think that the argument of the Linux user who uses unrar, or the Windows user using winzip (due to concerns about running EXE files on a virus-prone operating system like Windows :) would be good enough reasons for a person to have avoided viewing the EULA, and therefore agreeing to it.

IANAL, but I have a law degree, and its in Australian law, so whatever I've just said may not apply to the USA :)

Let's cooperate on security analysis of this

[EricEldred]

According to the page announcing the "publication" of the implementation of the specification, Microsoft stated that it was releasing this document in order to have third-party security analysis and validation that it was within the letter and spirit of the Kerberos spec with the IETF.

I see no reason why we here on /. could not help Microsoft with this aim. After all, we recognize that many of our mutual security problems with viruses and so forth have occurred for precisely the reason that in the past Microsoft was not so open about security matters and did not check with the community at large first.

However, Microsoft needs to understand that any discussion of the document needs to refer to it in detail. Therefore Microsoft needs to withdraw its claim to trade secrets and the EULA requirement.

If Slashdot were to withdraw, in turn, its copy of the copyrighted document, and instead link to an open online copy at Microsoft's site, then why wouldn't everybody be happy and we work together to achieve our mutual objectives?

Thanks, MC, for trying to negotiate a settlement--you are wise and I hope Microsoft responds.

Seriously though....

[carlos_benj]

"....what makes him think he's someone to be taken seriously?"

So, we shouldn't take you seriously either?

I think he should be taken seriously because he states his case well, regardless of his moment of glory. By what standard should we grant someone our attention - to say that what they have to say is worth hearing? Should we listen to Richard Gere in reference to Tibet simply because of his greater public exposure as an actor (or perhaps the gerbil stories would have been enough for that)?

carlos

MODERATE DOWN PLAGARISM

[Bingo+Foo]

This guy gets karma for plagarizing? Cite brunching shuttlecocks, at least.

Re:Can't you read?

The above was not Flamebait.

And medicthree is well-known for getting things wrong. So, yes, it does seems like he is too cool to do stuff like checking his facts.

Because he's earned his soapbox

[Anomalous+Canard]

He did a good deed for an evil corporation. It didn't cost him much out of pocket, but he bothered to do it. He entitled to use this soapbox occasionally. If he misuses or overuses it, we may choose to stop listening. We may choose not to listen to him now, but the soapbox is his. That's what free speech is all about. Look into it.

Anomalous: inconsistent with or deviating from what is usual, normal, or expected

GPL is to Microsoft as...

[Cygnus+v1]

...matter is to anti-matter.

Re:I'm confused.

[Stoutlimb]

whois the second company?

Bribery

[dithi]

At first your insinuation that microsoft could bribe a court "senseless" seemed ludicrous. The US isn't some 3rd world corrupt banana republic. But as i though more about it, bribery could have two forms: one, cash payoffs, or two, the judge could be so scared to rule against microsoft in fear that he would hurt our wonderful economy that he wouldn't impose sanctions. This is in effect a type of bribery brought on by the MS monopoly, which means that no court would rule against MS for fear of losing that payoff, in their wallets (judges own stock too) and the wallets of the country. Not so ridiculous of a term after all.

OT: http://www.suelars.com

[Rupert]

It would be nice if you credited the person who came up with the idea for this site. Even JonKatz and Hemos know that this is only polite.

Re:OT: http://www.suelars.com

[Rupert]

I was actually thinking of him putting the acknowledgement on the site, right about where he claims it was his idea.

--
Monkey Boy

Re:OT: http://www.suelars.com

[ryan360]

Check the site, I put a note toward the bottom. I didn't see that thread before I registered the domain. But in my defense, the idea popped into my head about 3.2 seconds after the the story was posted... before you made that comment, but I didn't register the domain until 5/10, in the evening. So nyaa! ;) Just kidding, I'm not pulling a Hellmouth on you :)

Re:OT: http://www.suelars.com

[Rupert]

Thank you. Not that I was particularly miffed in the first place - I just have a really low threshhold for posting stuff to /.

The name "Monkey Boy" was given to me by an AC earlier in this thread. I really hope it doesn't stick.

If I didn't say so before [checks: I didn't], nice site! You made way better use of the idea than I would have. Plus, my wife would want to know why I "wasted" $15.

Re:OT: http://www.suelars.com

[Rupert]

Indeed I did see the movie. I never saw myself reflected in the Monkey Boy character before. Opinion seems divided on the Ruprecht/Rupert question, although they are just different forms of the same name.

Re:OT: http://www.suelars.com

[ryan360]

Oops, "Monkey Boy" has been removed :)

Well, you could have got the money back. I'm almost halfway there. $7 for May 16 in Ask Jeeves banner revenue. :)

Speaking of Ask Jeeves, I've been "unofficially" talking with some guys there... They might put a question in the database called "Where can I sue Lars?" that would go to suelars.com. Cool publicity for my $15.

Thanks for the vote of confidence.

Re:OT: http://www.suelars.com

[ryan360]

I'm not getting into a flame war here. The "Fuck Off" message is for trolls who try to sign 20 or 30 different "signatures" in the list. It prevents you from signing twice in a row. If you want something changed, e-mail me.

Re:MS is Blowing Smoke

[Borogove]

And when everyone realises they can get /. discussions broken up that easily, people will stop using it as a discussion forum. But out of the ashes will come Slashdot II, using Gnutella, Freenet and some yet-to-be-invented distributed anonymising version-controlled message propagation protocol, which will make it impossible for any messages to be deleted (unless they mention hot grits).

The more they try to squash free speech, the more we'll fight back. And doesn't anyone find it funny that we can look at Internet censorship in China as a sign of a ruthless power-crazed governm ent, but in the West it's a sign of the success of capitalism...
-- Andrem

Um, learn a little more Slashdotters...

[EvilMerlin]

OK I am borrowing this from a fellow poster over at Ars Technica. Read and get a fucking clue:

"Ok, just to set the record straight, since many people
(even right here on this board) seem to be clueless (or purposely covering their eyes) about the whole Kerberos and Win2K thing.
Facts: (all of which I have documentation for, including direct quotes from Jeremy from the Samba team, and Paul from the MIT Athena project/Kerberos team)

- Win2K's implementation of krb5 v1 (Kerberos 5) is fully compliant with MIT's spec. This is fully documented and acknowledged by MIT and people like the Samba team.

- Where the confusion lies is Microsoft's usage of a special vendor-specific proprietary data field that Microsoft uses proprietarily.

Microsoft knew that the Kerberos spec didn't provide everything that they needed, so they contacted MIT and explained their position. MIT, eager to help MS and improve the standard graciously met with MS and worked out a solution. The solution was to create a field for vendors (like MS) to put their miscellaneous proprietary data.

This field would be used by Microsoft Windows boxes, but ignored by non-Windows machines without any harm or loss in basic functionality.

What MS does is store group membership and group policy information in that field. This data would be worthless to, say, a BSD KDC or other server anyhow, so there's no loss.

The only thing that MS didn't do is provide people who COULD use the data (namely the samba team) with the format of the data in that field. While that isn't very nice, it certainly is not a breach of the standard.

Recently, they released this data, but under a restrictive license. I haven't read the license yet, but from what I've heard, the license, at this point, prevents the samba team from using it in their products.

So, if you would be so kind as to not spout inaccuracies or falsehoods in the future, and give less-informed people the impression that MS broke the standard.

Most of the documentation of this and MS' use of the GSS-API can be found in several posts from Jeremy from the SAMBA team and Paul Hill from the MIT team on NT BugTraq in the Fed-Mar area of the archives.

Also, there is extensive documentation of how MS used Kerberos on their site, and it's actually factual reference material."

Re:Um, learn a little more Slashdotters...

[nyet]

Learn a little more, troll...

Guess where this quote came from:

"Fold extended functionality into commodity protocols / services and create new protocols

"Linux's homebase is currently commodity network and server infrastructure. By folding extended functionality (e.g. Storage+ in file systems, DAV/POD for networking) into today's commodity services, we raise the bar & change the rules of the game"

Re:EULA - Legal Precedent in Defense of Slashdot.

[Yardley]

I'm going to reproduce an AC's post found here because it seems very relevant to the copyright issue.

There is an interesting precedent on what happens when copyright and first-amendment collide. Some decades ago, the Soviets published a badly bawdlerized version of a dissident's book that had become widely acclaimed in hand-copied "samizdat" editions. When the original was smuggled to the West and published here, the Soviet "publisher" sued for violation of copyright. The court, in throwing out the lawsuit, reasoned that copyright law was being used to stifle a protected political debate: about Communist _praxis_ then, about Microsoft's extend-to-destroy strategy now.

The core of the court's reasoning was based on the original purpose of each clause. When two constitutonal provisions collide, the one that is being used for its original constitutional purpose prevails. The purpose of copyrights was to promote the dissemination of knowledge, by giving a financial incentive to writing and publication. This is the central purpose that must be protected. Other uses of copyright, such as trying to halt the spread of of information that might harm the political interests of the copyright owner, enjoy a lower level of protection, particularly when they act against the original purpose of copyright, and hinder, rather than promote, the dissemination of ideas. Similarly, the original purpose of free speech guarantees was to promote unhindered debate of political issues. Other uses of the 1st amendment's guarantee of free expression - for example, the provision of pornography to masturbators - enjoy less protection. Such secondary uses of the free-spech guarantee may have to give way when they are in conflict wih the central purpose of some other constitutional provision.

In the case that set the precedent - just like the case now - the 1st amendment case involved publication of material going to the heart of a public political controversy, the exact purpose for which the 1st amendment was written into our constituton. As for copyright, it was being used then - just like now - directly _against_ the original constitutional purpose. The Soviets then, and Microsoft now, have tried to use copyright to hinder, rather than promote, the dissemination of knowledge. I hope that the above will help /. apply the precedent to your present case.

The above is a very reasonable argument for why Slashdot should not have to censor the offendings posts.

For those who want a copyright-free interpretation of Microsoft's kerberos implementation, try
http://www.thetop.net/kerbos/spec.txt.

It had to be said...

[jargoone]

NSI registration fee: $35

Thousands of dorks that would actually read their email on Christmas morning being able to do so: priceless.

microsoft has an x-box too?

[kel-tor]

I thought only unix's were boxes, and why is MS shipping X on it instead of using 2000?

No longer a COPYRIGHT problem...

[HopeOS]

Given that there is a GPL'd document published that does not have the Microsoft restrictions, I wonder where they stand legally now?

I published this on Friday, but here it is again. Maybe it'll get moderated up this time.

http://www.thetop.net/kerbos/spec.html
http://www.thetop.net/kerbos/spec.txt

Good luck!
-Hope

Re:No longer a COPYRIGHT problem...

[gmhowell]

Shouldn't that have been released under the FPL?

That wasn't insightful, that was factually wrong

[Zico]

The domain wasn't available. When he paid the fee, he didn't own the domain in any way whatsoever. Therefore, he didn't give it back. Your comment that he "considered it not to be fair to keep the domain" is completely bogus, since he never had it to begin with.

So, he most certainly could not have "struggled to keep it or sell it to someone else," since he'd have to own it first, nor could he have "settled for a good amount of cash," since Microsoft didn't owe him a single penny.

You make the point of the guy you responded to. You're giving him credit for playing fair simply because he wasn't unfair to them. Just like the guy said, just because it wasn't "unethical" doesn't make it "ethical." His only two options in this situation were (1) pay the bill, or (2) not pay the bill. There was nothing to be fair or unfair about.

And seeing how much publicity he's gotten from his 35 bucks, I'd say it's a Hell of an investment, but no more ethical (or unethical) than playing the stock market.

MS - other sites - /. links

[dkh2]

OK, I bit. Here's the link sequence!

• Microsoft.com. Search for exact phrase "SAMBA." (include the period)
• Web Workshop - CIFS Products and Vendors
• Samba
• At the bottom of the page select Linuxcare
• then click the Linuxcare logo to go to the US site for Linuxcare
• Under Linux Links select News/Press
• then, finally, Slashdot!

Voila! Microsoft to Slashdot and back in under 10 links.

Re:MS - other sites - /. links

[ewe2]

Hmm...six degrees of /. ?

And...the rest of the story

[BoLean]

I read an in depth article once about the MS extension of Kerebros. Basically, the functional part of the spec involves a string of values. Lets say the spec string had 30 characters. The Kerebros group decided to use only 26 of the characters, leaving the last four unused. MS decided to use these spaces.

Re:And...the rest of the story

[Stary]

Wow! That surely is a great trade secret! So great they have to keep it "secret" with EULAs and make specificly sure that I can't design a product that can communicate with it!</SARCASM>

That sounds like MS crap to me... if there was nothing more to it, then I don't see why the problem hasnt been fixed on the *nix side already.

Re:And...the rest of the story

[latcarf]

So MS wants to tweak Kerebros so that its interoperability is asymetric. They can't patent the "extension" because it is "obvious" but they want to establish some IP claim for all the reasons that IP is so important these days. A "trade secret" IP claim is dandy, but they can't really keep it secret or the "extension" will never get used outside of MS. Hence the "publication" of the "trade secret." If they don't fuss about the SlashDot articles "revealing" the "secrets" they wouldn't have a prayer down the road of claiming IP so they write the letter.

There is nothing diabolical in the process; it's just what happens when you try to lay claim to IP that really isn't yours and then do what your lawyers tell you to do without thinking.

Halloween VII

[Hygelac]

Is it just me or does all this sound just a little too familiar? Reminds me of Halloween
...
De-commoditize protocols & applications
OSS projects have been able to gain a foothold in many server applications because of the wide utility of highly commoditized, simple protocols. By extending these protocols and developing new protocols, we can deny OSS projects entry into the market.
...
Fold extended functionality into commodity protocols / services and create new protocols
Linux's homebase is currently commodity network and server infrastructure. By folding extended functionality (e.g. Storage+ in file systems, DAV/POD for networking) into today's commodity services, we raise the bar & change the rules of the game.

Hmm...I wonder if Microsoft employees are required to put a EULA and a huge copyright notice at the top of all of their emails to prevent future leaks from being posted on Slashdot. I guess then they would try to throw the DMCA at us for telling people to just use `tail` to view the email contents. ;-)
--

That's kind of it, but not really...

[sumana]

Check out his web site, where he notes that he didn't do it "just to read his email."

Why did you do this?

I did it to see what would happen if I did it, and I did it to help Hotmail users. It's been the most fun I've ever had for $35.

There has been some confusion, so let me state now that I had none of the following motivations:
To get to my Hotmail- While it's true that I noticed the problem while trying to get to my Hotmail, that wasn't a motivation. Like many people, I use Hotmail as a spam trap and alternative email which I check once every couple of weeks. I own enough domain names to have cooler email addresses, like mdchaney@michaelchaney.com.

There's more, but that answers your allegation -- if he's telling the truth, and why wouldn't he?

Not quite bribery...intimidation?

[sumana]

I would say that a positive reinforcement could be bribery, whereas being terrified of a negative outcome would be more a negative reinforcement. Perhaps intimidation or harrassment...only, no single entity is harassing the judge. Still, an interesting point.

You can't open it with winzip!

[TimeWaste]

Everyone (including Mr. Chaney) says "M$ is so stupid, you can just open it with WinZip". Have you actually tried to open it with WinZip? I just did, and I got an error that it was an invalid file. Winzip's popup says: "If this is a self-extracting file it is either not in the standard Zip file format or it is corrupt." I suspect it is not really a .ZIP. WinRAR also errors on trying to open it. So tell me how exactly you can open this file without clicking OK on the EULA?

Re:You can't open it with winzip!

[Steve+B]

Winzip's popup says: "If this is a self-extracting file it is either not in the standard Zip file format or it is corrupt."

I didn't know WinZip had such a sophisticated AI.
/.

Re:You can't open it with winzip!

[billybob+jr]

What version of winzip are you using? Does your exe file actually extract the pdf file successfully? I extracted it without any trouble at all using winzip.

Re:Slashdot spellcheck

[BoLean]

If only I had taken that typing class in highschool. The need to be within the first 60 posts for your comment to be read compounds the problem. As a side note, if you understood my writing well enough to comprehend what I was trying to say then I'm happy.

Re:Why Microsoft can't settle anything ;)

[L+Fitzgerald+Sjoberg]

As the author of this piece, I hereby demand, upon pain of lawsuit, that Slashdot delete the above post, delete this thread, delete this article, delete all backups of all Slashdot data just to be safe, ban this "177" person from the site, personally spank anyone who moderated it up, and for God's sake wash your hands afterwards.

Nah, just kidding. But thanks to everyone who set the record straight as to the authorship of this little bit of absurdity.

Sorry, it does make business sense

[LinuxParanoid]

As a matter of fact, strict compatibility actually raises the value of all products, including those from Microsoft. Given that fact, it makes no sense for Microsoft to create an incompatible version of Kerberos.

Your first sentence is correct, your second is not. All products do benefit when they are compatibile and interoperable with one another. But Microsoft doesn't want to raise the value of all products. It only wants its own to benefit.

It makes perfect business sense for Microsoft to try to lower the value of competing products by preventing interoperability with its own. It's called lock-in, and it increases switching costs for users and barriers to entry for competitors. It's a strategy that makes perfect sense if you have a dominant (especially monopoly) position, and little or no sense if you don't have such a position. Harness network effects to exclusively benefit your product, what could be simpler?

The only time this doesn't pay off is if it sufficiently alienates customers or developers. So far, Microsoft has managed to hew a fine line where such alienation has not outweighed the benefits of its platform. It's up to knowledgeable people to point out the oft-hidden costs and risks of adopting Microsoft's technology approach.

Remember, in reality, most of Microsoft's succesful innovations have been *legal* innovations, beginning with their DOS contract and extending through various exclusive OEM agreements and their chiseling away at the Java contract and DOJ Consent Decree. Their trade-secret licensing of Kerberos and their attempt to license software on a renewal basis (first at universities) are just the latest examples of this. Just what you'd expect from a firm founded by the bright son of a lawyer.

--LinuxParanoid, paranoid for Linux's sake

Re:That wasn't insightful, that was factually wron

And seeing how much publicity he's gotten from his 35 bucks, I'd say it's a Hell of an investment, but no more ethical (or unethical) than playing the stock market.

Ah, but Grasshopper, why do you bring the results of an action into the question of the act being ethical. Except for a limited set of ethics the results of an act (since there is really no way to know what they will be) having nothing to do with whether an act is good.

That aside--the only point he seems to be making is that /. is about a certain ethos (despite the raging masses of ACs and Zealots) typified in some way by what he did and the antithesis of how MS is behaving in this matter.

And what he did was a "hack"--he used his technical knowledge to do what no-one else thought to do and provided a tid bit of humour to those who could appreciate it while also providing minor but easily digestable embarassement to "the establishment".

As with other hacks--it wasn't done for ethics, but because it could be done.

ACk

Re:That wasn't insightful, that was factually wron

[fedos]

What publicity? I wasn't able read /. around Christmas, and this is the first I that even heard that the Hotmail server was down. I thus read the essay as if it had been written by any other /. reader/contributor. It made perfect sense to me.

Did the fact that he had given M$ a mere $35 to help out some Hotmail users make you think any less of what he had written?

Because I don't know all the facts about his actions with the Hotmail incident, I can't say whether or not what he did could be considered "ethical"; but I can say that I agree with your statement the just because an action isn't "unethical" doesn't mean that it's "ethical"

Microsoft's hackable EULA's

[elbarono]

Microsoft sure doesn't do much to prevent changing/hacking/etc. of their EULA's.. For instance, check out this image. Microsoft Service Packs come with a file called eula.txt, which can be changed at will!

Tainting the water supply...

[Nachtfellen]

All in all, a good article; however, in regard to:
Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.
I believe that a main point of this release that MC missed is that by releasing these the specs for Kerberos in this manner, they have tainted the water, in as much as they have made it near impossible for someone such as the Samba team to prove that they developed the correct methods to extend Kerberos into the same areas as MS without using MS's copyrighted, freely available, EULA protected methods.

GNU FreeDocumentation License for a Specification?

[joneshenry]

I disagree with the use of the GNU Free Documentation License for a specification, in this case Microsoft's extensions of Kerberos. Wouldn't a specification tend to have the equivalent of header file information, interfaces, function calls, variables etc.? Now IANAL, but in order to implement a specification, a programmer might need to copy from the document the exact form of the interfaces, so wouldn't the program be a derived work of the GFDLed document, and thus be required to be released under the GFDL? Reading the GFDL, I am not even sure that source code GFDLed is compatible with GPLed source code.

With the current legal climate I think it would be unwise to rely on "fair use" defenses. Perhaps an amended form of the GFDL for specifications can explicitly permit derived source code, similar to how autoconf produced scripts are explicitly unencumbered.

How soon Microsoft "forgets"

[x0dus]

How soon Microsoft "forgets". Less than a year ago (July 1999) Microsoft was having a war of words with American Online over their Instant Messenger (IM) client. AOL was denying MSN IM clients the ability to send messages to AOL's large instant messenger base. Microsoft wrote a letter to Steve Case, the CEO of America Online, passionately calling for an open standard for Instant Messaging (see the Slashdot discussion).

Now, less than a year later, Microsoft takes Kerberos, an existing open standard, and changes it with the sole purpose of stopping interoperability between Windows 2000 machines and other clients not developed by them. As if that wasn't bad enough, they then publish their Kerberos spec with such a tight licence that the information in it is rendered useless to all that read it. In fact those that read it no longer have the right to develop their own Kerberos client with the information contained in the spec. So basically, Microsoft published the spec with the sole intention of slowing down development of alternative clients (i.e. Kerberos clients for Linux).

One must now wonder what is Microsoft's stance on open standards. Are they for or against them? I would like to close with two quotes from Microsoft's letter to AOL as mentioned above. The meaning is the same, but the technology is different.

"Indeed, imagine a world in which users of one particular telephone service were unable to interconnect with users of another service. Similarly, imagine if AOL members could only email other AOL members. Such a world is not in the best interests of customers."

"Consequently, in the spirit of doing what is right for consumers and our industry, we'd like to convene a meeting of our respective companies to begin the far more productive process of creating an industry standard."

Re:Slashdot spellcheck

[hadron]

Did I say that you should spell colour with a u? No, I did not. I just suggested that Americans should not actively deter such spellings.

You are just making a fool of yourself by misrepresenting by point.

Re:Slashdot spellcheck

[hadron]

That should read 'my'.

Re:Opening Kerberos Is Not Good

[348]

ROTH LMAO! That was great!

Period!
PERIOD!

Re:Microsoft's Latest Display of Stupidity

[VultureMN]

Yeah. The summbitches have tried to kill me a few times. However, they were not successful:

The first time, the gun refused to fire.
The second time, the bullet moved so slow I got out of the way.
The third time, it fired okay but the gun was so inaccurate it killed someone standing BEHIND the MS goon.
The fourth time, the gun blew up and took out the MS flunky with it.

Now I've heard they're going to try to fire a nuclear missle at me. Since I'm in Minnesota, people in Hawaii should probably start evacuating.

Re:That wasn't insightful, that was factually wron

[Remote]

OK, I overreacted. Post #8 says that the guy isn't supposed to be taken seriously because he is not an expert (an OS guru or a hot lawyer, I suppose) and my point is that he behaved fairly during the whole thing. And by fair I mean not trying to take malicious advantage, which he could. That gives him at least the right to be taken seriously while suggesting MS to GPL their Kerberos extensions.

But I'm not making anybody's point. What does unethical mean? It means not ethical! Come on, if it is false that something is not, than it is true that it is!

I can beat you!

[DarkMan]

You took eight jumps. Here's

<ol>
<li>Start from <a href="www.microsoft.com">Microsoft</a>, then search for "samba"
<li>On the Web workshop page, go to the bottom of the links
<li>Last link gets you redirected to <a href="www.littleigloo.com">Littleigloo</a>
<li>Click on thier 'featured site' - <a href="http://www.linuxdev.net>Linux Dev</a>
<li>Second link on Linux Dev main page is (cutrrently) Slashdot.

I make that 5. Anyone want to try and beat that?

(Yes, I start in the same way. Isn't that part of the point of free software, learn from others, and improve? :)

Re:I can beat you!

[choprboy]

Sure, do it in 4

1) Do a search on "slashdot.org" from Microsoft

2) Click the only result to go to Microsoft MacTopia - Industry News

3) Scroll down and select the story Microsoft wants to censor some open-source postings by CNet

4) Click that Slashdot link.

Choprboy

Re:I can beat you!

[psin+psycle]

Microsoft to Slashdot to illegally posted copyright kerberos spec.

Wait a minute. Did I just actually see the entire Internet unravel? Microsoft wants slashdot to remove the LINKS to the kerberos spec. Yet Microsoft itself links to the kerberos spec! in under 5 steps!.

This either means links to illegal information that is found in under 5 steps is illegal, or Microsoft will have to take its website down in case it accidently links to what it wants no one to link to.

Just hit 100 unique page views in 93 minutes

[HopeOS]

Just hit 100 page requests. Now if someone would moderate this up, maybe it'll get some serious play.

This is the MS Kerbos Spec WITHOUT the MS copyright, EULA, or trade secret issues. It has been rewritten from scratch and GPL'd.

-Hope

Or we could get smart, like this...

[HopeOS]

(1) The information can no longer be assumed to be a trade secret.
(2) It's not patented.
(3) The Microsoft document is copyrighted, but the information can be disseminated in any way other than their document.

Solution: Rewrite the document

Like this: http://www.thetop.net/kerbos/spec.html
I've got a message posted below, but it's buried too deep to get moderated up. Hopefully, it can see some light up here.

So far, over 100 hits since I posted two hours ago. The server wouldn't mind a couple thousand... it's bored out of its skull anyway.

-Hope

Re:Or we could get smart, like this...

[drivers]

Kewl, but why did you put it out under the GPL. Shouldn't you use the GNU Free Documentation License instead? How can you GPL documentation? It doesn't make sense.

The problem with hiding in the open...

[dbrutus]

... is that people like me (IT admin) are going to become annoyed enough about it all that we start recommending shifting out of MS software and into something where we only have to worry about the technology, not the license.

DB

I have sinned

[kensanders]

Yes, I share your sin. Mea culpa. Whip me massa! Punish me too, Microsoft! I offer myself on the altar of culpability. Perhaps Microsoft should be interested in punishing me as well. And Al Gore, he got the info and didn't turn me in. Does that make him an accessory? How about Sharon Stone? Does Microsoft have to chastise all of us who have shared your sin. My mind boggles at the implications, but then again, my mind terminally boggled some time ago. Good Grief, the comedian's a bear! No he's a not, he's a wearing a neck-a-tie.

Character Defamation?

[marius]

What I want to know is why has this became a character defamation thread on Mr. Chaney? He did a random act of kindness over the holidays, and now he's tactfully written a letter stating how he feels the Kerberos thing should be handled. What a guy.

While we're on character (and I *know* I'll get flamed for this one) let's take a peek at Linus Torvalds. I think he's a cool guy, most of you think he's a cool guy. But hey, he wrote an OS back in the early 90's that's been installed on some corporate servers and they've been broken into. Man, Linus must be horrible.

Please people, use some common sense when you post.

DMCA

[CentrX]

Trade secrets are protected only weakly by intellectual property law. In particular, a trade
secret ceases to be a trade secret once it is revealed to the public, even if the revelation takes place by illegal means--at least, before the DMCA.

Chris Hagar

libertarians against Microsoft

[dbrutus]

Actually there's a very good case to be made that MS is massively guilty of fraud. They lie to their ISV developers all the time. They say, here's all of the Win32 API, here's the exact same tools that MS has to develop so you can compete with us. It's a lie and they extract money out of thousands of software development companies because of that lie.

This is criminal fraud on a massive scale and a perfectly respectable libertarian response is to jail Bill Gates, Steve Ballmer, and the other people who went along with this long term criminal fraud. You end up with MS in one piece but no more memos instructing people to break interoperability etc.

The problem with the Republicans is that they don't want to recognize that MS committed a crime. The problem with the Democrats is that they want to convict MS of the wrong crime. The problem with the Libertarians is that they don't have any power at all so that justice could be done.

Politics can suck

DB

MS extended Kerberos Properly

[Jaborandy]

I totally agree, although the insulting title is unnecessary.

The data field used by MS Kerberos is being used within the spirit and letter of the spec, if you believe the original designers of Kerberos. Non-MS implementations don't look for a value in that field, and work as before. The only "incompatibility" involved is that non-MS software can't take advantage of the data in the field, and MS clients don't work without it. Don't buy Windows 2000 if you want to use a non-MS KDC. Furthermore, if MS had not used Kerberos, Linux machines would be totally unable to use MS servers for authentication. This use of standards benefits the Linux community, by allowing companies to use Linux on some of their desktops.

We all know that Linux does not have a standard for distributed group memberships. This is just one of the benefits of using Microsoft systems as servers. If some of your services don't need this functionality, then you are free to use MS Kerberos for authentication and use local authorization. For the rest of us, we take advantage of the features MS provides.

Why would you expect MS to give away its products and intellectual property for free? They produced software that allows easier management of larger distributed systems, that is better than what is available for Linux. Allowing their servers to take the place of other servers over Linux networks is in their interest. Allowing their workstations to access resources on Linux servers is in their interest, but their biggest profit comes from the whole package. We should not expect them to make it possible for someone using a Linux infrastructure to get the benefits MS is trying to make money off of. Their interest is best served by making people buy it from them if they want the MS features.

Bottom line: If you want distributed Authentication, any Kerberos implementation will do, including that from MS, for either servers or workstations. If you want the additional benefit of distributed authorization, everyone involved needs to speak that extended data field. Since that field is for third party use, MS made use of it. If you want the benefits that come from that MS field, use MS products all around. If you don't think it's worth it, don't buy from them. If you want, you can define your own schema for that field, and try to sell that. MS did nothing wrong here.

--Sandy

Re:MS extended Kerberos Properly

[connorbd]

Saying that MS did nothing wrong here is entirely dependent on your point of view. If you are one of those people who accepts the findings of fact in the DOJ case, than what they've done is entirely in line with the usual crap that got them in trouble in the first place.

The thing is that for any other company, it probably *would* be entirely a justifiable business position, but it would get them blown off the map for being pointlessly nonconformist. This ludicrous (and (note: IANAL) most likely indefensible in any reasonable court of law; my copy of the OpenStep spec has a similar if less restrictive license on it and I don't think that stopped the GNUStep people) attempt at information restriction is probably no more than a scare tactic; they figure they have the money to bury the Samba people no matter what the legalities are.

Doesn't Slashdot have any IP lawyers that read this? ACLU people? Anyone with a law education and a half a shot glass of common sense? Comments?

/Brian

Re:MS extended Kerberos Properly

[QuickSilver_999]

The only "incompatibility" involved is that non-MS software can't take advantage of the data in the field, and MS clients don't work without it.

OK, I'm not sure if I read this right, but if MS clients cannot work without this data field, would that not mean that it is "incompatible" with other implementations of the software?

"We're going to extend the SMTP standard to accept a special field, and the client side of our software won't work without it..." The SERVER is compliant, the WORKSTATION is NON-compliant, correct? Thus forcing people that want something akin to real security to utilize a W2K server if they want to run W2K desktops.

If this is incorrect, and they are not forcing the client machine to get that extra data field, then this argument isn't relevant at all. If it IS correct, then they are breaking the spirit of intercompatibility, and are rightly being attacked.

T-Shirt Needed

[Edward+Teach]

We need a t-shirt with the data structure printed on it!

Napster clones for Linux

[Spirilis]

OpenNAP is actually an open-source NAPSTER SERVER for UNIX. Napster clients are available at the OpenNAP page (click the OpenNAP link). I personally use Gnapster and like it. I also use the command-line (but not open source!?!?!!!!!????) 'nap' program that uses ncurses, over shell accounts. It's quite convenient. It's the 'nap' program in the Closed Source section of the OpenNAP page.

Not EULA, her sister UCITA is the big problem

[WillAffleck]

As UCITA has been passed and signed into law in two states, this could be a problem if the Web Server that the EXE appeared on had physical residence in Virginia or that other backwards state that passed it.

Under the terms of UCITA, you don't even have to read the non-extracted file that you didn't know was there to have basically given away all your rights to MSFT. The non-publication of the license still makes it enforceable, and they now can hunt inside your computer system, without court order or permission, to try to find the Kerboros spec if they determine that you violated the license from their perspective. You're automatically presumed guilty before being proven innocent. It's up to you to pay the legal fees, and you have no recourse.

At least UCITA hasn't even appeared in Washington State, we're not that gullible about tech stuff. Plus I told about half the state officials, state reps, and state senators about it.

Woohoo!! Let's play Six Degrees of Separation

[deek]

For those who aren't familar, Six Degrees of Separation is an exploration into the fundamental interconnectedness of relations.
You've probably heard of Six Degrees of Kevin Bacon, now lets play Six Degrees of MADS (Microsoft Authorization Data Specification).

Aim of the game, to link from the Microsoft site to a copy of the MADS docs on the internet in 6 clicks or less.

Start your engines people .... GO!

Keyboard+literacy+time to kill=right to preach

[Rares+Marian]

You make absolutely no sense. He's telling Microsoft to what to do mot slashdot. Not that it matters unless you're some sort of elitist ass.

Detailed Instructions: How to Rob A Bank

[vixiejvc]

1. Get gun, sack, and mask (mask optional)
2. Walk into bank with gun concealed then walk up to bank teller and point gun and make threats if mask off; or leap into bank with gun out while shouting threats if mask on.
3. Demand bank teller hand over money. (note: Be sure to be gruff and demanding, i.e. "Give me all your money, f###er!". Being polite will NOT do if you have a gun to their head.)
4. Provide teller with sack so as to have money placed into it.
5. Get out of the bank, making sure that no security guards are planning on shooting you.
6. Hop into getaway car and get away.

ADDITIONAL INFORMATIVE AND CAUTIONARY NOTES:

• Money may not be of any use after you have stolen it.
• You could easily be shot during this procedure. Be sure to wear a flak jacket.
• Don't shoot anyone of you can help it. You are robbing a bank here, not killing.
• Above all, have fun! And have a good getaway plan!

DISCLAIMER: poster of this slashdot post is not liable for anything resulting from this posting or anyone reading this posting, including but not limited to hospital bills, equipment availablity, money availability, bank availability, brain availability, and any other problems associated with robbing a bank, judged at the poster's discretion.

(Now, if you'll excuse me, I have to skip the country, since this posting makes me a criminal. Yeah. :) )

-----------

-Jo Hunter

My Microsoft parody

[leonbrooks]

Here's my Microsoft Parody, where's yours?

Here.

CNN.com

[matts.nu]

Slashdot may not be quite as reliable as going to CNN.com - L. Torvalds

"Al Gore invented the Internet" -- CNN.com

Disagree with M.Chaney on his proposed solution

[hyperactive]

I strongly disagree with the direction and slant of Michael Chaney's post.

Now, Slashdot would not be the forum it is without a free range of views. Having said that, here are my points. I hope these paint a bigger single unified picture in when you bring them together.

• Kerberos is not Microsoft's to GPL or bestow any other copyright upon. I am sure it has its own copyright right now and what that is remains the decision of the contributors to it
• I do not agree with the implicit slant that this issue (M$, Kerberos and the nastygram to /.) is a big misunderstanding. To me, it looks like a well-thought-out campaign hatched from the earliest days when it was becoming clear that free software was going to be the biggest threat to to a dominance based on commercial monopolistic practice. If it is the case that M$ were (a large part of) the money behind lobbying in the 1998 period which caused the DCMA to be brought into being, that fits in with the time scale I am portraying.
• The battle is in progress now, and it has taken a lot of courage for the owners of the group which hosts /. to draw a deep breath, weigh-up the purposefully assembled legal firepower (one assumes to be in place for this "move" (in the chess-game sense of the meaning)) and declare M$'s "claim" to be bogus and a toothless bluff. The die is cast and M$ must end up with a blooding which terminates any further attempts along this line of attack. And yes; M$ will come all hurt and misunderstood afterwards!

Right now is a good time to see off this attack. M$ have been put in a "use it or lose it" position after a long time of preparation - and good fortune has it that they are presently mired by the consequences of other separate shenanigans. The shafting of their customers in very recent memory with "ILOVEYOU" virus vulnerability (all of which they bear no liability for via the shrink-wrap agreement) should prevent them easily gaining widespread public support by loud and well-funded media misrepresentation. "Up on Capitol Hill" (if I understand the general gist of US politics correctly) I don't think ANYONE(!) will recall benefiting from M$ largesse or ever having supported legislation benefiting an organisation which was at the time abusing monopolistic power at the expense of the electoral base they serve!

I sincerely hope M$ ends up with egg on its face and the DCMA is rendered inoperable in one fell swoop.

Anyway - one last point. Slashdot and forums like it on the internet are not "broadcasters", and should not be treated as such. People come to it, can follow an interest in what they like and leave when they like. Good point to make for the inoperability of the recent Act?

The all important license

[HopeOS]

It is been accurately pointed out that the GPL is not the correct license for this type of distribution. My fault for not paying better attention; I write more code than specifications. That said however, if this ever becomes a problem, there are at least two obvious solutions. 1) if there is a legal migration to the GFDL, then use it; otherwise 2) use it as the basis for a properly GFDL'd specification.

This spec is the starting point for a more comprehensive solution. Certain details have been left out on purpose so that the authors of the new spec must parse the data from the server to understand certain data types. This will happen normally in the course of implementing the spec anyway.

-Hope

The license

[HopeOS]

Yes. You are correct. The Gnu Free Document License is the more appropriate license. My mistake.

As mentioned in a prior post above, this document is a starting point. If it cannot be legally migrated to the GFDL, then a new, more comprehensive document can be written using this as a foundation.

-Hope

Thank you Michael Chaney

[Egorn]

As some one who eats frequently at the sisters of the road cafe.. I'd like to thank M.C. for his generous contribution.

Who owns the Kerberos trademark?

[Megane]

(MIT, right?)

If MS can't be made to open up the standard, then maybe they can be forced to drop the name "Kerberos", at least from the clients, as they are not compatible with a "standard" Kerberos server.

After all, that's one of the reasons why Linus owns the Linux trademark, right? If MS came out with "Microsoft Linux" (ignoring the GPL for a moment), but it only worked with its own proprietary file system extensions, or some other change, I presume Linus could LART them for that and get them to drop the name.

Exchange on New Hampshire Public Radio

[msheppard]

This morning at 9:30, on "The Exchange" on New Hampshire Pulic Radio, Slashdot was mentioned as "This really good techincal news website" and they talked about the Kerberos/Microsoft continuim. M@