Slashdot Mirror
Michael Chaney asks Microsoft to Open Kerberos
On Microsoft, Kerberos, Slashdot, and Trade Secrets
A few months ago at an NLUG meeting, I jokingly asked a presenter to reveal his root password to the assemblage, adding "it's just us, we won't tell anybody." The "us" in this case referred to the 50 or so people in the room, and we had a chuckle while the presenter wisely decided against giving us his password.
The point of this story is something that we all know to be obvious: the level of secrecy afforded a piece of information by a recipient of that information is directly related to the way in which the secret piece of information is passed along. A password freely given to all in a user group meeting wouldn't be held in much confidence by the people present; they wouldn't really consider it a secret.
Likewise, it's difficult for anyone to consider a document to be a trade secret if it's posted on a website for anybody to freely download. Yet this is precisely the manner in which Microsoft is distributing their "Microsoft Authorization Data Specification v. 1.0 for Microsoft Windows 2000 Operating Systems," which we know is nothing more than a slightly modified version of Kerberos.
In a click-through (aka "ignorable") license, Microsoft states that their specification is "confidential information and a trade secret," and that "you must take reasonable security precautions... to keep the Specification confidential." Who, exactly, must I keep from knowing this "secret" information? Presumably someone without internet access.
Contrary to [what seems to be] popular opinion within Microsoft, they have nothing to lose from making their products compatible with existing standards. As a matter of fact, strict compatibility actually raises the value of all products, including those from Microsoft. Given that fact, it makes no sense for Microsoft to create an incompatible version of Kerberos. And if they do make an incompatible version of Kerberos, it makes even less sense to restrict access to documentation concerning your "extensions." (I can imagine a Microsoft internal memo: "Embracement achieved, on to step two.")
So the situation as it stands is that Microsoft has released a document that they're claiming is a trade secret and copyrighted, parts of it have been posted to Slashdot, and Microsoft is pulling out the DMCA to get those posts removed. Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.
But I really take offense to the fact that they go a step farther and request that a link be removed, and that instructions on bypassing their goofy EULA be removed. First, we've had plenty of discussions on here about the dangers of sites being forced to remove links; specifically at what level do we decide that a chain of links is no longer offensive. If I link to the Slashdot article that links to an "Unauthorized Copy of the Specification," is that a "crime?" How about a link to a link to a link? At some level, I'm sure I could find a chain that I could follow from Microsoft's own website to the offending Slashdot post (for those of you who wish to try, search for "samba" on Microsoft's site, it'll link to www.samba.org, try to find Slashdot from there).
As for posts "Containing Instructions on How to Bypass the End User License Agreement and Extract the Specification," I'd like to see someone from Microsoft explain how that constitutes a copyright violation, as J.K. Weston has stated (under penalty of perjury, no less). Self-extracting zip files are nothing new, J.K. Weston, nor is the concept of using WinZip to extract their contents.
The most offensive part of this whole ordeal, though, is that it's just been five months since Slashdot bailed Microsoft out when Network Solutions mistakenly shut off the passport.com domain on Christmas Eve. How soon Microsoft forgets! If it wasn't for Slashdot, it's likely that Hotmail would have been down for another day or more after Christmas, and that surely would have been a bigger blow, in terms of PR, than a bunch of Linux advocates solving their problems for them.
It's my not so humble opinion that Microsoft is in the process of making yet another major PR blunder. The company is famous for them, and it couldn't come at a worse time than as the Justice Department is trying to get them split up for doing exactly what they're doing right now: changing the specifications of an open protocol to reduce interoperability with other products.
Here's my advice to Microsoft: drop the silly EULA and make your Specification freely available under the terms of the new GNU Free Documentation License, or something like it. You'll gain some PR points, which you desperately need. This provides you with a way out that allows you to save face.
And my advice to anyone who talks to the press regarding this issue: remind them that it was Slashdot that saved Hotmail over Christmas.
- Michael Chaney
If we abide for a moment with the legal fiction that MS Corporation is an entity, then the only reasonable conclusion is that said entity is certifiably insane and not competent to enter into legally-binding contracts.
Really, how could this hogwash stand up in any court of law anywhere that wasn't being bribed senseless by Microsoft?
www.alarmist.org
The DMCA: Redefining Customer Service
If M.C. is reading this: we know that Microsoft sent you a $500 check for your kind restoration of Hotmail. I also remember that you attempted to auction the check of on eBay to raise some money for charity. Can you tell us how much you managed to raise (I expect you had a fair number of fake bids) and where the money went.
Can't Microsoft be sued for applying the Name Kerberos to their Closed Product. Since it is an Open system, and Microsoft has changed it to NOT work with others. Doesn't that eliminate the whole point behind it? And if so, then isn't this an example of Microsoft Using its power to eliminate Competition?
No never your way, always the Microsoft Way. You have no choice
Offtopic:By the way, I WANT MY QUICKTIME 4 FOR LINUX ALREADY
--------========+++Dont Feed The Lab Techs+++========--------
As a monopoly MSFT clearly has much to gain from poor interoperability. They control the vast majority of desktops which need to authenticate to network resources. If authentication the Microsoft way becomes the de-facto standard for many organizations MSFT benefits by being the vendor with the best interoperability with its own products. Other vendors can interoperate, but only as long as MSFT releases the specifications for their "enhancement" and only _after_ MSFT has implemented the enhancement in their own product. MSFT benefits as the "first mover" in a situation where only they can move first.
This level of reasoning probably explains the Microsoft PR babble we have had to suffer about how breaking them up will harm the computer industry, damage the economy, speed up global warming, cause the death of every first-born child, rant, rant...
Essentially yes. Isn't that what goodwill is all about? It struck me as a goodwill post rather than an "expert opinion".
Being a libertarian, I don't believe that anti-trust laws are a good thing at all. Most monopolies exist as a result of government mandate. In the case of other near-monopolies (such as Standard Oil), consumers didn't benefit at all by government intervention. (The price of oil rose, in fact.)
But really, MS has this absurd attitude of "I will do what I want, everyone but us be damned!" So really, waht Bill Gates needs is a good tuning up by Andy Sipowitz in some grungy interview room of the 15th squad.
Cool stuff on GeekPress: Chinese engineer wins site's jackpot, but collecting is tricky / How to Hack a Bank / Helmet o'Death, Almost
-- Diana Hsieh
-- Diana Hsieh
GeekPress: The Weirder Side of Tech News
ISTR he paid by Mastercard :-)
On a more serious note, I live in a country where, IIRC, reverse engineering is specifically permitted, regardless of license conditions, provided it is done for interoperability reasons only. So, I could, perfectly legally, reverse engineer the Win2k bug in order to make Samba+MIT Kerberos interoperable with Win2k. The question is, does the possibility I might be using MS's "secret" published documentation make this more difficult? Equally, is this "EULA" even legally valid? I suspect it wouldn't stand up...
Who cares what device raises a person's public stature? What matters is what he does with it.
His argument seems cogent, and if he alludes to a certain episode in Microsoft's memory of recent embarrassments, so what? There is a small, but finite, chance that it will change Microsoft's mind.
Is it me, or is Microsoft been getting some bad publicity lately? Kerberos-this and Outlook-that... whatever happened to the Slashdot headlines like "Microsoft donates $50,000 to open source development" or "Microsoft plants a tree" or "Microsoft implements cross-platform media initiative"?
Don't want to pay Lars? Sue him!
From the link:It doesn't get much funnier than that.
--
Sheesh, evil *and* a jerk. -- Jade
Microsoft will never open Kerberos now that Slashdot has suggested it. Taking advice from Slashdot would be a sign of Microsoft giving in.
;-)
Maybe next time we should try reverse psycology on them. You know, sarcastically say "Microsoft, don't open up Kerberos...... that would be a BAD thing. No, really, stop it. Don't split. Don't fire Billy Gates. Don't make a reliable OS that doesn't crash every half hour.....".
Maybe, just maybe, they'll fall for it.
Fame is never a reason to be taken seriously. Which is the reason I ignore most celebrities. (i.e just because Sharon Stone dumps her firearms, does that mean I should?) However, to Microsoft, Michael _should_ mean something, as he saved their ugly little keisters a few more days of embarrassment a few months back.
The reason that I respect what he has to say is because he is right.
If liberty means anything at all, it means the right to tell people what they do not want to hear. -- George Orwell
does that really make him an expert on anything?
Yes, on Ethics.
However, I would like to address one part of his post that he left open:
Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.
It is clearly a challenge to the concept of OSS and the GPL. If they can prevail over the community by succeeding in keeping their kerberos "extension" closed source, they win. If they can simultaneously do a little media spinning that shows how lawless OSS advocates are, they win twice. By this I mean that "everyone" knows that Slashdot is a haven for rabid OSS zealots who do nothing but pirate software, trade illegal MP3s on Napster, and read that damn anti-corporatist Noam Chomsky all day long. If M$ can show that these types of people will stop at nothing, including violating license agreements, publishing trade secrets, and being generally abusive towards all things corporate, then they will help stem the tide of converts. It will damage the reputation of OSS and the Free Software movement. It will make conservative businessmen (who outnumber the liberals) baised against OSS in their organizations, etc.
We as a community need to be on guard against these tactics. One good court case taht goes against OSS on top of everything else that is happening regarding the RIAA, MPAA, DeCSS, MP3.com, Napster, etc. and we will have taht much more difficulty gaining broad acceptance. And M$ will have that much more sway over people's opinions.
Certainly they can try to slow the OSS movement down, and give it a bad name, but it can never be stopped unless precedents and laws get in the way of progress and evolution.
------- "One of the joys of travel is visiting new towns and meeting new people." -- G. KHAN
IMHO, it's no different that helping a stranded motorist change a flat tire. An act that in itself expects no rewards. Just the feeling of doing something right for your own piece of mind.
The only trouble is, you're dealing with Microsoft here. During that selfless act, you never expect that motorist to hit you over the head with a tire iron and steal your wallet and car
I truly hope they get themselves out of the corner they've painted themselves into. It would save them face, Slashdot lawyers fees and us techs quite a few headaches in trying to get this to interoperate with standard versions of Kerberos.
Perhaps Win2k SP2 will include changes to Kerberos to put it back to the standard operability that it was designed for.
"History doesn't repeat itself, but it does rhyme." Mark Twain
Some time ago, I read a book by Orsen Scott Card I believe called The Worthing Saga. Part of the book deals with a man who wanted to engineer the destruction of civilization, since he saw humanity and its culture as stagnating.
He proceeded to enginner the total collapse of society, first by purposly angering the "lower people" just enough so that they would be angry, but not revolt. Then he alienated the "upper people" so that they were incinsed, but would not withdraw support. He sent messages out that "All is well, do not worry" while issuing secret messages to people about "how bad things really are."
And when all the pieces were ready, he finally pushed everybody over the edge at once, and everything fell apart all at once, like a house of cards toppled by a child.
I don't hate Microsoft. I've used DOS as far back as I can remember, I've used Windows when that's all I knew. Indirectly, I have a good living as a professional geek and now game reviewer. I like my life, and I owe a part of that to companies like Microsoft.
But the more they act, the more it seems like they are engineering their own demise. They upset people just enough with their competitive practices- and I'm not just talking about making new products, but giving them away to put other people out of business. They upset government officials by continueing to engage in monopoly practices while they are under investigation- from the Kerberos issue to "renting" software at university's at such a low price that college students can't resist, then jacking up the prices after everyones standardized. They put on commercials saying "We innovate, we work hard for you!" while they have "Holloween E-mails" that talk about how scared they are of Linux.
Microsoft is not a bad company. I'm going to say this again: Microsoft is not a bad company. I may not like all of their products, but others I think are great. I like Internet Explorer, I just don't like how it was rammed down my throat.
But with each new story, I become a little angrier at Microsoft, to the point that I'm about to install Linux on my machine at home and only use the Windows partitions for games (hey, I've still got to write my reviews.) And if Microsoft keeps up this behavior, they'll find thier carefully built house of cards all falling to the ground at the same time.
John "Dark Paladin" Hummel
We don't just like games, we love them!
52 Weeks, 52 Religions with John Hummel
Though this guys credentials are as good as anyone's as far as I'm concerned. If his arguments make sense then he is as worthy of attention as the next man.
Of course, there are many people with such low self esteem that they will only listen to opinions from some "authority" on the subject. How else could they possibly know what to think ? Heaven forbid they should actually try judging the worth of the arguments irrespective of where they come from. That would involve thinking for themselves. That's not how things are done in a civilised society - it's not efficient. Instead we must have experts on every topic under the sun who decide these things for us.
http://rareformnewmedia.com/
If you're going to post material copied from Brunching Shuttlecocks you should at least credit them...
The copyright office specifically says bibliograpic references are always legal -- you may not be able to use the text itself, but you can always tell someone where to find the originally published text. The only difference between "Journal of Irr. Results Vol 3.14159 number 1.735 (June 2003) pp 10-12" and www.JIR.joke/volpi/number_sqrt(3)/joes-stuff is one of formatting. I could write either down on the back of a biz card, and take it to a good research library, and be looking at the text in short order... In the case under discussion, posting the actual text (so it comes from a /. drive) is likely a violation for the user. Posting the URL of the page on the MS site, so the acutal bits of the article come from a drive in Redmond, is just citing the published article... (it meets the copyright definition of "fixed in a tangible form", so it counts as "published" -- published for copyright purposes includes so-claimed trade secrets)
Organizer:New England Rubbish Deconstruction Society;The NERDS,first US team in the UK Scrapheap Challenge/Junkyard Wars
This is stupid. Both Microsoft and Slashdot are at fault. Microsoft is at fault by perverting an otherwise open standard, then claiming to have published the changes by forcing anyone wishing to view the documentation through a non-disclosure agreement (faithfully supported by brilliant UCITA legislature). Shame on Microsoft, although it can hardly be called unexpected. But even more shame on Slashdot. The core of the "information wants to be free" meme, is copyright, whether you like it or not. If you want information to be free, you must at the same time respect the same copyright that upholds the GPL (until such copyright laws are done away with). Refusing to remove blatently illegal material is not a first amendment issue...it is a juvenile snub to Microsoft. I'm sure Microsoft has no reservations from unleashing its legaldroids upon Slashdot. It is just dumb. Just as we would not like someone to violate GPL, we cannot at the same time violate an analogous legal (BUT STUPID!) binding. Slashdot should remove the stupid text. We should work to change the laws...not peurily snub our noses at it and then go crying that big bad Microsoft is opressing our first amendment.
It's 10 PM. Do you know if you're un-American?
Well, put the pieces together...
M-I-T-N-I-C-K... :-)
Teach your kids: "C++ made baby Jesus cry."
Quite clearly Microsoft do not think this is the case, and it's not a clear "matter of fact" to me either. Microsoft have done extremely well with their current philosophy; it goes to the core of their anti-competitive nature, which has made Bill Gates a multi-billionaire and the richest man in the world.
Why do Slashdot readers insist they understand the industry better than the single main player in it? Yes, strict compatibility "raises the value of all products", but Microsoft do not want to raise the value of all products, only theirs. They are unique in that this actually poses an advantage to them - no other software company makes a full complement of interoperating software, so these companies are forced to interoperate with each other's stuff properly. Not so Microsoft; they have a vested interest in only interoperating with their own software. You can buy a complete enterprise software setup and never pay a dime to anyone but Microsoft. And that's exactly what their non-interoperability encourages you to do.
The rest of the article seems a little naive given the real matters of fact.
--
It's a
-- Danny Vermin
The bit about posts "Containing Instructions on How to Bypass the End User License Agreement and Extract the Specification" really cracks me up.
.doc file, which I knew StarOffice could probably handle.
How about instructions on how to read the damn license?!
I downloaded that EXE thing and wondered on how to get it "installed" while running Linux. I went about it in the usual Unix way. First I ran "file" on it, which told me it was a windows executable (saw that coming somehow, not a complete dummy me) as well as a "RAR archive".
That's an animal I hadn't heard of, but a quick inspection showed that there was something called "unrar" on my SuSE distro. I ran that and was presented with some sort of
I never did get to see that license. Too bad, because I was kind of curious about the wording.
Just because it wasn't "unethical" doesn't make it an "ethical" action.
What kind of logic is that?
As to what may have driven his actions, Ethics are not about motivations, but about behaviour. The fee was overdue, so the domain was available, he took it, so as to read his e-mail, and gave it back, for he considered it not to be fair to keep the domain. Otherwise, he could have:
He may have gotten a lot of exposure out of this thing, no doubt, but he played pretty fair against MS, and that fully entitles him to ask MS to follow suit.Struggled to keep it or sell it to someone else
Settled for a good amount of cash
Framed the check
Auctioned the check and kept the money
Are you unable to judge an argument based on its logic and rationale? You don't have to be an expert on anything to be able to present intelligent concepts in an eloquent manner. I take people who are unknown, but make sense, more seriously than I take people who are well-know, but wrong.
You seem to take offense to his comments.. "preaching"? He's not preaching to anyone; he's formed an opinion, presented it, and proposed a solution. The basis of his argument is not "I saved the day once, so you should do what I say!" No part of the article hinges on the fact that he's smart man for doing what he did. He lets its merit stand for itself. Why don't you?
I don't know if reading this article and resulting posts makes me sad or not. Someone stands up to voice the same opinion as many people on Slashdot hold and he gets attacked. No wonder OSS has such a lingering bad taste in people's mouths. Nothing like trying to help out and having the people on your side question your motives and character. Face value people. It still exists.
Bad Mojo
Bad Mojo
"If you can't win by reason, go for volume." -- Calvin
Well said! +5 We could use a few more MC's.
More race stuff in one place,
than any one place on the net.
I have a book that says "No part of this publication may be reproduced ..." on page 3. Skipping directly to page 5 does not mean that I'm exempt from this legally binding statement.
I cover my eyes during the FBI warning at the beginning of videos. I still can't copy them.
The illegality of copying the above mentioned book and movie does not derive from the warnings; the warnings are just to remind you of that fact that it's illegal to copy them.
They are not licenses and they do not restrict fair use; thus a movie about MS's extensions to Kerberos could not be reproduced in whole without permission, but you could still use the description therein to implement them.
Chris
San Francisco values: compassion, tolerance, respect, intelligence
In a click-through (aka "ignorable") license...
Police Officer: Sir, did you not see the stop sign?
Motorist: Of course I saw the stop sign! It was drive-through (aka "Ignorable").
Police Officer: Sir, would you please get out of the car?
Just because you can ignore something does not mean that you may ignore it.
According to the page announcing the "publication" of the implementation of the specification, Microsoft stated that it was releasing this document in order to have third-party security analysis and validation that it was within the letter and spirit of the Kerberos spec with the IETF.
I see no reason why we here on /. could not help Microsoft with this aim. After all, we recognize that many of our mutual security problems with viruses and so forth have occurred for precisely the reason that in the past Microsoft was not so open about security matters and did not check with the community at large first.
However, Microsoft needs to understand that any discussion of the document needs to refer to it in detail. Therefore Microsoft needs to withdraw its claim to trade secrets and the EULA requirement.
If Slashdot were to withdraw, in turn, its copy of the copyrighted document, and instead link to an open online copy at Microsoft's site, then why wouldn't everybody be happy and we work together to achieve our mutual objectives?
Thanks, MC, for trying to negotiate a settlement--you are wise and I hope Microsoft responds.
"No part of this publication may be reproduced..." isn't a EULA any more than the GPL is. Copyright in general allows non-holders only very limited reproduction rights, and the statement at the beginning of the book doesn't forbid anything that copyright law already forbids. Likewise, the GPL grants strictly more rights than copyright law does.
If the book stated something like "the information contained herein may be used only for purpose X" or "this book may not be resold without written permission of the publisher", on the other hand, the situations would be more comparable. Part of US copyright law (the "first sale doctrine") allows someone who owns a legal copy the right to resell it and otherwise dispose of it. The INSTANCE of the book is entirely owned by the person who bought it. What isn't allowed is copying it, beyond certain points (e. g. excerpting short passages for review).
The problem here is that Microsoft is putting something on an open web site, offering it for download, and then claiming that use of the information contained in it is restricted (as opposed to merely stating that copying of the information is out).
I think that it's reasonable for Microsoft to ask that the actual copies posted to Slashdot be taken off. They do hold the copyright on the particular expression of the specs. On the other hand, asking that links be removed, or the fact that it can simply be unzipped, strikes me (who's not a lawyer) as ridiculous.
He did a good deed for an evil corporation. It didn't cost him much out of pocket, but he bothered to do it. He entitled to use this soapbox occasionally. If he misuses or overuses it, we may choose to stop listening. We may choose not to listen to him now, but the soapbox is his. That's what free speech is all about. Look into it.
Anomalous: inconsistent with or deviating from what is usual, normal, or expected
Anomalous: deviating from what is usual, normal, or expected
Canard: a false or unfounded repor
At first your insinuation that microsoft could bribe a court "senseless" seemed ludicrous. The US isn't some 3rd world corrupt banana republic. But as i though more about it, bribery could have two forms: one, cash payoffs, or two, the judge could be so scared to rule against microsoft in fear that he would hurt our wonderful economy that he wouldn't impose sanctions. This is in effect a type of bribery brought on by the MS monopoly, which means that no court would rule against MS for fear of losing that payoff, in their wallets (judges own stock too) and the wallets of the country. Not so ridiculous of a term after all.
I am that that is, not that that is not, that is.
The problem is that Microsoft has made that nearly impossible. To publically release a reverse engineered version of Microsoft's Kerberos extensions, the authors would need to be able to prove that they had no access to Microsoft's trade secrets.
No. It's the other way round. And if they really reverse engineered it it's easy to proove that anyway (500 postings to a mailing list discussing various problems; showing some dissassembly blabla...).
\begin{paranoia mode} %Using tex here so
But maybe they suspect someone (for instance samba developers) has a "contact" into microsoft which leaks some "hints". In this case they have silenced that source w.r.t their kerberos stuff because now every developer is aware that he may have to present a stringent documentation of his reverse engineering work and that there mustn't be any "intelligent guessing" involved
\end{paranoia mode}
I think their OS share is a little smaller than that, like 70-80
Everything I've read states that 90+ percent of x86 based PC's sold ship with a MS OS installed. Now, whether that means that more than 70-80% actually run a MS OS once they are put into service may be another thing, since a lot of servers are purchased to run Linux, BSD, commercial UNIX, Novell Netware, OS/2, etc, and a growing number of desktop machines are going to other OSes as well, albiet not nearly as many as the server market.
I think in terms of desktop machines, you'd be hard pressed to push Microsoft's market share numbers down much below 90% even if you counted in all of the non-x86 machines like Macs and RISC UNIX workstations.
Its hard to tell though, as Microsoft tells different stories depending on who they are talking to. When they talk to the DOJ and/or the court, they have major competition, but when they talk to their shareholders and business partners, they don't have any serious competition. When they are talking to themselves, then they are worried about OSS, but only a little, and mostly only because they have difficulty understanding it.
I'm going to reproduce an AC's post found here because it seems very relevant to the copyright issue.
/. apply the precedent to your present case.
There is an interesting precedent on what happens when copyright and first-amendment collide. Some decades ago, the Soviets published a badly bawdlerized version of a dissident's book that had become widely acclaimed in hand-copied "samizdat" editions. When the original was smuggled to the West and published here, the Soviet "publisher" sued for violation of copyright. The court, in throwing out the lawsuit, reasoned that copyright law was being used to stifle a protected political debate: about Communist _praxis_ then, about Microsoft's extend-to-destroy strategy now.
The core of the court's reasoning was based on the original purpose of each clause. When two constitutonal provisions collide, the one that is being used for its original constitutional purpose prevails. The purpose of copyrights was to promote the dissemination of knowledge, by giving a financial incentive to writing and publication. This is the central purpose that must be protected. Other uses of copyright, such as trying to halt the spread of of information that might harm the political interests of the copyright owner, enjoy a lower level of protection, particularly when they act against the original purpose of copyright, and hinder, rather than promote, the dissemination of ideas. Similarly, the original purpose of free speech guarantees was to promote unhindered debate of political issues. Other uses of the 1st amendment's guarantee of free expression - for example, the provision of pornography to masturbators - enjoy less protection. Such secondary uses of the free-spech guarantee may have to give way when they are in conflict wih the central purpose of some other constitutional provision.
In the case that set the precedent - just like the case now - the 1st amendment case involved publication of material going to the heart of a public political controversy, the exact purpose for which the 1st amendment was written into our constituton. As for copyright, it was being used then - just like now - directly _against_ the original constitutional purpose. The Soviets then, and Microsoft now, have tried to use copyright to hinder, rather than promote, the dissemination of knowledge. I hope that the above will help
The above is a very reasonable argument for why Slashdot should not have to censor the offendings posts.
For those who want a copyright-free interpretation of Microsoft's kerberos implementation, try
http://www.thetop.net/kerbos/spec.txt.
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
Given that there is a GPL'd document published that does not have the Microsoft restrictions, I wonder where they stand legally now?
I published this on Friday, but here it is again. Maybe it'll get moderated up this time.
http://www.thetop.net/kerbos/spec.html
http://www.thetop.net/kerbos/spec.txt
Good luck!
-Hope
The domain wasn't available. When he paid the fee, he didn't own the domain in any way whatsoever. Therefore, he didn't give it back. Your comment that he "considered it not to be fair to keep the domain" is completely bogus, since he never had it to begin with.
So, he most certainly could not have "struggled to keep it or sell it to someone else," since he'd have to own it first, nor could he have "settled for a good amount of cash," since Microsoft didn't owe him a single penny.
You make the point of the guy you responded to. You're giving him credit for playing fair simply because he wasn't unfair to them. Just like the guy said, just because it wasn't "unethical" doesn't make it "ethical." His only two options in this situation were (1) pay the bill, or (2) not pay the bill. There was nothing to be fair or unfair about.
And seeing how much publicity he's gotten from his 35 bucks, I'd say it's a Hell of an investment, but no more ethical (or unethical) than playing the stock market.
- Microsoft.com. Search for exact phrase "SAMBA." (include the period)
- Web Workshop - CIFS Products and Vendors
- Samba
- At the bottom of the page select Linuxcare
- then click the Linuxcare logo to go to the US site for Linuxcare
- Under Linux Links select News/Press
- then, finally, Slashdot!
Voila! Microsoft to Slashdot and back in under 10 links.My office has been taken over by iPod people.
I read an in depth article once about the MS extension of Kerebros. Basically, the functional part of the spec involves a string of values. Lets say the spec string had 30 characters. The Kerebros group decided to use only 26 of the characters, leaving the last four unused. MS decided to use these spaces.
I didn't know WinZip had such a sophisticated AI.
/.
/. If the government wants us to respect the law, it should set a better example.
Yes. As was pointed out above, it's a reminder, not a license.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Learn a little more, troll...
Guess where this quote came from:
"Fold extended functionality into commodity protocols / services and create new protocols
"Linux's homebase is currently commodity network and server infrastructure. By folding extended functionality (e.g. Storage+ in file systems, DAV/POD for networking) into today's commodity services, we raise the bar & change the rules of the game"
As the author of this piece, I hereby demand, upon pain of lawsuit, that Slashdot delete the above post, delete this thread, delete this article, delete all backups of all Slashdot data just to be safe, ban this "177" person from the site, personally spank anyone who moderated it up, and for God's sake wash your hands afterwards.
Nah, just kidding. But thanks to everyone who set the record straight as to the authorship of this little bit of absurdity.
If you don't want my koalas, baby, don't shake my eucalyptus tree.
Your first sentence is correct, your second is not. All products do benefit when they are compatibile and interoperable with one another. But Microsoft doesn't want to raise the value of all products. It only wants its own to benefit.
It makes perfect business sense for Microsoft to try to lower the value of competing products by preventing interoperability with its own. It's called lock-in, and it increases switching costs for users and barriers to entry for competitors. It's a strategy that makes perfect sense if you have a dominant (especially monopoly) position, and little or no sense if you don't have such a position. Harness network effects to exclusively benefit your product, what could be simpler?
The only time this doesn't pay off is if it sufficiently alienates customers or developers. So far, Microsoft has managed to hew a fine line where such alienation has not outweighed the benefits of its platform. It's up to knowledgeable people to point out the oft-hidden costs and risks of adopting Microsoft's technology approach.
Remember, in reality, most of Microsoft's succesful innovations have been *legal* innovations, beginning with their DOS contract and extending through various exclusive OEM agreements and their chiseling away at the Java contract and DOJ Consent Decree. Their trade-secret licensing of Kerberos and their attempt to license software on a renewal basis (first at universities) are just the latest examples of this. Just what you'd expect from a firm founded by the bright son of a lawyer.
--LinuxParanoid, paranoid for Linux's sake
Copyright notices only inform the reader (viewer, listener, etc.) of restrictions that are already in place. There is nothing to agree to; the copyright is enforced by law.
A license agreement, OTOH, is by definition something you either agree to or do not. And a license is a restriction on use, not reading or viewing.
If I own a book, the book has a copyright on it but no license. By law (not agreement), I am forbidden from doing things like ripping out the pages and photocopying it, or scanning it onto the Web. I am expressly forbidden from copying it.
However, there are no end to things I can do with that book. I can give it to somebody. I can lend it out. I can resell it. I can mark it up with a highlighter. I can even use the author's own words against him or her.
Imagine this: I buy a book written by somebody I dislike. I can then write an editorial, tearing his views apart, using little pieces from the book to do so (this is "fair use", so I don't violate copyright law). This is all completely legal.
Now what if he puts something in the introduction: "By reading this book, you agree not to critique, insult, or inconvenience the author in any way".
Guess what? I can do exactly what I intend to do just as if that wasn't in the book. I read the agreement, I am aware of the agreement, but I don't agree with the agreement. Reading a book doesn't require me to agree with anything written in it. There is no law backing that statement up, unless UCITA applies to books as well (and then only in Virginia?).
If there is such a law, we're all in for a world of hurts. Consider the following scenarios.
You go to a movie. The film company got a huge investment from Pepsi. Not only does the movie show a number of people drinking Pepsi products, but an opening crawl before the opening credits states "By watching this film, you agree never to purchase products by the Coca-Cola Company". And if you think that's bad, wait until it comes out on video and they start playing it on transcontinental flights (where you can't walk out of the theatre).
You tune in a Pearl Jam song on the radio. The latest hit has Eddie Vedder singing the chorus "By listening to this song/you agree to not do wrong/to stop paying those bastards/that work at TicketMaster".
And my personal favorite:
By reading this post, the Slashdotter agrees to pay me $20. $30 for Anonymous Cowards.
--The basis of all love is respect
All in all, a good article; however, in regard to:
Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.
I believe that a main point of this release that MC missed is that by releasing these the specs for Kerberos in this manner, they have tainted the water, in as much as they have made it near impossible for someone such as the Samba team to prove that they developed the correct methods to extend Kerberos into the same areas as MS without using MS's copyrighted, freely available, EULA protected methods.
"I find that the harder I work, the more luck I seem to have." -- Thomas Jefferson
Now, less than a year later, Microsoft takes Kerberos, an existing open standard, and changes it with the sole purpose of stopping interoperability between Windows 2000 machines and other clients not developed by them. As if that wasn't bad enough, they then publish their Kerberos spec with such a tight licence that the information in it is rendered useless to all that read it. In fact those that read it no longer have the right to develop their own Kerberos client with the information contained in the spec. So basically, Microsoft published the spec with the sole intention of slowing down development of alternative clients (i.e. Kerberos clients for Linux).
One must now wonder what is Microsoft's stance on open standards. Are they for or against them? I would like to close with two quotes from Microsoft's letter to AOL as mentioned above. The meaning is the same, but the technology is different.
Period!
PERIOD!
More race stuff in one place,
than any one place on the net.
(1) The information can no longer be assumed to be a trade secret.
(2) It's not patented.
(3) The Microsoft document is copyrighted, but the information can be disseminated in any way other than their document.
Solution: Rewrite the document
Like this: http://www.thetop.net/kerbos/spec.html
I've got a message posted below, but it's buried too deep to get moderated up. Hopefully, it can see some light up here.
So far, over 100 hits since I posted two hours ago. The server wouldn't mind a couple thousand... it's bored out of its skull anyway.
-Hope
The data field used by MS Kerberos is being used within the spirit and letter of the spec, if you believe the original designers of Kerberos. Non-MS implementations don't look for a value in that field, and work as before. The only "incompatibility" involved is that non-MS software can't take advantage of the data in the field, and MS clients don't work without it. Don't buy Windows 2000 if you want to use a non-MS KDC. Furthermore, if MS had not used Kerberos, Linux machines would be totally unable to use MS servers for authentication. This use of standards benefits the Linux community, by allowing companies to use Linux on some of their desktops.
We all know that Linux does not have a standard for distributed group memberships. This is just one of the benefits of using Microsoft systems as servers. If some of your services don't need this functionality, then you are free to use MS Kerberos for authentication and use local authorization. For the rest of us, we take advantage of the features MS provides.
Why would you expect MS to give away its products and intellectual property for free? They produced software that allows easier management of larger distributed systems, that is better than what is available for Linux. Allowing their servers to take the place of other servers over Linux networks is in their interest. Allowing their workstations to access resources on Linux servers is in their interest, but their biggest profit comes from the whole package. We should not expect them to make it possible for someone using a Linux infrastructure to get the benefits MS is trying to make money off of. Their interest is best served by making people buy it from them if they want the MS features.
Bottom line: If you want distributed Authentication, any Kerberos implementation will do, including that from MS, for either servers or workstations. If you want the additional benefit of distributed authorization, everyone involved needs to speak that extended data field. Since that field is for third party use, MS made use of it. If you want the benefits that come from that MS field, use MS products all around. If you don't think it's worth it, don't buy from them. If you want, you can define your own schema for that field, and try to sell that. MS did nothing wrong here.
--Sandy
As I see it, EULA is only valid if it is presented at the moment before transaction is performed -- Microsoft may think that running self-extracting executable is a transaction that makes the text of specification available. However then ff transaction can be performed without the user doing anything that may indicate that he accepts the license (uncompressing the file without running it), then only copyright applies, with all fair use provisions untouched.
Of course, there are other issues that may invalidate the EULA even if it was accepted, and may invalidate the claims about trade secrets (you can't call something a secret and distribute it to everyone undiscriminately, so if something was taken from Microsoft, it definitely wasn't a secret).
Contrary to the popular belief, there indeed is no God.
As UCITA has been passed and signed into law in two states, this could be a problem if the Web Server that the EXE appeared on had physical residence in Virginia or that other backwards state that passed it.
Under the terms of UCITA, you don't even have to read the non-extracted file that you didn't know was there to have basically given away all your rights to MSFT. The non-publication of the license still makes it enforceable, and they now can hunt inside your computer system, without court order or permission, to try to find the Kerboros spec if they determine that you violated the license from their perspective. You're automatically presumed guilty before being proven innocent. It's up to you to pay the legal fees, and you have no recourse.
At least UCITA hasn't even appeared in Washington State, we're not that gullible about tech stuff. Plus I told about half the state officials, state reps, and state senators about it.
Will in Seattle
I think when you said "It's like Gnutella; who do you persecute?" you hit the nail on the head. But reverse engineering is not the best tactic. Like pirating the music files, it's best to pass the alledgely illegal act downward to the masses.
But the trick is not to implement the Microsoft extensions; after all, to follow the analogy, the Gnutella authors didn't pirate all the mp3's. Even if the authors are anonymous, let's keep it hard to claim the product itself is illegal.
What you want to do is make a kerberos implementation in which one may specify the meaning of that the key "extension" bytes on the command line. As in "kinit -byte26 128" instead of just "kinit". (Actually, I'm not sure how it would work on the command line, the above example is surely wrong -- the key here is that any information gleaned from MS trade secrets is specified by the user, not in the program which you distribute. Perhaps it won't be in the command line, but in a configuration file the user will have to generate. Perhaps a generic kerberos like protocol description language is needed.)
If users around the world look up the spec and make bash aliases for kinit so they don't even have to remember it or waste the keystrokes, it's a widely distributed crime, let MS go after all of them. You just passed the ability to comply to the MS extension to the world, and let them choose whether or not to do it.
This strategy fits in with the general trend of successful challenges to these restrictions: just make it easy for people to do it, provide them the tools.
The open publication of the extension spec is a bait to get someone into a position vulnerable to legal harassment. We can trump this by simply passing on the trick to more people than all the lawyers in Redmond can list in a Excell spreadsheet; don't nibble at it yourself, for God's sake.
(MIT, right?)
If MS can't be made to open up the standard, then maybe they can be forced to drop the name "Kerberos", at least from the clients, as they are not compatible with a "standard" Kerberos server.
After all, that's one of the reasons why Linus owns the Linux trademark, right? If MS came out with "Microsoft Linux" (ignoring the GPL for a moment), but it only worked with its own proprietary file system extensions, or some other change, I presume Linus could LART them for that and get them to drop the name.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }