Slashdot Mirror
Michael Chaney asks Microsoft to Open Kerberos
On Microsoft, Kerberos, Slashdot, and Trade Secrets
A few months ago at an NLUG meeting, I jokingly asked a presenter to reveal his root password to the assemblage, adding "it's just us, we won't tell anybody." The "us" in this case referred to the 50 or so people in the room, and we had a chuckle while the presenter wisely decided against giving us his password.
The point of this story is something that we all know to be obvious: the level of secrecy afforded a piece of information by a recipient of that information is directly related to the way in which the secret piece of information is passed along. A password freely given to all in a user group meeting wouldn't be held in much confidence by the people present; they wouldn't really consider it a secret.
Likewise, it's difficult for anyone to consider a document to be a trade secret if it's posted on a website for anybody to freely download. Yet this is precisely the manner in which Microsoft is distributing their "Microsoft Authorization Data Specification v. 1.0 for Microsoft Windows 2000 Operating Systems," which we know is nothing more than a slightly modified version of Kerberos.
In a click-through (aka "ignorable") license, Microsoft states that their specification is "confidential information and a trade secret," and that "you must take reasonable security precautions... to keep the Specification confidential." Who, exactly, must I keep from knowing this "secret" information? Presumably someone without internet access.
Contrary to [what seems to be] popular opinion within Microsoft, they have nothing to lose from making their products compatible with existing standards. As a matter of fact, strict compatibility actually raises the value of all products, including those from Microsoft. Given that fact, it makes no sense for Microsoft to create an incompatible version of Kerberos. And if they do make an incompatible version of Kerberos, it makes even less sense to restrict access to documentation concerning your "extensions." (I can imagine a Microsoft internal memo: "Embracement achieved, on to step two.")
So the situation as it stands is that Microsoft has released a document that they're claiming is a trade secret and copyrighted, parts of it have been posted to Slashdot, and Microsoft is pulling out the DMCA to get those posts removed. Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.
But I really take offense to the fact that they go a step farther and request that a link be removed, and that instructions on bypassing their goofy EULA be removed. First, we've had plenty of discussions on here about the dangers of sites being forced to remove links; specifically at what level do we decide that a chain of links is no longer offensive. If I link to the Slashdot article that links to an "Unauthorized Copy of the Specification," is that a "crime?" How about a link to a link to a link? At some level, I'm sure I could find a chain that I could follow from Microsoft's own website to the offending Slashdot post (for those of you who wish to try, search for "samba" on Microsoft's site, it'll link to www.samba.org, try to find Slashdot from there).
As for posts "Containing Instructions on How to Bypass the End User License Agreement and Extract the Specification," I'd like to see someone from Microsoft explain how that constitutes a copyright violation, as J.K. Weston has stated (under penalty of perjury, no less). Self-extracting zip files are nothing new, J.K. Weston, nor is the concept of using WinZip to extract their contents.
The most offensive part of this whole ordeal, though, is that it's just been five months since Slashdot bailed Microsoft out when Network Solutions mistakenly shut off the passport.com domain on Christmas Eve. How soon Microsoft forgets! If it wasn't for Slashdot, it's likely that Hotmail would have been down for another day or more after Christmas, and that surely would have been a bigger blow, in terms of PR, than a bunch of Linux advocates solving their problems for them.
It's my not so humble opinion that Microsoft is in the process of making yet another major PR blunder. The company is famous for them, and it couldn't come at a worse time than as the Justice Department is trying to get them split up for doing exactly what they're doing right now: changing the specifications of an open protocol to reduce interoperability with other products.
Here's my advice to Microsoft: drop the silly EULA and make your Specification freely available under the terms of the new GNU Free Documentation License, or something like it. You'll gain some PR points, which you desperately need. This provides you with a way out that allows you to save face.
And my advice to anyone who talks to the press regarding this issue: remind them that it was Slashdot that saved Hotmail over Christmas.
- Michael Chaney
As a monopoly MSFT clearly has much to gain from poor interoperability. They control the vast majority of desktops which need to authenticate to network resources. If authentication the Microsoft way becomes the de-facto standard for many organizations MSFT benefits by being the vendor with the best interoperability with its own products. Other vendors can interoperate, but only as long as MSFT releases the specifications for their "enhancement" and only _after_ MSFT has implemented the enhancement in their own product. MSFT benefits as the "first mover" in a situation where only they can move first.
From the link:It doesn't get much funnier than that.
--
Sheesh, evil *and* a jerk. -- Jade
I am not M.C. but from his website, you can see that he gave the check to John of SwiftView inc, which did the following (from their website here):
The nearly famous $500 Chaney Microsoft Hotmail domain registration check was purchased by SwiftView for $7,100. We are donating this money to the Sisters of the Road Cafe' in Portland, Oregon, a small non-profit restaurant feeding hundreds of homeless and low-income residents of Portland's Burnside Community.
Michael Chaney is the original owner of this check and auctioning it for charity is his idea. He is also contributing an additional $2,500 for a total of $9,600. As noted on his site and the links below, he hopes that Microsoft will make an additional contribution.
However, I would like to address one part of his post that he left open:
Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.
It is clearly a challenge to the concept of OSS and the GPL. If they can prevail over the community by succeeding in keeping their kerberos "extension" closed source, they win. If they can simultaneously do a little media spinning that shows how lawless OSS advocates are, they win twice. By this I mean that "everyone" knows that Slashdot is a haven for rabid OSS zealots who do nothing but pirate software, trade illegal MP3s on Napster, and read that damn anti-corporatist Noam Chomsky all day long. If M$ can show that these types of people will stop at nothing, including violating license agreements, publishing trade secrets, and being generally abusive towards all things corporate, then they will help stem the tide of converts. It will damage the reputation of OSS and the Free Software movement. It will make conservative businessmen (who outnumber the liberals) baised against OSS in their organizations, etc.
We as a community need to be on guard against these tactics. One good court case taht goes against OSS on top of everything else that is happening regarding the RIAA, MPAA, DeCSS, MP3.com, Napster, etc. and we will have taht much more difficulty gaining broad acceptance. And M$ will have that much more sway over people's opinions.
Certainly they can try to slow the OSS movement down, and give it a bad name, but it can never be stopped unless precedents and laws get in the way of progress and evolution.
------- "One of the joys of travel is visiting new towns and meeting new people." -- G. KHAN
Some time ago, I read a book by Orsen Scott Card I believe called The Worthing Saga. Part of the book deals with a man who wanted to engineer the destruction of civilization, since he saw humanity and its culture as stagnating.
He proceeded to enginner the total collapse of society, first by purposly angering the "lower people" just enough so that they would be angry, but not revolt. Then he alienated the "upper people" so that they were incinsed, but would not withdraw support. He sent messages out that "All is well, do not worry" while issuing secret messages to people about "how bad things really are."
And when all the pieces were ready, he finally pushed everybody over the edge at once, and everything fell apart all at once, like a house of cards toppled by a child.
I don't hate Microsoft. I've used DOS as far back as I can remember, I've used Windows when that's all I knew. Indirectly, I have a good living as a professional geek and now game reviewer. I like my life, and I owe a part of that to companies like Microsoft.
But the more they act, the more it seems like they are engineering their own demise. They upset people just enough with their competitive practices- and I'm not just talking about making new products, but giving them away to put other people out of business. They upset government officials by continueing to engage in monopoly practices while they are under investigation- from the Kerberos issue to "renting" software at university's at such a low price that college students can't resist, then jacking up the prices after everyones standardized. They put on commercials saying "We innovate, we work hard for you!" while they have "Holloween E-mails" that talk about how scared they are of Linux.
Microsoft is not a bad company. I'm going to say this again: Microsoft is not a bad company. I may not like all of their products, but others I think are great. I like Internet Explorer, I just don't like how it was rammed down my throat.
But with each new story, I become a little angrier at Microsoft, to the point that I'm about to install Linux on my machine at home and only use the Windows partitions for games (hey, I've still got to write my reviews.) And if Microsoft keeps up this behavior, they'll find thier carefully built house of cards all falling to the ground at the same time.
John "Dark Paladin" Hummel
We don't just like games, we love them!
52 Weeks, 52 Religions with John Hummel
If you're going to post material copied from Brunching Shuttlecocks you should at least credit them...
The copyright office specifically says bibliograpic references are always legal -- you may not be able to use the text itself, but you can always tell someone where to find the originally published text. The only difference between "Journal of Irr. Results Vol 3.14159 number 1.735 (June 2003) pp 10-12" and www.JIR.joke/volpi/number_sqrt(3)/joes-stuff is one of formatting. I could write either down on the back of a biz card, and take it to a good research library, and be looking at the text in short order... In the case under discussion, posting the actual text (so it comes from a /. drive) is likely a violation for the user. Posting the URL of the page on the MS site, so the acutal bits of the article come from a drive in Redmond, is just citing the published article... (it meets the copyright definition of "fixed in a tangible form", so it counts as "published" -- published for copyright purposes includes so-claimed trade secrets)
Organizer:New England Rubbish Deconstruction Society;The NERDS,first US team in the UK Scrapheap Challenge/Junkyard Wars
This is stupid. Both Microsoft and Slashdot are at fault. Microsoft is at fault by perverting an otherwise open standard, then claiming to have published the changes by forcing anyone wishing to view the documentation through a non-disclosure agreement (faithfully supported by brilliant UCITA legislature). Shame on Microsoft, although it can hardly be called unexpected. But even more shame on Slashdot. The core of the "information wants to be free" meme, is copyright, whether you like it or not. If you want information to be free, you must at the same time respect the same copyright that upholds the GPL (until such copyright laws are done away with). Refusing to remove blatently illegal material is not a first amendment issue...it is a juvenile snub to Microsoft. I'm sure Microsoft has no reservations from unleashing its legaldroids upon Slashdot. It is just dumb. Just as we would not like someone to violate GPL, we cannot at the same time violate an analogous legal (BUT STUPID!) binding. Slashdot should remove the stupid text. We should work to change the laws...not peurily snub our noses at it and then go crying that big bad Microsoft is opressing our first amendment.
It's 10 PM. Do you know if you're un-American?
Well, put the pieces together...
M-I-T-N-I-C-K... :-)
Teach your kids: "C++ made baby Jesus cry."
Quite clearly Microsoft do not think this is the case, and it's not a clear "matter of fact" to me either. Microsoft have done extremely well with their current philosophy; it goes to the core of their anti-competitive nature, which has made Bill Gates a multi-billionaire and the richest man in the world.
Why do Slashdot readers insist they understand the industry better than the single main player in it? Yes, strict compatibility "raises the value of all products", but Microsoft do not want to raise the value of all products, only theirs. They are unique in that this actually poses an advantage to them - no other software company makes a full complement of interoperating software, so these companies are forced to interoperate with each other's stuff properly. Not so Microsoft; they have a vested interest in only interoperating with their own software. You can buy a complete enterprise software setup and never pay a dime to anyone but Microsoft. And that's exactly what their non-interoperability encourages you to do.
The rest of the article seems a little naive given the real matters of fact.
--
It's a
-- Danny Vermin
The bit about posts "Containing Instructions on How to Bypass the End User License Agreement and Extract the Specification" really cracks me up.
.doc file, which I knew StarOffice could probably handle.
How about instructions on how to read the damn license?!
I downloaded that EXE thing and wondered on how to get it "installed" while running Linux. I went about it in the usual Unix way. First I ran "file" on it, which told me it was a windows executable (saw that coming somehow, not a complete dummy me) as well as a "RAR archive".
That's an animal I hadn't heard of, but a quick inspection showed that there was something called "unrar" on my SuSE distro. I ran that and was presented with some sort of
I never did get to see that license. Too bad, because I was kind of curious about the wording.
Given that there is a GPL'd document published that does not have the Microsoft restrictions, I wonder where they stand legally now?
I published this on Friday, but here it is again. Maybe it'll get moderated up this time.
http://www.thetop.net/kerbos/spec.html
http://www.thetop.net/kerbos/spec.txt
Good luck!
-Hope
- Microsoft.com. Search for exact phrase "SAMBA." (include the period)
- Web Workshop - CIFS Products and Vendors
- Samba
- At the bottom of the page select Linuxcare
- then click the Linuxcare logo to go to the US site for Linuxcare
- Under Linux Links select News/Press
- then, finally, Slashdot!
Voila! Microsoft to Slashdot and back in under 10 links.My office has been taken over by iPod people.
Your first sentence is correct, your second is not. All products do benefit when they are compatibile and interoperable with one another. But Microsoft doesn't want to raise the value of all products. It only wants its own to benefit.
It makes perfect business sense for Microsoft to try to lower the value of competing products by preventing interoperability with its own. It's called lock-in, and it increases switching costs for users and barriers to entry for competitors. It's a strategy that makes perfect sense if you have a dominant (especially monopoly) position, and little or no sense if you don't have such a position. Harness network effects to exclusively benefit your product, what could be simpler?
The only time this doesn't pay off is if it sufficiently alienates customers or developers. So far, Microsoft has managed to hew a fine line where such alienation has not outweighed the benefits of its platform. It's up to knowledgeable people to point out the oft-hidden costs and risks of adopting Microsoft's technology approach.
Remember, in reality, most of Microsoft's succesful innovations have been *legal* innovations, beginning with their DOS contract and extending through various exclusive OEM agreements and their chiseling away at the Java contract and DOJ Consent Decree. Their trade-secret licensing of Kerberos and their attempt to license software on a renewal basis (first at universities) are just the latest examples of this. Just what you'd expect from a firm founded by the bright son of a lawyer.
--LinuxParanoid, paranoid for Linux's sake
Copyright notices only inform the reader (viewer, listener, etc.) of restrictions that are already in place. There is nothing to agree to; the copyright is enforced by law.
A license agreement, OTOH, is by definition something you either agree to or do not. And a license is a restriction on use, not reading or viewing.
If I own a book, the book has a copyright on it but no license. By law (not agreement), I am forbidden from doing things like ripping out the pages and photocopying it, or scanning it onto the Web. I am expressly forbidden from copying it.
However, there are no end to things I can do with that book. I can give it to somebody. I can lend it out. I can resell it. I can mark it up with a highlighter. I can even use the author's own words against him or her.
Imagine this: I buy a book written by somebody I dislike. I can then write an editorial, tearing his views apart, using little pieces from the book to do so (this is "fair use", so I don't violate copyright law). This is all completely legal.
Now what if he puts something in the introduction: "By reading this book, you agree not to critique, insult, or inconvenience the author in any way".
Guess what? I can do exactly what I intend to do just as if that wasn't in the book. I read the agreement, I am aware of the agreement, but I don't agree with the agreement. Reading a book doesn't require me to agree with anything written in it. There is no law backing that statement up, unless UCITA applies to books as well (and then only in Virginia?).
If there is such a law, we're all in for a world of hurts. Consider the following scenarios.
You go to a movie. The film company got a huge investment from Pepsi. Not only does the movie show a number of people drinking Pepsi products, but an opening crawl before the opening credits states "By watching this film, you agree never to purchase products by the Coca-Cola Company". And if you think that's bad, wait until it comes out on video and they start playing it on transcontinental flights (where you can't walk out of the theatre).
You tune in a Pearl Jam song on the radio. The latest hit has Eddie Vedder singing the chorus "By listening to this song/you agree to not do wrong/to stop paying those bastards/that work at TicketMaster".
And my personal favorite:
By reading this post, the Slashdotter agrees to pay me $20. $30 for Anonymous Cowards.
--The basis of all love is respect
Now, less than a year later, Microsoft takes Kerberos, an existing open standard, and changes it with the sole purpose of stopping interoperability between Windows 2000 machines and other clients not developed by them. As if that wasn't bad enough, they then publish their Kerberos spec with such a tight licence that the information in it is rendered useless to all that read it. In fact those that read it no longer have the right to develop their own Kerberos client with the information contained in the spec. So basically, Microsoft published the spec with the sole intention of slowing down development of alternative clients (i.e. Kerberos clients for Linux).
One must now wonder what is Microsoft's stance on open standards. Are they for or against them? I would like to close with two quotes from Microsoft's letter to AOL as mentioned above. The meaning is the same, but the technology is different.
(1) The information can no longer be assumed to be a trade secret.
(2) It's not patented.
(3) The Microsoft document is copyrighted, but the information can be disseminated in any way other than their document.
Solution: Rewrite the document
Like this: http://www.thetop.net/kerbos/spec.html
I've got a message posted below, but it's buried too deep to get moderated up. Hopefully, it can see some light up here.
So far, over 100 hits since I posted two hours ago. The server wouldn't mind a couple thousand... it's bored out of its skull anyway.
-Hope