Slashdot Mirror
FSF & OSI Speak out Against Sender-ID License
NW writes "As a followup to yesterday story, Eben Moglen of FSF and Larry Rosen of OSI have publically spoken out against Microsoft's Sender-ID license calling it incompatible with the GPL and Open Source. A related eWeek story also covers this and includes the following quote from Eric Allman, the author of Sendmail: "It's pretty clear that it's going to take an act of whatever deity Microsoft worships in order to get them to back down on the sublicensing issue. They made it absolutely clear to us that they were not even going to consider changing this, and the legal folks made it further clear that they would rather see Sender ID die than back down.""
So be it.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
Eben-Wan Kenobi: "I don't think so."
OK, so the "back down" is directed the other direction, but it sounds so right, doesn't it?
We may experience some slight turbulence and then...explode. -Capt. Mal Reynolds
Someone actually want to link to a reference where this statement was made?
Dear Bill,
Regarding mandatory Sender-ID licensing.
Get bent!!!
Yours Sincerly,
jo42 (on behalf of the rest of the world)
That would be an act of Dollar, the almighty god of commerce. Worshiped by by corporations and monopolists around the world.
It's quite clear that this is the best strategy that Microsoft has against Free Software. MS _may_ not get to point where they directly sue over patents and copyrights but be assured that they will work very hard to create useful and popular things that are legally incompatible with Free Software.
I wonder how feasible it would be for Free Software to fight back by embrace and extending some ubiquitious and vital technology the way Microsoft hs tried with e-mail and the Web, getting a patent on it, and then licensing it under some GPL-like license?
Sadly (for some, at least), this would be a strike at business in general, and I'm not sure everyone would want to attack an entire industry based on the actions of a few unruly members, and open source probably isn't big enough to do it to the entire industry. Personally, I'd just make a commercial licensing option that is more BSD-like for some vendors with a specific "No Microsoft" clause.
It'd be fun to see what happens to Microsoft if we could effectively make it impossible to provide some service from Windows servers. Maybe actually bring competition back to the market.
</knee-jerk>
"No Microsoft" is still "Not Free".
:)
This is one of those moments where you have to reflect on what TRULY free TRULY means.
For example, Free Speech means you can say something that I absolutely, 100% disagree with, or even despise you as a person for, yet you are acting within the law (whether I is joe citizen or the US government).
Or, as has been mis-attributed to Voltaire a few times, "I disapprove of what you say, but I will defend to the death your right to say it".
If you truly believe your software, or ALL software should be free, that means ANYONE, including Microsoft, MUST be allowed to use it (within the terms of the particular "Free-compatible" license, of course).
I wouldn't expect to see MS modifying and sharing any GPL code anytime soon, but they have used BSD code in the past, and I have no doubt they do use binaries of GPL'd projects (but would naturally avoid tainting themselves by looking, let along modifying, sources).
You can't pick and choose and still call it 'Free'.
I recognize your knee-jerk tag - so just consider this the second part of a knee-jerk chain reaction
Xentax
You shouldn't verb words.
I wouldn't expect to see MS modifying and sharing any GPL code anytime soon, but they have used BSD code in the past, and I have no doubt they do use binaries of GPL'd projects (but would naturally avoid tainting themselves by looking, let along modifying, sources).
They already distribute GPL licensed code. See Windows Services for UNIX 3.5. It includes gcc, g++, make, rcs, awk, grep, sed, tar, cpio, etc.
-molo
Using your sig line to advertise for friends is lame.
The EFF should be patenting open source technologies right and left.
-I like my women like I like my tea: green-
As long as Microsoft is incorporating SPF into their solution, then it doesn't really matter if few providers use SenderID (as long SPF is widely adopted).
SPF provides the means to eliminate the most egregious spammers by eliminating all emails with forged headers and providing a means to ensure that the sender is complying with the rules set by their ISP. It is simple to implement because it uses already existing features of SMTP and DNS to operate, and it does not need to be adopted "all at once" by every ISP, as it does not interupt mail being sent to/from non-participating ISPs until the provider using it makes that decision themselves. It is also possible for a user (of a participating ISP) to incorporate SPF response into their filters in such a way that it would not eliminate any legitimate mails, and it would still be effective at helping the user to identify spam.
It will help ISPs verify that their users are violating policy by sending spam. It will help make blacklists more accurate by identifying ISPs that permit or encourage spammers to use their services.
Read the FAQ.
As long there is progress toward wide adoption of SPF, there is little reason to argue over Microsoft's SenderID licensing scheme. If their protocol cannot be used with qmail, sendmail, and other high reliability/security servers, it will not be adopted. As long as Microsoft has followed its stated intention to adopt SPF as part of SenderID, then SPF will work for everyone, including those using SenderID.
Read, L
Practically speaking, what does this mean? That we won't be able to send emails to hotmail.com, msn.com and microsoft.com unless we use Sender ID enabled mail servers? What exactly does Sender ID do that will cause a problem of incompatibility for the open source community? I understand that Sendmail and others won't be able to implement it as is, but what does not being able to implement it mean?
I'd like to see separate Agree/Disagree mods that don't use up karma, and don't have a cap (on either the post's rating or the user's hoarding ability). I'd also like to see high-score tables for those (as in, all-time agreeable and disagreeable posts, most and least agreeable average-over-lifetime and -over-last-20-posts, plus the extremes for this month, the last 24 hours, and top/bottom 3 posts in each story.
Maybe allocate one agree/disagree point per user per visit-day (ACs don't get any) and allow someone to spend up to two on a post (as in "strongly-agree, agree, don't-know-or-don't-care, disagree, strongly-disagree").
I think having a discrete "agree/disagree" channel will help the noodles get feelings off their chests without modding to their feelings instead of impartial merit.
I'd also like to see the "real" mods split out into quality-of-language, quality-of-interest and quality-of-data. At the moment, there's no way of saying "this is interesting and based on quality data/good links but the language sucks" or "nice post but lacks supporting data".
Got time? Spend some of it coding or testing
"You can have my gun when you pry it from my cold dead hands!"
"Your proposal is... acceptable."
Can't find a still of Edgar getting his face ripped off, though.
Got time? Spend some of it coding or testing
This is one of those moments where you have to reflect on how freedoms work and then recognize that we cannot afford to support those who would take other freedoms away.
Software proprietors like the new BSD license (among others) because it allows them to build on the program and not share their improvements in a form which allows others to excercise their software freedom to inspect, share, and modify the software. As you have pointed out, Microsoft has done this.
We don't gain or retain software freedom by trying to grant all possible freedoms to all people and all organizations. Extending such power to those who would build on our commons and then take our commons away from us with their superior advertising or patent acquisition power is unwise. Their proprietary variant of the program could become the de facto standard. Then we would either end up working for them by continuing to make gifts of code to them (thus treating a business like a charity and competing against a derivative of our own code) or we would be defeated in our struggle to maintain a software commons. If their new algorithms are patented, we lose the opportunity to outcompete until the patent expires, no matter how skilled a programmer we are. Waiting for patents to expire means our software will be less competitive, possibly obsolete.
It is not our job in society to look out for businesses. However, time has shown that businesses are willing to share and modify code as equals under a strong copylefted license like the GPL. This kind of cooperation is beneficial in more important ways than adding hackers to a project. I'm not anti-business, I'm against giving business the power to step on my software freedom. I'm all for giving people choices in licensing, but I want more people to realize the ramifications of that power, not select a license because of some enclosure-movement-friendly misinterpretation of freedom and power.
Digital Citizen
I have no doubt they do use binaries of GPL'd projects (but would naturally avoid tainting themselves by looking, let along modifying, sources).
There is nothing wrong with looking at the source or even modifying it. Microsoft knows this (although they won't say that publically to avoid counteracting their FUD) and I'm sure they are modifying and testing GPL code plenty in there.
What they cannot do (without releasing the source) is redistribute the software. And they are not doing that.
"tainting" is a bogus argument, used to scare people from the GPL. I know for a fact that Microsoft has zero qualms about hiring people with intimate familiarity with GPL software, so they are litarlly lying when they make claims about this. If in fact "tainting" was true, Microsoft could not hire anybody with a single bit of exposure to any copyrighted or proprietary code. They would have to teach their employees in a private school from when they are 5 years old and prevent all contact with the outside world. Obviously they do not do this. "Tainting" is a lie and probably the deepest, most insidious piece of FUD from Microsoft. It's very sad when you see people who think they disagree with Microsoft fall into repeating it.
So, we have MS, who appears to be trying to hijack the IETF Sender ID MADRID Proposal. Hijacking? Umm, yes. Why yes? Because it is a fact not lost on this anonymous coward that all of the spam is originiating from machines running software provided by his master himself. The quiet squabble a few months back when himself said that targeted email marketing was a good idea, and was moving forward with "ethical spammers" to integrate targetted marketing into hotmail.
Also, the "If the whole world Ran My Software," all of these problems would vanish attitude. Well, most of the world does, and most of the problems result from that fact.
Many folks whimper and cry that their os of choice is so much better, because an exploit for another os doesn't run on theirs, umm, well, uh, yeah.
I just recently broke down and got a XP Pro laptop to help with doing security assesments. Low and behold, applying SP2 breaks the machines ability to do anything useful. MS is quoted as saying "We have removed support for TCP sends over RAW sockets in SP2.
We surveyed applications and found the only apps using this on XP were
people writing attack tools." Umm, why am I reminded of Zaphod Beeblebrox's Super-Chromatic Peril Sensitive Sunglasses? If I can't see the problems in my network, they must not be there.
So, the three stooges, Steve, Jim and Billy are going to save us from the mess they made so much money creating by offering a new way to stomp out the competition. Just use Exchange, or Sign our License to use our not-disclosed patented processes, right here, in blood if you will, and all of your spam problems will go away. You can just hear the evil laughter.
They are the spammers. Simple fact, put products under the nose of the meme-built "consumer" (what ever happened to citizen?) and they will buy it. Be it cheats for their iPods, v1agrah or whatever.
Demographics tell a true story.
Steve, Jim and Billy know this to be true. Look at their wealth. Oh yeah, they are going to stop spam alright. Or more to the point, put a quick and simple end to your ability to do anything about it.
You're right and you're wrong (IMHO), to various degrees.
You're right in that anything short of a 'clean room' approach is, to some degree, tainted, so it must not be THAT hard-and-fast, or you could never hire anyone that ever worked for your competition.
But you're wrong in that tainting is completely unheard of or a boogeyman that has no force.
It's really more of a *general* trade-secret issue that Microsoft (and probably others) is playing safe by including GPL'd source as well as other competitor's product internals.
I think it's a no brainer that an MS employee who gained access to a competitors source via some means (legal or otherwise) would be risking legal issues if he also has access (however indirect) to MS source of a competing product.
The fact that the GPL makes that competing source publicly and legally accessible doesn't change that. You *could* try to argue that, if I see the source for the kernel, and work on the Windows core, that I'm potentially lifting things that are SUPPOSED to be protected by the GPL, without abiding by the GPL. I don't see how you can argue otherwise.
To put it another way: If you ARE claiming otherwise, you're saying a Windows developer could freely, minutely examine the Linux kernel, and then, without any degree of fear of legal repercussion, *implement the ideas expressed in that code* without GPL or other legal fallout. To be clear, he doesn't copy a single line of code, just reuses the good ideas, tweaks things based on the insights he gains, etc.
Do you really claim that?
Among the arguments against it is a natural claim that lines of code WERE copied, then there's a big mess to try to prove that direct copying happened, or didn't, etc. Basically, a big mess. The mess is reason enough to avoid such an entanglement, even if it would 'in theory' be ok.
Xentax
You shouldn't verb words.
That should not be necessary. Merely publishing the source, which Open Source software does, should prove prior art and hence prevent anyone else subsequently patenting it.
You wrote;
"If you ARE claiming otherwise, you're saying a Windows developer could freely, minutely examine the Linux kernel, and then, without any degree of fear of legal repercussion, *implement the ideas expressed in that code* without GPL or other legal fallout. To be clear, he doesn't copy a single line of code, just reuses the good ideas, tweaks things based on the insights he gains, etc.
Do you really claim that?"
I'm not sure about the original author, but I'll claim that.
The GPL is based on "copyright" law. Copyright, as it applies to software, not to be confused with patents, only covers an expression of an idea, not the original idea itself.
So, if Microsoft wanted to have an army of coders spending long nights studying the Linux kernel in infinitesimal detail, trying to glean that special something and reimplement it in Microsoft's OS, that's perfectly legal. Not only that, but I wish them the best of luck.
If you think otherwise, then anyone who has ever looked at any source code, couldn't code. Every university student who studied Lyons' Unix book wouldn't be able to program for Linux (a.k.a. the SCO Group hypothesis).
Direct copying, bad, reimplementing someone else's idea, good.
I hope that helps.
Just my $0.02 (Canadian, before taxes)
It is necessary for the same reason corporations
build defensive patent portfolios: Cross-licensing
agreements. In this case, in the public interest,
since the government long since abdicated the role
of defending the public interest.
-I like my women like I like my tea: green-
Its incredible. I feel just an other time f... by M$. We small/tiny vendors leave modules Freeware like we do in our Aloaha because we believe in the Idea of SPF and so on and the big ones just focus on how to gain control. It would be interesting how it would legally look if we would silently support SPF2/SenderID. Anyway - I always prefered SPF1 and I hope that people are now even more motivated to push it... Thanks Frank
+++ Dont bother to SPAM me
you're saying a Windows developer could freely, minutely examine the Linux kernel, and then, without any degree of fear of legal repercussion, *implement the ideas expressed in that code* without GPL or other legal fallout. To be clear, he doesn't copy a single line of code, just reuses the good ideas, tweaks things based on the insights he gains, etc.
Do you really claim that?
Yes I am claiming that.
Read RMS's rants some time. Take a look at where he talks about reverse engineering. Even he says that learning from the source code is more important than some attempt to prevent a company from using your ideas.
Also legally the GPL is based on copyright, and only grants some exceptions to it's rules. Copyright allows exactly what you state above, therefore there is no way for the GPL to prevent it.
I think the only dangerous code is where people who read it have to sign NDA's or contracts that say they cannot copy any of the ideas.
The reason this *does not* happen is the legal mess I pointed to.
If some Windows devs DID do this, you're right that it *ought* to be fine.
But what *could* (and I really mean "could", I don't mean Linus would, should, or even 'might' do this) happen is that the authors of that code COULD turn around and claim MORE happened - ie, that copying occurred. You'd have MS saying no, we just LOOKED AT the code, and used the good ideas, etc. - while (whoever) says there MUST be copying. They'd want their lawyers to do discovery on the Windows sources to see that there's no copying, they'd want to depose the MS devs in question under oath to ensure they're telling the truth, etc.
Even if you factor the likelihood of such a thing (low to not-bloody-likely), the cost if it DID happen (millions of dollars, thousands of man-hours of wasted time, PR nightmare) is such that the RISK IS NOT WORTH IT.
That's all I'm really saying, guys. It's one thing when both sets of sources are Open. It's another thing when one is protected by trade secret status.
Do you really think NOONE would accuse MS of copying (in the copyright-violating sense, or the GPL-violating sense, NOT the "good idea reused" sense) if MS said they were doing the "good idea" version? Even if none of the Linux copyright holders made a fuss, or a legal fuss, plenty of OTHER people *would* make a fuss, and the PR flak from that would probably be hassle enough to be worth avoiding.
Xentax
You shouldn't verb words.
That argument makes no sense. If Microsoft was willing to lie and copy GPL code, then they are equally willing to lie about not looking at it. In fact somebody can claim "by saying they are not looking at GPL code, they must be covering something up, therefore their denial is proof that they are copying it".
There is no way for Microsoft to prevent made-up accusations like this and it is insane for them to change their behavior and limit their options because of this. I can claim they are killing kittens in their basement and the fact that such an accusation is possible does not mean they must avoid any contact between their employees and kittens. The exact same thing is true of GPL code, there is no logical reason to avoid looking at it.
I suspect the future will be fraught with Microsoft "innovations" in use of patent/copyright/trademark law.
"To those who are overly cautious, everything is impossible. "
I disagree.
The key difference is that you can make a much more substantial claim with available evidence.
If you have code that acts substantially similar, and claim it's because you copied, but only copied ideas based on viewing the code, that's (Arguably) hard to distinguish from less-legal copying.
Your kitten-killing claim is different. Maybe if kittens near MS campus were disappearing and MS claimed they were 'just adopting them all' or something.
My claim is that it is (or may be claimed) that distinguishing between literal and non-literal copying, without access to both sets of sources, is difficult. Since MS isn't keen on giving away their source, that could spell trouble. Given that, I can see why MS would insist on a policy of not even looking at code, so that a claim of copying must be weighed against the notion that NO copying is going on, not just non-literal copying.
To have a claim with merit, you'd have to show that there are similarities such that *at least* non-literal, and possibly literal, copying is going on.
Make sense?
Xentax
You shouldn't verb words.
Where I come from, "fighting back" means killing or beating the living s**t out of whoever's trying to harm you. But I guess we're kind of backwards around here, we haven't really got the hang of this new millenium yet.
"Oh, ho, ho, irony! Oh, no, no, we don't get that here. See, uh, people ski topless here while smoking dope, so irony's not really a, a high priority. We haven't had any irony here since about, uh, '83, when I was the only practitioner of it. And I stopped because I was getting tired of being stared at." --Steve Martin as C.D. Bales, in Roxanne
Since SPF in our Aloaha is Freeware of course we are not implementing PRA - even though we support SPF2 records.....
+++ Dont bother to SPAM me