Slashdot Mirror
OSI And Microsoft Negotiating Over Sender ID
ValourX writes "Microsoft's Sender ID has already been rejected by both the Debian Project and the Apache Software Foundation, but Joe Barr of NewsForge today interviewed Larry Rosen of the Open Source Initiative and discovered that there are negotiations between the two entities with regard to Sender ID's licensing. Could Microsoft be considering an Open Source license for Sender ID? Slashdot has covered other aspects of this story in the past. NewsForge is part of OSTG, like Slashdot."
Could Microsoft be considering an Open Source license for Sender ID?
There are rumors of a massive cold front moving towards Hell. Forecasters are predicting temperatures may drop to below 32 degrees F. Stay tuned for more up to date info.
No trees were harmed in the composition of this; however, numerous electrons were inconvenienced.
If Apache refuses to accept this technology, then it is dead in the water. There aren't enough IIS servers to make a signficant dent in spam even with this technology.
Personally, I'd love it if technology were judged on the content of its character rather than the character of its creator, but this is not a perfect world and fanatics on both sides of the aisle pass up good ideas that come from the "wrong" side all the time.
I don't think MS has a chance of getting a stranglehold on this. I mean, in terms of email, they really need the cooperation of pretty much everyone for it to work anyway. There are far too many non-Microsoft free software mail servers run by large and small companies. Granted, Microsoft has a huge presence on the desktop, but they aren't dominant enough yet on servers to make it really work in their favor.
Maybe they are honestly trying to solve the spam problem and are willing to compromise for the good of users.
GMail invites for completed freeipods.com of
And I'm sure others can chime in on more as i'm not totally familiar with all the stuff they use. but they seem to have embraced open source fairly heavily.
Kyle
http://www.unlogikal.net/
Someone is always ready and eager to play the part of Charlie Brown.
...
"But maybe they are serious this time!"
"MS isn't ALWAYS evil"
This could just be a tactic by Microsoft to push their software. Think about it, a somber looking Balmer (if that's even possible) saying "We tried to negotiate with the OSS community, but because of their ignorance we wern't able to come to an agreement"
Of course, at the same time they will start more FUD sites touting the benifits of Sender ID and why it will ONLY run on their software.
John 3:16 - The easiest way to a BETTER YOU.
Years ago when X.400 was the in thing, Microsoft wanted to own email. The servers, the clients, the messages and collect a per message fee just like the post office.
Can you explain why they don't think they can do this now?
Now they have a huge patent base thats building up and they are going to use it to kill off the other options.
This stuff scares me because its their way of taking control. They were a major player in the Gossip email systems and they lost out to SMTP. Now they have a sneakly way to undo that.
I'll take spam and forged email over paying MSFT $.25 a message.
Could Microsoft be considering an Open Source license for Sender ID?
I don't know about that but maybe they will release Clippy under an Open Source licence, just to show they care about the movement.I don't think SenderID is anything whatsoever like PGP. Coincidentally I went to Microsoft.com and read about SenderID today to see what the fuss is about. Turns out, and I'm sure someone will correct me if I'm wrong, it's simply an extension record in your DNS MX record that basically lists the possible outgoing IP addresses for email from a certain domain. For instance Citibank would add their outgoing mail servers in their MX record (because presumably only authorized agents will be screwing with the MX record), and any recipient can simply check the MX record and get the possible source IP addresses, rejecting the phish attempt from some server in central Russia. There's a tool to configure the extension block.
As an aside, because invariably someone will mention this, TCP (on which SMTP is based) is connection based, so spoofing isn't an issue.
Nope, sorry. They even manage to break that standard.
Not in really harmful ways, that must be admitted, but still, MS does not implement TCP/IP correctly. The example that comes to mind is the way they make sure all packets coming from an MS OS are high priority (I haven't got the technical docs right here, they're 50km away, but it has to do with marking them as coming from interactive sources), thus breaking one of TCP/IP built-in Quality-of-Service mechanisms.
So even something as basic as TCP/IP they manage to mess up. This is not very conducive to their trustworthiness.
Mart"I know I will be modded down for this": where's the option '-1, Asking for it'?
I'm just curious as to what is there to negotiate? Either they license it royalty-free for all fields of use, or it does not belong in an officially-recognised IETF standard. There is no "middle ground" license that will satisfy the community. Patents are, by definition, incompatible with open standards.
Could Microsoft be considering an Open Source license for Sender ID?
Well, looks like a good time to clarify the difference between patents and copyright for the benefit of the new blood here on slashdot. They are very different things, and you must understand what the law says before you can develop educated opinions on the law. Copyright is a government issued monopoly on the distribution, and public performance of a specific work and derivatives of that work. Patents on the other hand are a government issued monopoly on the commercial application of an idea. A book is a specific creative act, and thus falls under copyright. A method of building a tractor is an idea, and is thus patentable. You can't have copyright on an idea, and you can't patent a specific work.
Now onto this specific situation.
When you talk about open source licenses, you are dealing with copyright. A copyright license grants you specific (often limited) rights to distribute, perform, or modify the authors work. Without a copyright license you do not have the right to do any of these things. Open source software gives people the right to redistribute the work, created derivative works, and redistribute those works (possibly with the restriction that the derivative work must also be open source). However, it requires that if a work is distributed it must be available in a useful form - the original source code.
Now Caller-ID is not a piece of software - it is a protocol, a standard, an idea, and thus falls into the realm of patent law. A patent license gives you permission to use an idea in your own works. Without a patent license you do not have a right to use the idea in your own work, even if you thought of it by yourself. Microsoft has patented some of the ideas in Caller-ID, so anyone who wants to create an implementation of Caller-ID must get a patent license from Microsoft. The patent license which Microsoft is currently offering for Caller-ID has several issues that make it impossible to use the patented ideas in Open Source software without violating one of the licenses.
By now you can see what was wrong with the text I quoted - Sender ID is not a piece of software - it is a patented idea, and so it is nonsensical to talk about releasing it under an Open Source (copyright) license. What the submitter should have asked is "Could Microsoft be considering an Open Source friendly patent license for Sender ID".
That said you can read this post if you want to know more about why the current patent license for Caller ID is incompatible with Open Source software.
I may have missed any comments regarding this, but has anyone else drawn a connection between Sender ID and Microsoft's plan of "decommoditizing protocols" as referenced in the infamous "Halloween Documents"? 6 years later it seems their plans have remained the same. It'll be very interesting to see if they do come to some kind of agreement with the open source community.
HOMER
Oh, they have the Internet on computers now!
MARGE
Homer, Bill Gates is here.
HOMER
Bill Gates?! Millionaire computer nerd Bill Gates! Oh my god. Oh my god. Get out of sight, Marge. I don't want this to look like a two-bit operation.
Marge groans and rolls her eyes. Bill Gates and two "associates" enter.
GATES
Mr. Simpson?
HOMER
You don't look so rich.
GATES
Don't let the haircut fool you, I am exceedingly wealthy.
HOMER
(quietly to Marge) Get a load of the bowl-job, Marge!
GATES
Your Internet ad was brought to my attention, but I can't figure out what, if anything, CompuGlobalHyperMegaNet does, so rather than risk competing with you, I've decided simply to buy you out.
Homer and Marge step aside to talk privately.
HOMER
This is it Marge. I've poured my heart and soul into this business and now it's finally paying off. (covering his mouth) We're rich! Richer than astronauts.
MARGE
Homer quiet. Acquire the deal.
HOMER
(to Gates) I reluctantly accept your proposal!
GATES
Well everyone always does. Buy 'em out, boys!
Bill Gates companions begin to trash the "office".
HOMER
Hey, what the hell's going on!
GATES
Oh, I didn't get rich by writing a lot of checks!
Bill Gates lets out a maniacal laugh. Homer and Marge cower in the corner as the room continues to be trashed.
-from www.simpsoncrazy.com
Python script to convert photos into "artsy" portraits: http://p2pbridge.sf.net/pyPortrait/
The essence of SenderID was obvious to a lot of people long before Microsoft decided to patent it. SPF, on which it's based, came from Meng Wong. There were the earlier RMX proposals from Hadmut Danisch, as well as another from Feyck, and another from Green. Paul Vixie had proposed a similar mechanism as early as the mid 90's. A lot of other people (myself included) independently hit upon roughly the same idea.
Basically, the problem is MS went ahead and patented something which had been proposed, in writing, by a lot of people (and perhaps simultaneously by Microsoft people), and now they're trying to restrict its use. We're not asking for generosity here. Whatever the USPTO says, MS didn't really invent this stuff, so they have no moral right (even if they now have a legal right) to dictate terms. Not asking for handouts, just fair play.
Insight into the current situation can be found in a post by Matt Sergeant (Spamassassin/messagelabs):
http://www.imc.org/ietf-mxcomp/mail-archive/msg040 45.html
SPF support for most open source mail servers can be found at libspf2.
According to Unix Administration Handbook, 3rd ed.:
"Linux pays attention to the type-of-service (TOS) bits in IP packets and gives faster service to packets that are labeled as interactive (low latency). Jammin'! Unfortunately, brain damage on the part of Microsoft necessitates that you turn off this perfectly reasonable behavior."
"All packets originating on Windows 95, 98, NT, and 2000 are labeled as being interactive, no matter what their purpose.... If your Linux gateway serves a mixed network of UNIX and Windows systems, the Windows packets will consistently get preferential treatment. The performance hit for UNIX can be quite noticeable."
In other words, MS's TCP/IP just hogs the network unconditionally with highest priority, forcing others to do the same if they want any throughput. It makes sensible prioritizing of network traffic flow based on the TOS bits impossible, and essentially renders them useless. One could speculate they did this because they wanted to claim "improved performance" in a mixed Windows/Unix environment, or possibly it was just incompetence or laziness on the part of their programmers. On the other hand, it's not like they set them to a random priority, but instead chose "highest", which makes you think they were just being the bullies on the block to get what they wanted with complete disregard to others and certainly with no spirit of cooperation.