Did Microsoft Borrow GPL Code For a Windows 7 Utility?

Goatbert writes "Rafael Rivera over at WithinWindows.com has found evidence that Microsoft has potentially stolen code from an open source/GPL'd project (ImageMaster) for a utility made available on the Microsoft Store to allow download customers to copy the Windows 7 setup files to a DVD or USB Flash Drive. If Rivera's evidence holds up, this could be some serious egg in the face for Microsoft at a time when they're getting mostly good press from the tech media."

"Obviously lifted" not so obvious

[BadAnalogyGuy]

The code in question seems to be called into scrutiny because the two areas of code bear the same name (ReadBytes) and operate similarly.

The longer you work in the development of software, the less magical it all becomes. The first time you plugged some code into a terminal and it worked, it seemed like an amazing amount of wizardry and behind-the-scenes stuff that you could never fully fathom. Compilers, binary code, arcane source languages, electronic signals. It's amazing to a neophyte just how much stuff is going on.

But the longer you plug away at it, the more you realize that it's just code. Nothing special is really going on. You're mostly moving data from one area of memory to another. It's almost a form of Nirvana once you reach this point.

So when someone comes along and says "OMG YOUR READBYTES METHOD IS JUST LIKE THIS ONE IN SOME GPL CODE!!!!11", it kind of pegs that person as someone who doesn't really have much experience with real programming. Sure, they may use a lot of tools, and know how to recompile their kernel, but they really don't have a firm grasp of what and why they are doing what they are doing.

Re:"Obviously lifted" not so obvious

[caffeinemessiah]

The code in question seems to be called into scrutiny because the two areas of code bear the same name (ReadBytes) and operate similarly.

(bold mine)

Actually, if the function is just something called "ReadBytes(char *buf)" or similar, then that's a bit strange. If it was truly Microsoft-written, it would be:
WINAPI DWORD ReadBytesW(LPCSTRWRAAXA szCharBufW_x, struct READBYTESINFO *srbinfArgs).

Re:"Obviously lifted" not so obvious

[jdkane]

Except that a truly Microsoft-written ReadBytes method on the .NET Framework can be that simple, for example one int parameter http://msdn.microsoft.com/en-us/library/system.io.binaryreader.readbytes.aspx
So I wouldn't even jump to conclusions based on the signature of the method in question as to who it might have come from.

Re:"Obviously lifted" not so obvious

[caffeinemessiah]

Except that a truly Microsoft-written ReadBytes method on the .NET Framework can be that simple, for example one int parameter http://msdn.microsoft.com/en-us/library/system.io.binaryreader.readbytes.aspx [microsoft.com]

There's a difference between a calling a method, where the object has internal state, and a C Win32 API function call, i.e., sans objects. I absolutely guarantee that you won't see many pretty signatures in the Win32 API. I'd bet that 99% of the Win32 API function SIGNATURES won't make it through a standards-compliant compiler without Windows.h. Anyway, my comment was supposed to be funny, but on second thought, it might actually deserve that informative mod.

Don't even get me started on the dual-version ANSI and Unicode functions, although given the mess that the Win32 API is, it's probably an elegant solution.

Re:"Obviously lifted" not so obvious

[ozmanjusri]

The code in question seems to be called into scrutiny because the two areas of code bear the same name (ReadBytes) and operate similarly.

The ReadBytes code was just one example

If you read TFA (yeah, I know...) you'll see the author has updated that original example with others.

It looks like Microsoft's defence will be that the EULA says "“You may not reverse engineer, decompile or disassemble the software". They'll probably charge the guy with a DMCA violation...

Re:"Obviously lifted" not so obvious

[noidentity]

I've just written my first program, and I licensed it under the GPL. Guess what? A bunch of people have already ripped me off! So I can understand this guy's situation. Here's the source, BTW:

#include <stdio.h>

int main()
{
printf( "Hello, world!\n" );
return 0;
}

Re:"Obviously lifted" not so obvious

[kjart]

If you read TFA (yeah, I know...) you'll see the author has updated that original example with others [withinwindows.com].

OP clearly did read TFA since he was criticizing the specifics provided. I'm not sure why you're taking a shot at that since the update was clearly made after the comment was posted.

It looks like Microsoft's defence will be that the EULA says "“You may not reverse engineer, decompile or disassemble the software". They'll probably charge the guy with a DMCA violation...

Why does it look like that exactly? Are you getting this from anywhere or just pulling it out of your ass?

Re:"Obviously lifted" not so obvious

[eggnoglatte]

a) I am not the one making wild claims about out somebody - the author of TFA does. I mean I get it - we don't like MS here on /., blah, blah. Still, if he makes claims, the burden of proof is on him, not on people not on everybody else to disprove him.

b) I don't run windows, so getting everything set up with a .NET architecture would in fact be quite a pain in the ass.

Re:"Obviously lifted" not so obvious

[petermgreen]

Don't even get me started on the dual-version ANSI and Unicode functions,
Transitioning from a system where strings were assumed to be in the local legacy encoding to a unicode based system (a transition all operating systems relavent today have had to go through) is a difficult problem with essentially no good soloution.

The way unix-like systems went for is to use UTF-8 and treat it as if it was just another legacy encoding. The problem with this approach is that it means that systems configured for unicode and systems configured for legacy use different encodings which tends to break stuff.

The way windows went for is to introduce duplicate APIs for unicode, this has the advantage that nothing that worked before breaks but requires all apps that want unicode support to be updated.

Can you think of any better soloutions?

Knee jerk

[Romancer]

So the evidence is a ReadBytes snippet?

I'll wait till there's evidence before even commenting about the ramifications of something like this. This is just wild speculation at this point.

Re:Knee jerk

[Blakey+Rat]

But this is Slashdot!

Without wild speculation there wouldn't hardly be any stories at all! And of course you have to get the 2-minutes hate for Microsoft going early.

Re:Knee jerk

[Timothy+Brownawell]

Moderated 'Flamebait.' 0 points left.

Seriously, whoever decided that we just get one dropdown and no 'confirm' button needs to be taken out back and shot. And I'd just used my other points on some actual trolls upthread, too. :(

Re:Knee jerk

[Dr.+Evil]

Oh no. Evidence is not required in this case. This failure to comply with the GPL means that Microsoft is governed by Copyright law in this matter.

Their Internet service provider must be notified so that their Internet connection can be terminated.

Re:Knee jerk

[megabunny]

The new example is much clearer. Basic structure follows well. All the magic numbers in the code that I looked at matched too, and there are quite a few. Looks like it was massaged at least a bit, probably just to fit in with the local code environment not to obscure it.

But ...
The article points out only two weaknesses in this code borrowing. MS did not feed back any (unknown at this point) enhancements to the source. And they did not offer the source under the right license.

It is a real but very minor issue. If it wasn't MS it would not even be interesting.

MB

Re:Knee jerk

[KarmaMB84]

The magic numbers are from a file format specification. You're not going to change those magic numbers if you want the tool to work.

Re:not sureprised

[WED+Fan]

How many developers took code they wrote for their company and used it in a GPL project afterwards?

It's not "stealing"...right?

[Tankko]

Come on people, you can't have it both ways. If you can't "steal" music, you can't "steal" code. MS "stealing" this code didn't deprive the Open Source community from using the code (i.e. stealing my car), or at least that's the argument /.er use whenever the word is used in conjunction with music and movies. Eat your own dog food.

Re:It's not "stealing"...right?

[liquiddark]

I don't think everyone here believes you can't steal music, first off. I believe you can steal music, books, printed art, all kinds of artwork. I come from a fairly serious artist background, and I know folks personally who have been scraping by for years on the meagre earnings of an average artist. It's not a fun life.

I believe large record syndicates are creeptastic and digital media is equation-changing, but that doesn't mean there's no evil in stealing non-physical works. Artists, unless they happen to be the pretty-close-to-literally one in a million shot, make almost nothing and they make a huge difference in how livable a society is. That's not changed by the fact that they can deliver media via digital channels; only people's expectations of the cost involved is changed. The number of consumers shrinks, but so does their expected price point. It's one of the reasons why there are still a lot of physical-media artists (the others including nobody's come up with good, cheap 3 dimensional sound, graphics, or texture delivery systems, physical media still work in some contexts, and art is large a physical act).

And if you can steal art, you can certainly steal code. Of course, in this case it's probably going to have no repercussions because you'd have to educate people on the struggle of open source in terms that wouldn't make a lawyer cry before you could really even get into it, but those of us who've self-selected have at least a notion of the violation and its meaning. And, happily, the irony - if MS really is using open source in its first "better" product in a long time, that's a fun little fact to know.

Re:It's not "stealing"...right?

[Junior+J.+Junior+III]

This is the correct argument, but you have it backward. If it's OK for MS to "steal" (by the definition that MS accepts for the word) then MS should allow people to "steal" Windows, and stop complaining about, trying to stop, prosecuting, software piracy. They should amend their EULA to allow users to decompile, reverse engineer, and modify their binaries.

Besides, it's not as though GPL code is anti-copyright.

Re:It's not "stealing"...right?

[Timothy+Brownawell]

I'm fairly sure that by accepting money for someone else's property, you are stealing money from that person, whether you deprived that person of the property or not.

The actual code isn't anyone's property, only the copyright on the code is.

Re:not sureprised

[BrokenHalo]

Microsoft is evil. Always has been. Always will be.

Maybe you're very young, but I seem to recall that Microsoft was at one time held as a sort of liberator from IBM's hegemony. I guess it's all a matter of perspective...

Re:not sureprised

[NeverVotedBush]

That was a very short period of time. As soon as Microsoft had established itself - even before Windows - they started their campaigns against any competitors.

Re:no big deal

[Blakey+Rat]

Uh, they kind of have to *prove* that Microsoft actually copied their code first. You're missing a crucial step to the process in your scenario.

Re:not sureprised

[ozmanjusri]

I seem to recall that Microsoft was at one time held as a sort of liberator from IBM's hegemony

By whom?

My memory of the early days of Microsoft was surprise that their nasty behaviour was tolerated.

Re:not sureprised

[McGiraf]

Copyright infringement is not stealing. No mater who does it.

That's his evidence?

[Ironsides]

Seriously, what he shows to be evidence looks like code that was written straight from reading the ISO disk image specification. Next up, school math class accused of mass cheating for solving math problems in similar ways.

Re:That's his evidence?

[Ironsides]

Actually, it does suggest class and type names. Start here Now, show me more than 15 lines and I'll start to believe it was copied. Say, show me what called RealLogicalDescriptor (and all of RealLogicalDescriptor too) in combination with all of UdfReader.cs. Preferably in text and not in an image. Actually, just give me the MS code and I'll line it up to the ImageMaster code myself.

Re:not sureprised

[Abreu]

Ok, then... If MS used GPL code, then they did not "Borrow" it either

They used it in violation of copyright

Re:not sureprised

[Abreu]

Probably those who get paid to work on GPL software...

Your point is? Do you have an accusation to make?

Did a GPL project steal code from Microsoft?

[Manfre]

With the amount of "evidence" in the article, the same accusation could be made against the GPL project. Perhaps the author of that project illegally gained access to Microsoft code and used it as a starting point for ImageMaster.

Re:not sureprised

[maharb]

Ever think that if this code was stolen it was done by a lower level employee and not an executive. It is way more likely that a small group of employees couldn't hit a deadline or something and so they borrowed code form other places to get it done. I know executives and have heard many executives speak... they don't like legal exposure, they don't want to do things wrong because it is their neck on the line. It is way more likely that it was the average slashdot user who did this than it was a "Microsoft Corporation" decision.

I also don't know the validity of these claims but I read some posts saying that this stuff was outsourced. aka Microsoft didn't even claim to code it, they just bought botched code. Good going with your theory... it appears even more that the "evil" people in this situation are lowlife developers and not the "Corporate Suits" that your agenda is pushing.

Microsoft as a corporation is the victim here TBH.

Re:not sureprised

[Spy+der+Mann]

Microsoft is evil. Always has been. Always will be.

Maybe you're very young, but I seem to recall that Microsoft was at one time held as a sort of liberator from IBM's hegemony. I guess it's all a matter of perspective...

Bill Gates' open letter to hobbyists. Any questions?

Re:It's .NET code

[Timothy+Brownawell]

It's .NET code. It's already "Open Source" by virtue of tools like Reflector existing.

I do not think that that is what "Open Source" is generally taken to mean.

Re:not sureprised

>> Microsoft is evil. Always has been. Always will be.

> Maybe you're very young, but I seem to recall that Microsoft was at one time held as a sort of liberator from IBM's hegemony. I guess it's all a matter of perspective...

Maybe YOU are very young. IBM was taking a beating and didn't manage to get their own PC done.

So they assembled a task force and said go and get us an IBM PC.

They did it -- without IBM parts!

The processor was from Intel and the OS from a small company who had to buy it from someone else, because they couldn't do it in time (little did we know then what these guys were up to).

In summary, there were a lot of good computers with other OSes, the main ones being CP/M and AppleDOS (not necessarily the better ones).

So:

1) M$ actually helped IBM (for money, of course) and
2) M$ is known to innovate after others innovated first.

I could cite sources, but this way we can argue longer. 8-)

Not that anyone reads ACs here anymore...

Plagiarizing != stealing != copying.

[Spy+der+Mann]

I don't think everyone here believes you can't steal music, first off.

Speak for yourself. I do believe you can't steal music.

You could steal the original copies. You could steal a famous painting. But "stealing" music? For instance, what IS music? It's nothing but a mathematical concept involving harmonics and sound.

What are words? You can't "steal" what I said. This isn't like the little mermaid where you could steal someone's voice and leave him/her mute.

Non-physical works CANNOT be stolen. Unless you're talking about a PHYSICAL COPY, you cannot steal it by definition. Copying a work? That's completely different. But if it's a non-destructive process, you're not stealing it. You're just COPYING it.

If you want to use an appropriate term for what Microsoft supposedly did with this GPL code, it's called plagiarism. Sure, it's called "stealing" nowadays, but using this word is oversimplifying.

Re:Gpl violation

[arose]

True, and it's interesting how the FOSS movement delightfully and intentionally has made every piece of GPL3 code a trojan horse that can destroy a company's business model if a single programmer without the knowledge of the business copies a snippet of code to make his job easier.

Not really, they just don't accept the license and deal with the copyright violation instead, just like they would if the programmer copied a piece of proprietary software.

Re:not sureprised

[eugene2k]

Yes, after reading the original letter I have one: how does that letter prove that Microsoft is evil? The only thing Gates is saying is that he and his company has invested around $40000 in building and supporting the software, and the return was so small, it was just enough to break even. The pay, he states, was $2 an hour. If you don't mind working for $2 an hour, that's ok of course, but most people probably wouldn't go to the university to learn computer science if their pay was less than that of a mcdonalds employee.

Re:not sureprised

[kill-1]

No, there is one major difference. If I steal your car, you can't use it any more. If I copy your software, you can still use it. I don't take something away. In most cases, the copyright holder doesn't even notice.

It's the copyright holders that are trying to mislead people and contort the English language by saying stealing is the same as copying.

Re:not sureprised

the US Congress is free to be as wrong as it wants to be.

Re:not sureprised

[HermMunster]

The differences you fail to make clear is that copyright infringement isn't stealing something physical as in all your cases. Copyright infringement is making a copy without the permission of the copyright holder. It isn't like you denied the copyright holder any of their possessions as NO ONE can guarantee that the infringer would have bought the work to begin with. This is well a established precept.

Umm - MS did not lift code from an OpenSource Proj

Element109 wrote on: http://social.msdn.microsoft.com/Forums/en-US/windowsopticalplatform/thread/421f3137-c9aa-45fb-8c5a-ec5dd6860036

The iso and udf parsing portions were ported from the 7-zip project. The credits.txt file contains all the sources used in creating my project.

7z
by Igor Pavlov
7-Zip is a file archiver with a high compression ratio.
http://www.7-zip.org

There are links to his source on his homepage. 7-zip is hosted on the SourceForge website.

If you checkout my initial upload there is a file in the reader directory that is a very early stage of the initial udf port. I had excluded it from the VS environment and forgot about it. It is the file I deleted in the latest changeset.

Re:not sureprised

[jbengt]

The difference being, when IBM was threatened with anti-trust action, they tried to please thr justice department, but when Microsoft was threatened prosecution, they defied the justice department all the way, until a "business friendly" administration dropped the ball.

Re:not sureprised

[schon]

Copyright infringement IS stealing

No, it isn't. Here is a handy guide illustrating the difference.

it just has a different legal definition.

And you know *why* that is? Because *IT'S NOT THE SAME*. If copyright infringement *WAS* the same as theft, we wouldn't need a special law dealing with it - it could be covered by theft laws. The fact that it isn't should tell you something.

It literally fits the non-legal definition.

No, it doesn't. It fits the propaganda term. Just because some media trade groups misapply a term as an act of propaganda does not make it so.

Re:not sureprised

[DAldredge]

Why is it that the only copyright violations that upset the /. masses are those involving code under the GPL?

Re:not sureprised

[HiThere]

You are believing "facts" quoted by Gates that you can't check. (I'll believe that he hired people for $2 / hr. I won't believe that that was *his* recompense...though he *might* have been living on his family.)

Still, his "open letter" wasn't as bad as his business practices at the same time...though that got a lot less publicity.

Companies that trusted MS tended to go out of business even then. MS was still small, though, so many of them just had trade secrets stolen, and their going out of business was delayed until MS became a more significant competitor. Also: Gates didn't invent dumpster diving, but he practiced it.

Still, there was a period when I though MS would be a less abusive company to deal with than IBM. And for around five-seven years it was true. This was probably because IBM wasn't allowed to compete by a consent decree, so IBM basically ignored the personal computer.

Re:not sureprised

[Blakey+Rat]

I think most people think Outlook is pretty bad, until they actually have to *use* Notes... believe me, if you believe Outlook sets a low bar, Notes' bar is underground.

I'm certainly not going to suggest Outlook is perfect, or even good. But compared to the alternative, it's incredible.

Re:not sureprised

[ZorbaTHut]

Because people are making money off it.

Because the people violating that copyright are invariably the same people campaigning for the death penalty for other copyright violations.

There are other, less obvious rteasons. But in summary, there are a lot of differences between the two situations, assuming you're comparing this and the mp3 issue.

Re:not sureprised

[chrysrobyn]

Maybe you're very young, but I seem to recall that Microsoft was at one time held as a sort of liberator from IBM's hegemony. I guess it's all a matter of perspective...

Maybe I am very young, but I seem to recall Gary Kildall having a few words to say about both Microsoft and IBM in this era of liberation you speak of. Something about Microsoft stealing CP/M through a thinly veiled Seattle Computer Products?

Re:not sureprised

[lordtoran]

You make it sound like the evilness (read: utter lack of ethics) were a funny meme, not a plain, cold fact.

Re:not sureprised

[Simon+Brooke]

"But IBM *did* actually reform."

Really, how so?

IBM really were a malign force in this industry when they were dominant, using grossly unethical tactics against competitors and stifling innovation to an extraordinary extent. Between 1960 and 1980 IBM were the evil empire - probably worse than Microsoft have ever been. These days, ethically, IBM seems to be an 'average company'. It does some good stuff, it acts on the whole as a good citizen, it contributes to standards processes and mostly abides by the standards that are agreed. Of course, this may simply be because it no longer has the power to bully and intimidate like it once did - but this is nevertheless a huge change.

However, 'better' does not necessarily mean 'good', particularly if you start from where IBM started from.

And being 'not quite as bad as IBM at it's worst' doesn't make Microsoft good, either - they have always, from the very beginning, been an exceptionally unethical company.

Re:not sureprised

[Burpmaster]

Saved your life!

See, I was going to kill you but I didn't, so I saved your life.