MS Pulls Windows 7 Tool After GPL Violation Claim

Sam notes an Ars story on Microsoft pulling the Windows 7 USB/DVD Download Tool from the Microsoft Store website after a report indicating that the tool incorporated open source code in a way that violated the GNU's General Public License. Whether the software giant is actually violating the GPL, a widely used (including by the Linux kernel) free software license, is not confirmed. "We are currently taking down the Windows USB/DVD Tool from the Microsoft Store site until our review of the tool is complete," a Microsoft spokesperson told Ars. The fact the company pulled the tool doesn't bode well, so we'll have to watch closely to see what the company puts back on its servers.

So, this is about as damning as you get, isn't it?

[rekenner]

MS is practically saying, "Oops, we violated the GPL!"
Oooopsies.

Seriously, preview your own posting editors!

Seriously, preview your story summaries editors!

"...so we'll have to watch closely to see what the company puts it back on its servers."

Who thinks that "it" makes sense?

Re:Seriously, preview your own posting editors!

[dgatwood]

Or the "what". Substitute "when" or "whether" and "it" makes sense, too.

Re:So, this is about as damning as you get, isn't

[Sasayaki]

Now now, calm down a moment. Imagine what would happen if they *didn't* pull the code- there would be a veritable shitstorm in the Free Software community. This is the smart, rational thing to do.

On a side note, this really acknowledges the power of the GPL- if even a single report says that there is a GPL violation and this causes Microsoft (its 'arch nemesis) to pull a tool for their newly launched apple-of-their-eye.

Re:So, this is about as damning as you get, isn't

[Sasayaki]

Replying to my own post here, but also remember that this is exactly what ReactOS did when there was a similar allegation by Microsoft- and were largely applauded for it. Again, it's the sane, rational thing to do and in my eyes doesn't admit any guilt whatsoever. That doesn't mean a GPL violation isn't there, mind, but it means that if there is one this is exactly how it should be handled.

Re:So, this is about as damning as you get, isn't

[RightSaidFred99]

Right... or they are being smart, pulling the tool, and investigating whether they are violating the GPL. Like they said.

It was a "Jump to Conclusions" mat. You see, it would be this mat that you would put on the floor... and would have different CONCLUSIONS written on it that you could JUMP TO.

more info

A friend of mine works at the borg. He's a penguin at heart and generally a good guy. This is what he told me. I believe him, but you can make up your own mind. There is/was a GPL violation, but MS didn't do it directly. They licensed some code from a third party. The third party was responsible for the GPL violation (they licensed the GPL code under a non-GPL license).

Re:more info

[Malc]

If this is a GPL violation, I'm sure it wasn't deliberate by Microsoft. People around here no doubt think differently. I'd be interested to know what processes they have in place - at our company, any use of third party code (whatever license) has to be sign-off by the CTO, and the details get put away in a file somewhere. There's more to it than that, but in theory, something like this would be a screw-up by somebody or a break-down in the process.

Re:more info

I worked once for a company where I was ask for a common stack implementation that would be ready to be used, I recomended to modify a BSD implementation instead of developing it ourselves from scratch or to buy one from a third party.
Answer was "no no no, no free code in our software". I tried to explain the various free licenses policy that are currently used and to describe avantages of the BSD one, but finally my employer of that time decided to buy the stack it needed from a third party.

So we received the stack sources from said third party, which were from the BSD one I recommanded in the first place.
It is in fact quite common for a software producer who have to put its name over a piece of code to prefer to buy every pieces of code it does not produce itself rather than directly borrow and adapt it from the adequate license.
Sometimes third parties are kind enough to really implement required code themselves or to at least borrow it from the right license for the job, sometimes they are not.

If you want to make money in embedded software, for instance, just take every BSD implemented stacks, like TCP/IP, FTP, SNMP, adapt them to embedded use then just build a minimal company to sell them once properly tested over different architectures, finally, sell them to companies that produced embedded software. Such a stack can be sold between 50000 and 100000 euros, that corresponds more or less to the third of what a software engineer whould cost to the buyer to produce the stack itself, not to mention the time it would take.
Then if in your day job someone ask you about a such a stack, kindly indicate her/him the appropriate company which sells it ;)

Re:more info

[black3d]

They do have strict auditing practices in place, specifically regarding interoperability, buffer overflows (and the like), and checking to ensure the code hasn't been wholesale copy/pasted from public libraries.

However, they cannot ensure that someone hasn't copied a dozen lines of code from some other obscure program. They don't have the worlds entire source-code archive sitting in a database waiting to do comparison searches.

Furthermore, i find the ENTIRE situation very, very unlikely. It's almost as if it was all orchestrated. The story that we're supposed to buy is that:
1. Some random pundit was rooting through Microsoft functions because he "felt there was too much code there".
2. Pundit noticed some code that, despite it not having any reference to ImageReader, and despite this individual having nothing to do with ImageReader, immediately recognised that a dozen-line ReadBytes method was "obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project".
3. No evidence is ever produced that there are any references to ImageReader, CodePlex, or anything else in the source. The researcher simply magically recognised the source code from a project that he'd had nothing to do with and never seen before.

I'm not buying it at all. This feels intentional.

Re:Excellent example of why MS hates GPL.

[kjart]

This is actually a good example of why Microsoft (and others) may dislike the GPL - how precisely do you determine that it is not a GPL violation? Clearly people like the parent will not be convinced no matter what Microsoft says (yeah, that post was pretty insightful...), so how can they possibly win here, other than by releasing the code, something they do not typically want to do? Even if they do that, they still get a black eye (i.e. that recent kernel code fiasco).

Re:So, this is about as damning as you get, isn't

[sopssa]

Dear Sir or Madam,

The responsible Anti-Microsoft Troll that should have replied to this post by now is on sick leave and was unable to prepare a custom flaming reply to this particular post. In lieu of that, attached is our generic template which we use to write all our flaming responses.

1. Make a general anti-Microsoft jab
2. Blame Microsoft for it's stance against Free Software (and also for lack of network neutrality, the current state of patent laws, the Iraq war, and the extinction of the dinosaurs)
3. Accuse the poster who wrote something positive about Microsoft of being either a fanboy or a Microsoft employee. If the poster in question made a comment about Microsoft's actual support of Free Software in a particular instance, accuse the poster of being an oblivious idiot unable to see through their Embrace-Extend-Extinguish approach
4. State that the Linux revolution is inevitable
5. Finish off with another outpour of flames

We hope you will be able to infer the potential content of the post that should have been done by the respective Troll. Please accept our apologies.

Sincerely,

Assistant Secretary,
Anti-Microsoft Trolling Association, Ltd.

Re:Excellent example of why MS hates GPL.

[icydog]

Microsofts version of open source is that i develop and they take the code, the credit and the ownership.

Yes, because Microsoft's mode of operation is to steal GPL code and try to claim it's theirs until they get caught, at which point they fess up and pretend it was a mistake. Right... I mean, just look at all the other times they stole GPL code!

If in fact that tool used GPL code, it was just some lazy or dishonest developer who used a bunch of code from the Internet and pretended it was his. No proprietary software company would let that slide. Yes, that includes the company we all love to hate.

What if it IS a violation?

[mwvdlee]

What if it IS a GPL violation?

Will they release the source code?
And if not, if they just replace the GPL parts and release a new version, will people who downloaded the first version be legally able to demand the source code? Will the mere tainting of the code with GPL code cast a shadow on any future releases; "did they really replace the GPL parts or did they just refactor it"?

Re:What if it IS a violation?

[msimm]

If it is a violate they'll remove the code and put the application back up. The same thing that usually happens in a GPL violation, I don't see any reason to treat Microsoft differently.

Re:!Widely used , Widely despised..

Widely used claim is laughable

Pft. Clearly even MS are using GPL software. Doesn't get much more mainstream than that.

Re:Excellent example of why MS hates GPL.

[the_womble]

The same problem applies to any license? Suppose MS accuses someone of using their code, how can that be determined? If an author or musician accuses someone of copying them how can that be determined? It is an intrinsic problem of copyright, not a problem with the GPL.

Defining GPL?

[Korin43]

the GPL, a widely used (including by the Linux kernel) free software license

Good thing they cleared that up. I never would've known what the GPL is without this explanation.

!doesn't bode well

[jamesh]

I think taking the software down is a very boding/bodeable/bodeful/whatever thing to do. I wouldn't expect anything else unless they had concrete proof that there was absolutely no chance at all that there was even the remote possibility of a GPL violation, and unless the software was developed completely in house and the claim of GPL violation was made with no evidence at all they can't be sure of that.

Re:!doesn't bode well

[Spudley]

I think taking the software down is a very boding/bodeable/bodeful/whatever thing to do.

I completely agree. The guy who posted the original story was just wrong to say it "doesn't bode well".

By saying that, he was basically condemning Microsoft's actions before they'd even done then. I dislike MS as much as the next guy here, but - please! - what have they done in this case to warrant not boding well? As soon as they found out there was a potential problem, they pulled the software so they could investigate. Absolutely the right action.

What would you have preferred them to do? The only two other options were (a) ignore the problem, and (b) release the code. Ignoring the problem was clearly never going to happen -- even MS isn't that arrogant. And while I'm sure we'd have loved them to have just released the code, they would certainly need to check it first, because there's a very high probability that it also contains code which is licensed in a way that can't be released (especially since this is a DVD tool). So pulling it while they investigate is the right thing to do.

The most likely scenario I would suggest is that MS will re-launch the tool in a few months with the GPL parts replaced so they don't have to release any code. Not what the masses of slashdot would want, but likely to be the most sensible and pragmatic way for MS to deal with it.

Re:Excellent example of why MS hates GPL.

[wrook]

When I was working in an MS technology shop I found many cases of our programmers cutting and pasting code from other sources on the internet. Quite a lot of it came from MS itself and explicitly said that it could not be used. What do you do now? Rip the code out? But we've already shipped the code. Should we demand that the customers give it back until we can rip the code out? What if we still want to use the code? Should we approach MS and try to negotiate a different license? What if they say no?

There's no difference here. The GPL is quite easy to understand as licensing documents go. I think we can all agree that if code licensed only under the GPL was in the application, it would be a breach of the licensing terms; just like when various people in my company appropriated MS code. The resolution is exactly the same.

The moral of the story is: don't use code whose licensing terms are unacceptable to you. It doesn't matter what the license is. It doesn't matter what political forces caused the terms of the license to be created. If you don't agree to it, don't use it. This is the one thing that is the same for all licenses.

hey beavis...

[crocodill]

they pulled their tool

huhuhhuh

Re:What if it IS a GPL violation part II?

[mixmatch]

That would be the Free Software Foundation ( http://www.fsf.org/licensing ).

The Compliance Lab has been an informal activity of the FSF since 1992 and was formalized in December 2001. We handle all licensing-related issues for FSF. We serve the free software community by providing the public with a "knowledge infrastructure" surrounding the GNU GPL and free software licensing, and enforcing the license on FSF-copyrighted software.

You could say that about any software

[syousef]

This is actually a good example of why Microsoft (and others) may dislike the GPL - how precisely do you determine that it is not a GPL violation?

You could say that about any software, not just GPL and not just FOSS. Sure it's easier to pass off publicly available source as someone else's code because it's much easier to get hold of, but that doesn't mean it can't be done with leaked or stolen code.

This isn't a "reason" for any company not to like open source. "Lame excuse" would be a better discription.

Re:This might be a double-edged sword

[ledow]

What you forget is that GPL code is owned by the author, not some magical GPL entity. One author might well want to kick up a fuss, while another may want to deal with it quietly. Others might go to the SFLC, whose policy *is* discretion first (and that's what I believe the earlier articles were referring to).

Whether or not to kick up a stink, demand compensation/removal of the tool, prosecution etc. is in the hands of the copyright holder, not the SFLC (although the holder may choose to hand it over to them for the purposes of dealing with the case).

Re:What if it IS a GPL violation part II?

[lordandmaker]

Who, exactly, sues them in this case?

In theory, the author(s) of the code. In practice, they'd likely hand it over to the FSF who exist partly for the protection of GPL'd code.

Re:So, this is about as damning as you get, isn't

[Dahan]

And no it's not enough to pull the application, if you've distributed the binary and you've used GPL code you're obligated to release that code.

No, you're not automatically obligated to do any such thing. What happens is that you may be infringing on the copyrights on the GPL'd code, so it's up to the copyright holders to decide what to do: ignore it, negotiate a (presumably non-GPL) license agreement with you, or take you to court. And if the latter, the judge will decide what the punishment should be--most likely it'll be "stop distributing the software and pay the copyright holder $$$$$". It's unlikely that the punishment would be "publish the source code to your app that used GPLed code."

Re:So, this is about as damning as you get, isn't

The copyright holder only has grounds to go after the infringing user of the GPL'd code if they don't release their modifications under the GPL, i.e. in this case, MS - if they are using code from ImageMaster - can make the whole issue go away by relicensing WUDT under the GPL (and providing the source) *to those people who have already downloaded it* if these end users ask for the code. That's all, folks.

Re:Excellent example of why MS hates GPL.

[dbIII]

how precisely do you determine that it is not a GPL violation

How? By reading the complaint and checking that the evidence given in the complaint matches what is in the code. Then if there is any grounds for complaint it's a matter of talking to whoever was responsible for the code - all this should be blatantly obvious. If there is nothing I really can't see baseless conspiracy theories being a problem as it will fizzle out without evidence. The SCO fiasco required expenditure of money for PR to get their baseless rumours out so it's not a relevant example.
Some people may recall when Microsoft was shipping developers CDROMs with gcc along with a copy of the GPL. They didn't always hate the GPL it was just another set of rules to follow to use other people's stuff. The BSD licence of course even allowed them to put "copyright Microsoft" in the etc/hosts file as if it wasn't copied from elsewhere but who really cares, it's just amusing and wouldn't stand up in a court anywhere.

Re:Not a bad move

[blowdart]

Indeed. The summary assertion that "The fact the company pulled the tool doesn't bode well" is really daft. Of course they'd pull it, there's been a claim made against it - if they keep distributing it whilst they investigate the potential for damages rises with every download. Pulling the tool is not an admission of anything other than the fact that an accusation has been made and they're investitaging it.

Re:What if it IS a GPL violation part II?

[Tim+C]

No - the copyright holder has to sue. The FSF recommends that you assign the copyright of anything you release under the GPL to them, so they can go after any violations, but if you don't then you're on your own. You can't sue for copyright violation on behalf of someone else, they have to do it themselves.

If anybody wants it before it is gone

[hairyfeet]

It is currently on Major Geeks, but who knows for how long. From the sound of it all it does is make a USB drive bootable like the HP format tool and then copy the ISO files to the drive.

Hell something that simple...why would they need to steal GPL code,unless they got themselves a seriously lazy programmer/contractor?

Re:This might be a double-edged sword

[selven]

A lot of code is voluntarily handed over to some magical GPL entity since the author doesn't have the time/resources to enforce it himself. My magical GPL entity, I of course mean the FSF.

Re:So, this is about as damning as you get, isn't

[noundi]

Yes you are obligated to do such a thing, and if you don't comply you can be dragged to court where you could be sentenced to pay for copyright infringement.

You are wrong, in the case of unwilfull infringement, positive action to cease infringement is enough - you are not obligated to release the code, and you are not bound by the licence. The copyright holder can still persue damages for prior infringement, but thats it.

Unwilfull? You see that's where our difference is. You seem to be so naive to think that Microsoft developers are unaware of the GPL. And also, of course one can refuse to release the code, but then one would get fined. What did you think I meant? Somebody will force you to release the code with a gun pointed at your head?

Re:So, this is about as damning as you get, isn't

[Xest]

"if you've distributed the binary and you've used GPL code you're obligated to release that code. Your mistake, your mess. MS wouldn't be so forgiving, why should the GNU community be? You'd think that the worlds largest software producer, in 2009, would have a better understanding regarding the GPL."

If only the world was that simple. The fact is, in a large software corporation there is absolutely no way to ensure that some incompetent developer hasn't just gone on the net and copied some code no matter how hard you try. I understand your sentiment but it's also not really fair to penalise and entire company for the actions of one developer either.

The GNU community should be more forgiving because it's about showing that GPL'd code is useable in business as long as the rules are followed rather than trying to screw companies over if they go anywhere near GPL because that's a sure fire way to turn many other companies away from GPL - why touch if it's such a dangerous minefield? Having to pull software is a pretty big, costly and embarassing punishment in itself and is more than enough to put most companies including Microsoft off knowingly and intentionally violating the GPL.

Regardless, even if they do take it further what do you think will happen? It'll result in a court case and any judge is going to see that by pulling it Microsoft recognised it's mistake and tried to deal with it reasonably. You'd most likely see the case get kicked out as a waste of time because Microsoft were already making a good effort to rectify the problem.

"Oh and the only troll I see here Sopssa is you for posting repetetive bullshit posts like the one above."

Having a different viewpoint to you is not trolling, get over yourself, you're not the international dictator of opinion that decides what everyone's "correct" opinion on everything should be.

Re:Excellent example of why MS hates GPL.

[jedidiah]

How do you determine that ANY 3rd party bit of software wasn't created in bad faith?

How do you determine that you aren't "receiving stolen goods".

This is a general problem not just limited to the GPL. The open nature of the GPL just means that violations might be easier to spot and more people will have the tools to make such a determination.

IOW, the GPL just makes it easier to get caught.

Re:why blame malice?

[jedidiah]

No. Incompetence from Microsoft creates as much nerd rage and always has.

Re:Excellent example of why MS hates GPL.

[miffo.swe]

Have you actually read the Codeplex bylaws and what types of licenses they want? Microsoft is hard at work trying to redefine open source into something completely different than it is today.

Re:So, this is about as damning as you get, isn't

[man_of_mr_e]

Uhh.. Your logic is at best... strange.

Being aware of the GPL does not mean you are aware that any given piece of software is licensed under it, much less a few snippets of code from said application.

There are three possible scenarios I can think of off the top of my head that are all highly likely here, none of which would make Microsoft aware of the fact they were violating the GPL (if that is even the case, which isn't even proven yet).

1) Microsoft hired a contractor or 3rd party to produce the code. The 3rd party used GPL code, but did not tell them. Yes, Microsoft is still liable, but they're not willfully liable.

2) Microsoft produced the tool for internal use. This is a valid use of the GPL'd code and doesn't require source to be distributed with it. Some other department, unaware that GPL'd code was used, got ahold of the tool and decided to use it externally. The original developers are unaware of the new use. Again, Microsoft is not willfully infringing.

3) An employee decides to take a shortcut and use GPL'd code without telling his bosses, takes credit for the code, and thinks nobody will ever find out. Microsoft is unwillful because even thought the employee wilfully infringed, the company had no knowledge. Yes, they're still liable, just not willfully so.

There are probably many other possible scenarios too... but I can't be bothered to spend more than a couple minutes thinking about it.

So perhaps you should think your arguments through before jumping to the conclusion of "it must be willful".

Re:Let me have a go at it

[icannotthinkofaname]

No need, I've filled it in. How am I doing?

(Score:0, Troll)

I'd say you hit the nail on the head.

MOD ME +1 OBSERVANT, PLEASE!