MS Pulls Windows 7 Tool After GPL Violation Claim

Sam notes an Ars story on Microsoft pulling the Windows 7 USB/DVD Download Tool from the Microsoft Store website after a report indicating that the tool incorporated open source code in a way that violated the GNU's General Public License. Whether the software giant is actually violating the GPL, a widely used (including by the Linux kernel) free software license, is not confirmed. "We are currently taking down the Windows USB/DVD Tool from the Microsoft Store site until our review of the tool is complete," a Microsoft spokesperson told Ars. The fact the company pulled the tool doesn't bode well, so we'll have to watch closely to see what the company puts back on its servers.

Seriously, preview your own posting editors!

Seriously, preview your story summaries editors!

"...so we'll have to watch closely to see what the company puts it back on its servers."

Who thinks that "it" makes sense?

Re:So, this is about as damning as you get, isn't

[Sasayaki]

Now now, calm down a moment. Imagine what would happen if they *didn't* pull the code- there would be a veritable shitstorm in the Free Software community. This is the smart, rational thing to do.

On a side note, this really acknowledges the power of the GPL- if even a single report says that there is a GPL violation and this causes Microsoft (its 'arch nemesis) to pull a tool for their newly launched apple-of-their-eye.

Re:So, this is about as damning as you get, isn't

[Sasayaki]

Replying to my own post here, but also remember that this is exactly what ReactOS did when there was a similar allegation by Microsoft- and were largely applauded for it. Again, it's the sane, rational thing to do and in my eyes doesn't admit any guilt whatsoever. That doesn't mean a GPL violation isn't there, mind, but it means that if there is one this is exactly how it should be handled.

Re:So, this is about as damning as you get, isn't

[RightSaidFred99]

Right... or they are being smart, pulling the tool, and investigating whether they are violating the GPL. Like they said.

It was a "Jump to Conclusions" mat. You see, it would be this mat that you would put on the floor... and would have different CONCLUSIONS written on it that you could JUMP TO.

more info

A friend of mine works at the borg. He's a penguin at heart and generally a good guy. This is what he told me. I believe him, but you can make up your own mind. There is/was a GPL violation, but MS didn't do it directly. They licensed some code from a third party. The third party was responsible for the GPL violation (they licensed the GPL code under a non-GPL license).

Re:more info

[Malc]

If this is a GPL violation, I'm sure it wasn't deliberate by Microsoft. People around here no doubt think differently. I'd be interested to know what processes they have in place - at our company, any use of third party code (whatever license) has to be sign-off by the CTO, and the details get put away in a file somewhere. There's more to it than that, but in theory, something like this would be a screw-up by somebody or a break-down in the process.

Re:more info

I worked once for a company where I was ask for a common stack implementation that would be ready to be used, I recomended to modify a BSD implementation instead of developing it ourselves from scratch or to buy one from a third party.
Answer was "no no no, no free code in our software". I tried to explain the various free licenses policy that are currently used and to describe avantages of the BSD one, but finally my employer of that time decided to buy the stack it needed from a third party.

So we received the stack sources from said third party, which were from the BSD one I recommanded in the first place.
It is in fact quite common for a software producer who have to put its name over a piece of code to prefer to buy every pieces of code it does not produce itself rather than directly borrow and adapt it from the adequate license.
Sometimes third parties are kind enough to really implement required code themselves or to at least borrow it from the right license for the job, sometimes they are not.

If you want to make money in embedded software, for instance, just take every BSD implemented stacks, like TCP/IP, FTP, SNMP, adapt them to embedded use then just build a minimal company to sell them once properly tested over different architectures, finally, sell them to companies that produced embedded software. Such a stack can be sold between 50000 and 100000 euros, that corresponds more or less to the third of what a software engineer whould cost to the buyer to produce the stack itself, not to mention the time it would take.
Then if in your day job someone ask you about a such a stack, kindly indicate her/him the appropriate company which sells it ;)

Re:more info

[black3d]

They do have strict auditing practices in place, specifically regarding interoperability, buffer overflows (and the like), and checking to ensure the code hasn't been wholesale copy/pasted from public libraries.

However, they cannot ensure that someone hasn't copied a dozen lines of code from some other obscure program. They don't have the worlds entire source-code archive sitting in a database waiting to do comparison searches.

Furthermore, i find the ENTIRE situation very, very unlikely. It's almost as if it was all orchestrated. The story that we're supposed to buy is that:
1. Some random pundit was rooting through Microsoft functions because he "felt there was too much code there".
2. Pundit noticed some code that, despite it not having any reference to ImageReader, and despite this individual having nothing to do with ImageReader, immediately recognised that a dozen-line ReadBytes method was "obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project".
3. No evidence is ever produced that there are any references to ImageReader, CodePlex, or anything else in the source. The researcher simply magically recognised the source code from a project that he'd had nothing to do with and never seen before.

I'm not buying it at all. This feels intentional.

Re:Excellent example of why MS hates GPL.

[kjart]

This is actually a good example of why Microsoft (and others) may dislike the GPL - how precisely do you determine that it is not a GPL violation? Clearly people like the parent will not be convinced no matter what Microsoft says (yeah, that post was pretty insightful...), so how can they possibly win here, other than by releasing the code, something they do not typically want to do? Even if they do that, they still get a black eye (i.e. that recent kernel code fiasco).

Re:So, this is about as damning as you get, isn't

[sopssa]

Dear Sir or Madam,

The responsible Anti-Microsoft Troll that should have replied to this post by now is on sick leave and was unable to prepare a custom flaming reply to this particular post. In lieu of that, attached is our generic template which we use to write all our flaming responses.

1. Make a general anti-Microsoft jab
2. Blame Microsoft for it's stance against Free Software (and also for lack of network neutrality, the current state of patent laws, the Iraq war, and the extinction of the dinosaurs)
3. Accuse the poster who wrote something positive about Microsoft of being either a fanboy or a Microsoft employee. If the poster in question made a comment about Microsoft's actual support of Free Software in a particular instance, accuse the poster of being an oblivious idiot unable to see through their Embrace-Extend-Extinguish approach
4. State that the Linux revolution is inevitable
5. Finish off with another outpour of flames

We hope you will be able to infer the potential content of the post that should have been done by the respective Troll. Please accept our apologies.

Sincerely,

Assistant Secretary,
Anti-Microsoft Trolling Association, Ltd.

Re:Excellent example of why MS hates GPL.

[icydog]

Microsofts version of open source is that i develop and they take the code, the credit and the ownership.

Yes, because Microsoft's mode of operation is to steal GPL code and try to claim it's theirs until they get caught, at which point they fess up and pretend it was a mistake. Right... I mean, just look at all the other times they stole GPL code!

If in fact that tool used GPL code, it was just some lazy or dishonest developer who used a bunch of code from the Internet and pretended it was his. No proprietary software company would let that slide. Yes, that includes the company we all love to hate.

What if it IS a violation?

[mwvdlee]

What if it IS a GPL violation?

Will they release the source code?
And if not, if they just replace the GPL parts and release a new version, will people who downloaded the first version be legally able to demand the source code? Will the mere tainting of the code with GPL code cast a shadow on any future releases; "did they really replace the GPL parts or did they just refactor it"?

Re:What if it IS a violation?

[msimm]

If it is a violate they'll remove the code and put the application back up. The same thing that usually happens in a GPL violation, I don't see any reason to treat Microsoft differently.

Re:!Widely used , Widely despised..

Widely used claim is laughable

Pft. Clearly even MS are using GPL software. Doesn't get much more mainstream than that.

Re:Excellent example of why MS hates GPL.

[the_womble]

The same problem applies to any license? Suppose MS accuses someone of using their code, how can that be determined? If an author or musician accuses someone of copying them how can that be determined? It is an intrinsic problem of copyright, not a problem with the GPL.

Defining GPL?

[Korin43]

the GPL, a widely used (including by the Linux kernel) free software license

Good thing they cleared that up. I never would've known what the GPL is without this explanation.

Re:Excellent example of why MS hates GPL.

[wrook]

When I was working in an MS technology shop I found many cases of our programmers cutting and pasting code from other sources on the internet. Quite a lot of it came from MS itself and explicitly said that it could not be used. What do you do now? Rip the code out? But we've already shipped the code. Should we demand that the customers give it back until we can rip the code out? What if we still want to use the code? Should we approach MS and try to negotiate a different license? What if they say no?

There's no difference here. The GPL is quite easy to understand as licensing documents go. I think we can all agree that if code licensed only under the GPL was in the application, it would be a breach of the licensing terms; just like when various people in my company appropriated MS code. The resolution is exactly the same.

The moral of the story is: don't use code whose licensing terms are unacceptable to you. It doesn't matter what the license is. It doesn't matter what political forces caused the terms of the license to be created. If you don't agree to it, don't use it. This is the one thing that is the same for all licenses.

hey beavis...

[crocodill]

they pulled their tool

huhuhhuh

Re:This might be a double-edged sword

[ledow]

What you forget is that GPL code is owned by the author, not some magical GPL entity. One author might well want to kick up a fuss, while another may want to deal with it quietly. Others might go to the SFLC, whose policy *is* discretion first (and that's what I believe the earlier articles were referring to).

Whether or not to kick up a stink, demand compensation/removal of the tool, prosecution etc. is in the hands of the copyright holder, not the SFLC (although the holder may choose to hand it over to them for the purposes of dealing with the case).

Re:What if it IS a GPL violation part II?

[lordandmaker]

Who, exactly, sues them in this case?

In theory, the author(s) of the code. In practice, they'd likely hand it over to the FSF who exist partly for the protection of GPL'd code.

Re:So, this is about as damning as you get, isn't

[Dahan]

And no it's not enough to pull the application, if you've distributed the binary and you've used GPL code you're obligated to release that code.

No, you're not automatically obligated to do any such thing. What happens is that you may be infringing on the copyrights on the GPL'd code, so it's up to the copyright holders to decide what to do: ignore it, negotiate a (presumably non-GPL) license agreement with you, or take you to court. And if the latter, the judge will decide what the punishment should be--most likely it'll be "stop distributing the software and pay the copyright holder $$$$$". It's unlikely that the punishment would be "publish the source code to your app that used GPLed code."

Re:So, this is about as damning as you get, isn't

The copyright holder only has grounds to go after the infringing user of the GPL'd code if they don't release their modifications under the GPL, i.e. in this case, MS - if they are using code from ImageMaster - can make the whole issue go away by relicensing WUDT under the GPL (and providing the source) *to those people who have already downloaded it* if these end users ask for the code. That's all, folks.

Re:Not a bad move

[blowdart]

Indeed. The summary assertion that "The fact the company pulled the tool doesn't bode well" is really daft. Of course they'd pull it, there's been a claim made against it - if they keep distributing it whilst they investigate the potential for damages rises with every download. Pulling the tool is not an admission of anything other than the fact that an accusation has been made and they're investitaging it.

Re:What if it IS a GPL violation part II?

[Tim+C]

No - the copyright holder has to sue. The FSF recommends that you assign the copyright of anything you release under the GPL to them, so they can go after any violations, but if you don't then you're on your own. You can't sue for copyright violation on behalf of someone else, they have to do it themselves.

If anybody wants it before it is gone

[hairyfeet]

It is currently on Major Geeks, but who knows for how long. From the sound of it all it does is make a USB drive bootable like the HP format tool and then copy the ISO files to the drive.

Hell something that simple...why would they need to steal GPL code,unless they got themselves a seriously lazy programmer/contractor?

Re:Excellent example of why MS hates GPL.

[miffo.swe]

Have you actually read the Codeplex bylaws and what types of licenses they want? Microsoft is hard at work trying to redefine open source into something completely different than it is today.

Re:So, this is about as damning as you get, isn't

[man_of_mr_e]

Uhh.. Your logic is at best... strange.

Being aware of the GPL does not mean you are aware that any given piece of software is licensed under it, much less a few snippets of code from said application.

There are three possible scenarios I can think of off the top of my head that are all highly likely here, none of which would make Microsoft aware of the fact they were violating the GPL (if that is even the case, which isn't even proven yet).

1) Microsoft hired a contractor or 3rd party to produce the code. The 3rd party used GPL code, but did not tell them. Yes, Microsoft is still liable, but they're not willfully liable.

2) Microsoft produced the tool for internal use. This is a valid use of the GPL'd code and doesn't require source to be distributed with it. Some other department, unaware that GPL'd code was used, got ahold of the tool and decided to use it externally. The original developers are unaware of the new use. Again, Microsoft is not willfully infringing.

3) An employee decides to take a shortcut and use GPL'd code without telling his bosses, takes credit for the code, and thinks nobody will ever find out. Microsoft is unwillful because even thought the employee wilfully infringed, the company had no knowledge. Yes, they're still liable, just not willfully so.

There are probably many other possible scenarios too... but I can't be bothered to spend more than a couple minutes thinking about it.

So perhaps you should think your arguments through before jumping to the conclusion of "it must be willful".

Re:Let me have a go at it

[icannotthinkofaname]

No need, I've filled it in. How am I doing?

(Score:0, Troll)

I'd say you hit the nail on the head.

MOD ME +1 OBSERVANT, PLEASE!