Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Microsoft

Michael Chaney asks Microsoft to Open Kerberos 203

Posted by CmdrTaco from the get-with-the-program dept.
Remember Michael Chaney? He's the Nashville-based Linux consultant who saved Microsoft's Hotmail service from a Christmas 1999 outage by kindly paying a $35 NSI registration fee for them. Michael has always humbly maintained that this little act of bacon-saving was more of a Slashdot thing than a personal act on his part. Now, in the same spirit of generosity, Michael has some suggestions for the World's Largest Software Company about how to back gracefully away from its most recent attempt to keep its proprietary Kerberos Protocol extensions secret while still appearing to "publish" them.

On Microsoft, Kerberos, Slashdot, and Trade Secrets

A few months ago at an NLUG meeting, I jokingly asked a presenter to reveal his root password to the assemblage, adding "it's just us, we won't tell anybody." The "us" in this case referred to the 50 or so people in the room, and we had a chuckle while the presenter wisely decided against giving us his password.

The point of this story is something that we all know to be obvious: the level of secrecy afforded a piece of information by a recipient of that information is directly related to the way in which the secret piece of information is passed along. A password freely given to all in a user group meeting wouldn't be held in much confidence by the people present; they wouldn't really consider it a secret.

Likewise, it's difficult for anyone to consider a document to be a trade secret if it's posted on a website for anybody to freely download. Yet this is precisely the manner in which Microsoft is distributing their "Microsoft Authorization Data Specification v. 1.0 for Microsoft Windows 2000 Operating Systems," which we know is nothing more than a slightly modified version of Kerberos.

In a click-through (aka "ignorable") license, Microsoft states that their specification is "confidential information and a trade secret," and that "you must take reasonable security precautions... to keep the Specification confidential." Who, exactly, must I keep from knowing this "secret" information? Presumably someone without internet access.

Contrary to [what seems to be] popular opinion within Microsoft, they have nothing to lose from making their products compatible with existing standards. As a matter of fact, strict compatibility actually raises the value of all products, including those from Microsoft. Given that fact, it makes no sense for Microsoft to create an incompatible version of Kerberos. And if they do make an incompatible version of Kerberos, it makes even less sense to restrict access to documentation concerning your "extensions." (I can imagine a Microsoft internal memo: "Embracement achieved, on to step two.")

So the situation as it stands is that Microsoft has released a document that they're claiming is a trade secret and copyrighted, parts of it have been posted to Slashdot, and Microsoft is pulling out the DMCA to get those posts removed. Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.

But I really take offense to the fact that they go a step farther and request that a link be removed, and that instructions on bypassing their goofy EULA be removed. First, we've had plenty of discussions on here about the dangers of sites being forced to remove links; specifically at what level do we decide that a chain of links is no longer offensive. If I link to the Slashdot article that links to an "Unauthorized Copy of the Specification," is that a "crime?" How about a link to a link to a link? At some level, I'm sure I could find a chain that I could follow from Microsoft's own website to the offending Slashdot post (for those of you who wish to try, search for "samba" on Microsoft's site, it'll link to www.samba.org, try to find Slashdot from there).

As for posts "Containing Instructions on How to Bypass the End User License Agreement and Extract the Specification," I'd like to see someone from Microsoft explain how that constitutes a copyright violation, as J.K. Weston has stated (under penalty of perjury, no less). Self-extracting zip files are nothing new, J.K. Weston, nor is the concept of using WinZip to extract their contents.

The most offensive part of this whole ordeal, though, is that it's just been five months since Slashdot bailed Microsoft out when Network Solutions mistakenly shut off the passport.com domain on Christmas Eve. How soon Microsoft forgets! If it wasn't for Slashdot, it's likely that Hotmail would have been down for another day or more after Christmas, and that surely would have been a bigger blow, in terms of PR, than a bunch of Linux advocates solving their problems for them.

It's my not so humble opinion that Microsoft is in the process of making yet another major PR blunder. The company is famous for them, and it couldn't come at a worse time than as the Justice Department is trying to get them split up for doing exactly what they're doing right now: changing the specifications of an open protocol to reduce interoperability with other products.

Here's my advice to Microsoft: drop the silly EULA and make your Specification freely available under the terms of the new GNU Free Documentation License, or something like it. You'll gain some PR points, which you desperately need. This provides you with a way out that allows you to save face.

And my advice to anyone who talks to the press regarding this issue: remind them that it was Slashdot that saved Hotmail over Christmas.

- Michael Chaney

This discussion has been archived. No new comments can be posted.

Michael Chaney asks Microsoft to Open Kerberos More

Michael Chaney asks Microsoft to Open Kerberos

Comments Filter:
  • Microsoft's arrogance with regards to the federal government, its customers (prospective and actual), and more or less the world in general is well-known and documented.

    If we abide for a moment with the legal fiction that MS Corporation is an entity, then the only reasonable conclusion is that said entity is certifiably insane and not competent to enter into legally-binding contracts.

    Really, how could this hogwash stand up in any court of law anywhere that wasn't being bribed senseless by Microsoft?

  • As Michael points out, this behavior is exactly what should interest the forces that are right now deciding on Microsoft's future. How do we let them know? Alternately, is this something the mainstream press would be at all interested in?
  • what makes him think he's someone to be taken seriously? just because he sent in a $35 check and got a lot of publicity? This may sound like flamebait, but it's a serious question. I don't know.. just because someone has gained fame among a particular crowd doesn't mean that he can start preaching to that crowd. Yes, it was neat that he sent a check to NSI. But does that really make him an expert on anything?

  • The DMCA (Score:2)

    by Anonymous Coward
    I have to give props to everyone who supports the DMCA. Only in this wonderful USA could we create a law that allows corporations to sue and harrass it's own customers...

    The DMCA: Redefining Customer Service

  • Chaney for president ;-)! Seriously though, Michael's saving of Hotmail hopefully shows the public that it's not just the "rabid Linux zealots" that think that Microsoft's stand on the Kerberos incident is ridiculous.

  • the ultra-competitive, take-no-prisoners attitude that Microsoft has displayed for most (all?) of its existance is both an asset and a liability. the kerberos issue is just one more example of how that attitude is diffused throughout the organization, and how a systemic remedy is needed.

    i doubt that microsoft takes linux, /., and open source very seriously. that is not to say that there are microsoft employees who do takes these matters seriously, but that on the whole it it an insular, self-referential, and arrogant institution.

  • This is a really great letter. Unfortunately we're talking about a company that practices deciept as a standard business tactic. Even if they did release the document under an open licence, they would simply install another catch elsewhere. Perhaps modify the standard yet again or find another method to stop W2K from "hearing" other non-MS applications. I surely don't blame all MS employees. I surely do blame MS managment.

  • Question for Michael Chaney (Score:3)

    by JamesSharman ( 91225 ) on Tuesday May 16, 2000 @07:13AM (#1068611)
    If M.C. is reading this: we know that Microsoft sent you a $500 check for your kind restoration of Hotmail. I also remember that you attempted to auction the check of on eBay to raise some money for charity. Can you tell us how much you managed to raise (I expect you had a fair number of fake bids) and where the money went.
  • Can't Microsoft be sued for applying the Name Kerberos to their Closed Product. Since it is an Open system, and Microsoft has changed it to NOT work with others. Doesn't that eliminate the whole point behind it? And if so, then isn't this an example of Microsoft Using its power to eliminate Competition?
    No never your way, always the Microsoft Way. You have no choice

    Offtopic:By the way, I WANT MY QUICKTIME 4 FOR LINUX ALREADY
  • Assistant: Mr. Gates, a Mr. Michael Chaney is on the phone.

    Gates: Who?

    Assistant: Chaney, you know, the guy who saved hotmail for us?

    Gates:Michael who?

    tcd004

    Here's my Microsoft Parody [lostbrain.com], where's yours?

  • I think it's a good thing, that someone in the position of irony can use it... Lots of /. readers would probably want to say the same things, but its good to have a name saying the voice, and it's quite cool that it's a guy with a record in M$ side-jabs ;)

  • Interoperability is a net negative for MSFT (Score:4)

    by sigmond ( 88934 ) on Tuesday May 16, 2000 @07:14AM (#1068615)
    As a monopoly MSFT clearly has much to gain from poor interoperability. They control the vast majority of desktops which need to authenticate to network resources. If authentication the Microsoft way becomes the de-facto standard for many organizations MSFT benefits by being the vendor with the best interoperability with its own products. Other vendors can interoperate, but only as long as MSFT releases the specifications for their "enhancement" and only _after_ MSFT has implemented the enhancement in their own product. MSFT benefits as the "first mover" in a situation where only they can move first.

  • For those that ask "who is this guy and why should we care about this?":

    He may be hoping that someone at Microsoft will remember who he is and what he did... and their brains will kick in and they'll listen to him speak in a pleasant, calm, rational, grits-free, petrification-free tone of voice.

    And if it works, great. There has to be someone rational inside Microsoft....

    ....right?
    ----

  • I know that this has been gone over and over.. But how can a EULA in an EXE be binding? Using an unzip program is hardly "cracking".. This sounds like one of those nice items thrown into the UCITA.. Agree to the terms.. THEN we'll show you the terms that you are agreeing to. [popealien.com]
    -
  • I think we should let M$ go on their merry way. Let them have all the rope they need to hang themselves. If they keep doing what they're doing, they'll get split up, people will get sick of them, and the software and OS market will once again be competitive. Competition stimulates growth. I for one look forward to MS-Office for Linux (produced by a software division uleashed from the OS division).
  • But aren't the Halloween documents proof that they *are* at least somewhat scared or uncertain? From what I read, they looked at OSS, Linux, etc. as something that was up and coming and a real threat.
  • The only companies who need proprietary extensions are those who know that the competition could produce better products with them.

    This level of reasoning probably explains the Microsoft PR babble we have had to suffer about how breaking them up will harm the computer industry, damage the economy, speed up global warming, cause the death of every first-born child, rant, rant...

  • Re:what I want to know is.. (Score:3)

    by pinka ( 82537 ) on Tuesday May 16, 2000 @07:17AM (#1068621)
    what makes him think he's someone to be taken seriously? just because he sent in a $35 check and got a lot of publicity?

    Essentially yes. Isn't that what goodwill is all about? It struck me as a goodwill post rather than an "expert opinion".

  • If you go to his website linked to in the intro to he request (doublewide.com?) you will see his account of the "saga"
  • MS does indeed need some serious PR points these days. But it seems that the left hand of their legal department doesn't know what their right hand is doing. Or the left hand doesn't care. Or it is stupid. Or something.

    Being a libertarian, I don't believe that anti-trust laws are a good thing at all. Most monopolies exist as a result of government mandate. In the case of other near-monopolies (such as Standard Oil), consumers didn't benefit at all by government intervention. (The price of oil rose, in fact.)

    But really, MS has this absurd attitude of "I will do what I want, everyone but us be damned!" So really, waht Bill Gates needs is a good tuning up by Andy Sipowitz in some grungy interview room of the 15th squad.

    Cool stuff on GeekPress [geekpress.com]: Chinese engineer wins site's jackpot, but collecting is tricky [geekpress.com] / How to Hack a Bank [geekpress.com] / Helmet o'Death, Almost [geekpress.com]

    -- Diana Hsieh

  • Microsoft's Problem (Score:1)

    by Anonymous Coward
    It seems to me that Microsofts biggest problem in this issue is trying to keep the life-blood of the technical community from being knowledgeable about there products. How can they expect IT professionals to be able to fully support their system if they can't have access to all the protocols, ect. used by the system. I think we would all agree that Microsoft needs to get their heads out of their "buttocks" and get with the program.

  • Re:what I want to know is.. (Score:3)

    by Cyberdyne ( 104305 ) on Tuesday May 16, 2000 @07:20AM (#1068625) Journal
    just because he sent in a $35 check and got a lot of publicity?

    ISTR he paid by Mastercard :-)

    On a more serious note, I live in a country where, IIRC, reverse engineering is specifically permitted, regardless of license conditions, provided it is done for interoperability reasons only. So, I could, perfectly legally, reverse engineer the Win2k bug in order to make Samba+MIT Kerberos interoperable with Win2k. The question is, does the possibility I might be using MS's "secret" published documentation make this more difficult? Equally, is this "EULA" even legally valid? I suspect it wouldn't stand up...

  • This is the second or third time I've heard J.K. Weston's claims being referred to as false and therefore illegal themselves.

    So who is suing him?
    --
    Have Exchange users? Want to run Linux? Can't afford OpenMail?
  • Who cares what device raises a person's public stature? What matters is what he does with it.
    His argument seems cogent, and if he alludes to a certain episode in Microsoft's memory of recent embarrassments, so what? There is a small, but finite, chance that it will change Microsoft's mind.

  • Microsoft In The News(TM) (Score:3)

    by ryan360 ( 123742 ) on Tuesday May 16, 2000 @07:22AM (#1068629) Homepage
    Is it me, or is Microsoft been getting some bad publicity lately? Kerberos-this and Outlook-that... whatever happened to the Slashdot headlines like "Microsoft donates $50,000 to open source development" or "Microsoft plants a tree" or "Microsoft implements cross-platform media initiative"?
  • I think the concept is, it's supposed to be a "favor for a favor." He helped MS out, by doing them a favor, wouldn't have been the end of MS if he didn't do it, but it did make their life a little easier. Now he's asking them to back off on the Kerberous issue.

  • LMAO (Score:5)

    by Black Parrot ( 19622 ) on Tuesday May 16, 2000 @07:26AM (#1068631)
    > Oops, its http://www.doublewide.net

    From the link:
    On January 15, 2000, I received the check from Microsoft for $500, in addition to a new copy of Visual Studio 6.0 (which I need to compile and run the decss program to decode my DVD's so that I can play them under Linux).
    It doesn't get much funnier than that.

    --
  • but he already got a favor back.. they sent him a $5,000 check, which he ended up auctioning off for much more than that (although he did do it for charity).
  • Microsoft will never open Kerberos now that Slashdot has suggested it. Taking advice from Slashdot would be a sign of Microsoft giving in.

    Maybe next time we should try reverse psycology on them. You know, sarcastically say "Microsoft, don't open up Kerberos...... that would be a BAD thing. No, really, stop it. Don't split. Don't fire Billy Gates. Don't make a reliable OS that doesn't crash every half hour.....".

    Maybe, just maybe, they'll fall for it. ;-)

  • Now, now, play nice... (Score:1)

    by Anonymous Coward
    I don't think it has anything to do with MC's quest for fame. He raises a serious issue, and he does it because he's an interoperability advocate, not because he bailed MS out. He probably would be doing this in any case. It's because he saved MS that it's ironic.

    Akardam "Waiting for Slashdot to mail me my password..." Out
    Everything but TheKitchenSink - www.akardam.net [akardam.net]

  • Re:Question for Michael Chaney (Score:5)

    by sampson ( 33383 ) on Tuesday May 16, 2000 @07:29AM (#1068635)
    I am not M.C. but from his website, you can see that he gave the check to John of SwiftView inc, which did the following (from their website here [swiftview.com]):
    The nearly famous $500 Chaney Microsoft Hotmail domain registration check was purchased by SwiftView for $7,100. We are donating this money to the Sisters of the Road Cafe' [sistersoftheroad.org] in Portland, Oregon, a small non-profit restaurant feeding hundreds of homeless and low-income residents of Portland's Burnside Community.

    Michael Chaney is the original owner of this check and auctioning it for charity is his idea. He is also contributing an additional $2,500 for a total of $9,600. As noted on his site and the links below, he hopes that Microsoft will make an additional contribution.

  • So you're a libertarian and yet you're moaning because Microsoft do what the hell they please? That sounds kinda stoopid to me. Duh...
  • christ people have a sense of humor!

    Q: What do you think about American Culture?
    A: I think it's a good idea.

  • Fame is never a reason to be taken seriously. Which is the reason I ignore most celebrities. (i.e just because Sharon Stone dumps her firearms, does that mean I should?) However, to Microsoft, Michael _should_ mean something, as he saved their ugly little keisters a few more days of embarrassment a few months back.

    The reason that I respect what he has to say is because he is right.

  • does that really make him an expert on anything?

    Yes, on Ethics.


  • No, it doesn't make him an expert on anything.

    The point is that he has moral high ground and is using it to urge Microsoft to do something that's unnatural to it. If this were a more public and important issue (to general public), Microsoft would have a no-win situation here.

  • > Is it me, or is Microsoft been getting some bad publicity lately?

    Yes. And no. The regular media is still lapping up their... whatever.

    For example, I watched a bit of CNN on the telly this morning. Their "coverage" of E3 was essentially a three minute commercial for the X-Box.

    And MS didn't even have to pay for the coverage.

    --

  • Yes, that is in fact how things work now. You get some attention for yourself and then people listen to you. Of course, it's always been this way, it's just easier to leverage attention with the net. Good or bad, it's the way of the future- embrace and extend this model for yourself

  • Great Article (Score:5)

    by WebTurtle ( 109015 ) <derek,dimatteo&gmail,com> on Tuesday May 16, 2000 @07:35AM (#1068643) Homepage
    This is a very well articulated and well argued article. When I read the headline and who it was from, I thought as many other posters seem to : just because he saved M$'s bacon doesn't make him qualified to start handing out advice. But, after reading his article I am willing to judge him by its merit. And It was a great article. He makes several good points, particularly in regards to the obvousness that this can hardly be considered a trade secret.

    However, I would like to address one part of his post that he left open:

    Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.

    It is clearly a challenge to the concept of OSS and the GPL. If they can prevail over the community by succeeding in keeping their kerberos "extension" closed source, they win. If they can simultaneously do a little media spinning that shows how lawless OSS advocates are, they win twice. By this I mean that "everyone" knows that Slashdot is a haven for rabid OSS zealots who do nothing but pirate software, trade illegal MP3s on Napster, and read that damn anti-corporatist Noam Chomsky all day long. If M$ can show that these types of people will stop at nothing, including violating license agreements, publishing trade secrets, and being generally abusive towards all things corporate, then they will help stem the tide of converts. It will damage the reputation of OSS and the Free Software movement. It will make conservative businessmen (who outnumber the liberals) baised against OSS in their organizations, etc.

    We as a community need to be on guard against these tactics. One good court case taht goes against OSS on top of everything else that is happening regarding the RIAA, MPAA, DeCSS, MP3.com, Napster, etc. and we will have taht much more difficulty gaining broad acceptance. And M$ will have that much more sway over people's opinions.

    Certainly they can try to slow the OSS movement down, and give it a bad name, but it can never be stopped unless precedents and laws get in the way of progress and evolution.

  • Kudos (Score:3)

    by Dr Caleb ( 121505 ) on Tuesday May 16, 2000 @07:36AM (#1068644) Homepage Journal
    Once again I appaud Mr. Chaney for his act of selflessness at trying to resolve a conflict between parties.
    IMHO, it's no different that helping a stranded motorist change a flat tire. An act that in itself expects no rewards. Just the feeling of doing something right for your own piece of mind.
    The only trouble is, you're dealing with Microsoft here. During that selfless act, you never expect that motorist to hit you over the head with a tire iron and steal your wallet and car :-)
    I truly hope they get themselves out of the corner they've painted themselves into. It would save them face, Slashdot lawyers fees and us techs quite a few headaches in trying to get this to interoperate with standard versions of Kerberos.

    Perhaps Win2k SP2 will include changes to Kerberos to put it back to the standard operability that it was designed for.

  • Are you kidding? I'm sorry, but that's just ludicrous. His action was in no way driven by ethics. Just because it wasn't "unethical" doesn't make it an "ethical" action.
  • What at this point is stopping us from just reverse engineering the stupid M$ extension and removing their last possible thing to say about this issue? Is anybody working on this already?

    The way I see it, when the disputed, disturbed specification is in GPL'd source code, they won't have any legal recourse. Why sue someone to remove a link to something that is already implemented?

    How badly could they have screwed it up? This is _microsoft_ we're talking about here! They couldn't code their way out of a wet paper bag. How much work could it possibly be? A couple of days for some UberhHacker?

    Once the fix is GPL'd, with no authors mentioned anywhere, who could they sue? What would they sue? It's like Gnutella; who do you persecute?

    Maybe I'm just naive but this seems pretty obvious at this point.

  • House of cards (Score:5)

    by Dark Paladin ( 116525 ) <jhummel&johnhummel,net> on Tuesday May 16, 2000 @07:44AM (#1068647) Homepage

    Some time ago, I read a book by Orsen Scott Card I believe called The Worthing Saga. Part of the book deals with a man who wanted to engineer the destruction of civilization, since he saw humanity and its culture as stagnating.

    He proceeded to enginner the total collapse of society, first by purposly angering the "lower people" just enough so that they would be angry, but not revolt. Then he alienated the "upper people" so that they were incinsed, but would not withdraw support. He sent messages out that "All is well, do not worry" while issuing secret messages to people about "how bad things really are."

    And when all the pieces were ready, he finally pushed everybody over the edge at once, and everything fell apart all at once, like a house of cards toppled by a child.

    I don't hate Microsoft. I've used DOS as far back as I can remember, I've used Windows when that's all I knew. Indirectly, I have a good living as a professional geek and now game reviewer. I like my life, and I owe a part of that to companies like Microsoft.

    But the more they act, the more it seems like they are engineering their own demise. They upset people just enough with their competitive practices- and I'm not just talking about making new products, but giving them away to put other people out of business. They upset government officials by continueing to engage in monopoly practices while they are under investigation- from the Kerberos issue to "renting" software at university's at such a low price [theregister.co.uk] that college students can't resist, then jacking up the prices after everyones standardized. They put on commercials saying "We innovate, we work hard for you!" while they have "Holloween E-mails" that talk about how scared they are of Linux.

    Microsoft is not a bad company. I'm going to say this again: Microsoft is not a bad company. I may not like all of their products, but others I think are great. I like Internet Explorer, I just don't like how it was rammed down my throat.

    But with each new story, I become a little angrier at Microsoft, to the point that I'm about to install Linux on my machine at home and only use the Windows partitions for games (hey, I've still got to write my reviews.) And if Microsoft keeps up this behavior, they'll find thier carefully built house of cards all falling to the ground at the same time.


    John "Dark Paladin" Hummel
    We don't just like games, we love them!
  • which I need to compile and run the decss program to decode my DVD's so that I can play them under Linux

    Does that mean that Microsoft could be held liable in the DeCSS thing? Visual Studio was needed to compile DeCSS. Wouldn't that make it a tool to help circumvent copy protections? (DeCSS won't run when it's not compiled)

    Think of it as linking to a site with the offending content (or a link to a link). "Auxiliary offender".

  • Or alternatively... (Score:1)

    by Anonymous Coward
    As an alternative to MSFT's non-compatible Kerberos, how about downloading the Windows version from M.I.T ? Should be guaranteed compatible, being "from the horse's mouth", as it were...

    Just go to M.I.T [mit.edu] and enter Kerberos in the search box. When I tried it, the top link that came up was "Kerberos for Windows"...

    I didn't take it any further - is anyone actually using M.I.T's own Kerberos for Windows ?

  • Good question (Score:3)

    by joss ( 1346 ) on Tuesday May 16, 2000 @07:50AM (#1068650) Homepage
    Though this guys credentials are as good as anyone's as far as I'm concerned. If his arguments make sense then he is as worthy of attention as the next man.

    Of course, there are many people with such low self esteem that they will only listen to opinions from some "authority" on the subject. How else could they possibly know what to think ? Heaven forbid they should actually try judging the worth of the arguments irrespective of where they come from. That would involve thinking for themselves. That's not how things are done in a civilised society - it's not efficient. Instead we must have experts on every topic under the sun who decide these things for us.
  • Everybody seems to be acting like M$ NEEDS good publicity and HAS to behave like a good citizen and is in need of some sort of redemption. Well, they don't. When your software is used on 90-95% of the world's computers you don't have to have a heart or a conscience or a soul or a brain. You get to do whatever you want. Until somebody takes you down. Period. Their whole legal strategy shows this. Deny everything, admit nothing, brook no comprimise and wait until you can appeal the case to a new administration which will most likely let you weasel out of the whole thing. Then vengeance is yours. Is this a good or sane or proper or responsible attitude? NO! But Lawyers and law and the kind of money and power that is at stake here have never been about making sense or being a good citizen or being responsible. They've always been about Their Way and nothing else until you can put Their head on a platter. And that's all they have to(and probably will) do.
  • I know that this has been gone over and over.. But how can a EULA in an EXE be binding?

    You're confusing technical issues with legal issues. Consider these analogies:

    I have a book that says "No part of this publication may be reproduced ..." on page 3. Skipping directly to page 5 does not mean that I'm exempt from this legally binding statement.

    I cover my eyes during the FBI warning at the beginning of videos. I still can't copy them.

    They are not required to force you to read and agree to a license. That's just to drive the point home and to make it harder for you to say "license? what license?" on the witness stand.

  • If this version becomes Proprietary, then Microsoft controls who can use it. I may be wrong here but... if they control who can use it, they can use their dominance in the desktop market to extend their market share in the *SERVER* market. (By the need to authenticate using M$ proprietary inbred bullshit)

    Hmm. Using a monopoly to extend another monopoly... isn't that a law somewhere?

    -Militant Elf (A PFY for a BOFH)
    remove the sos for deliverable flames

  • Re:Why Microsoft can't settle anything ;) (Score:4)

    by Fyndo ( 11748 ) on Tuesday May 16, 2000 @07:52AM (#1068654) Homepage
    If you're going to post material copied from Brunching Shuttlecocks [brunching.com] you should at least credit them...
  • It seems to me that Microsofts biggest problem in this issue is trying to keep the life-blood of the technical community from being knowledgeable about there products. How can they expect IT professionals to be able to fully support their system if they can't have access to all the protocols, ect. used by the system.

    That's the point. If nobody but Microsoft knows how to fix it when it breaks, and it breaks all the time, then Microsoft can charge an arm and a leg for it and make tons of money.

    It's sad how transparent that little plan is. What's sadder is that it's working.

  • Legality of links.... (Score:4)

    by rjnerd ( 143758 ) on Tuesday May 16, 2000 @07:59AM (#1068657) Homepage
    The copyright office specifically says bibliograpic references are always legal -- you may not be able to use the text itself, but you can always tell someone where to find the originally published text. The only difference between "Journal of Irr. Results Vol 3.14159 number 1.735 (June 2003) pp 10-12" and www.JIR.joke/volpi/number_sqrt(3)/joes-stuff is one of formatting. I could write either down on the back of a biz card, and take it to a good research library, and be looking at the text in short order... In the case under discussion, posting the actual text (so it comes from a /. drive) is likely a violation for the user. Posting the URL of the page on the MS site, so the acutal bits of the article come from a drive in Redmond, is just citing the published article... (it meets the copyright definition of "fixed in a tangible form", so it counts as "published" -- published for copyright purposes includes so-claimed trade secrets)

  • This is stupid (Score:4)

    by Hard_Code ( 49548 ) on Tuesday May 16, 2000 @08:00AM (#1068660)
    This is stupid. Both Microsoft and Slashdot are at fault. Microsoft is at fault by perverting an otherwise open standard, then claiming to have published the changes by forcing anyone wishing to view the documentation through a non-disclosure agreement (faithfully supported by brilliant UCITA legislature). Shame on Microsoft, although it can hardly be called unexpected. But even more shame on Slashdot. The core of the "information wants to be free" meme, is copyright, whether you like it or not. If you want information to be free, you must at the same time respect the same copyright that upholds the GPL (until such copyright laws are done away with). Refusing to remove blatently illegal material is not a first amendment issue...it is a juvenile snub to Microsoft. I'm sure Microsoft has no reservations from unleashing its legaldroids upon Slashdot. It is just dumb. Just as we would not like someone to violate GPL, we cannot at the same time violate an analogous legal (BUT STUPID!) binding. Slashdot should remove the stupid text. We should work to change the laws...not peurily snub our noses at it and then go crying that big bad Microsoft is opressing our first amendment.

  • ``Confidential Information'' (Score:5)

    by Kitanin ( 7884 ) on Tuesday May 16, 2000 @08:07AM (#1068662) Homepage
    Who, exactly, must I keep from

    knowing this "secret" information? Presumably
    someone without internet access.

    Well, put the pieces together...

    • MIT is where Kerberos came from
    • (An) NIC is required to view the information
    • And finally, a K for Kerberos.

    M-I-T-N-I-C-K... :-)


  • A matter of fact? (Score:5)

    by NaughtyEddie ( 140998 ) on Tuesday May 16, 2000 @08:12AM (#1068664)
    Contrary to popular opinion within Microsoft, they have nothing to lose from making their products compatible with existing standards. As a matter of fact, strict compatibility actually raises the value of all products, including those from Microsoft. Given that fact, it makes no sense for Microsoft to create an incompatible version of Kerberos.

    Quite clearly Microsoft do not think this is the case, and it's not a clear "matter of fact" to me either. Microsoft have done extremely well with their current philosophy; it goes to the core of their anti-competitive nature, which has made Bill Gates a multi-billionaire and the richest man in the world.

    Why do Slashdot readers insist they understand the industry better than the single main player in it? Yes, strict compatibility "raises the value of all products", but Microsoft do not want to raise the value of all products, only theirs. They are unique in that this actually poses an advantage to them - no other software company makes a full complement of interoperating software, so these companies are forced to interoperate with each other's stuff properly. Not so Microsoft; they have a vested interest in only interoperating with their own software. You can buy a complete enterprise software setup and never pay a dime to anyone but Microsoft. And that's exactly what their non-interoperability encourages you to do.

    The rest of the article seems a little naive given the real matters of fact.

  • Instructions on *reading* the license (Score:5)

    by hrm ( 26016 ) on Tuesday May 16, 2000 @08:13AM (#1068665)
    The bit about posts "Containing Instructions on How to Bypass the End User License Agreement and Extract the Specification" really cracks me up.

    How about instructions on how to read the damn license?!

    I downloaded that EXE thing and wondered on how to get it "installed" while running Linux. I went about it in the usual Unix way. First I ran "file" on it, which told me it was a windows executable (saw that coming somehow, not a complete dummy me) as well as a "RAR archive".

    That's an animal I hadn't heard of, but a quick inspection showed that there was something called "unrar" on my SuSE distro. I ran that and was presented with some sort of .doc file, which I knew StarOffice could probably handle.

    I never did get to see that license. Too bad, because I was kind of curious about the wording.

  • Just because it wasn't "unethical" doesn't make it an "ethical" action.

    What kind of logic is that?

    As to what may have driven his actions, Ethics are not about motivations, but about behaviour. The fee was overdue, so the domain was available, he took it, so as to read his e-mail, and gave it back, for he considered it not to be fair to keep the domain. Otherwise, he could have:

    • Struggled to keep it or sell it to someone else

      Settled for a good amount of cash

      Framed the check

      Auctioned the check and kept the money

    He may have gotten a lot of exposure out of this thing, no doubt, but he played pretty fair against MS, and that fully entitles him to ask MS to follow suit.

  • Re:what I want to know is.. (Score:3)

    by Plasmic ( 26063 ) on Tuesday May 16, 2000 @08:18AM (#1068669)
    Are you unable to judge an argument based on its logic and rationale? You don't have to be an expert on anything to be able to present intelligent concepts in an eloquent manner. I take people who are unknown, but make sense, more seriously than I take people who are well-know, but wrong.

    You seem to take offense to his comments.. "preaching"? He's not preaching to anyone; he's formed an opinion, presented it, and proposed a solution. The basis of his argument is not "I saved the day once, so you should do what I say!" No part of the article hinges on the fact that he's smart man for doing what he did. He lets its merit stand for itself. Why don't you?

  • Hrm (Score:3)

    by Bad Mojo ( 12210 ) on Tuesday May 16, 2000 @08:20AM (#1068671)
    I don't know if reading this article and resulting posts makes me sad or not. Someone stands up to voice the same opinion as many people on Slashdot hold and he gets attacked. No wonder OSS has such a lingering bad taste in people's mouths. Nothing like trying to help out and having the people on your side question your motives and character. Face value people. It still exists.

    Bad Mojo [rps.net]
  • Well said! +5 We could use a few more MC's.
  • I have a book that says "No part of this publication may be reproduced ..." on page 3. Skipping directly to page 5 does not mean that I'm exempt from this legally binding statement.

    I cover my eyes during the FBI warning at the beginning of videos. I still can't copy them.

    The illegality of copying the above mentioned book and movie does not derive from the warnings; the warnings are just to remind you of that fact that it's illegal to copy them.

    They are not licenses and they do not restrict fair use; thus a movie about MS's extensions to Kerberos could not be reproduced in whole without permission, but you could still use the description therein to implement them.

    Chris
  • In a click-through (aka "ignorable") license...

    Police Officer: Sir, did you not see the stop sign?

    Motorist: Of course I saw the stop sign! It was drive-through (aka "Ignorable").

    Police Officer: Sir, would you please get out of the car?

    Just because you can ignore something does not mean that you may ignore it.

  • According to the page announcing the "publication" of the implementation of the specification, Microsoft stated that it was releasing this document in order to have third-party security analysis and validation that it was within the letter and spirit of the Kerberos spec with the IETF.

    I see no reason why we here on /. could not help Microsoft with this aim. After all, we recognize that many of our mutual security problems with viruses and so forth have occurred for precisely the reason that in the past Microsoft was not so open about security matters and did not check with the community at large first.

    However, Microsoft needs to understand that any discussion of the document needs to refer to it in detail. Therefore Microsoft needs to withdraw its claim to trade secrets and the EULA requirement.

    If Slashdot were to withdraw, in turn, its copy of the copyrighted document, and instead link to an open online copy at Microsoft's site, then why wouldn't everybody be happy and we work together to achieve our mutual objectives?

    Thanks, MC, for trying to negotiate a settlement--you are wise and I hope Microsoft responds.

  • Re:EULA (Score:2)

    by rlk ( 1089 )
    "No part of this publication may be reproduced..." isn't a EULA any more than the GPL is. Copyright in general allows non-holders only very limited reproduction rights, and the statement at the beginning of the book doesn't forbid anything that copyright law already forbids. Likewise, the GPL grants strictly more rights than copyright law does.

    If the book stated something like "the information contained herein may be used only for purpose X" or "this book may not be resold without written permission of the publisher", on the other hand, the situations would be more comparable. Part of US copyright law (the "first sale doctrine") allows someone who owns a legal copy the right to resell it and otherwise dispose of it. The INSTANCE of the book is entirely owned by the person who bought it. What isn't allowed is copying it, beyond certain points (e. g. excerpting short passages for review).

    The problem here is that Microsoft is putting something on an open web site, offering it for download, and then claiming that use of the information contained in it is restricted (as opposed to merely stating that copying of the information is out).

    I think that it's reasonable for Microsoft to ask that the actual copies posted to Slashdot be taken off. They do hold the copyright on the particular expression of the specs. On the other hand, asking that links be removed, or the fact that it can simply be unzipped, strikes me (who's not a lawyer) as ridiculous.

  • Because he's earned his soapbox (Score:3)

    by Anomalous Canard ( 137695 ) on Tuesday May 16, 2000 @08:50AM (#1068685)
    He did a good deed for an evil corporation. It didn't cost him much out of pocket, but he bothered to do it. He entitled to use this soapbox occasionally. If he misuses or overuses it, we may choose to stop listening. We may choose not to listen to him now, but the soapbox is his. That's what free speech is all about. Look into it.

    Anomalous: inconsistent with or deviating from what is usual, normal, or expected

  • Re:A matter of fact? (Score:2)

    by Anonymous Coward
    You're right, but there is one thing you cannot buy from them, and it is paradoxically necessary if you own the rest:

    Good virus protection!

  • Bribery (Score:3)

    by dithi ( 88241 ) on Tuesday May 16, 2000 @09:04AM (#1068693)
    At first your insinuation that microsoft could bribe a court "senseless" seemed ludicrous. The US isn't some 3rd world corrupt banana republic. But as i though more about it, bribery could have two forms: one, cash payoffs, or two, the judge could be so scared to rule against microsoft in fear that he would hurt our wonderful economy that he wouldn't impose sanctions. This is in effect a type of bribery brought on by the MS monopoly, which means that no court would rule against MS for fear of losing that payoff, in their wallets (judges own stock too) and the wallets of the country. Not so ridiculous of a term after all.

  • The problem is that Microsoft has made that nearly impossible. To publically release a reverse engineered version of Microsoft's Kerberos extensions, the authors would need to be able to prove that they had no access to Microsoft's trade secrets.

    No. It's the other way round. And if they really reverse engineered it it's easy to proove that anyway (500 postings to a mailing list discussing various problems; showing some dissassembly blabla...).
    \begin{paranoia mode} %Using tex here so /. cannot fuckup anything
    But maybe they suspect someone (for instance samba developers) has a "contact" into microsoft which leaks some "hints". In this case they have silenced that source w.r.t their kerberos stuff because now every developer is aware that he may have to present a stringent documentation of his reverse engineering work and that there mustn't be any "intelligent guessing" involved
    \end{paranoia mode}
  • I think their OS share is a little smaller than that, like 70-80

    Everything I've read states that 90+ percent of x86 based PC's sold ship with a MS OS installed. Now, whether that means that more than 70-80% actually run a MS OS once they are put into service may be another thing, since a lot of servers are purchased to run Linux, BSD, commercial UNIX, Novell Netware, OS/2, etc, and a growing number of desktop machines are going to other OSes as well, albiet not nearly as many as the server market.

    I think in terms of desktop machines, you'd be hard pressed to push Microsoft's market share numbers down much below 90% even if you counted in all of the non-x86 machines like Macs and RISC UNIX workstations.

    Its hard to tell though, as Microsoft tells different stories depending on who they are talking to. When they talk to the DOJ and/or the court, they have major competition, but when they talk to their shareholders and business partners, they don't have any serious competition. When they are talking to themselves, then they are worried about OSS, but only a little, and mostly only because they have difficulty understanding it.

  • As I understand it, no actual illegal material was ever ON Slashdot. Information on how to unzip a file is hardly on-par with detailed instructions on how to rob a bank, and (as it's generic) is not even specific to Microsoft's file. The same stuff could have been put in ANY other thread, and nobody would have thought twice, but the information would still have been there. As for revealing that the agreement is on the bottom of each page... WOW! That's like, oh so serious a breach of Copyright! I'm scared! Sorry, but Microsoft declaring an EULA itself as a copyrighted trade secret is pathetic. Who did they hire to handle this case? Mojo Jojo?
  • It was my impression that some ACs on Slashdot actually copied and posted the spec verbatim. If that is NOT the case than Microsoft does not have a leg to stand on and can go bugger off.
  • I'm going to reproduce an AC's post found here [slashdot.org] because it seems very relevant to the copyright issue.

    There is an interesting precedent on what happens when copyright and first-amendment collide. Some decades ago, the Soviets published a badly bawdlerized version of a dissident's book that had become widely acclaimed in hand-copied "samizdat" editions. When the original was smuggled to the West and published here, the Soviet "publisher" sued for violation of copyright. The court, in throwing out the lawsuit, reasoned that copyright law was being used to stifle a protected political debate: about Communist _praxis_ then, about Microsoft's extend-to-destroy strategy now.

    The core of the court's reasoning was based on the original purpose of each clause. When two constitutonal provisions collide, the one that is being used for its original constitutional purpose prevails. The purpose of copyrights was to promote the dissemination of knowledge, by giving a financial incentive to writing and publication. This is the central purpose that must be protected. Other uses of copyright, such as trying to halt the spread of of information that might harm the political interests of the copyright owner, enjoy a lower level of protection, particularly when they act against the original purpose of copyright, and hinder, rather than promote, the dissemination of ideas. Similarly, the original purpose of free speech guarantees was to promote unhindered debate of political issues. Other uses of the 1st amendment's guarantee of free expression - for example, the provision of pornography to masturbators - enjoy less protection. Such secondary uses of the free-spech guarantee may have to give way when they are in conflict wih the central purpose of some other constitutional provision.

    In the case that set the precedent - just like the case now - the 1st amendment case involved publication of material going to the heart of a public political controversy, the exact purpose for which the 1st amendment was written into our constituton. As for copyright, it was being used then - just like now - directly _against_ the original constitutional purpose. The Soviets then, and Microsoft now, have tried to use copyright to hinder, rather than promote, the dissemination of knowledge. I hope that the above will help /. apply the precedent to your present case.

    The above is a very reasonable argument for why Slashdot should not have to censor the offendings posts.

    For those who want a copyright-free interpretation of Microsoft's kerberos implementation, try
    http://www.thetop.net/kerbos/spec.txt [thetop.net].

  • No longer a COPYRIGHT problem... (Score:5)

    by HopeOS ( 74340 ) on Tuesday May 16, 2000 @09:27AM (#1068707)
    Given that there is a GPL'd document published that does not have the Microsoft restrictions, I wonder where they stand legally now?

    I published this on Friday, but here it is again. Maybe it'll get moderated up this time.

    http://www.thetop.net/kerbos/spec.html [thetop.net]
    http://www.thetop.net/kerbos/spec.txt [thetop.net]

    Good luck!
    -Hope

  • The domain wasn't available. When he paid the fee, he didn't own the domain in any way whatsoever. Therefore, he didn't give it back. Your comment that he "considered it not to be fair to keep the domain" is completely bogus, since he never had it to begin with.

    So, he most certainly could not have "struggled to keep it or sell it to someone else," since he'd have to own it first, nor could he have "settled for a good amount of cash," since Microsoft didn't owe him a single penny.

    You make the point of the guy you responded to. You're giving him credit for playing fair simply because he wasn't unfair to them. Just like the guy said, just because it wasn't "unethical" doesn't make it "ethical." His only two options in this situation were (1) pay the bill, or (2) not pay the bill. There was nothing to be fair or unfair about.

    And seeing how much publicity he's gotten from his 35 bucks, I'd say it's a Hell of an investment, but no more ethical (or unethical) than playing the stock market.

  • OK, I bit. Here's the link sequence!Voila! Microsoft to Slashdot and back in under 10 links.
  • I read an in depth article once about the MS extension of Kerebros. Basically, the functional part of the spec involves a string of values. Lets say the spec string had 30 characters. The Kerebros group decided to use only 26 of the characters, leaving the last four unused. MS decided to use these spaces.
  • Here's an excercise in futility here for you:

    Go to the Microsoft web site [microsoft.com] and search for "slashdot"(I did this to see if they had their side of the kerberos story posted on their site.) Click on the first story that comes up and search the page for "slashdot".

    If you'd rather not follow the link, the paragraph reads as follows:

    "Understand that I love technology and I love to keep up with technology, including ones that are alternatives to Microsoft. I check sites like Slashdot every day. I find the postings out there to be very thought provoking, and they cause me to think about balancing our entire solution. I am also fortunate to have so many customers who are willing to tell me what they think we should be doing and what operating systems and Web servers we should be using. But at the end of the day, our customers have given us a responsibility, and we are accountable for the technologies on which their businesses depend. We must have solutions that work-not just cool technology, but ones that really work-and we found those through Microsoft."

    So, obviously, MS wants you to think their way is better than listening to some /. poster for a balanced opinion. I don't think this article is going to change their minds. However I do like the tactic of taking the high road, as Chaney has done.

  • Re:You can't open it with winzip! (Score:3)

    by Steve B ( 42864 ) on Tuesday May 16, 2000 @09:46AM (#1068718)
    Winzip's popup says: "If this is a self-extracting file it is either not in the standard Zip file format or it is corrupt."

    I didn't know WinZip had such a sophisticated AI.
    /.

  • But what if this "No part of this publication may be reproduced ..." was written in arabic letters while the rest is in english, is it still legal binding in the US?

    Yes. As was pointed out above, it's a reminder, not a license.


    ...phil

  • Learn a little more, troll...

    Guess where this quote came from:

    "Fold extended functionality into commodity protocols / services and create new protocols

    "Linux's homebase is currently commodity network and server infrastructure. By folding extended functionality (e.g. Storage+ in file systems, DAV/POD for networking) into today's commodity services, we raise the bar & change the rules of the game"

  • Jack the Ripper? That is hardly a fair comparison. He broke into quite a few systems. He did not though profit or destroy anything thus, in my mind, causing no damage but they treated him worse then they treat wife beaters. In my home town, a guy beat his wife so bad that her left eye came lose from the socket but he only got two nights in jail. Mitnick did what? 5 years? Does anyone else see something wrong here?
    Molog

    So Linus, what are we doing tonight?

  • As the author of this piece, I hereby demand, upon pain of lawsuit, that Slashdot delete the above post, delete this thread, delete this article, delete all backups of all Slashdot data just to be safe, ban this "177" person from the site, personally spank anyone who moderated it up, and for God's sake wash your hands afterwards.

    Nah, just kidding. But thanks to everyone who set the record straight as to the authorship of this little bit of absurdity.

  • As a matter of fact, strict compatibility actually raises the value of all products, including those from Microsoft. Given that fact, it makes no sense for Microsoft to create an incompatible version of Kerberos.

    Your first sentence is correct, your second is not. All products do benefit when they are compatibile and interoperable with one another. But Microsoft doesn't want to raise the value of all products. It only wants its own to benefit.

    It makes perfect business sense for Microsoft to try to lower the value of competing products by preventing interoperability with its own. It's called lock-in, and it increases switching costs for users and barriers to entry for competitors. It's a strategy that makes perfect sense if you have a dominant (especially monopoly) position, and little or no sense if you don't have such a position. Harness network effects to exclusively benefit your product, what could be simpler?

    The only time this doesn't pay off is if it sufficiently alienates customers or developers. So far, Microsoft has managed to hew a fine line where such alienation has not outweighed the benefits of its platform. It's up to knowledgeable people to point out the oft-hidden costs and risks of adopting Microsoft's technology approach.

    Remember, in reality, most of Microsoft's succesful innovations have been *legal* innovations, beginning with their DOS contract and extending through various exclusive OEM agreements and their chiseling away at the Java contract and DOJ Consent Decree. Their trade-secret licensing of Kerberos and their attempt to license software on a renewal basis (first at universities) are just the latest examples of this. Just what you'd expect from a firm founded by the bright son of a lawyer.

    --LinuxParanoid, paranoid for Linux's sake

  • Just as we would not like someone to violate GPL, we cannot at the same time violate an analogous legal (BUT STUPID!) binding

    Firstly it's not clear at all that MS's silly "read this and you agree to everything I say here" EULA is valid, especially when they're trying to claim that something publicly distributed on the web is also a trade secret (as I understand it, if you want something to remain a trade secret, you've to take reasonable steps to keep it secret).

    Secondly, even if MS were legally right, they would be morally wrong. There's such a thing as civil disobedience. I believe it was John Stuart Mill who went to jail rather than pay taxes to support a war he believed was wrong. We can still win by placing moral pressure on MS, and refusing to back down.

  • Re:EULA (Score:5)

    by remande ( 31154 ) <remande@nOSPam.bigfoot.com> on Tuesday May 16, 2000 @10:11AM (#1068733) Homepage
    Do not confuse a license with a copyright.

    Copyright notices only inform the reader (viewer, listener, etc.) of restrictions that are already in place. There is nothing to agree to; the copyright is enforced by law.

    A license agreement, OTOH, is by definition something you either agree to or do not. And a license is a restriction on use, not reading or viewing.

    If I own a book, the book has a copyright on it but no license. By law (not agreement), I am forbidden from doing things like ripping out the pages and photocopying it, or scanning it onto the Web. I am expressly forbidden from copying it.

    However, there are no end to things I can do with that book. I can give it to somebody. I can lend it out. I can resell it. I can mark it up with a highlighter. I can even use the author's own words against him or her.

    Imagine this: I buy a book written by somebody I dislike. I can then write an editorial, tearing his views apart, using little pieces from the book to do so (this is "fair use", so I don't violate copyright law). This is all completely legal.

    Now what if he puts something in the introduction: "By reading this book, you agree not to critique, insult, or inconvenience the author in any way".

    Guess what? I can do exactly what I intend to do just as if that wasn't in the book. I read the agreement, I am aware of the agreement, but I don't agree with the agreement. Reading a book doesn't require me to agree with anything written in it. There is no law backing that statement up, unless UCITA applies to books as well (and then only in Virginia?).

    If there is such a law, we're all in for a world of hurts. Consider the following scenarios.

    You go to a movie. The film company got a huge investment from Pepsi. Not only does the movie show a number of people drinking Pepsi products, but an opening crawl before the opening credits states "By watching this film, you agree never to purchase products by the Coca-Cola Company". And if you think that's bad, wait until it comes out on video and they start playing it on transcontinental flights (where you can't walk out of the theatre).

    You tune in a Pearl Jam song on the radio. The latest hit has Eddie Vedder singing the chorus "By listening to this song/you agree to not do wrong/to stop paying those bastards/that work at TicketMaster".

    And my personal favorite:

    By reading this post, the Slashdotter agrees to pay me $20. $30 for Anonymous Cowards.

  • All in all, a good article; however, in regard to:
    Given that Microsoft has made the information freely available, I can't imagine what this can gain for them.
    I believe that a main point of this release that MC missed is that by releasing these the specs for Kerberos in this manner, they have tainted the water, in as much as they have made it near impossible for someone such as the Samba team to prove that they developed the correct methods to extend Kerberos into the same areas as MS without using MS's copyrighted, freely available, EULA protected methods.

  • How soon Microsoft "forgets" (Score:5)

    by x0dus ( 163280 ) on Tuesday May 16, 2000 @10:22AM (#1068741)
    How soon Microsoft "forgets". Less than a year ago (July 1999) Microsoft was having a war of words with American Online over their Instant Messenger (IM) client. AOL was denying MSN IM clients the ability to send messages to AOL's large instant messenger base. Microsoft wrote a letter [microsoft.com] to Steve Case, the CEO of America Online, passionately calling for an open standard for Instant Messaging (see the Slashdot discussion [slashdot.org]).

    Now, less than a year later, Microsoft takes Kerberos, an existing open standard, and changes it with the sole purpose of stopping interoperability between Windows 2000 machines and other clients not developed by them. As if that wasn't bad enough, they then publish their Kerberos spec with such a tight licence that the information in it is rendered useless to all that read it. In fact those that read it no longer have the right to develop their own Kerberos client with the information contained in the spec. So basically, Microsoft published the spec with the sole intention of slowing down development of alternative clients (i.e. Kerberos clients for Linux).

    One must now wonder what is Microsoft's stance on open standards. Are they for or against them? I would like to close with two quotes from Microsoft's letter to AOL as mentioned above. The meaning is the same, but the technology is different.

    "Indeed, imagine a world in which users of one particular telephone service were unable to interconnect with users of another service. Similarly, imagine if AOL members could only email other AOL members. Such a world is not in the best interests of customers."

    "Consequently, in the spirit of doing what is right for consumers and our industry, we'd like to convene a meeting of our respective companies to begin the far more productive process of creating an industry standard."
  • So MS wants to tweak Kerebros so that its interoperability is asymetric. They can't patent the "extension" because it is "obvious" but they want to establish some IP claim for all the reasons that IP is so important these days. A "trade secret" IP claim is dandy, but they can't really keep it secret or the "extension" will never get used outside of MS. Hence the "publication" of the "trade secret." If they don't fuss about the SlashDot articles "revealing" the "secrets" they wouldn't have a prayer down the road of claiming IP so they write the letter.

    There is nothing diabolical in the process; it's just what happens when you try to lay claim to IP that really isn't yours and then do what your lawyers tell you to do without thinking.

  • ROTH LMAO! That was great!

    Period!
    PERIOD!

  • Ignorance of the laws is of course no excuse for breaking them. Never has been, never will be.

    That's part of the problem with eula and such is there doesn't seem to be a good analogue of the situation for joe consumer to understand.

    What I find interesting is that no software company (that i know of) has taken steps to actually make people enter into a contract when buying their software. Would it be so hard to actually get people to sign a contract when they purchase software? Or could it be that joe consumer wouldn't go for this, recognizing it for the bs that it is...

    They are just trying to slide one in the back door with these eula and such without joe consumer noticing or realizing.

  • Or we could get smart, like this... (Score:5)

    by HopeOS ( 74340 ) on Tuesday May 16, 2000 @11:51AM (#1068757)
    (1) The information can no longer be assumed to be a trade secret.
    (2) It's not patented.
    (3) The Microsoft document is copyrighted, but the information can be disseminated in any way other than their document.

    Solution: Rewrite the document

    Like this: http://www.thetop.net/kerbos/spec.html [thetop.net]
    I've got a message posted below, but it's buried too deep to get moderated up. Hopefully, it can see some light up here.

    So far, over 100 hits since I posted two hours ago. The server wouldn't mind a couple thousand... it's bored out of its skull anyway.

    -Hope

  • Having just finished a project where I was designing a method to integrate Win2K into an existing mixed-platform UNIX/NT environment, let me add a few things.

    When attempting to integrate Active Directory with existing LDAP directories, MicroSoft's position is that Active Directory is LDAP. Technically true, since LDAP is an access protocol, but MS is monkeying with the system deliberately in order to prevent data synchronization unless you use not only Active Directory, but also MS's recently-acquired meta-directory (formerly Zoomit Via). Their directory can accomodate LDAP clients, but adds a lot of extensions and doesn't replicate well with systems that don't extend LDAP in ways not permitted by the standards.

    When attempting to replace NIS (for scalability reasons), and attempting to get to a single authentication method for UNIX and Win2K, the only real answer is to use kerberos from the UNIX boxen with AD as the KDC, or to use Services for UNIX (an MS product), which will allow you to use AD as your NIS server. This of course won't work if you want to use someone else's KDC (since Win2K needs ACL information in the auth_data field of the kerberos cert) or if DCE is part of your product mix. MicroSoft's position is that it will work. Again, it will do so until you consider the real world.

    I could go on, but I think that the point is made. MS has made it so that if you implement Win2K, you will also turn control of DNS, DHCP, LDAP, Kerberos, NIS and a number of other products over to MS, because Win2K will not work and play well with others. What scares me is what happens when Windows 2004 comes out and redefines name services, address assignment and the like. Do MS's enterprise customers then have to roll over and take it, because the cost of pulling out Windows will be higher than the cost of surrender?

  • Kewl, but why did you put it out under the GPL. Shouldn't you use the GNU Free Documentation License instead? How can you GPL documentation? It doesn't make sense.
  • I totally agree, although the insulting title is unnecessary.

    The data field used by MS Kerberos is being used within the spirit and letter of the spec, if you believe the original designers of Kerberos. Non-MS implementations don't look for a value in that field, and work as before. The only "incompatibility" involved is that non-MS software can't take advantage of the data in the field, and MS clients don't work without it. Don't buy Windows 2000 if you want to use a non-MS KDC. Furthermore, if MS had not used Kerberos, Linux machines would be totally unable to use MS servers for authentication. This use of standards benefits the Linux community, by allowing companies to use Linux on some of their desktops.

    We all know that Linux does not have a standard for distributed group memberships. This is just one of the benefits of using Microsoft systems as servers. If some of your services don't need this functionality, then you are free to use MS Kerberos for authentication and use local authorization. For the rest of us, we take advantage of the features MS provides.

    Why would you expect MS to give away its products and intellectual property for free? They produced software that allows easier management of larger distributed systems, that is better than what is available for Linux. Allowing their servers to take the place of other servers over Linux networks is in their interest. Allowing their workstations to access resources on Linux servers is in their interest, but their biggest profit comes from the whole package. We should not expect them to make it possible for someone using a Linux infrastructure to get the benefits MS is trying to make money off of. Their interest is best served by making people buy it from them if they want the MS features.

    Bottom line: If you want distributed Authentication, any Kerberos implementation will do, including that from MS, for either servers or workstations. If you want the additional benefit of distributed authorization, everyone involved needs to speak that extended data field. Since that field is for third party use, MS made use of it. If you want the benefits that come from that MS field, use MS products all around. If you don't think it's worth it, don't buy from them. If you want, you can define your own schema for that field, and try to sell that. MS did nothing wrong here.

    --Sandy

  • Some of you idiot moderators wouldn't know a good post if it poured hot grits all over your keyboard. Here I am, telling you how to Save The World, and you moderate it down.

    It sure as hell won't shut me up, though.


    "The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness."

  • As I see it, EULA is only valid if it is presented at the moment before transaction is performed -- Microsoft may think that running self-extracting executable is a transaction that makes the text of specification available. However then ff transaction can be performed without the user doing anything that may indicate that he accepts the license (uncompressing the file without running it), then only copyright applies, with all fair use provisions untouched.

    Of course, there are other issues that may invalidate the EULA even if it was accepted, and may invalidate the claims about trade secrets (you can't call something a secret and distribute it to everyone undiscriminately, so if something was taken from Microsoft, it definitely wasn't a secret).

  • As UCITA has been passed and signed into law in two states, this could be a problem if the Web Server that the EXE appeared on had physical residence in Virginia or that other backwards state that passed it.

    Under the terms of UCITA, you don't even have to read the non-extracted file that you didn't know was there to have basically given away all your rights to MSFT. The non-publication of the license still makes it enforceable, and they now can hunt inside your computer system, without court order or permission, to try to find the Kerboros spec if they determine that you violated the license from their perspective. You're automatically presumed guilty before being proven innocent. It's up to you to pay the legal fees, and you have no recourse.

    At least UCITA hasn't even appeared in Washington State, we're not that gullible about tech stuff. Plus I told about half the state officials, state reps, and state senators about it.

  • I think when you said "It's like Gnutella; who do you persecute?" you hit the nail on the head. But reverse engineering is not the best tactic. Like pirating the music files, it's best to pass the alledgely illegal act downward to the masses.

    But the trick is not to implement the Microsoft extensions; after all, to follow the analogy, the Gnutella authors didn't pirate all the mp3's. Even if the authors are anonymous, let's keep it hard to claim the product itself is illegal.

    What you want to do is make a kerberos implementation in which one may specify the meaning of that the key "extension" bytes on the command line. As in "kinit -byte26 128" instead of just "kinit". (Actually, I'm not sure how it would work on the command line, the above example is surely wrong -- the key here is that any information gleaned from MS trade secrets is specified by the user, not in the program which you distribute. Perhaps it won't be in the command line, but in a configuration file the user will have to generate. Perhaps a generic kerberos like protocol description language is needed.)

    If users around the world look up the spec and make bash aliases for kinit so they don't even have to remember it or waste the keystrokes, it's a widely distributed crime, let MS go after all of them. You just passed the ability to comply to the MS extension to the world, and let them choose whether or not to do it.

    This strategy fits in with the general trend of successful challenges to these restrictions: just make it easy for people to do it, provide them the tools.

    The open publication of the extension spec is a bait to get someone into a position vulnerable to legal harassment. We can trump this by simply passing on the trick to more people than all the lawyers in Redmond can list in a Excell spreadsheet; don't nibble at it yourself, for God's sake.
  • (MIT, right?)

    If MS can't be made to open up the standard, then maybe they can be forced to drop the name "Kerberos", at least from the clients, as they are not compatible with a "standard" Kerberos server.

    After all, that's one of the reasons why Linus owns the Linux trademark, right? If MS came out with "Microsoft Linux" (ignoring the GPL for a moment), but it only worked with its own proprietary file system extensions, or some other change, I presume Linus could LART them for that and get them to drop the name.

Slashdot Top Deals

Order and simplification are the first steps toward mastery of a subject -- the actual enemy is the unknown. -- Thomas Mann

Close