Microsoft vs. Slashdot Update

I spent some of yesterday and part of today (Saturday) on the phone with our law firm's intellectual property specialist dicussing Microsoft's attempt to get us to remove reader posts about Kerberos. We're lucky to have a lawyer who "gets it." We're also lucky to have gotten some very favorable press about all of this.

But, sadly, I can't really tell you much more right now than "we're still working on it" for two reasons:

• We're exploring a lot of angles and doing a lot of research, and in order to maintain attorney-client privilege we must keep all discussions with our lawyer *extremely* private.
• Microsoft's legal people (obviously) read Slashdot.

I have scanned every single reader post on this subject, and some of them have contained *very* helpful suggestions. It hurts me not to be able to share more, especially with those of you who have given us useful advice.

Meanwhile, Andover.net's management has been totally supportive. Our President, Bruce Twickler, deserves special thanks for his staunch backing and general coolheadedness. And our VP of Corporate Communications, Janet Holian, has done an excellent job of getting information out to other media while letting us work (comparatively) undisturbed.

There are also rays of light from the other end. I've gotten a small but steady trickle of e-mailed support messages from Microsoft workers who are embarrassed by their employer's actions both in rudely extending Kerberos and their attempt to "publish" their proprietary Kerberos extensions while still trying to keep them hidden behind a non-disclosure agreement.

Please bear in mind that many Microsoft employees are perfectly nice people. For all we know, the nice people at Microsoft may yet persuade the not-so-nice ones that there are times when it's better to work with others to establish industry-wide standards than it is to act as if the freedom to innovate belongs only to Microsoft.

(Special message to nice Microsoft people: Here's a quote you may wish to call to your bosses' attention:

"...Kerberos is a multivendor standard, so it allows secure interoperability and the potential for single sign-on between the Microsoft world and other vendor environments." If they ask where you got these words, please refer them to this Microsoft.com page.)

Anyway, once again, please accept my personal apology for not being able to share more information with you right now. This is an uncomfortable situation for everyone involved, and we hope that Microsoft chooses to give this story a happy ending as soon as possible.

- Robin "roblimo" Miller

Well Said

It is often easier to villify an entire organization and all those associated with it rather than take the time to reason out the inner divisions that most likely exist. Thank you for acknowledging those that are trying to take the empire down from the inside :)

An important consideration

The more that's posted on the Microsoft attitude, the less that's said about the DDOS attack, and the less Microsoft talks about either, the more sure I am that Microsoft employees either perpetrated the attack or were otherwise involved in it.

Why's that? Because if I was in charge of a major computer company found guilty of hostile, dominating abuse of the computer market, and if my major critic had gone public with a legal notice they would probably ignore, and if that same critic had suffered a devastating DDOS attack shortly afterwards, I'd want to get some distance between myself and them.

Microsoft's amazing and eerie silence is suspicious. In the DVD case, the MPAA has placed web page upon web page, documenting their argument and why they should win. In the DOJ case, Microsoft did the same. In the Slashdot case? ...Nothing.

This isn't natural for a major corporation. Corporations thrive on publicity, Microsoft more than most. Trampling their enemies into the ground should be good for a few column inches, or at least a headline on MSNBC. At the very least, some kind of official dissociation with the DDOS, lest suspicions be raised.

But, no. That Slashdot has lawyers involved in the DDOS case (at least, that's how I would interpret the article) reinforces my suspicion that there is a string possibility that the attack COULD have come from Microsoft or a subsidury. Probably not on direct orders - too easily traced - but more likely by an unspoken agreement and suitable compensation or, at the very least, a blind eye and some accidental deletions from the system logs.

In short, Slashdot might never make it to court. If I'm not just being paranoid & overly imaginative, Microsoft may have turned militant. And that may spell trouble. An organisation with more loose change than the US Government has reserves is a tough opponent at the best of times. If it has decided to play rough and turn to dirtier tactics, we could see some "leaning" on Slashdot's provider, "accidents" causing cable breaks, or other unfortunate events.

(I'm glad Microsoft isn't an Israeli company. Otherwise, I'd advise CT and Rob to avoid anyone carrying an umbrella, for a while. Some tactics are definitely dirtier than others.)

As for a "distributed" Slashdot, that might not be such a bad idea. If all the databases could be kept in sync, with delays Since the Slash code is now open, I'm going to have a sit-down to see if I can think how this could be done. I'm sure others will be, too. The sooner load-balancing exists, regardless, the better. It'll keep equiptment costs down, and allow CT to make use of older servers, rather than having to retire them.

Re:I hope Microsoft sues you fools

Slashdot is the worst pile of a web site I have ever seen.

Don't web surf much, do you?

There are tens of millions of web sites out there, most of which have much lower quality, smaller audiences, and less content than Slashdot.

Oh... but you didn't mean "worst" == "lowest quality", did you? You mean "worst" == "most thousands of readers who think you trolls are childish idiots, and tell you so."

Anyone want to speculate what damages Microsoft will ask for?

Sure: Slashdot will remove the one or two posts that were verbatim copies of the pseudo-kerberos spec, will stand firm on the rest, and Microsoft will back down rather than incur more horrible PR.

Wow, you guys lost a lot of money in the past few months eh?

No, they didn't. Anyone with any sense knew that the RHAT, LNUX, and ANDN stock prices were a bubble, and sold what they could at the top of the bubble to fad speculators. As for those principal shareholders who couldn't sell without losing control of the company, their stock prices are still trading higher than their first indicated IPO price.

Microsoft is valued at 100 times you losers.

And by emotionally attaching yourself to their financial success you somehow shield your ego from your own personal and social failures?

That's just my theory; otherwise I don't see how that sentence was relevant. In theory the judge doesn't ask both parties how much their market value is before making a decision.

MSFT could aquire LNUX 100 times over if they wanted to but they dont.

No, they couldn't. They could afford to acquire LNUX, and could make a private offer the same way they tried to buy linux.com. They could not acquire VA Linux for the same reason they couldn't acquire linux.com: because the owners wouldn't sell to Microsoft.

BECAUSE LINUX SUCKS AND SO DOES SLASHDOT!

I know in my heart that you're just trolling and trying to bait people like me... but part of me fears you're serious. If so, I would suggest that you step away from the computer, and attempt a long period of social interaction. Try to make a friend, or even a girlfriend (but don't tell her that you are a "troll" or that your name is "Dr Kool"). Try to avoid screaming angrily about things that don't concern you, and instead avoid things like "Linux" that seem to be stress factors for you. You'll be happier, and live longer.

Oh, and if you moderate this down, it will be proof that you nazis are trying to stop the flow of information.

You seem to be unclear on the concept of "moderation", the English language, or both. First of all, you continue to use the pronoun "you" even though the audience you are apparantly addressing has changed from the Slashdot employees to the moderators (current moderators? all past moderators? do you understand the difference?). Secondly, you seem to be unaware that "moderating down" a post does not stop any information; even posts moderated to -1, or even those that the Slashdot employees have moderated lower in the past, are still accessable by anyone who desires to read them. Ironically, that universal accessibility is what Microsoft wants to prevent, not Slashdot.

I really hope some trained psychologist takes a look through Slashdot archives someday. There are a plethora of angry, immature individuals like yourself here with a long record of antisocial behavior that is analogous to the real juvenile delinquency increasing around the nation.

But enough feeding the trolls. I suspect you've already been moderated down as you should have been (and as I probably should be, unless "Funny" or "Insightful" cancels out "Offtopic"), and nobody will ever read this. There's just something about that combination of stupidity and arrogance that tweaks a nerve in me.

Re:Just in Case

Freenet [sourceforge.net] is what you want...

--

Re:Net Worth of the 'Honchos' is of little concern

Look at it this way. What is Microsoft's greatest asset other than its brand? Its people. The engineers who work there.

How does Microsoft keep them there? Stock options, mostly. The pay is decent, but the main draw is a chunk of the company that is always going up.

What happens when the stock is wounded? People leave. As simple as that. There are tons of other companies out there who would love to have Microsoft's talent (and yes, even though they make a lot of shitty products, the engineers are usually not to blame in the end). By wounding their stock price, you deal a blow far greater than a perceived drop in faith in Microsoft's stock.



- Jeff A. Campbell
- VelociNews (http://www.velocinews.com [velocinews.com])

All Funny Quotes from the same section...

There's one last point about Kerberos that's worth addressing: why did Microsoft bother with it? In previous versions of Windows NT, network authentication was handled by NTLM. Why make a change? How is Kerberos better than NTLM?

There are several answers. First, as you've already seen, Kerberos provides several features that aren't available in NTLM. Delegation and mutual authentication are both available with Kerberos, but neither is possible with NTLM today. Also, Kerberos is typically faster than NTLM, since each NTLM client authentication requires a server to contact a domain controller. In Kerberos, by contrast, a client can supply the same ticket over and over, and the server can use just that ticket to authenticate the user. There's no need for the server to contact a domain controller each time a user needs to be authenticated. And finally, Kerberos is a multivendor standard, so it allows secure interoperability and the potential for single sign-on between the Microsoft world and other vendor environments.

Any way you look it, Kerberos qualifies as progress. It's nice to see this powerful, secure, but long-neglected protocol move into the limelight. After years of languishing in relative obscurity, Kerberos is about to go mainstream.

This is from the above referenced URL at http://www.microsoft.com/msj/defaulttop.asp?page=/ msj/0899/kerberos/kerberostop.htm. [microsoft.com] Let's take a look, shall we?

Kerberos is a multivendor standard, so it allows secure interoperability and the potential for single sign-on between the Microsoft world and other vendor environments.

Actually, from what I've seen, The Microsoft 'version' of Kerberos doesn't allow interoperability "between" Microsoft and other vendors....it only allows operability from Microsoft OUT to other vendors, and not IN. (This was plugged into their crappy 'enhancements' to Kerberos.)

After years of languishing in relative obscurity, Kerberos is about to go mainstream.

What? There are two points to be made here. 1.) Kerberos was never really in obscurity. It was a widely used protocol, and was CREATED for the purpose of authentication. NTLM was a piece of crap, and Microsoft admits that now. 2.) Because Kerberos is being woven into Windows, THAT makes it mainstream? Oh please, give me a break. What's funny, is that Microsoft states that "Any way you look at it, Kerberos qualifies as progress.", yet their implementation (If you can call it that) takes a step backward by locking out functionality. Progress? Nah...

-- Give him Head? Be a Beacon?

Re:Never answer email containing legal threats

To be sure, Slashdot's confrontation with M$ would have proceeded on the dead tree medium sooner or later, and the exchange of paper wouldn't have changed very much about the essential issues. But Roblimo could have bought himself a couple days to cool heads at Slashdot and talk to the lawyers, while the M$ lawyers would have been essentially idle, sitting expectantly in front of their Outlook clients and gradually losing their patience.

Hopefully, in the meanwhile, someone will send them a few love letters!!!!

--
Here's my mirror [respublica.fr]

Misunderstanding

There seems to be a lot of misunderstanding on this topic on both sides. I've read responses on several weblogs and many Here's my take on what happened: MS makes a legal change to a publicly useable standard. MS clients can log in using standard Kerberos servers, but standard clients cannot get MS authentification. People get pissed and accuse MS of monopolistic practices. MS gets a ton of heat from press and public, so it decides to release the spec, but as a trade secret. Anyone with a clue about what a trade secret is would have to suspect that either MS's lawyers are incompetent, or they were trying to taint the field so no one could legally implement MS's version without breaking the law. I believe IBM did the same with the PC BIOS standard and Compaq looked long and hard to find untainted engineers.

Now the spec was posted ONCE on slashdot, along with several posts explaining a standard way of opening self-extracting exe's. MS demands the removal of the copyrighted post, as well as the ones explaining how to open the exe and some that only refer to legal consequences of the spec's release.

Now slashdot must decide what to do. If it removes the copyrighted post but not the others it could lose any claim to common carrier status, thus making it legally responsible for anything posted. If it removes the other posts it would open the floodgates for other companies to have any post removed that they don't like.

Trade secrets are meant to protect companies from employees giving away internal documents or signing an NDA and then blabbing. It does not stop reverse engineering. MS has tried to manipulate a trade secret into a patent: "We'll tell everyone about it but not let anyone implement it!" It doesn't work that way. Trade secrets must be vigorously guarded to remain trade secrets. It is getting a bit fuzzy with the Internet because judges don't want people stealing secrets and posting it on a newsgroup in order to instantly invalidate the trade secret status, although that did happen in a Scientology case.

For corporate apologists out there, MS's EULA is fundamentally different than the GPL. The GPL gives the licensee certain rights & responsibilities regarding redistribution of a work. MS's EULA tries to stop you from discussing the facts of the contents. Copyright only covers a specific expression. I could rewrite a book, copying the plot, and it would be legal. The GPL doesn't stop you from discussing the algorithms contained, or even from implementing said algorithms. MS tried to overstep copyright law and trade secret law, and now it's getting what it deserves.

If I was MS I would have just sat on the spec and not released it at all. The small clamor was nothing like this and it would have died down. I think the Samba guys are skilled enough to reverse engineer without MS's document.

Thanks for reading, I could go on a bit about the DMCA and IP law, but I won't.

Re:Amazing that Microsoft is STILL trying...

The Kerberos spec includes empty fields for vendor use. Microsoft used one of these fields; they have no obligation to make info on their use of it public.

Oh yes they do, if their use of the field and non-disclosure of relevant technical details could be seen as part of an illegal product tie, or an attempt by a monopoly to extend its monopoly into a new market, or a strategem motivated more by a wish to harm competition rather than to benefit customers.

Yes, it's against the spirit of cooperation...

It's against more than that: it's also against ethics, against the interests of their customers, against the interests of consumers in general and finally, against the law (my opinion).
--

Re:Never answer email containing legal threats

> I've always felt very strongly about this: Sending any kind of legal communication over an insecure medium such as email is intolerable, and there is no reason at all for the receiver to acknowledge its existence

I agree, at least in general principle.

> But Roblimo could have bought himself a couple days to cool heads at Slashdot and talk to the lawyers

Someone in another thread suggested that /. should make a big PR issue out of it in hopes of kicking MS in the yarbles.

Actually, I think the /. crew and their advisors probably figured that out the first day. Their post of the exchange was probably a sincere attempt at the "open source legal defence" we have discussed here before, but it was undoubtedly also a PR move. And it seems to be working very well, to the extent that the geek nation is up in arms over it and several mainstream tech sites have also been covering it, and not always with a spin that puts MS in a good light. (Even if they don't support /. on the copyright issues, they can hardly avoid mentioning what a crock MS's extension and packaging of the information was.)

Frankly, I think /. has done incalculable harm to MS over the past couple of years. Every move MS makes, every statement they make to justify themselves, is ripped to shreds here, and the media are watching. Gone are the days when you could publish rigged benchmarketing, lie in your press releases, claim 'innovation' for recycling an ancient idea, or deliberately break a protocol, and hope that none but the elite of the technical elite would know about it. Now that EotTE only has to come here and make a single explanatory post, and the whole world finds out about the mendacity. The paid-by-advertising print media are no longer the gatekeepers of the truth.

I suspect that Jeremy and the other domain gurus who so often show up here at precisely the right moment do not spend all their time browsing /.. Rather, they are probably running ripper scripts that alert them when their domain of expertise comes up for discussion on /., and when it does, they zoom in "like yellowjackets on dog exhaust" to dispel the bullshit and send the MS spin itself spinning out of control in unplanned directions. (Figure 1: Insert image of Dizzy Darth spinning away in his fighter.)

It's the internet, and not least the sites like /., that have changed MS from being the master of FUD and the god of PR into a bumbling oaf that alternates between stepping in it and shooting off the stinky foot. The media has, by and large, turned against them, and you, cousins, deserve part of the credit. Every time your MS-niggling post gets moderated up to (Score: 5, Funny), you've pushed another pin in.

As I hope to do with my new .sig:
--

Re:Amazing that Microsoft is STILL trying...

> I have to admit, I also wonder about the intelligence involved in putting up confidential material on the Web and then getting their knickers in a twist when it's spilled to the masses.

I suspect that, among other motives, MS is hoping to establish a precedent for "clickwrap" to be a valid mechanism for a binding NDA, in addition to being a mere EULA.

--

Semi-dirty tricks to consider

I know I'm probably not the first person to think of this, but I want to post it anyway:

Even thought Slashdot/Andover is obviously on the side of right here, you may well lose a long and protracted legal battle. Andover IPO money is great, but Microsoft has misplaced more cash than that. Lawyers cost money and good lawyers cost a LOT of money.

My suggestion- kick them in the PR department. MS has been hit with a tsunami of bad press lately with DOJ rulings, security holes, and general bastardness. Reporters would love to follow those stories up with "Microsoft subverts standards and strongarms little guys". What Roblimo and the crew need to do is run to every media outlet that will listen to them. Also, strike while the iron is hot. The top of the list needs to be The Wall Street Journal. If Monday's front page includes a story about this situation, it would be very damaging. If one mutual fund manager reads about this and says to himself "These are the actions of a company grasping at straws to keep themselves on top of an industry" and sells a ton of MSFT, it's going to put a dent into the net worth of every honcho in Redmond.
Bottom line: Roblimo needs to make this into a battle that Microsoft has no interest in continuing.

Keep fighting the good fight.

-B

Human Organization.

It is often easier to vilify an entire organization and all those associated with it rather than take the time to reason out the inner divisions that most likely exist.

It's an interesting question, actually as to whether you should do that or not. On the one hand, a lot of the people there have only a small responsibility for what there doing, unfortunately, that is still a small responsibility. Vilifying an entire organization may be an overstep, but on the other hand it isn't.

The reason is that people in the organization do the same thing. Everyone in Microsoft can say, "I'm not responsible, I'm just doing a little, I'm just following directions" A person in an evil organization feels no guilt, no one there does. So the organization itself doesn't.

Take as example Nazi Germany (not that I'm comparing M$ to The Nazi party, or BillG to Hitler). Everyone there was able to slug off personal responsibility for there actions, it was the organization, not them. But in the end, their efforts led to the death of millions of people. Similarly, everyone at M$ must have some culpability. Ether that, or no one does, and the organization can continue to operate without a conscious.

Everyone at microsoft bares some responsiblity for this, wether they agree with it or not.

Re:An important consideration

Microsoft's amazing and eerie silence is suspicious. In the DVD case, the MPAA has placed web page upon web page, documenting their argument and why they should win. In the DOJ case, Microsoft did the same. In the Slashdot case? ...Nothing.

This isn't natural for a major corporation. Corporations thrive on publicity, Microsoft more than most. Trampling their enemies into the ground should be good for a few column inches, or at least a headline on MSNBC. At the very least, some kind of official dissociation with the DDOS, lest suspicions be raised.

Sorry, but your paranoia is showing... First, corporations thrive on GOOD publicity. There's an old adage that there's no such thing as bad publicity, but in MS's case and at the present time, it just ain't true. So far, MS has done amazingly well in the court of public opinion. They've managed to keep the majority of the public unaware of their dirty tricks & by playing themselves up as the victim, they've come up on top. Now, this story comes out & they're the obvious bad guy. They're scared.

Second, this is all fresh. Did the MPAA have their website up the day the first legal papers were sent? Of course not. They publicly responded, but only after allowing enough time to figure out what they're official, public stance would be. MS sent the threat because they assumed that /. would be good little kids & remove the naughty posts. They assumed that they would immediately comply & that nothing further would be heard of it. Of course /. aren't little kids who can just be randomly threatened & immediately back down. In fact /. is a cocky brat with a big bankroll & he's just looking for a fight. (I mean that in a GOOD way!) MS probably will respond, but they need to confer with the lawyers, & since this happened late in the week, I realistically wouldn't have expected anything by now anyway.

As far as the DDoS, MS probably never will comment. Why should their PR flacks waste their time on such absurd notions. (Even if they did perpetate it, which I personally doubt, as far as they're concerned it remains an absurd notion until there's evidence to the contrary.)

Re:Microsoft Stock Controlled by Small Faction...

Windows scares me. Windows in the Navy scares me even more. Destroyers are fine, but I don't want to step foot on a minesweeper anymore. If it crashes, the Blue Screen of Death has sharks in it.

Re:All Funny Quotes from the same section...

I also liked how at the top of the article, he takes a snipe at NTLM -- words to the effect of "NT LAN Manager, giving you an idea how old that is", then a paragraph later talks about the 20 or so year history of Kerberos. Uhh... I'm not nearly as much of an expert in these matters as a lot of you are, but I thought NT was a product of the 90s -- nevermind that component of it -- and I thought the 90s came after the 80s. So -- what's the point he's making? Old is bad but older is good? I don't get it.

That's one thing, as a semi-tangent, that bothers me about all the sniping about the 'freedom to innovate' nonsense. The marketeers are trying to get people to believe that New Is Good, without realizing that Old Is Proven. High tech stuff moves at a fast pace, yes, but a reliable old standard (like, say, TCP/IP) doesn't really have a shelf life. The fact that MS is adopting this 'old' standard is an implicit acceptance of that fact. Like Bruce Schnier [sp?] writes in his Crypto-gram newsletter, cryptography is damned hard to do by yourself in isolation; it's far better to go with open, tested protocols & standards rather than in-house. Yip all you want about your "innovations", but foisting off the Next Big Thing isn't nearly as useful to the world as coming up with open, tested, and useful tools.

Yet Once Again, Microsoft is moving forward here, but they're doing it on the backs of those that have gone before them. I'd hardly call that innovative behavior.

Never answer email containing legal threats

This is really a side issue to much more important topic, but I've always felt very strongly about this: Sending any kind of legal communication over an insecure medium such as email is intolerable, and there is no reason at all for the receiver to acknowledge its existence. If you send an email, it may or may not arrive on the other end; how can you ever know that it hasn't fallen into the bit bucket? Only if the recipient sends a reply (and even then, you can't be sure if it was really from the recipient).

Moreover, how can you know that an email is really from somebody in someone's legal department? Just because they say so? How many Slashdotter's know how to forge an email so that it looks like it came from a M$ lawyer?

My advice is: Set up your email client so that it does not honor requests for receipts, at least not automatically; and if you receive a legal threat by email, delete it securely, using something like the PGP wipe feature, and forget about it. Of course, you might be tempted to save a copy, but if you're ever asked about that under oath, you'll have to admit you have it and produce it, or risk an obstruction charge. Proceed at your own risk.

(I suppose you are obstructing if you claim never to have received the mail, but if you're really careful about secure deletion, such a charge can never be proved.)

If your antagonists really want to sue you that badly, they'll get around to certified snail mail soon enough. But let 'em sweat it out waiting for a reply and wondering what the hell's taking so long.

To be sure, Slashdot's confrontation with M$ would have proceeded on the dead tree medium sooner or later, and the exchange of paper wouldn't have changed very much about the essential issues. But Roblimo could have bought himself a couple days to cool heads at Slashdot and talk to the lawyers, while the M$ lawyers would have been essentially idle, sitting expectantly in front of their Outlook clients and gradually losing their patience.

Re:What is M$ goal?

Well, that's the conspiricy theory in a nutshell. The fact that Samba team members signed the original posting [slashdot.org] that made it clear they had at least read the EULA makes it that much more plausable,

Like most conspiricy theories, this one gathers seemingly contradictory facts together in a framework that seems to resolve the contradictions. The punchline of this theory is that Microsoft has devised a fiendishly clever plan to legally sabotage one of the leading open source projects in order to ensure the hegemony of Windows. It goes without saying that this coda plays well with the /. community. I endorsed this theory myself in my comment on the original story. [slashdot.org]

Over the past several days I've had a chance to read more about this melodrama and think a bit about what I've read. One thing in particular bothers me about the tidy theory of Microsoft's evil machinations. As a earlier comment in this thread [slashdot.org] points out, Microsoft is not assured of prevailing in any court case that might result from this brouhaha. This would surely have occured to a nameless evil redmondian puppet master smart enough to predict the reaction to the "release" of the Kerberos extensions. What's at stake for Microsoft if it loses a court case over this issue? Control of the Kerberos extensions that the whole conspiricy was supposed to ensure.

On the other hand, the comments of nice Microsoft employee #1 [slashdot.org] and nice Microsoft employee #2 [slashdot.org] ring true with my experience of large organizations. They tend to work at cross-purposes and to speak with more than one voice. Now, I am not a Microsoft lackey, and I personally hope the antitrust case gets fast-tracked to the Supreme Court where every iota of the USDOJ's proposed remedies gets implemented. Nonetheless, I now think something like the following scenario may be closer to the truth:

• Microsoft designs Kerberos extensions both to "embrace and extend" the protocol, and to make it work better in Win2K.
• Microsoft catches heck from the community for designing proprietary extensions to an open protocol
• Well meaning engineers, perhaps supported by PR people, push to publish the extensions.
• Knee-jerk responses from the legal department and upper management result in the stupid "auto-EULA" packaging.
• Nobody technical enough to understand how WinZip works is consulted in designing the packaging. Well meaning engineers aren't volunteering anything.

Both theories are speculative, and ultimatly irrelevant to /.'s position in all this. I add my voice to the encouragement expressed by most to continue fighting Microsoft's heavy-handed attempts at censorship. Partly because of this issue, I donated $150.00 to the EFF. [eff.org] I encourage everyone with the means to click here [eff.org] to join this valuable organization.

"Even if you are on the right track, you'll
get run over if you just sit there." Will Rogers

Copyright *is* a free speech issue

I apologize if this doesn't sound very coherent, as I'm having a bad day.

With strict copyright laws, congress is indirectly legislating censorship of the people. By strengthening copyright, companies are able to use legal means to censor anyone they wish, be it other companies, competitors, or consumers. While congress wasn't actively attempting to legislate censorship, inadvertantly they have, to the advantage of corporations who it can now be argued are agents of the government.

That last statement might seem a little strange, so bear with me. It is in the best interests of the government for its companies to do well, to strengthen the economy and keep it strong. They are essentially employing the companies to remain profitable, which they do by censoring others using copyright laws.

Anyway, I'm not against intellectual property; what I *AM* against is congress' obsession with 'protecting' the rights of corporations regardless of the consequences on people's rights. I don't have a problem with copyright per se, but excessive protection of intellectual property is in my opinion unconstitutional: laws passed for a purpose that is not censorhip, and inadvertantly cause censorhip, *are* unconstitutional. The courts have ruled this way before. Government mandated "ratings" on speech are a form of censorship, and aren't tolerated, so it shouldn't be much of a stretch to say government delegated protections on property that promote censorhip are too unconstitutional.

Re:Stuff that copyright up YOUR ASS

That legalese bullshit is meaningless.

So anything that is distributed for free can automatically be redistributed? This would mean that it would be possible to record a TV show and then rebroadcast it yourself. This would mean that you can copy articles from your local free weekly newspaper and put them on the Internet at will. This would, essentially, be a complete perversion of the copyright system and would encourage people to charge money for things (if they didn't, they wouldn't get copyright protection).

Re:Amazing that Microsoft is STILL trying...

First, we're not dealing with reverse-engineering here. I'm not sure of the legality here, but it certainly should be legal. We're dealing with copying a copyrighted document.

The Kerberos spec includes empty fields for vendor use. Microsoft used one of these fields; they have no obligation to make info on their use of it public. Yes, it's against the spirit of cooperation, but did you honestly think that Microsoft was a believer in cooperation? I don't think that it's a good or smart move by Microsoft, but in comparison it's not all that evil. It's similar to taking BSD-licensed software and releasing a proprietary modified binary of it. Not great, but not satanic.

Anyway, whether or not what Microsoft did is compatible with open-source ideals has nothing to do with reproducing it illegally. If I believe in open source and get my hands on the MS Office source code, I can't distribute the source code openly. Or, conversely, if I believe in closed source, I can't sell binary-only copies of modified GPL software.

Re:Semi-dirty tricks to consider

It's funny that you mention that, since the Wall Street Journal has been as critical of Microsoft recently as it has of the DOJ. The Wall Street Journal doesn't pull any punches when it comes to unfair business practices. What would be their motive, anyway? Mindless corporate ass-kissing certainly doesn't sell any papers. And Microsoft isn't always a poster child for the efficiency of free markets. The WSJ knows this, and seems perfectly fair in their coverage, at least to me.

"When I'm singing a ballad and a pair of underwear lands on my head, I hate that. It really kills the mood."

What is M$ goal?

When I first heard that Microsoft picked a fight with one of the most popular eZines I found it difficult to believe. The timing was odd, to say the least. But I came across two posts; one from The Register, and a slashdot comment then between made it all make sense. This is what The Register said:

"The threat Microsoft perceives isn't from Kerberos itself, but from the progress achieved by the Samba developers. The latest goal for Samba's developers is to replace Windows servers as Primary Domain Controllers capable of serving Windows 2000 clients. Equally, Microsoft wants to make its Windows servers compulsory in a Kerberos environment where Windows 2000 clients are involved, and it sees an opportunity to leverage that client base."

The slashdot comment said that one of original comments singled out by the lawyers could not of possibly violated anything. This is the original comment:

"What happens to the people that implement it (ie. the Samba guys) even if they obtain the information without intentionally breaking the license. Are they exposing themselves to expensive litigation? Are they endangering the project?"

The link between the two comments is Samba. One says Samba is the primary threat. The second ask what effect does all this have on Samba. I don't know, but I would dearly love to find out. My guess is that Microsoft is trying to stop Samba from emulating their version of Kerberos. They already know that it will be reverse engineered - so the question becomes how do you stop it. Simple. Publish the spec and say in your EULA:

"the Specification is provided ... for the sole purpose of reviewing the Specification for security analysis ... Microsoft does not grant you any right to implement this Specification"

Now any attempt at reverse engineering the protocol can be attacked by saying "you did not reverse engineer it - you used our spec which is in the public domain". This would be very difficult (read expensive) to defend. In short it allows them to use the DMCA as a weapon against Samba. Finally, you have to make sure the people at Samba, and indeed any body else who might have plans for reverse engineering it, are aware of what Microsoft has in store for them. This is not a trivial task as Microsoft lawyers don't usually spend their days mingling with free software types. Enter Slashdot. And I think we would all agree Slashdot has done a wonderful job for them so far.

Amazing that Microsoft is STILL trying...

Even after all the hot water the boys in Redmond have been in recently, why do they STILL persist in engaging in various types of manipulation of questionable legality? One would think they would think twice and three times about any moves they would make at this point.

I have to admit, I also wonder about the intelligence involved in putting up confidential material on the Web and then getting their knickers in a twist when it's spilled to the masses. Besides, this is basic 'trade secret' law. If you don't want it on the front page of the Sunday paper, DON'T put it on the Web, encrypted or not! If this was really a 'trade secret' (as opposed to simple 'intellectual property'), then don't they have the responsibility not to hang it out in the wind for all and sundry? Seems to me, they were setting themselves up for this one.

--TC

Copyright may not apply

[The Congress shall have power] To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries; -- United States Constitution, Article I, Section 8.

Think long and hard. Does the Microsoft "extension" to Kerberos merit such coverage?

Does a change to an open, public standard which benefits only its pervertor, merit any protection whatsoever by this clause? If not, does any power which Congress has under the Constitution enable such protection? Do the laws even apply?

I'm not a lawyer, but I'd love to see an answer from one :-)