Media On MS Asking Slashdot To Remove Comments

The mainstream media has followed yesterday's story about Microsoft Asking Slashdot to Remove Comments with several stories. These include one from The Washington Post, Salon, news.com Wired, and Linux Journal. Finally, After Y2k has a comic (important, pecs shown in pixels may be larger than those in real life).

Re:How do Microsoft's employees feel about all thi

We've heard from Slashdot's readers, and we've heard from the press. I want to know how Microsoft's own employees feel about the ongoing Kerberos battle (not just the attack against Slashdot).

Upper management doesn't always reflect my opinions, and legal *absolutely* doesn't. Of course I can speak only for myself, but frankly I don't think your characterization of this Kerberos issue is at all correct.

I know a few people in the Win2k team, but I've never worked there myself. Of course their aim is to become the premier backend server, but honestly they don't think they *have* to fight dirty in order to achieve that. And I agree. Win2k really *is*, in my opinion, a far superior product. Hell, if I didn't think that about most of our products, why would I work here at all?

I know none of you have any trust left when it comes to MS. Sometimes your suspicions are just, but often I find that people's suspicions are based upon a weak foundation of reiterated rumours and second-hand false characterizations. For people who already believe (despite evidence) that NSAKEY is a government plant, that FrontPage Extensions has a "weenies" backdoor (it's actually a bad attempt at encryption), that Win2k has 65000 real bugs, and so on, the slightest hint that MS is up to dirty tricks with Kerberos is enough to convince them.

Personally, when the NT team tells me that their implementation is interoperable with MIT's reference implementation, when they tell me that they have managed to get interoperability in mixed environments, and when they assure me that this was a bad PR move rather than a malicious plot to kill Samba, I believe them. I work on the inside and when I weigh the truthfulness of the people I work with against the eagerness of Slashdot to inflame passions against us, I'm inclined to side with MS.

Now, don't get the impression I always agree with the company. Many times I don't, and I've almost been fired for being a little too rude in expressing my difference of opinion. But in this case, I'm going to side with the people who think the Samba team is paranoid and the slashdot crowd is attacking when it should be pausing for reflection.

Now, as to the legal thing: dumb. Dumb, dumb, dumb. But only because it obviously is terrible PR, not because I think they're wrong. If I could have my way, the proprietary extensions (it wasn't the entire Kerb spec, if you actually read the doc - just the extension struct) would have been published without a legalese watermark and click-thru, but I can't have my way, and the fact is that those comments did infringe MS property rights.

Would you all be happier if MS had never published the extensions at all? Perhaps you would, because then you could reverse engineer without contamination. But while you see this release as a deliberate ploy to kill Samba, I see it as a stupid move by legal, and I, unlike some, am equipped with the capacity to forgive stupid people for their stupidity.

So, basically, my answer is: I don't agree with you. If I did agree, would I be out the door? Maybe. But most likely, I will stay at MS until I am convinced their products are no longer the best. And with our current lineup and the project I am working on, I don't see that happening for a long time.

yours,
-konstant
Yes! We are all individuals! I'm not!

Re:Why pretend this is censorship?

The posts Microsoft is objecting to do not contain any original opinions, thoughts or ideas , but rather a regurgitation of copyrighted material.

Not true. Some of the posts they objected to did contain the verbatim text, and most users had no problem with Slashdot taking down those particular posts.

However, they did not stop there. They also wanted posts that had links to the text. This is a gray area with, to quote Al Gore, "no controlling legal authority".

Plus, Microsoft also wanted Slashdot to delete posts that observed the FACT that if you use pkunzip to unzip the file, you do not see licensing agreement.

The last is definately a Free Speech issue and has nothing to do with copyright protection.

Gotta love the slant on some of these..

Washington Post:

The site is, in no small part, an online clubhouse for Microsoft haters; news items about the firm are accompanied by a small picture of Microsoft Chairman Bill Gates as a Borg, one of the human-machine chimeras from "Star Trek: The Next Generation" who say, "Resistance is futile -- you will be assimilated."

The Washington Post makes me sick with their pro-MS slant to everything, and their tech writers in their business section are -horrible-. Fast forward [washingtonpost.com] is *occasionally* worth reading, but that's it. Thank god they really only run tech stuff once a week..

That got me to thinking this morning as I bought my paper.. wouldn't it be cool to have a print version of what's going on/what had happened in the web the previous day? I would certainly plunk down a quarter to get some slashdot headlines, the register headlines, some article blurbs, security stuff, recent security holes, penny-arcade [penny-arcade.com], sluggy [sluggy.com], and friend bear [friendbear.com] on the comics page, some 20 page editorials by Jon Katz :)..

I find print format a lot more friendly to read for longer periods, and it's nice to have something to read on the metro (not all of us have laptops, and even if I did, the paper is a more efficent way of reading all this I think.)

Re:DDOS?

That's a good question. That seems like the kind of news that would get reported here. I wonder how many story submissions there are that read

Wired reports that popular tech news site Slashdot was hit with a DDOS attack...

Here's the quote from Wired (don't worry, I didn't circumvent any EULA to get it)

"About 400 readers weighed in over the first 30 minutes. Then we got hit by a DDOS," wrote Slashdot founder Rob Malda in email to Wired News.

There's news for ya! Wired scoops Slashdot... with Rob's help...

Hopefully we'll here more about this when Andover's had time to investigate and give us a full story.
- StaticLimit

This is what matters

Slashdot wins.

Even if the case goes to court, Slashdot wins.
Even if the case goes to court and MS wins, Slashdot wins.
Even if the case goes to court and MS wins and gets exclusive IP rights to Kerberos and the Justice Department feels so sorry that it decides not to break them up after all Slashdot... um... breaks even.

Because it's clear that the public is on our side now. These articles are not presenting Microsoft in a favorable light. They are giving a good accounting of open source, explaining what MS did, and citing third-party lawyers who mostly seem to agree with us.

If this becomes a trial situation, what we're going to have isn't a lawsuit against Slashdot, but an honest-to-god test case. And with a test case like this comes public support, angry letters, and the ACLU and their army of mutant squirrels. It would be the best thing we could hope for if one of the first cases prosecuted under DMCA were something well-known and obviously unjust. As long as there's not some kind of backlash in the next few days, I think the long-term outlook is quite lovely.

- Michael Cohn

Can Kerberos tell MS to not use the name?

Here's a thought. Can the Kerberos group sue MS to prevent them from using the Kerberos name? Sun did the same with Java when MS "embraced and extended" Java.

Probably depends on the way Kerberos is licensed.

DDOS?

It was mentioned on Wired that you suffered from a DDOS yesterday - do you have any more information about this yet?

~P

Illegal to produce software to circumvent licence?

As I understand it, MS's reasoning is that under the new law, it's illegal to a) circumvent the licence, b) explain how to circumvent the licence, and c) produce software ('tools') that allow others to circumvent the licence.

Focusing on point (c) for a moment: Does this mean that as soon as this licencing agreement was written, WinZip (and other zip extraction tools that can bypass the licencing acceptance code) suddenly became illegal?

Re:DDOS?

Who says Microsoft cannot Innovate. This was actually a very innovative DDOS attack. All it took was one email to /. that mentioned the DMCA, Copyright violation, Kerberos and Windows. Even more insidiously this email was made to look like it was protecting a trade secret in a manner that would sabotage attempts to embrace extend and extinguish Kerberos, but that would be silly, such a thing would fly in the face of antitrust law.

This email was the direct cause of /. being wired,linuxtoday'd, cnet'd, saloned, washington posted, first posted etc...

The instigators of this vile DDOS attack should be hunted down and prosecuted.

Re:How do Microsoft's employees feel about all thi

Hm. First, thanks for responding. It's good to see a calm, reasoned answer from a Microsoft person in this forum. Hope you've got your asbestos underwear handy :-).

I agree that the post of the text of the extension spec breaks MS's Trade Secret protection, however MS may have already broken it by publishing. And although I think one should be allowed to quote from the spec, I think that I agree that publishing the whole thing is a copyright violation. However, it's short and there may be a case that meaningful commentary requires the context of the whole thing, so I'll leave that one to the lawyers.

However, I think that you have the extensions issue right. I think that the MS engineers that designed it were using a wrongheaded method for extending Win2k security through Kerberos, in their own windows-centric sort of way, without worrying about Samba. But when I look at the whole standards interaction thing, I see that upper management and the lawyers probably did get together and say something like:

"hey, those standards people have a point. This could make it hard to run workstations without a Windows server. Bonus! Score!"

I agree that the legal thing was a dumb PR move, but again, I think you trust your lawyers too much if you imagine they weren't trying to prevent uncontaminated reverse engineering for interoperability. Heck, I don't even work in the private sector, and we often do things with two agendas -- the "if it flies, fine, but if they give us guff we'll spring the fine print on them" sort of thing. Your boss's boss does more than sign timesheets :-).

In short, although I agree that the inital concept was not to kill Samba, I very much doubt that the Samba-killing agenda didn't enter into the process at a higher level, and that Samba-killing might be behind the selection of the particular technological design that made the final cut, even if the engineer that proposed it didn't start there. Me, I'd have picked a more straightforward way to do it (like printing "Microsoft Kerberos Server Required" right on the box), but if I were a MS exec, I'd try to kill Samba too. It's not that they want to kill Samba or Kerberos, it's that they want to do it by sleight of hand, while promoting a false openness, that rankles.

This says it all!

"If I were a Microsoft public relations person, I would probably be sobbing on a desk right now," says (Robin) Miller.

"Microsoft has no comment at this time," said a Microsoft public relations spokesperson.

Doesn't that tickle you pink! Bwaaahahahahahaha!

Coverage on heise.de

The german news service heise.de has also covered the slashdot story in this article [heise.de]. They tell the whole story with a good deal of details, and give also a link to the slashdot discussion. "The somewhat particular interpretation of the term ``Open Source'' by Microsoft lead to a conflict between the software producer and the Open-Source community, in which the freedom of speach collides with the protection of intelectual values." (...) "This is not the first time Microsoft is accused of changings standards this way, in the purpose of silencing other companies and Open-Source programmers, who stick to the actual standard. The way Microsoft deals with the Kerberos standard was also mentioned in an opinion published on April 28th which was one of the foundaments for the goverment to propose the splitting of the company [heise.de]."

Regards,

January

How Microsoft can save face

Now that Microsoft has painted itself into a corner, here's what they can do... release their proprietary Kerberos extensions, and offer them to the standards committee. This way, they can back out of having to sue Slashdot, with all the awkwardness, bad press, and risk that presents, and maybe even earn a few brownie points in the community.

The cost is minimal... they lose a chance to "embrace and extend" a relatively minor technical standard. And the risk is tremendous... if this really does go to court, besides the fact that MS will be painted as jackbooted thugs even by the mainstream press, there is a significant chance that it could lead to a precendent-setting ruling that is not in MS' favor. Simple risk analysis says they should back off.

It'd be nice to see, just once, that Microsoft can learn from its legal mistakes. But more likely, the psychology of paranoia will drive them to even bigger and clumsier mistakes, until the drive to win at all costs destroys Microsoft, as surely as the tragic hero of a Greek drama.


--

Quote on Salon from RobLimo

From the Salon article linked in the story

"If I were a Microsoft public relations person, I would probably be sobbing on a desk right now," says Miller.

But, Microsoft doesn't have public relations people: it has public opinion management people. Microsoft has never had any relation with the public (unless you define "relation" in the same way as used in this example: "The larger of the two prisoners had relations with the smaller").

Re:How do Microsoft's employees feel about all thi

Konstant, thanks for taking part in the discussion. I have a few
questions that you might be able to answer about the Kerberos
extension.

Did folk at Microsoft talk about how they thought the Kerberos
extensions would be received in either the security/academic
community, or in the developer community? One of Bruce Schneier's
points about the Kerberos extensions is that a changed security
protocol simply doesn't inherit the trust of its parent. Trying to
keep the protocol secret had the predictable-from-the-outside
consequence of losing the already thin trust of the security
community. Did anyone talk about this in Microsoft?

What you say about the internal culture at Microsoft strikes me as
fair and true. I have several colleagues who work at various MS
research labs, and all of them have been very flattering about the
high quality of staff at MS. However a darker side emerges about the
arrogance of the MS world: the long list of protocols broken by MS
owes more to developers within MS simply not being interested in
finding out how things were done by developers outside MS than to
deliberate attempts to undermine standards (though that too has
indubitably happened). Is this unfair? If it is, I think it is quite
appalling.

Mirrors?

I tried to go to this "slashdot.org" place that all these news sites mention this morning, but it's totally slashdoted. Does anybody have a mirror?
--

How do Microsoft's employees feel about all this?

We've heard from Slashdot's readers, and we've heard from the press. I want to know how Microsoft's own employees feel about the ongoing Kerberos battle (not just the attack against Slashdot).

Employees of Microsoft, does your company's upper management and legal department speak for YOU? Microsoft is effectively declaring war against open engineering standards and the progress that open standards foster, an openness enjoyed by all other engineering disciplines. How do YOU feel about that?

So, post anonymously if you feel you must, but post and tell us YOUR position! Or are you all to stricken by Redmonditis and your own FUD tactics to let the world know how you feel?

If the brass at Microsoft does not speak for you, let yourself be heard. If you (and all of us) are lucky, the Microsoft "spies" that allegedly lurk on Slashdot might see how their employees feel. And maybe, just maybe, Gates and the rest will hop on board the cluetrain next time it stops in Redmond.

Re:Why not fight Fire with Fire? - Final Solution(

I would like to propose an ammendment to that. Courts might frown on totally exclusionary clauses but Slashdot could sell -licences- to sue, thus making it non-exclusionary, and providing an extra source of income. Slashdot could then patent the process of suing without a licence. Anyone who sued them (without a licence) would then be in violation of the EULA and the patent. And anyone who -did- have a licence will have paid enough to cover costs, any penalties, pay for the period, and a luxury cruiser.

Instead of breaking up Microsoft....

To quote Ayn Rand [aynrand.org],

"Monopolies cannot come to exist without the assistance of government".

I think, in this case, it relates to absurdly overbearing patent and copyright protection.

Instead of breaking it up into smaller versions of itself that may each continue to act like the parent, why not take away the weapon that allowed them to get into the dominant position?

As punishment for being found guilty of unfair monopolistic business practices, the US government should permanently invalidate all copyrights and patents held by Microsoft.

How to shut MS up and still kick their backside

1) Trade secret status on their info is now lost, due to the very public release of the info on the 'net. Whether you consider the 'public' status of their own release, or the contract-breaking release of the information by others, either way the information is hardly a secret anymore.

2) Distributing copies of (c) material without the cp-holder's consent is illegal. This gives MS a reason to write to /. and demand the removal of the messages, links, etc.

Put 2 and 2 together ... you can get around the copyright problem quite legally in ANY case of information distribution by simply LEARNING from the original work, and rewriting your own work! If someone studies the Kerberos file that is now publically available, and then writes up what they have learned IN THEIR OWN WORDS, MS has no control over that writeup.

So for anyone out there with technical knowledge on the subject, and more time than I have, make such a writeup and post a link to it here. Lets see MS try to put a stop to that!

If you put your name on it though, you'd better make sure that there's no way you can get caught on having 'agreed' to some trade secret contract though. Maybe release it anon just to be safe, or at least have proof that you read the MS document from a publically available source WITHOUT agreeing to a trade secret contract. I know it's been mentioned that there is legal precident that this CAN'T be a trade secret anymore, but better safe than sorry I always say.

Oh, and IANAL, and my apologies if someone's posted this idea already. I don't have time to read everything, but I just had to get this idea out.

You know what to do with the HELLO.

Re:Except the cost isn't minimal

Unfortunately, you're right. The only purpose of the proprietary extension to Kerberos is to hide important authentication functionality, in order to keep Free software from fully interoperating - more to the point, to keep Samba from being able to act as a Primary Domain Controller for W2K.

But at some point, they still need to do risk analysis... is the risk of having key parts of the DMCA thrown out for First Amendment violations worth the benefit of keeping Samba from being a domain controller?

--

Re:How to shut MS up and still kick their backside

2) Distributing copies of (c) material without the cp-holder's consent is illegal. This gives MS a reason to write to /. and demand the removal of the messages, links, etc.

Not necessarily. Quoting a section of something for the purposes of review and criticism is fair use. The posting on Slashdot probably falls into that category; it's a commentary, and definitely a criticism, of a small section of Microsoft's version of Kerberos, which itself is a derived work of an MIT product.

Why not fight Fire with Fire? - Final Solution(tm)

(I just posted this on the old discussion [slashdot.org]) :

Why not fight M$ with their own methods?..

I propose that from now on (using a click-through agreement of course) slashdot readers/posters must agree not to persecute slashdot in any court american or non american and that no material posted on slashdot is allowed to be used in any legal way to fight slashdot, it's owners, it's readers, it's posters, their friends, pets and whatever.

It's partly a joke, but so is M$'s EULA. So please give it a thought...

Thank you.
//Frisco
--
"At the end of the journey, all men think that their youth was Arcadia..." -Goethe

gee..

I wonder who [min.net] could be behind the DDoS..

First Haiku!

Censorship is like
hitting Jello with hammer
Can't Microsoft see?


--

I wonder...

Was MS expecting for the mainstream media to pick up this story? Were they expecting this kind of reaction - or did they think that the editors at /. would automatically comply with their demands?

Now, in light of the increasing attention to this story, I wonder what MS's next statement on the issue will be. The more attention it gets, the harder it will be for them to back down - but it will also be all the more necessary for them to do so. This situation can only hurt their current status with the DOJ - especially now that they are in the remedy stage. You just have to know that the judge is watching stuff like this closely.

What I am really waiting for is a reaction out of groups like the ACLU - have they contacted anyone, or are there any indications that they are going to make a support statement for /.? They are the most vocal about protecting the First Amendment - especially in David & Goliath situations like this one.

Re:DDOS?

Here is the link to the Wired article.

http://www.wired.com/news/b usiness/0,1367,36313,00.html [wired.com]

NOT OT:How to prevent a potential viral infection

We all know well how problematic the problem of viruses is under Windows.

Well, generally these aren't technically Viruses but Worms; they need that the user execute the viruses to reproduce themselves.

A potential way of being infected is if somebody sends you an autoextractable file. The problem is that the code executed to autoextract the files can be anything, including a virus.

To avoid taking the risk to execute a virus when opening this kind of files you should ALWAYS use an extraction software (like WinZip www.winzip.com or WinRar). The steps to do so are:

1. Install the software (refer yourself to your software's installation procedure).

2. With most such softwaree, to use them without launching the possibly infected code you can click on the right button of your mouse when the aforementioned device is positioned over the autoextractible file.

3. Select the "extract in folder XXXXX" option, or the similar option depending on your software, XXXXX generally being the name of the file you want to uncompress.

4. The files should now be uncompressed in the XXXXX directory.

Remember, DO NOT OPEN YOUR FILES WITHOUT SUCH A TRUSTED SOFTWARE, THEY MAY CONTAIN NASTY VIRUSES THAT COULD ERASE YOUR DATA.

I hope that no company is against free speech to the point of wanting to censor people trying to help others to protect themselves from that company errors.

Importance of trademark in free software

Excellent point, and it shows the importance of trademark and certification mark in free software. While there's a strong argument to distributing spec and code in free software, there's an equally strong argument to retaining and reserving the rights to the trade name of the product being released.

One of the better ways to do this is to provide a regression test for the software in question, requiring it to meet the test. Microsoft, in this world, would be free to embrace and extend all it wanted, and would have free access to the source to do this. However, unless they met the terms for the trade name usage, they would have to call the product by some other name -- defeating the whole marketroid check-off item school of product promotion.

Many free software firms and propenents don't yet see the importance of this. Sun Microsystems in particular has just plain got it wrong in attempting to enforce compliance through code regulation rather than certification marks and compliance/compatibility testing. Very frustrating, as I've worked with some of the folks involved in the SCSL concept. IMO most of the issues Sun has seen in licensing Java would be non-starters had they used an alternative approach. As things stand, they're fighting with Microsoft for the standard, while IBM emerges as the market leader in workable Java implementations.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin [kuro5hin.org]

Don't forget the others

There's The Register [theregister.co.uk] too, and also Zdne t [zdnet.com]. Any publicity is good publicity, right?

Once it's on the internet...

I'm sure that a zillion other folks will post this, but I found this particular tidbit rather interesting:

While lawyers say Microsoft may be able to get the material removed, it may well have lost the valuable protections it sought by claiming the Kerberos code as a trade secret.

Graham & James' Lemieux noted a mid-1990s case involving the Church of Scientology, in which a federal judge held that once information is on the Internet, it cannot be a trade secret.

Maybe there's some ammo for the DeCSS battle there?

Only through hard work and perseverence can one truly suffer.