[HN Gopher] Microsoft forked MIT licensed repo and changed the c... ___________________________________________________________________ Microsoft forked MIT licensed repo and changed the copyright [fixed] Author : mkdirp Score : 1186 points Date : 2021-12-25 14:12 UTC (8 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | throwaway984393 wrote: | It seems people are outraged because they don't like it, but they | don't seem to be talking about whether it's actually legal. | | IANAL, but the MIT license specifically does not say you have to | redistribute with the same copyright owner notice. It says the | copyright notice and terms must remain, and that you can | sublicense it. It doesn't say you can't change the copyright | notice. | [deleted] | osolo wrote: | The attitude in these threads always boggles my mind. When YOU, | your teammates or someone else you know makes a mistake, then | it's just a mistake. But when someone at Microsoft makes a | mistake it's because Microsoft is evil and by extension so is the | person who offended. | | "It's a big company", you say. They should have a process! And | I'm sad to say, they do/will have a process exactly because of | this attitude. Then, everyone wonders why it takes forever to fix | that bug they're furious about or why features are slow to come. | | Full disclosure: I work for MS, though have nothing to do with | this. It's a huge company. I know hundreds of people and most of | them are upstanding and try to do the right thing. | fxtentacle wrote: | In my opinion, this gets a strong reaction because: | | 1. They made similar mistakes in the past. | | 2. They didn't fix it for half a year. | | 3. They can expect strong financial benefits from making these | mistakes. | | 4. They've recently burned a lot of goodwill by deliberately | infringing licenses on a large scale when they trained Copilot. | | 5. They could have easily prevented this kind of mistakes. | | My summary would be that Microsoft deserves to be punished for | making this mistake. If nothing bad happens now, then we'll | have the same discussion again in half a year from now. | tptacek wrote: | What financial benefits do they stand to gain by changing the | name on an MIT license? | fxtentacle wrote: | In some cases, they changed other licenses to MIT. That | would then allow them to train their AI models on this | source code, or redistribute a closed-source monetized GPL | rip-off. | | Team A) makes a mistake and changes the license. Team B) | uses the fork under its new license and forgets to check | the original branch's license. | | Two honest mistakes leading to a de-GPL-ed library. | tptacek wrote: | Here, they're changed the name on an MIT license. What | financial benefit do they stand to accrue from doing so? | That's the question I'm asking. | fxtentacle wrote: | I was talking not only about this specific instance of it | happening, but Microsoft had similar mistakes throughout | the past 6 months. Here's the one from CUPS, a Linux | printing library: | | https://github.com/microsoft/cups/commit/ad69bcc78bdea3fe | a3f... | | It used to be Apache License, then it became "MIT License | (c) Microsoft Corporation". Thanks to the attention that | this thread got, it has now been fixed: | | https://github.com/microsoft/cups/commit/3859d70160010c61 | fd7... | | But that source code was online with the wrong license | for more than 6 months. Imagine if you had hosted Windows | source code with a misattributed MIT license for 6 | months... They would also bring out the pitchforks ;) Or | even worse: well-paid lawyers. | tptacek wrote: | I asked what Microsoft had to gain from altering an MIT | license. You're answering a different question. But, | fine, I'll bite: tell me how Microsoft stood to make a | nickel by modifying an Apache license. | chris_wot wrote: | Um, it changes the ownership? If they wanted to relicense | it, then they could say "well, hey, it's our license!". | tptacek wrote: | The MIT license puts essentially no restrictions on them | that they would need to relicense out from under. They | can't un-MIT it. So I'm still not clear on how you | propose for them to make money by doing this. Do you have | an answer to my question? | chris_wot wrote: | If they can change the copyright ownership from an | individual to themselves, then they could (however | unlikely) change the license on subsequent revisions to | no longer provide the software free of charge, and could | prevent anyone from using the software and associated | documentation files in an unrestricted form. | mlyle wrote: | > then they could (however unlikely) change the license | on subsequent revisions to no longer provide the software | free of charge, | | You don't need to change the "ownership" to do this. MIT | licensed software can be put under more restrictive | licenses for subsequent revisions by _anyone_. | m3047 wrote: | I think the OP is playing 20 questions for their own | entertainment. I think what they're not telling you is | that there's nothing to prevent someone from making a | closed-source product incorporating something which is | MIT licensed (but they're still supposed to give credit | where due). That's also not the whole story. Squirrel! | tptacek wrote: | If they don't know the answer to the question I actually | asked, all they have to do is not answer it. I object to | the notion that I'm the one playing games here. | m3047 wrote: | They're asserting ownership. By asserting ownership they're | converting good will and assuming the mantle of authority, | which will sway plenty of weak-minded people: hey it's | Microsoft. | tptacek wrote: | I see how that gets them a C-grade Mastodon lyric, but | not how it gets them a nickel. Did I ask this question in | a particularly weird way? The responses it's getting are | a little confusing. | fault1 wrote: | also, never forget CP/M: https://www.wired.com/2012/08/ms- | dos-examined-for-thef/ | junon wrote: | The difference is, most engineers I know respect and understand | licenses. If you work at Microsoft - a software company - you | should too. | nomel wrote: | Respecting a license is completely orthogonal to the | unintended behavior of an automation used on something it | wasn't really meant for (fork rather than a new repo) | drnonsense42 wrote: | Yeah, get that promotion! Developers, developers, developers! | hdjjhhvvhga wrote: | I think your comments does not add anything meaningful to | discussion. Yes, Microsoft screwed up. Yes, a Microsoft | employee is trying to make excuses for them. This does not | mean we couldn't have a civilized discussion, though. | [deleted] | hackertux wrote: | All discussions are civilized until you start throwing | stones at each other. | dang wrote: | Posting like this will get you banned here, so please don't. | It's not what this site is for, and it destroys what it is | for. | | https://news.ycombinator.com/newsguidelines.html | [deleted] | akkartik wrote: | It's a bug, but it's also an example of what I think of as | _differential accountability_ : | | * Bugs in the bot inevitably assign ownership to the writer | rather than from the writer. | | * Bugs in the billing system invariably overcharge customers | | * Bugs in the image recognition system invariably select white | people. | | Well-meaning people still follow their incentives. Corners have | to get cut somewhere. | | I totally agree this isn't specific to MS. We have seen the | enemy, and it is us. | m3047 wrote: | I believe "moral hazard" is the term of art for what you | describe. | akkartik wrote: | Approximately. Moral hazard typically refers to sins of | commission. Deliberately taking on more risk because you're | insured. Here I'm thinking more of sins of omission. You | just forgot to do something. You didn't have enough | attention to devote to the task, so you rationally | apportioned the attention budget to the areas most likely | to be checked by others. | micimize wrote: | This isn't true - the only billing system bug I've seen | undercharged. Also if it was an overcharge, they would have | made customer whole, whereas they wrote off the undercharge. | | Microsoft doesn't really gain anything here - there's a clear | "forked from" qualifier in the repo, they aren't republishing | these packages, etc. The only people who noticed noticed in a | negative light. | akkartik wrote: | To reiterate, I'm not saying there's malicious intent in | any single bug. Yes, billing errors don't lead to more | revenue for the firm. I'm describing rather a systemic bias | in incentives for the people doing the work (programmers) | and supervising the work (managers). | aynyc wrote: | There are genuine mistakes, and there are some due to | incompetency. Both can be somewhat execused. | | However, if you look at the changelog, I don't know how you are | gonna say with a straight face that it's a "mistake". | laumars wrote: | This isn't just one person making a silly mistake. This is a | catalogue of failings. Where's the peer review? Are you | suggesting that anything published in the main branch on | Microsoft's GH org gets commit without any branch protection? | And as pointed out by others, this isn't even an isolated case. | | A healthy org doesn't blame individuals, it blames failures in | process. Thus Microsoft should own this mistake. Stating it's | the fault of an individual sounds more like your team operates | a blame culture. Which, frankly, is a major red flag for a | failing organisation. | res0nat0r wrote: | It's an automated bot, and it's an edge case that wasn't | considered and is going to get fixed soon. | laumars wrote: | I'm satisfied that the situation has been, or at least will | be, resolved.m however there is still the unanswered | question of who audits the changes the bot makes. | | There is a definitely lesson to be learnt here that bots | aren't infallible themselves and thus need reviewing too. | Automation undoubtedly enhances our developer experience | but we do need to ensure that automation doesn't make | unchecked changes. This is something a great many engineers | can learn from too. | timeon wrote: | Is forking on Github edge case? | res0nat0r wrote: | Apparently forking a 3rd party repo INTO the Microsoft | github org is, yes. | [deleted] | blihp wrote: | Microsoft is a rather special case of a company that has | virtually no goodwill in the open source world. These are the | dividends that result from statements and actions over decades. | So when something like this occurs, the default reaction is | often 'of course... it is Microsoft after all'. | faangiq wrote: | MS and other bigcos have a history of being evil. It's the | correct assumption. | bakul wrote: | How is running a bot to change _copyright notices_ a | /mistake/? | | > Full disclosure: I work for MS | | It is difficult to see the reality distortion field you are in | from the inside. | dado3212 wrote: | when $new_repo in $msft_github: echo $standard_license > | LICENSE.md | | Could just be normal practices, and doesn't check if a | license already exists because it's usually handling non- | forked OSS repos. What's the phrase? "Never ascribe to malice | that which is adequately explained by incompetence". | michaelmrose wrote: | When someone is a professional paid 150-200k it's hard to | argue that they just forgot to check to see if a license | exists. | dado3212 wrote: | I don't know why people assume the more money you make | the more infallible you are. Trust me that every FAANG | engineer has written code with some similar pitfall that | seems so obvious from the outside. | dangrossman wrote: | They forgot that a bot may overwrite the license when | they fork a repo. That's different from forgetting to | check if a license exists. | dang wrote: | This breaks several of the HN guidelines and crosses into | personal attack. We ban accounts that post like that, so | please don't. | | https://news.ycombinator.com/newsguidelines.html | yawnxyz wrote: | I used to work for MS and... it's still easy to see it from | the inside lol | newjersey wrote: | I don't work at Microsoft but I can confirm. There are so | many "suggestions" for Microsoft Teams. I don't know if | there exists another company whose employees are more | critical of Microsoft Teams than Microsoft. | | My personal conspiracy theory is Teams would have died long | ago if not for strong support from the top. | tyrrvk wrote: | Teams is garbage, every time I use it I loathe computing | in general. | fault1 wrote: | teams seems important strategically for microsoft | however, if it truly wants to remain as the standard | 'operating system' for enterprises. | | but yeah, friends of mine who work at github say the | worst thing about the acquisition was Teams | hirsin wrote: | Which is odd because Github doesn't use Teams, they're | Slack based. As in, if I set up a meeting with my Github | counterparts they're late because they had to install | Teams. | jounker wrote: | How is this inconsistent with "Teams is awful, and we | avoid it as much as possible"? | bananamerica wrote: | It is reasonable to have different expectations from large | corporations with enormous resources than you would have for an | independent developer. | windexh8er wrote: | Microsoft, a collective group of people trying to do the right | thing, has made many choices over their time. Many of those | choices have been in direct violation of things like, but not | limited to, the spirit of the Internet, anti-competiton, spying | on their customers, and many other negative things. Should we | have let those things slide because Microsoft employs others | that weren't involved? No. You can say this may have been a | mistake but that is a slippery slope. Microsoft deserves | negative press on "mistakes" because this acts as a balance to | keep the power they wield in check. Beyond that you have a | significant bias against biting the hand that feeds. | micromacrofoot wrote: | if I did this to microsoft do you think I'd be granted the same | leeway? could I tell them they need to cut me some slack | because i'm one person and "there's a process"? | throwaway277432 wrote: | This _is_ their process. Very hard to argue these are all | mistakes: | | ippsample (Apache -> MIT) | https://github.com/microsoft/ippsample/commit/938bff17c72868... | | huggingface-transformers (Apache -> MIT): | https://github.com/microsoft/huggingface-transformers/commit... | | health-cards-tests (MIT changed) | https://github.com/microsoft/health-cards-tests/commit/5649b... | | CUPS (Apache -> MIT) | https://github.com/microsoft/cups/commit/ad69bcc78bdea3fea3f... | | Credit to this reddit comment: | https://www.reddit.com/r/opensource/comments/roa9xz/comment/... | verst wrote: | This is a bot that is supposed to configure the right license | when employees _start_ a new repo in the Microsoft GitHub | org. | | It seems the automation is also triggered when Repos are | forked into the Microsoft GitHub org which isn't correct | behavior. | | This isn't a deliberate action. If it were plenty of | employees (myself included) would be outraged. I assume it's | a bug in the bot - an edge case that was not considered. It | is very rare to fork something into the Microsoft GitHub org | after all. | | I'll pass it along to some people I know. | [deleted] | micimize wrote: | These forks may be done for security purposes for projects | that use source-based build systems so that the depending | project doesn't have 3rd party repo dependencies. | | As someone whose developed similar GH integrations, getting | things right with their API is fairly tricky. What would | actually be desirable is public-to-private forks so that | the fork-dependency pattern is more enterprise friendly and | this kind of confusion is mitigated. | [deleted] | tbrock wrote: | Why would anyone write that so it changes the license to | the right one instead of just flagging it as incorrect for | review? | chris_wot wrote: | Have you considered that the reason for the outrage is | because people don't actually trust Microsoft to do the | right thing? I can see this is a mistake, but surely the | litany of awful business practices by Microsoft in the past | precedes it? | verst wrote: | I didn't say anything about the outrage of others. I said | a deliberate license change would be unacceptable to | employees. | | I'm no official representative of Microsoft... | rStar wrote: | chris_wot wrote: | Sorry, I didn't mean to imply you were. But no offense, | so what if it isn't acceptable to employees? The | decisions by Microsoft are made by the management of the | company. As an example of another company with severe | credibility problems, I'm sure there are plenty of | employees at Facebook who don't like working there now, | but they are still there. And still implementing the | policies and directions of management. | throwaway277432 wrote: | Thank you. So these are in fact all mistakes. | | I looked at some of the other forked repos (95 out of 4.5K | repos) and all the human commits from MS I saw seem to care | about getting the licenses right. So it really is just a | broken bot. | | I hope the bot can be fixed soon and I'm going to put my | figurative pitchfork down now. | verst wrote: | I'll consider it an unusual bug report. | | Hopefully the bot can be fixed soon and the affected | licenses changed back. | | Realistically I'm not sure folks are working over the | holidays, so give it a bit of time :) | ognarb wrote: | Look at https://github.com/microsoft/cups/commit/8100595a | 3a3a6d5c7d0... . This was done by an human. | mst wrote: | As noted elsewhere in this thread this one looks like | human misunderstanding and has already been raised | internally for fixage. | | Shame it slipped through the cracks, but at scale | eventually something's going to no matter how hard you | try. | btdmaster wrote: | Are they deliberately getting their modifications under | an pseudo-incompatible* license? This is the only | reasonable explanation I can think of. | | * IANAL. Although Apache 2.0 and MIT are compatible, | using a different license makes it awkward for changes to | be merged upstream. | ognarb wrote: | The biggest change between Apache 2.0 and MIT are related | to patents. INAL but the Apache 2.0 is a lot more safe in | this aspect. | lazysheepherd wrote: | Things break all the time, so errors will happen. | | If you look at life as good & evil, you won't solve any | conflicts. You should rather focus on "incentives". | Correcting bugs and errors take time and other resources, | therefore require incentive to prioritize. If their bots | were to stamp Microsoft projects with open source | licenses, there would be huge incentive for them to | tackle this problem within this sprint, and make sure it | never happens again. | | This bug profits them, or does not harm them at worst | case. Therefore, by drawing attention and applying | pressure, we should create the incentive for them to | allocate resources to fix it, and make sure it does not | repeat. | verst wrote: | I reached out to Jeff Wilcox who runs the Open Source | Programs Office now earlier (see Tweet https://twitter.co | m/berndverst/status/1474789173882089472?s=...). | | He since commented on this post with a lot more detail. | throwaway277432 wrote: | He wrote a great response. Not many people I know would | stand in front of a online mob and say "It's code that I | wrote". And then fix it on Christmas! | | While I'm glad this got resolved so quickly, I'm slightly | ashamed of myself and the HN community for how we handled | this. In hindsight the outrage was wildly out of | proportion for a simple bug. | | I'll make a mental note to do better in 2022. | tptacek wrote: | Thanks for saying this. | michaelmrose wrote: | How can someone be so bad at their job that they realize | that a bot that writes to the license file needs to avoid | overwriting an existing file? A certain degree of | malfeasance cannot possibly be explained as incompetence. | wiredone wrote: | This is the type of online rage that we as a community | need to stamp out. | | Be better. | dang wrote: | I agree with you in principle but "stamp out" and "be | better" are phrases that produce the opposite of what | you're aiming at. We're trying to avoid the online | callout/shaming culture here. | | https://hn.algolia.com/?sort=byDate&type=comment&dateRang | e=a... | dang wrote: | Please don't pile on like this. You can make your | substantive points without "how can someone be so bad at | their job" hyperbole. Any mistake can be made to look | terrible if you're uncharitable enough. | | https://news.ycombinator.com/newsguidelines.html | jolux wrote: | > A certain degree of malfeasance cannot possibly be | explained as incompetence. | | This is a missing conditional check, a mistake that is | extremely easy to make and one I'm sure you've made at | least once if you've been a professional programmer for | any significant length of time. | [deleted] | csunbird wrote: | or maybe they do not know/they missed that creating a | fork from an existing project actually triggers "new repo | created" event in the github organization, which has an | unintended effect. | michaelmrose wrote: | A year later? | akyoan wrote: | Shh people don't like to be wrong, don't waste your | fingertips. | [deleted] | phendrenad2 wrote: | Wrong. The more links, the easier it is to argue that it's a | mistake. Automation is hard, you know? Especially if no one | noticed these and called them out on it until now. | fivea wrote: | > Wrong. The more links, the easier it is to argue that | it's a mistake. Automation is hard, you know? | | Is it wrong though? I mean, if Microsoft's reiterated | pattern of license switches is automated, wouldn't this | also mean that the error would be easily detected based on | public feedback alone? And given this was not the first or | second or third separate and independent occurrence of this | pattern, if this was a honest mistake then wouldn't this | already be addressed in any of the multiple past shout-out? | nomel wrote: | > wouldn't this also mean that the error would be easily | detected based on public feedback alone | | Please see the entire public feedback you're a part of | right now. | throwaway277432 wrote: | (deleted) | Tyriar wrote: | MS acquired that extension, Don works at MS now. | throwaway277432 wrote: | You're right. Saw the reviewer on that PR but you were | too quick and I couldn't delete my comment anymore. | Tyriar wrote: | MS dev here. Thanks for calling this out. I contacted the | GH@MS admins to look into this and to consider adding some | safeguards to the tooling so this doesn't happen in the | future. | michaelmrose wrote: | How is it remotely possible to not understand you cannot | automatically overwrite a license file with your own. If | you yourself were creating such automation wouldn't that be | one of the first and most obvious things you would think | of? | mlyle wrote: | If you think of the use case of forks, sure. | | If you think of employees creating new repos in the | org--- smash the correct LICENSE in there ASAP. | | The problem is that forking a different repo into the org | triggers the logic of a "new repository". | wise_young_man wrote: | A simple solution prior to writing to a file in this case | is to check if it already exists. It shouldn't matter | what triggers this bot if it's programmed safe and | idempotent. | mlyle wrote: | Nuking the existing LICENSE file and replacing with the | canonical one is a good move when it's your own | developers' work. | dpark wrote: | So your simple solution is to not have the bug. Wish I'd | thought of this for all the bugs I've ever shipped. | | Disclosure: Microsoft employee who sometimes writes bugs. | dpark wrote: | Do you never write code with bugs or do your employers | just judge you much less harshly than you judge others? | | > _If you yourself were creating such automation wouldn | 't that be one of the first and most obvious things you | would think of?_ | | Probably not, because it sounds like this was not | intended to ever run on forked repos at all. | ordiel wrote: | And so ther revert the ones done in the past I hope... | rStar wrote: | [deleted] | [deleted] | lostsoul8282 wrote: | I highly agree with this. | | Everytime I've taken the route that there is some evil, no good | as come out of it but when you give a group of people the | benifit of the doubt, I would argue the majority of the time | it's just a mistake. | DarkmSparks wrote: | productceo wrote: | +1 | | This is the peril of the imaginary "corporation" identity. | People expect a company to be one coherent and consistent | entity, but although a company can be managed well, establish | culture and processes, and progress towards cohesion, it can | never become as coherent as one person. And a person is not | that coherent in the first place. | | I am sure I subconsciously make the same mistake when I think | about other companies. But I am making conscious effort to get | better, take a more forgiving view on the humankind and give | people as well as corporations chance to try again and be a | better version of themselves, build the mental capability to | remember that corporations are comprised of real people, and | people make mistakes, and reasonable people who make up the | majority of the population are constantly seeking (just | struggling) to be better versions of themselves. | halayli wrote: | I am finding it hard to accept that it is an honest mistake. | | From my personal experience, every software engineer that works | in a company of this scale is obligated to take a training | course on software licensing and understand the differences, | and the "dos and don'ts". | | If Microsoft doesn't have such a program in place then that's a | big problem and should expect harsh criticisms when such events | take place and if they do then it probably needs to be revised | because it doesn't seem adequate. | | On the other hand, outside the context of MS, if a software | engineer doesn't feel they are doing something dirty as they | are replacing the license or the thought of I might get in | trouble with legal doing that doesn't cross their mind, then | they probably shouldn't be allowed to be at the front line | taking actions that represents the company's name. | curious_cat_163 wrote: | There is not an attitude for the whole thread. Understandably | you feel defensive but there is no need to. | | If you care about this issue, try to get it fixed within your | company and move on. | johncena33 wrote: | You should see how HN would react if Google has done anything | remotely close to it. If it was Google your comment would be | downvoted to oblivion instead of being the top comment. Not to | mention you'd be disparaged for protecting your employer. | victorvscn wrote: | I feel like the only people with an attitude against Microsoft | these days are teenagers trying to look edgy and critical | thinking or pretending they are insiders. | | I don't work for Microsoft. | [deleted] | hatware wrote: | The road to hell is paved with good intentions. | johnisgood wrote: | > I know hundreds of people and most of them are upstanding and | try to do the right thing. | | How can you work for Microsoft AND do the "right" thing? I | guess it depends on your role, but still... | indymike wrote: | Microsoft has lawyers and more layers of management than | grandma's lasagna. | MrStonedOne wrote: | skywhopper wrote: | Folks who work at mega corporations with outrageous amounts of | power have a correspondingly large responsibility to the | communities they interact with. Their mistakes have a much | larger impact. Honest mistakes by hugely powerful entities are | not mere trivia. They have an effect on the rest of the world | commensurate with their power. Thus they should be held to a | much higher standard than everyone else. | jrmg wrote: | _But when someone at Microsoft makes a mistake..._ | | For many it's not just Microsoft. Many assume negative intent | from others most of the time. It much be such a frustrating, | draining way to live. | michaelmrose wrote: | Few people are likely to know <insert employee here> but many | people are very familiar with decades of bad behavior | undertaken by Microsoft not as isolated misdeeds but as a | matter of policy. Lacking personal context misdeeds or mistakes | are extremely apt to be interpreted in context of literal | decades of bad behavior by Microsoft. | | I mean come on the seismic change in leadership at Microsoft is | just former lower echelon leaders during the time frame that MS | was doing wrong now moving up and taking the helm. | | We are after all talking about the company that tried to | destroy the competition by funneling money into a fraudulent | lawsuit/pr campaign that was a front for a pump and dump. The | only thing separating MS leadership and felony charges is | meeting notes between them and SCO and the fact that important | people don't go prison in the US if can at all be avoided. Lest | we forget the current CEO was at this time an executive VP as | well. | | Maybe it boggles your mind merely because you yourself are an | ethical person who comports themselves properly professionally | and would want people to see your efforts good and bad in | context of who you are. This is entirely reasonable but people | don't know you personally whereas your company makes headlines | for bad behavior. | dpweb wrote: | You have to take "companies doing good" always with a grain of | salt. They're profit seeking companies, who act aggressively in | their own interests. | | It doesn't have to be a debate on "good vs evil" I've always | hated those terms applied in these contexts, it's childish and | for the naive. Fix the problem and move on. | michaelmrose wrote: | A company is merely a useful legal and organizational | fiction. It's all people all the way down and those people | don't act in a different moral context when they act on | behalf of a company. | gausswho wrote: | 'Profit-seeking companies' begs a common pejorative that | actively reduces the variety in the pool of companies. It may | not be descriptive of the companies for which this is not an | overarching motivation. Many of them really want to make a | happy customer by crafting as good a thing possible for the | price they charge, and be well by their employees. | | That said, I can relate the the cynicism especially for the | giants. But painting them all as 'profit-seeking | corporations' may deaden a satisfaction that comes from being | a customer for a company you believe is good. | [deleted] | beervirus wrote: | Y'all are not entitled to the benefit of the doubt any more | than obviously-evil companies like Facebook are. | dang wrote: | We've banned this account for repeatedly breaking the site | guidelines and ignoring our requests to stop (most recently | https://news.ycombinator.com/item?id=29501677). | | If you don't want to be banned, you're welcome to email | hn@ycombinator.com and give us reason to believe that you'll | follow the rules in the future. They're here: | https://news.ycombinator.com/newsguidelines.html. | | We particularly don't want the online callout/shaming culture | here. nhttps://hn.algolia.com/?sort=byDate&type=comment&dateR | ange=a... | voakbasda wrote: | For those of us that remember the "old" Microsoft, they are | _still_ obviously evil. Nothing they have done will change | that view. Incidents like this prove that this zebra cannot | change its stripes. | | Never. Trust. Microsoft. | beervirus wrote: | I mean yeah. But for a few years there, they were at least | not as obviously horrible as they used to be, or as some | other companies were. | __MatrixMan__ wrote: | If you had a history of behaving as badly as Microsoft, I'd be | as harsh on you as I am on Microsoft. | caslon wrote: | [deleted] | 3np wrote: | Along similar lines as my comment here: | https://news.ycombinator.com/item?id=29684127 | | ...Given that several engineers employed at Microsoft have been | part of armchairing this along everyone else now, why is not | one of y'all (not necessarily you but come on, this is getting | absurd, holidays aside) still just busy discussing around it | rather than spending the <5 minutes required per repo to start | actually fixing the fallout of it? | [deleted] | [deleted] | kyruzic wrote: | It literally shouldn't be possible for them to do this. This is | theft plain and simple. Why would anyone manually change a copy | right from a persons name to Microsoft? There is no | circumstance where that is acceptable. | dangrossman wrote: | Nobody manually changed a license. The commits were made by a | bot named "microsoftopensource" that exclusively adds copies | of Microsoft's license file, support file, readme file and | code of conduct to every new repository under their account. | Brave-Steak wrote: | ErikVandeWater wrote: | Microsoft is nearing 50 years of experience designing business | processes, and has basically unlimited access to top tier | talent. If the company had cared, it could have easily designed | a process to prevent this kind of mistake. But this mistake | doesn't negatively affect the bottom line so here we are. | [deleted] | GrinningFool wrote: | Most processes for that type of thing come about only after | someone has made a mistake. | | Source: experience in the industry. Including having made a | similar mistake myself a couple of years back (and receiving | a fair bit of internet hate for it) | ErikVandeWater wrote: | Processes are built ahead of time if people take a risk | seriously. | GrinningFool wrote: | This is also true and is not mutually exclusive. People | and organizations are fallible - much process is | developed from learning. | [deleted] | [deleted] | SquishyPanda23 wrote: | I'm just curious, is Microsoft actually in violation of the MIT | license here? | | All future changes to this repo are copyright Microsoft, so | Microsoft's copyright should be in the statement. | | Arguably there should be an additional statement indicating | that LesnyRumcajs holds copyright to bits of code that | Microsoft hasn't changed. | | But | | (1) exactly which bits have LesnyRumcajs's copyright would have | to be verified by examining source control history. Since | LesnyRumcajs's copyright statement is visible on any commit | where LesnyRumcajs holds copyright, this setup makes actually | makes it easy to verify which portions LesnyRumcajs has | copyright claims on. | | (2) Including LesnyRumcajs's copyright statement in repo | history seems to be all that the MIT license requires. The | license doesn't forbid there being another more easily | accessible copyright notice that doesn't list all copyright | holders. It only requires that LesnyRumcajs's statement be | included in all copies of the software, which it currently is. | esrauch wrote: | What you're saying doesn't make any sense. If what you're | saying was true you could take any MIT repro, fork it and | replace the license with a fully proprietary copyright claim | or any other license. You absolutely can't take code and just | change the license to anything more permissive without the | original copyright holders permission. | | It's definitely the case that at a given snapshot of the | repository which has copyrighted code owned by someone else | the copyright notice has to be there at that same revision. | psyc wrote: | Ok. I worked at MS from 2005-2015. As I recall, there was this | huge formal legal process and due diligence around including a | single line of open source code. Is that not still the case? Am | I remembering it wrong? | robbedpeter wrote: | Github changed everything. All sorts of automation and open | source involvement happened, with new bots and systems. | psyc wrote: | Y'know, it actually slipped my mind that Microsoft | transformed into a much more open-source friendly company. | That makes some sense now. | IsThisYou wrote: | Try running an illegal copy of Office or Flight Simulator "by | mistake" and see what happens. | tiahura wrote: | FS I'm not sure about. Office goes into massive nag mode. | | What's your point? | [deleted] | mradmin wrote: | Seems like a mistake to me. Microsoft recently adopted one of my | Open Source projects and part of the agreement was they would | keep the original license. This was a request on their part, I | had no choice in the matter. They know what they're doing, I | don't think they would do this deliberately. (Licence here: | https://github.com/microsoft/vscode-gradle/blob/main/LICENSE...) | motoboi wrote: | Microsoft is not a person. And, by its size, is not a single | entity with homogeneous values and procedures. | | You interacted with one part of Microsoft, maybe we are seeing | the works of another part. | mradmin wrote: | Sure, could be. I guess i'd expect Microsoft to have company- | wide processes and practises when working with OSS though. | Could be wishful thinking. | johnklos wrote: | This is a perfect example of a huge company using the cover of | bullshit to do whatever they want. | | "Oops. We f*d up? Well, you can't talk with a human unless you | pay us lots of money. Oh - you don't have money for a lawyer? | Tough. Good luck getting through our layers of trained monkeys." | aoetalks wrote: | A PR reverting this is already approved and merged: | https://github.com/microsoft/grpc_bench/pull/1 | | Thanks, 3np | uda wrote: | This isn't a mistake, stop calling it that. | | Yeah, the individual developer forking into the Microsoft | organization might have not known what the bot does or how it | harms the community, but the people litigating the bot knew very | well what they were doing, and they are to blame for this. | | The MIT or Apache allow free use, use, not re-attribution, if you | wanna add your name by attaching years to the lines, go ahead, it | is your right. But removing the original developer's copyright | DOES go against the license, and Microsoft should be held | accountable by the community for that. | | How do we hold Microsoft accountable for what they do? we don't | collaborate with them on "their" open source projects, we don't | use "their" open source products. | | Yes, I do realize that some people find some MS developed tools | useful, like VS Code, but I want to remind you that this was | developed by others before, the only reason they got a hype is | because they pushed it and you all rallied around it, so come on, | we do just fine without the mighty patron Microsoft. | | (Edit: added "it" and "out") | dls2016 wrote: | Embrace, extend, extinguish. | | https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis... | rvz wrote: | I did warn everyone that Microsoft has gotten smarter and is | 'using' open-source and Linux for EEE. We know how they | embrace and extend. | | _Extinguish_ basically now means: | | _' We fork the best open-source tools and they sit on our | cloud and are more secure and scale better than if you self- | hosted it, and is completely free to use.'_ | | Paid competitors can't compete or will struggle to compete | with free, given that it is open-source and more secure and | is sitting on the cloud and scales. Lastly, nobody got fired | for buying products with Microsoft(r) stamps. | dang wrote: | It seems to have very plainly been a mistake, and your comment | broke the site guidelines. If you wouldn't mind reviewing | https://news.ycombinator.com/newsguidelines.html and taking the | intended spirit of the site more to heart, we'd be grateful. | 37ef_ced3 wrote: | The larger issue is that anyone using GitHub is donating their | work for re-use without attribution through Copilot. | | In return, you receive hosting from GitHub. | | The writing is on the wall. You MUST host your own code on a | stand-alone website. | | Here is an example. This Go program (a compiler) generates and | serves its own website: https://NN-512.com | | It runs on a Linode shared CPU cloud instance that costs $5 per | month: https://www.linode.com/pricing | | Another example, look at what Fabrice Bellard does: | https://bellard.org | phendrenad2 wrote: | That "issue" is unrelated. You've just hijacked the thread to | talk about it. | | Also the point you're making is controversial, and definitely | isn't widely agreed on. As a human, I can read public code on | Github, and use my internal neural network (brain) to | regurgitate sections of code, and don't need to attribute | anyone (who can say which codebase I'm recalling code from? I | certainly can't). So a neural network doing the same thing, but | external to a human, is certainly questionanble, but it isn't a | cut-and-dry case of copying without attribution. | Zababa wrote: | You're making a false equivalence between copilot and a human | brain. Neural networks are programs, programs don't have the | same rights as humans. Implying the opposite is even more | controversial than saying that copilot should respect | licenses. | | Also, humans sometimes have limitations on what code they | should have seen. It's common in the emulator community to | forbid anyone that has seen proprietary code from working on | black-box implementations to avoid legal issues. | 37ef_ced3 wrote: | "Unrelated"? | | Microsoft's automated violation of "no use without | attribution" licenses? | | You can't see the connection? | | Please. Surely it's obvious to everyone but you. | [deleted] | coliveira wrote: | This is a feature in fossil since the beginning. And fossil is | good enough to be used by sqlite, it could be used by other | projects. | CyberShadow wrote: | > Here is an example. This Go program (a compiler) generates | and serves its own website: https://NN-512.com | | Not a very good one - clicking the link produces a download | dialog on Firefox (I'm guessing because the website neglects to | indicate a Content-Type). | | Ironically this is an argument against trying to do everything | yourself - you might waste time chasing the long tail of | thousands of little details that had been solved many times | over elsewhere. | forgotpwd16 wrote: | >clicking the link produces a download dialog on Firefox | | Works fine for me (v90/Linux). | y4mi wrote: | It does work with Firefox on my end... | | Also hosting it yourself doesn't mean that you do everything | yourself. | | It would definitely spawn build plugins that do most of what | you need if this practice actually establishes itself. | 37ef_ced3 wrote: | It works for everyone except you. The Content-Type is right | there, in the header. | | Coincidentally, you seem to have an issue with everything I | said. | | You defend Microsoft, here and in other parts of this thread, | as they sell the work of open source authors without | attribution and in violation of explicit license statements | in the code. | | Are you employed by Microsoft? | CyberShadow wrote: | > It works for everyone except you. The Content-Type is | right there, in the header. | | I don't know what to tell you. It's not there. | | https://dump.cy.md/9b2a31fa5184397159fe42a85c197242/1640447 | 6... | | It is there if I check with cURL, though. | | Edit: looks like this bug is triggered by the absence of | Accept-Encoding in the request. When the server compresses | the response, it neglects to include the Content-Type of | the compressed content. | | > You defend Microsoft, here and in other parts of this | thread, as they sell the work of open source authors | without attribution and in violation of explicit license | statements in the code. | | I did no such thing. Please stop. | 37ef_ced3 wrote: | So, would you please acknowledge here that you are a | Microsoft employee? | CyberShadow wrote: | I am not, and have never been a Microsoft employee. | | You can search online for my name / username to find my | open-source contribution history, if you would like. | | I hope that sufficiently answers your query. | 37ef_ced3 wrote: | Microsoft investor, then. | | You own MSFT shares directly (not through an index fund). | | Please acknowledge it here. | CyberShadow wrote: | I own zero shares of anything directly or indirectly. | 37ef_ced3 wrote: | Big fan of Copilot, then? | CyberShadow wrote: | No. I am not in the program nor requested access. | | This is my last reply in this subthread; feel free to | assume the same answer for all questions along the same | line. | | I also invite you to review the HN comment guidelines: | https://news.ycombinator.com/newsguidelines.html | workOrNah wrote: | you just keep digging your own grave lol | wellthisisgreat wrote: | Is the copilot thing true for paid accounts as well? | judge2020 wrote: | All public repos were included in the dataset. | wongarsu wrote: | afaik copilot is trained on all public repositories. | Paid/free doesn't play into it | judge2020 wrote: | If you treat copilot like a human, and you ask it a question ( | like "#find median of list") that human either (A) will put | together all the things they've learned over thousands of hours | of simply looking at code in the programming language and how | the syntax works, then provide a new code block, or (B) | remember "oh, I remember this extract string of text and what | comes after it. Here's the next 10 lines from that snippet". In | that B scenario, would the human be infringing on the | original's copyright? Arguably yes; but is situation (A) also | copyright infringement, or is it like getting code help from a | friend? | | In these situations, whether it be originating from a human or | robot, the knowledge comes from looking at public code on | GitHub and it's always been a risk that your public code might | not be used with proper attribution at some point. Think about | how many OSS projects have core code and algorithms copied | daily by companies with no public name and keep all of their | source code private - it's surely caused more damage than | CoPilot ever will. | chongli wrote: | As a human, if you memorize a book word-for-word and later | reproduce whole passages of the book in your own writing then | that is considered plagiarism and copyright infringement. It | does not matter that you stored it in your human memory | before reproducing it. | | The test to use is to imagine you're writing an essay in | college. If your essay contains unattributed passages from | another work then the professor will not care that you | memorized them rather than just copying and pasting the text. | In order to be in the clear you need to properly quote and | cite the original author. | | GitHub copilot does not provide attribution. All it does is | obfuscate the original source to make attribution impossible. | Copyright lawyers ought to have a field day with this one. | fault1 wrote: | I think the answer is: we don't know the copyright | consequences of copilot yet. It's certainly a legal gray | area, and it has not been challenged in court yet. | | There are quite a few companies where copilot and copoilot- | like technologies seem radioactive at least for the moment. | pbhjpbhj wrote: | _the following is my personal opinion, unrelated to my work_ | | >In that B scenario, would the human be infringing on the | original's copyright? // | | Depends on jurisdiction but in general I'd say no as quoting, | particularly an insubstantial portion, is allowed (certainly | under USA Fair Use, possibly under UK Fair Dealing). | | However, and again depends on jurisdiction, copying a whole | work to use for AI training or searching can be restricted | (though it's on the GitHub license in this case). The snippet | might be allowed but copying into a training corpus may be | excluded (I think UK have an exception for AI training, but I | may have misremembered, it might be a suggestion??). | echelon wrote: | I'm including licensing notices in several of my private | repositories to prevent inclusion in ML training data sets. | | I might put this in my public ones as well. | 999900000999 wrote: | To be honest, can't humans go through various open source | repositories and copy the bits they like? | | If you don't like that,don't release your code as open source. | I'm not going to host my open source projects on my own | website. That's just hard, it's much more difficult to get | people to check it out if it's on Broblog.net | | I personally don't believe extremely short code snippets, like | the ones copilot tends to copy are problematic. | nerdponx wrote: | This is the same fallacy behind the argument that we | shouldn't care about privacy, because it's always been | possible to track and surveil individuals. | 999900000999 wrote: | Do you want to write open source software or not? | | Here. | | def add( x, y): return x + y | | I don't want to live in some dystopia where we have dozens | of lawyers deciding who owns that above code snippet. If | Amazon wants to use that snippet, fine, you can use it, | etc. | | All Co Pilot does is optimize taking code snippets from | different sources. | nerdponx wrote: | I have no idea what point you are trying to make. | rustc wrote: | > The writing is on the wall. You MUST host your own code on a | stand-alone website. | | How would self hosting your code prevent Microsoft/GitHub from | using it in the Copilot training dataset? If using content from | GitHub irrespective of their license to train Copilot is legal, | so is training from code available on your website. | nerdponx wrote: | It's a question of handing it over and giving them a ToS | shield to hide behind, versus making them work for it and | risking license violations "in the wild". | rustc wrote: | Does their ToS give them additional rights to the code | uploaded to GitHub? There are several unofficial copies of | projects like glibc [1] uploaded by people who definitely | do not have the authority to grant any additional rights to | the code. | | [1]: https://github.com/bminor/glibc | 37ef_ced3 wrote: | Microsoft owns GitHub and you accept their terms of service. | | Copilot is trained on public GitHub repositories of any | license: | https://en.m.wikipedia.org/wiki/GitHub_Copilot#Technology | | If they scrape your website, that's different. | judge2020 wrote: | If it's legally sound to do that, then it's legally sound | to scrape code from Stack overflow as well. No special | license is granted to GitHub to train CoPilot; the hosting | license in the ToS[0] specifically doesn't allow its use | outside of GitHub itself[1], so i'd argue that applies to | running copilot in VSCode for code not destined for GitHub | - and i'm sure MS's lawyers reviewed such a product launch. | | 0: https://docs.github.com/en/github/site-policy/github- | terms-o... | | 1: > This license does not grant GitHub the right to .. | otherwise distribute or use Your Content outside of our | provision of the Service | jen20 wrote: | Because it isn't in compliance with the terms of many popular | licenses to create derivative works without attribution. | Therefore the only possible claim Microsoft have to do so is | via terms and conditions, which would not apply to code | hosted on a stand-alone website. | | It might be time for popular licenses to update themselves | for this new-found threat. | defen wrote: | What happens when some random person uploads your code | (acquired from your website) to GitHub? | leephillips wrote: | It depends on how that code is licensed. Possibly the | random person gets served with a summons. Possibly | nothing. | jen20 wrote: | Well, that is what updating the license accomplishes. | | I'd be interested to know if code subject to DCMA | takedown would be removed from the copilot training | set... | TedDoesntTalk wrote: | > it isn't in compliance with the terms of many popular | licenses to create derivative works without attribution | | Did you click the link for this article? Did you see that | MS removed the author's name in the license header and | replaced it with their own? | jen20 wrote: | Yes? | dragonwriter wrote: | > Therefore the only possible claim Microsoft have to do so | is via terms and conditions | | No, Microsoft's claim is _fair use_ , not _GitHub terms and | conditions_. You don 't have to speculate on what you think | their possible claims are, when they've publicly stated | their _actual_ claims. | marcodiego wrote: | > The larger issue is that anyone using Github is donating | their work for re-use without attribution through Copilot. | | I think this can only be valid of Github's terms of use clearly | specify that or the chosen license allows it. | | I actually see copilot benefiting GPL projects: suppose a | programmer uses copilot to develop a proprietary software and | copilot regurgitates GPL'ed code: now the proprietary software | is a derivative work and must be GPL'ed too. | anonymousab wrote: | Unless copilot serves as a legally effective "laundering" of | gpl code. Which sounds silly, but we're now in a situation | where that outcome is super desirable to GitHub/Microsoft. | | Another potential outcome is that so many projects could now | end up unknowingly using gpl code that enforcement becomes an | impractical whack-a-mole, far more so than today. Being told | to rework or relicense your project because of copiloted gpl | code could easily end up with hobbyists wholesale begrudging | the gpl license rather than copilot itself. | fault1 wrote: | > Unless copilot serves as a legally effective "laundering" | of gpl code. | | It's quite interesting how it seems to have come full | circle, at least according to this stackoverflow comment | about Stallman releasing a paper in 1992 on how to | effectively launder AT&T code via textual changes (I have | no idea if he did, I just remembered the comment): | https://unix.stackexchange.com/a/591221 | nerdponx wrote: | "Not Github" is also a good place to start. | | I am a happy Sourcehut customer. Roughly the same cost as a | VPS, but comes with tech support. | smorgusofborg wrote: | How does your license prevent someone redistributing source | code over GitHub? What does copilot claim as far as licensing | rights beyond fair use? | | You may be practically limiting copilots use of your code but I | don't see any licensing difference if Microsoft hosts Copyright | code or scrapes copyright code. | [deleted] | kstrauser wrote: | The following is pure conjecture with zero evidence: | | I think that's on purpose, not to "steal" code from GPL'ed | softwares' authors, but to get GPL'ed code into commercial | projects. Then Microsoft can say "oops, we were right all | along! The GPL is so dangerously viral that you can't even host | your software on the same server!" | | I know that sounds stupid, unless you were there for the | Halloween Documents. After all these years, it seems to me that | Microsoft hasn't done the 180 they portray. | petilon wrote: | Anyone who puts anything on the web is at the same risk. For | example, ask Google how old Queen Elizabeth is [1]. Google | tells you the answer in a big font at the top of the result | page. Google sourced the answer apparently from usnews.com but | you didn't even have to click the usnews link. Google "took" | the answer from them and deprived that website of a click. | | So yeah, you are donating your work to Google when you put it | on a publicly accessible web site. | | [1] https://www.google.com/search?q=how+old+is+queen+elizabeth | fault1 wrote: | isn't that covered under a fair use 'right to quote'? | https://en.wikipedia.org/wiki/Right_to_quote | petilon wrote: | If all of the useful information in a web page is mined and | given away by a third party in an automated fashion, such | that the copyright holder is deprived of revenue, then | that's not the intention of 'right to quote'. | fault1 wrote: | I'm pretty sure Google pays these types of content | publishers (like Reuters) very handsomely. In this case, | the content distributor (USNews) also went out of their | way to SEO their site with microdata[1], so I'm going to | guess a lot of their inbound traffic also comes from | Google searches. | | [1] https://developer.mozilla.org/en- | US/docs/Web/HTML/Microdata | peter_retief wrote: | This seems to be the new reality. Sad we get fooled over and | over by the same companies. | coliveira wrote: | I have good memory. I always stood one mile from anything | that MS does. The new generation that is easily scammed by | flashy stuff like VS code is in for a treat. | dragonwriter wrote: | > The writing is on the wall. You MUST host your own code on a | stand-alone website. | | Even if Microsoft currently only uses GitHub-hosted code as an | input to Copilot, their theory of the legality does not depend | on code being hosted there and applies to any code they can get | their hands on. The idea that hosting code publicly at some | non-GitHub location is going to keep it out of Copilot is not | well justified. | emilengler wrote: | > The larger issue is that anyone using GitHub is donating | their work for re-use without attribution through Copilot. | | Wrong. Lets say a GPL project is not hosted on GitHub | officially. I can easily setup a mirror for it though on GitHub | as the GPL doesn't prevent me from doing it... | | Point is that anyone can put my work on GitHub, even if I don't | want to.Assuming the project is under a free license though. | leephillips wrote: | How does that make what 37ef_ced3 said wrong? I'm not | following your logic. | emilengler wrote: | > The writing is on the wall. You MUST host your own code | on a stand-alone website. | | Because this does not prevent having the code to land on | GitHub at the of the day assuming it is published under a | free license. | | Now it depends on how you interpret the "MUST". My logic | only makes sense if you consider it to a dogmatic-like | prevention. | leephillips wrote: | The statement you tagged as "wrong" was: | | > The larger issue is that anyone using GitHub is | donating their work for re-use without attribution | through Copilot. | | Why is this wrong? | dragonwriter wrote: | It is wrong as a specific statement about GitHub, because | regardless of current practice, the legal theory for | Copilot applies to any code anywhere, so anything that is | publicly accessible would involve the same risk. It's not | dependent on use of GitHub even if Microsoft has | initially started their because it's easier for them. | leephillips wrote: | So this sense of "wrong" is similar to "correct". | | Also, I don't see how this is true. Code on my website is | publicly accessible, but not in the public domain, nor | licensed for re-use, unless I say that it is. | dragonwriter wrote: | Licensing matters for things that would be forbidden | without permission by copyright law. Fair use is an | exception to copyright law. Microsoft's explicit legal | theory around Copilot is that ingesting code for it (and | ingesting content to train ML models more generally) is | fair use. If there theory is correct, license is | irrelevant, there is no legal (at least copyright-based) | barrier to them using any source code they can get their | hands on to train Copilot. | 37ef_ced3 wrote: | Yes, you can "donate" someone else's code, knowing Microsoft | will violate a use-with-attribution license. | | You can do it, but it's WRONG. | | Copilot is trained on public GitHub repositories of any | license: | https://en.m.wikipedia.org/wiki/GitHub_Copilot#Technology | | We must all stop using GitHub. | edoceo wrote: | My team has code, MIT and GPL, on GitHub. We know the risk | of this kind of theft. We remain on GitHub for the | discoverability. It's not so absolute. | _0ffh wrote: | I wonder what kind of language you would need to add to | your license in order to explicitly forbid the ingestion of | your code by Copilot and/or like projects. | ghoward wrote: | IANAL, but I have written licenses for that purpose. [1] | (I'm trying to get them reviewed by a lawyer, but can't | afford to; maybe I'll do a GoFundMe.) | | What I did is say that if you feed copyrighted software | to an algorithm that itself outputs software, then the | license applies to the output. This covers the output of | compilers and such, but it would also cover Copilot in my | opinion. We'll see what a lawyer says. | | However, even with a license, I wouldn't doubt that | Microsoft would just put it through GitHub anyway because | finding them out would be extraordinarily hard. | | [1]: https://yzena.com/licenses/ | xigoi wrote: | The "Yzena Copyleft License" states that it's a copyleft | license, but it also states that it's not a viral | license. According to Wikipedia, a viral license and a | copyleft license are the same thing. | ghoward wrote: | Wikipedia is not the best source of information. | | There is a difference between "strong" copyleft and | "weak" copyleft. An example of "weak" (non-viral) | copyleft is the CDDL. In fact, the CDDL's Wikipedia page | talks about strong and weak copyleft. | | You can read [1] for a breakdown of copyleft by an actual | lawyer. Suffice it to say that Wikipedia's Copyleft page | is woefully inadequate. | | [1]: https://writing.kemitchell.com/2018/10/24/How-to- | Speak-Copyl... | dragonwriter wrote: | > I wonder what kind of language you would need to add to | your license in order to explicitly forbid the ingestion | of your code by Copilot and/or like projects. | | If Microsoft's theory is correct, under US law it is | impossible to forbid this with a license, because a | license is just an offer of additional permissions beyond | what is available automatically under law, and | Microsoft's theory is that ingesting code into GitHub is | fair use and therefore permitted under law as an | exception to copyright without any license from the | copyright owner. | | If Microsoft's theory is not correct, pretty much any | license with an attribution requirement (among others, | for other reasons) would work. | | The idea that a _special_ license is needed or of any use | doesn 't seem to have any justification, even in theory. | (As is the idea that hosting publicly but not on GitHub | changes the legal parameters.) | ghoward wrote: | You are correct. | | I just want to say that I believe the fair use argument | only applies for _training_ , but not for distribution. I | make the case for that in [1]. | | [1]: https://gavinhoward.com/uploads/copilot.pdf | Zababa wrote: | There's a part that I don't understand. If some software | is mirrored on github by someone that isn't the copyright | owner, it seems like github shouldn't be able to use it. | Yet they said nothing about that specifically. In that | case, is the only option to put code somewhere else than | github under a license that forbids reuploading to | github, and issue DMCAs when/if people reupload your | code? It also sounds like when code is removed through | DMCA, it should be removed from the training set and they | should retrain copilot. | dragonwriter wrote: | > If some software is mirrored on github by someone that | isn't the copyright owner, it seems like github shouldn't | be able to use it. | | If they don't need permission from the copyright owner, | either via license of GitHub T&C, because it's fair use, | which is their overt legal theory, then why would it | matter legally whether the code was posted to GitHub _at | all_ , much less _by whom_? Ingesting only code form | GitHub is a practical convenience that has nothing to do | with their legal theory of the right to do it. | | > Yet they said nothing about that specifically | | Their theory of fair use means they have the right to | ingest any code, irrespective of who owns it and what | conditions (if any) it is licensed under or where (or | even if) it is hosted online. They don't need a separate | justification for your scenario if the theory they've | cited is correct. | | > In that case, is the only option to put code somewhere | else than github under a license that forbids reuploading | to github, and issue DMCAs when/if people reupload your | code | | Nope, that doesn't help at all, legally; it may help | practically as long as they are just using GitHub hosted | code and not consuming code from other public hosting | platforms, but it has no bearing on their legal theory of | why they _can_ ingest code without additional | permissions. | rangoon626 wrote: | Tasteless actions from a tasteless company. | phendrenad2 wrote: | Seems like it's probably a mistake, did you try to contact them? | https://opensource.microsoft.com/ | https://twitter.com/OpenAtMicrosoft | notquitehuman wrote: | Contacting Microsoft is always a mistake. They don't want to | hear from anyone and their process reflects this. | phendrenad2 wrote: | 1) What's your source for that assertion | | 2) Assuming it's even true, what should this person do | instead? | | 3) What do you think the outcome would be if this person did | contact Microsoft? Since it's a mistake, I assume something | bad? | kelnos wrote: | > _Assuming it 's even true, what should this person do | instead?_ | | Since this is copyright infringement, the copyright holder | could file a DMCA takedown notice. | ognarb wrote: | A 'mistake' they are actually doing since a long time now. Here | is the cups equivalent with a license change from apache to mit | for the CUPS system. | | https://github.com/microsoft/cups/commit/ad69bcc78bdea3fea3f... | phendrenad2 wrote: | Why the scare quotes around mistake? Are you implying that | it's intentional? Or negligence? It seems like nobody noticed | the CUPS license change until now, so it's irrelevant, right? | dapids wrote: | Because it was done intentionally by an employed individual | in this case rather than a bot. You cannot in good | conscious as an individual make this "mistake" without | knowing or acting maliciously unless you are incompetent to | begin with. Seems like a growing trend at MS. And I'll | remind you that Apple actually uses CUPS for their print | backend and funds it directly, they retain the original | license and support the project, meanwhile MS takes it, | doesn't contribute and acts like it's their own, sick. | | https://github.com/microsoft/cups/commit/8100595a3a3a6d5c7d | 0... | Strom wrote: | How is it not intentional? To me it seems very clear that | someone designed this bot to specifically alter the LICENSE | file so that it matches some sort of predefind Microsoft | file. | | _Edit:_ To give a bit more nuance, I would guess that the | actual bot changing the LICENSE files is not a mistake, but | working as intended. What could, however, be a mistake is | thinking that licenses can be legally overwritten. It | wouldn 't be a "rogue engineer" kind of mistake. Certainly | several people at Microsoft have signed off on this. | colejohnson66 wrote: | Because a bot like this could never used on internal | libraries that are about to be open sourced? | formerly_proven wrote: | https://github.com/microsoft/cups/commit/8100595a3a3a6d5c | 7d0... | | That's not a bot. | Strom wrote: | I'm sure it could be used, however that would probably be | a similar problem. Microsoft has internal libraries with | all sorts of licenses. Replacing the actual licenses with | a template wouldn't be the correct move there either. | jesprenj wrote: | Oops, a bot just removed bandwidth limits for Windows source code | on a bittorrent seedbox. | naves wrote: | Yeah, everyone has a second chance but Microsoft has had n-th | chances. | | Make no mistake, gravity will always pull MS towards their | default behavior. Just wait for VS Code becoming a subscription- | based product. | | Yes, there will always be a community maintained project. But it | will not be MS Certified... | readbeard wrote: | There is a rampant practice where companies and organizations | flippantly and often fraudulently stamp copyright notices on | everything they touch--including public domain materials such as | the U.S. Constitution, works of William Shakespeare, prints of | the Mona Lisa, copies of the 9/11 Commission Report, and | compositions of J.S. Bach. [0] | | It seems Microsoft has now automated this practice. | | [0] http://www.copyfraud.com | | Edit: It's easy to jump the gun and start accusing Microsoft of | something nefarious here. To be clear, I'm personally giving | Microsoft the benefit of the doubt and assuming that this was an | honest mistake, and that the folks at Microsoft who had something | to do with setting this up were well-meaning. | | My point is that we're living in a culture that, as a standard | practice, sprinkles "(c) [year] [company]" on things like salt, | that such claims are frequently invalid or misleading, and that | this broader issue may be partly to blame for incidents like the | one we are discussing today. | darepublic wrote: | Did the original author agree to give their project over to | Microsoft? | zach_garwood wrote: | I didn't think code was copyrightable in the first place. | shp0ngle wrote: | This might be true about trivial pieces of code, which this one | is not | dpratt wrote: | Any work, no matter how trivial, is eligible for copyright as | long as it is an original artifact with a distinct identity. | throwaway858 wrote: | Copyright laws vary wildly across countries and jurisdictions | tzs wrote: | ...but aside from Eritrea, Ethiopia, Iran, Iraq, Marshall | Islands, Nauru, Palau, Somalia, and South Sudan everyone is | part of one or more (usually more) international treaties | that cover copyright such as the Berne Convention or TRIPS | or UCC, so you should expect in most places that most | people on HN are likely to ever deal with have copyright | law that isn't too different for the most common | situations. | emilfihlman wrote: | Not true, u64 add26562(u64 value) { | return(value+26562); } | | is not copyrightable. | anonymousab wrote: | If that function always returned, say, the AACS key then it | would likely be violating copyright in the US. Regardless | of whether it was the result of a computation or statically | defined. | emilfihlman wrote: | I'll press x on that. | | https://en.wikipedia.org/wiki/AACS_encryption_key_controv | ers... | hirundo wrote: | They changed the copyright holder on this fork, but left the MIT | license in place. How does this harm anyone? | thesuperbigfrog wrote: | >> They changed the copyright holder on this fork, but left the | MIT license in place. How does this harm anyone? | | Here you go: | | https://github.com/microsoft/TypeScript | | Just fork TypeScript, change the copyright holder to yourself, | and do what you want with it. I sure Microsoft won't mind. | precommunicator wrote: | It violates the license that specifically says (IANAL): | | > The above copyright notice and this permission notice shall | be included in all copies or substantial portions of the | Software. | bayindirh wrote: | It looks like Microsoft developed this all along. Yes, git | keeps history, but it's unethical and ugly to begin with. | | Also, I'm not sure you can just change the copyright | information, and change the history of the code like that. | | However, this is typical of Microsoft. Like DOS, like Windows | App Store / Packaging ripoff (they asked the guy some | questions, sherlocked his software, even didn't thank him | later), etc. | shp0ngle wrote: | that's still breaking the license | arbitrage wrote: | so take them to court. | anonymousab wrote: | A supercorp will have far more resources to succeed in | courts than an individual person, such that the courts are | not a fair avenue for resolving disputes. The court of | public opinion is, unfortunately, far more accessible to | the individual. | fault1 wrote: | That being said, if someone were to sue Microsoft over | this (they would have to be the original copyright | holder), I think it's more likely Microsoft would try and | settle out of court. | kube-system wrote: | They copied a copyrighted work in a way that was not permitted | by the copyright holder. | MattPalmer1086 wrote: | You can't own something by just saying you do! | | Only the copyright owner can license the work to others, or | issue under a different license if they like. | h2odragon wrote: | The repo page still has: | | > This repo has been populated by an initial template to help get | you started. Please make sure to update the content to build a | great experience for community-building. | | Perhaps this is "updating content"? | Hello71 wrote: | is it possible that microsoft bought the rights to the software | [deleted] | kaladin-jasnah wrote: | This comment shows they've done it to other pieces of software, | including things like... CUPS: | https://news.ycombinator.com/item?id=29684567 | | For some reason I doubt they've bought the copyright to CUPS. | mkdirp wrote: | The original copyright holder claims on reddit[0] that it was | forked, and there doesn't seem to be any implication of buying | the rights to the software. | | [0] | https://www.reddit.com/r/opensource/comments/roa9xz/microsof... | SloopJon wrote: | That Reddit thread is a better source link for this | submission. | ThinkBeat wrote: | Makes me wonder if Microsoft GitHub should not make it a more | specific action to relicense a repo. | | That would solve any ambiguities around the script Microsoft | wrote. | | "Are you sure you want to change the license?" Yes / No. | | Perhaps a specific API call when you are doing it with a script. | CyberShadow wrote: | The account which did the change has this description: | | > This is the open source management service account used for | performing key GitHub operations on behalf of Microsoft employees | and users. | | Combined with the nonsense README change, this looks like a bot | mis-use accident. | | Edit: to clarify, in no way am I saying that this is a "honest | mistake" which does not deserve scrutiny. | shp0ngle wrote: | This is very obviously a mistake and I don't know how can | anyone assume otherwise. | colejohnson66 wrote: | Because "Microsoft Bad". When a company gets big enough, | there will always be a portion of the population you can | never please, and Microsoft reached that size a long time | ago. | fartcannon wrote: | It's got nothing to do with their size but the 40 years | (thus far) of doing aggressively bad shit. | toxik wrote: | Microsoft has a long and dark history. I think you're | brushing aside the real contention. | | People who were around before MS decided to open-source- | wash their brand KNOW what Microsoft's DNA is. They had a | literal playbook to crush Linux. | tiahura wrote: | " Microsoft has a long and dark history." | | The KKK has a long and dark history. MS is a business | that at times has had slightly sharper business practices | than _some_ of its competition. | colejohnson66 wrote: | From _twenty year ago_. You say it's in their DNA, but | I'll bet that the majority of people there now were not | there 20 years ago. Old habits die hard, yes, but they do | die. | | Microsoft has committed to open source. Maybe it's self | fulfilling reasons, but that doesn't mean we should brush | it off. If some higher up decided to go open source for | PR reasons, who cares? We should be embracing it. | Shunning it will just make other companies think twice | about open sourcing. | | Also, this was done by a bot. Microsoft is big enough to | have their own in-house council, and I can't imagine them | being stupid enough to risk everything over a copyright | lawsuit with evidence like this that the whole world can | see. | sofixa wrote: | Microsoft might have committed to open source for | business reasons, to an extent ( see the recent .NET | debacles), but they're still the same monopolist-abusing | and anti-competitive company ( see the recent Edge | debacles). They're an inherently _bad_ and _evil_ | company, and even though they seemed to be improving, | they 've gone back to old tactics rather quickly. | denton-scratch wrote: | > Microsoft has committed to open source. | | They may have "committed" to open source (I think | "committed" may be the wrong word there), but they never | stopped hating free software. | sofixa wrote: | Because it's a very stupid mistake. I have a hard time | believing someone developed a bot to deal with repo | normalisation on GitHub that doesn't know how GitHub | functions, what forks are, and that you can't just change the | LICENSE with a file of your own. I don't necessarily think it | was done on purpose to steal copyrighted content ( that'd be | too stupid even for Microsoft), but it's a weird mistake to | make. | kenjackson wrote: | No judgment from me since I suspect it is also an accident and | I've made enough in my life that I don't get super judgy in | most cases. But what purpose is there for a bot that forks and | makes changes like adding template files? Copyright aside, I | don't understand the value of this bot. | CyberShadow wrote: | If I were to guess, it would be that the action performed | here (or the basis of the code implementing this action) was | intended to be done on internal Microsoft repositories that | should be open-sourced. | coliveira wrote: | I would't call a honest mistake some bot that is created to | change code to a MS license. First of all, this kind of thing | needs to be done after careful review, if they're doing it in | an automated fashion there is almost the certainty that they'll | take somebody else's work as their own. | matt123456789 wrote: | Ok, but this is still illegal, right? | judge2020 wrote: | Since MIT has this line: | | > The above copyright notice and this permission notice shall | be included in all copies or substantial portions of the | Software. | | MS would be in the wrong to redistribute this code without | the notice that includes '(c) 2020 LesnyRumcajs' - however, | just changing the line doesn't constitute copyright | infringement or fraud if MS reverses the change and/or simply | appends the original MIT license above their MIT license | (since MS does indeed have '5 commits ahead' of the origin | repo, all of those changes are copyright MS but still MIT | licensed). They could even simply have a file called | 'LICENSE2' with the original notice, if they can't easily | exclude this repo from the bot. | webmaven wrote: | _> MS would be in the wrong to redistribute this code | without the notice that includes '(c) 2020 LesnyRumcajs' - | however, just changing the line doesn't constitute | copyright infringement or fraud _ | | Given that this change was committed to the main branch, if | I download the code right now, haven't Microsoft | redistributed it? | phendrenad2 wrote: | Things get philosophical rather quickly I'm afraid. If I | misconfigure an FTP server, and you download some MIT | code that I stripped the copyrights from, does that count | as redistribution? | sicromoft wrote: | [deleted] | colejohnson66 wrote: | No. If you hack into my company and siphon out an EXE for | an internal tool that uses GPL licensed code, you are | _not_ entitled to the source code of the package because | the company did not "distribute" it to you; you took it | without any right to have it. | | There's a whole philosophical debate we can have where we | quibble over the definitions of words as they deal with | technology, but the (US) courts generally don't care | about technicalities. An analogy is stolen property. If | you purchase something that is stolen property, you have | (almost) no legal right to it; the courts will often | order its seizure for return to the original owner. By | "hacking" (according to the CFAA), you "stole" the EXE. | NeutronStar wrote: | erinnh wrote: | I would say that it isnt, because you had no intent to | redistribute it. | | But you cant make that argument here, as its a public | repo, as such Microsoft did have the intent to | redistribute. | [deleted] | joshmanders wrote: | But wouldn't this case fall under the same? | | Your argument is that a misconfigured FTP server isn't | intent to distribute. | | What if this was a misconfigured fork that was meant to | be private but was set public? Not intent to distribute | either. | albedoa wrote: | Those two things are far more similar to each other than | to a public repo whose intent is to redistribute. So no, | this case is not the same as either a misconfigured FTP | server or a misconfigured repo. | cute_boi wrote: | Yes, it counts as distribution. Why you would even | stripped copyrights form? | 0x0 wrote: | The "5 commits ahead" are literally only replacing the | license and the readmes. | pitched wrote: | So the only part of the repo that is legitimately | copyrighted by Microsoft is the Microsoft copyright | notice? I love how meta this is. | matt123456789 wrote: | I see. Thank you for the explanation. | hnfong wrote: | Yes, people make mistakes. Sometimes, mistakes turn out to be | illegal. | | But if you're one of the largest corporations in USA, the law | tends to go easy on you for making accidental mistakes. | gizdan wrote: | Which is fine, and surely an honest mistake. Automation is | great, but the way I see it is, how many other projects have | been forked and automatically re-licensed, and then profited | from without proper attribution? An accident still needs to be | flagged, and still needs to be corrected. They also need to be | learned from and avoided in the future. | xyproto wrote: | Attribution is nice, but for it to be a requirement, it needs | to either be specified in the license or be plain old | copyright. | wongarsu wrote: | The license clearly states | | > Permission is hereby granted [...] subject to the | following conditions: | | > The above copyright notice and this permission notice | shall be included in all copies or substantial portions of | the Software. | | Changing the name in the copyright is a clear license | violation. | CyberShadow wrote: | > An accident still needs to be flagged, and still needs to | be corrected. | | Yes. Additionally, the way such actions are performed is not | great because the mechanism used does not provide any way to | provide feedback - if the change was done by a user account, | then they would have received notifications about the | comments posted under the commit, but the ones received by | the service account probably go nowhere. | niros_valtos wrote: | Can it be identified only in a PR or is there any tool that can | search through all forks? Maybe it's too small problem to solve | though. | jhawk28 wrote: | Probably just a setting in someone's IDE or a bot that they | didn't understand what it was doing. | fiatjaf wrote: | So you can't do that? I do it all the time when I fork something. | ozim wrote: | Hey if anyone considering down voting this guy - it is | important question as a lot of people might not understand | those things. | | I see it as a honest question. | | Instead of voting down, vote up so more people can read replies | and see that it is not something that should be done. | onei wrote: | You (or possibly your employer) own the copyright to the code | you produce. And you are fine to say something like "copyright | $me $yearIMadeACommit". What you can't do is claim copyright on | work you did not produce or remove existing copyright notices. | kube-system wrote: | Free or open source licenses aren't a lack of copyright. They | are an exercise of copyright. All of that code that you didn't | write is still copyrighted by their original authors. You | simply have permission to use it under the criteria outlined in | the license. | [deleted] | [deleted] | ignoramous wrote: | One can _add_ their copyrights, relicense in some cases, but | absolutely cannot remove existing copyrights. I don 't think | any FOSS license (save for the "public domain" ones) allow for | that. | zenexer wrote: | Correct. You don't own the code just because you forked it. The | original copyright holders retain ownership, and you must abide | by their license. You can't swap out the license unless they | explicitly allow you to do so. | gortok wrote: | That's not true. You can change the license if the license | allows you to. It's copyright you can't change unless the | author assigns the copyright to you. | soheil wrote: | This comment highlights the ignorance of a lot of people in | this thread jumping to conclusion and view MS instantly as | an aggressor and themselves as victims of the obvious and | horrible crime of copyright infringement. | | A) Do you know it was not an honest mistake? | | B) Why a complete understanding of esoteric legal copyright | laws created by non-programmers all of a sudden so | important to a mainly programmer HN audience? | bogwog wrote: | Are you joking? Programming is all about intellectual | property. A complete understanding of copyright laws is | important for anyone in the tech industry. | soheil wrote: | Jurisprudence is a specialty beyond the skill level of an | average lawyer. It's like saying to be able to eat you | need to have a complete understanding of how to raise a | chicken. | jacquesm wrote: | That can get you into seriously hot water, I would suggest you | stop doing that until you've had some interaction with an IP | lawyer. | bogwog wrote: | You need to go revert all of those commits ASAP. | | EDIT: also if there are any forks of your project, you should | ask people who forked it to restore the original copyright | notice as well. If the original copyright holder sees your name | instead of theirs, they'll know who to sue. | jeremyjh wrote: | Maybe read the license before agreeing to its terms. | jbreckmckye wrote: | No, you cannot. | | I'd advise you to fixup any forks on GitHub, e.g. | https://github.com/fiatjaf/jiq/blob/master/LICENSE, which are | currently in breach of license. | | You'll need to inform anyone who forked your code, too. | | This is something you agreed to in the following part of the | license: | | > The above copyright notice and this permission notice shall | be included in all copies or substantial portions of the | Software. | jeffwilcox wrote: | I lead the Microsoft Open Source Programs Office team. I'm sorry | this happened. | | We have merged a pull request that restored the correct LICENSE | file and copyright, and are in touch with the upstream author | Lesny Rumcajs who emailed us this morning. We'll look to revert | the entire commit that our bot made, too, since it updated the | README with a boilerplate getting started guide. | | The bug was caused by a bot that was designed to commit template | files in new repositories. It's code that I wrote to try to | prevent other problems we have had with releasing projects in the | past. It's not supposed to run on forks. | | I'm going to make sure that we sit down and audit all of our | forked repositories and revert similar changes to any other | projects. | | We have a lot of process around forking, and have had to put | controls in place to make sure that people are aware of that | guidance. Starting a few years ago, we even "lock" forks to | enforce our process. We prefer that people fork projects into | their individual GitHub accounts, instead of our organization, to | encourage that they participate with the upstream project. In | this situation, a team got approval to fork the repository, but | hasn't yet gotten started. | | To be as open as I can, I'd like to point to the bug: | | - The templates we apply on new repositories live at | https://github.com/microsoft/repo-templates | | - The bug seems to be at this line of the new repository | workflow: https://github.com/microsoft/opensource-management- | portal/bl... | | - The system we have in place even tries to educate our engineers | with this log message (https://github.com/microsoft/opensource- | management-portal/bl...): "this.log.push({ message: `Repository | ${subMessage}, template files will not be committed. Please check | the LICENSE and other files to understand existing obligations.` | });" | krzyk wrote: | Lesny Rumcajs? :) | | For those that don't know Polish it means Forest Rumcajs | (https://en.wikipedia.org/wiki/Rumcajs), probably a joke of the | author that wants to be anonymous. | ModernMech wrote: | Thank you for being transparent about this and dealing with it | appropriately, even on Christmas. I think that goes a long way. | 3np wrote: | Really appreciate the prompt and transparent response, Jeff. | Especially at a time when I assume you were not expecting to | jump in on duty. | | I hope that despite all the harsh words, you can have sympathy | with that behind them are legitimate concerns and suspicion | stemming from past bad behavior from various part of your | organization. Due to this, and Microsoft's position of power, | you have a much, much lower budget for these kinds of mistakes | compared to the most other orgs. | | Even if there was nothing intentionally malicious at play here, | it would not be far-fetched for an outsider to interpret as | "implicit maliciousness through neglect". | | Here's hoping that 2022 will be a year of bridging the divide | and sincere alignment. | tptacek wrote: | Yes, it would be far-fetched. The conspiracy theory here is | self-evidently implausible. We need to stop pretending that | the accusations here were made in good faith, or are anything | more than wishcasting. People write about these things | because it's a lot more fun for them than to write about what | actually might have happened, even if what actually happened | is probably a better, more lastingly valuable conversation to | have. | 3np wrote: | So, I'm of the opinion that a collective (for example a | company) can exhibit malicious behavior despite no | malicious intention of any particular individual in it. It | can be emergent, and moreso the larger the organization. | Along similar lines of systemic discrimination, there does | not need to exist any conscious conspiracy or malintent. | For better or worse, the whole is greater than the sum of | its parts. | | This comment speaks towards that this is the case: | | https://news.ycombinator.com/item?id=29686347 | | > I know Jeff personally and he's great. This happens all | the time at Microsoft though. Teams try to do OSS | themselves, haven't a clue how GitHub or licensing works | (e.g. they think the CLA transfers copyright), and after a | slap aside the head, I send them to Jeff for guidance and | all is well. | | (I mostly agree with your sentiment, though. I do get the | impression that leadership is sincere in wanting to do | right. It's just that it's not that black-and-white or | easy. As another MS employee commented, this is something | that has to take time and they need to be held accountable | along the way. | https://news.ycombinator.com/item?id=29684127) | tptacek wrote: | If there was a plausible evil plan behind this licensing | silliness, I'd shut up about it. But there isn't. The | insinuations being made on this thread (still! | continously!) are embarrassing. It's not that I think | Microsoft is incapable of putting together a solid heist; | it's that observers here have such bad taste in heists. | 3np wrote: | Agree with you there. I see it as manifestations of fear, | tribalism, and short-sighted oversimplification around | complex issues. Without wanting to dive deeper into any | of those topics, I believe there are similar mechanism at | play on a larger scale in COVID-conspiracy theories and | the re-emergence of Western xenophobia/nationalism. | | It can be hard to assume good faith when your counterpart | clearly isn't. But I think it can be at least as | important then. We need to come together and find common | ground. | dewiz wrote: | Thanks for clarifying. This also highlights the lack of | sufficient testing, and subpar processes, eg automation should | be tested against critical paths, and changing a license should | require human approval. | jeffwilcox wrote: | Agree. The lack of tests has been the biggest regret of mine | for this project. It started as a hackathon project a long | time ago, and as it grew up, it never got the testing | investment it deserved. I imagine the code coverage is about | 0.001% and there's no end-to-end tests in place. | mst wrote: | My local tooling doesn't fail as visibly as this but it | certain fails just as catastrophically leaving me feeling | excessively silly. | | So, yeah, hugops, mate. | yawaramin wrote: | Thanks for explaining. Out of curiosity, does Microsoft have | any external-facing GPL-licensed projects? Are there any | restrictions to using (i.e. open sourcing something developed | internally or forking something from outside MS) GPL-licensed | projects? Specifically, would teams be able to get approval to | fork GPL repos? | jeffwilcox wrote: | Git for Windows comes to mind. Teams can absolutely get | approval for any open source license; however, for a GPL | project, we'd have their open source legal team work with | them to brief them on the license obligations and | requirements, such as publishing code to | https://3rdpartysource.microsoft.com/. | yawaramin wrote: | Interesting, so that's specifically for GPL-licensed | projects? Or am I misunderstanding and you would have dev | teams work with Legal for any open source licensed project? | jeffwilcox wrote: | Copyleft has more process, since we absolutely need our | engineers to understand the obligations we have, and for | some of us, it may be the first time we're being | introduced to open source communities and licensing, so | we have to do more education in the GPL case. | | Our process revolves more about _using_ open source than | forking specifically. | | Whenever a build runs at the company, we have a detection | task that identifies the open source that is used, | storing an inventory. We evaluate the open source | licenses for that inventory, and have automation | depending on the license that will help inform a team | that has taken a new dependency with specific legal | obligations - could be to get business and legal approval | for something, to take training and learn about copyleft | software and licensing, or that they need to post third- | party buildable source. We're also able to use that | inventory to help with incident response and blast radius | analysis. | | To scale, we need to make sure that our guidance and | policies are in front of people, but we know that | engineers want to get work done (or will find a way | around what we have in place), and so need to be | efficient and straightforward. | | Not all situations will require a business or legal | approval. Our motto has been "eliminate, automate, | delegate" - eliminate onerous bureaucracy and policies - | automate licensing compliance and inventory and approvals | - and delegate to business leaders and others when | there's a need for humans to be involved. | | Sorry for the long answer. | yawaramin wrote: | Thank you-very informative answer. | danesparza wrote: | Damn dude. You posted this comment on CHRISTMAS no less. Either | your phone exploded or you are a VERY PASSIONATE hacker news | fan. Either way ... props to you for trying your best to | straighten this out immediately. | mst wrote: | This feels like the sort of thing where straightening it out | immediately, even on christmas day, was well worthwhile | simply because it would let him enjoy his christmas dinner | without worrying about an inevitable building dramastorm. | | That is not, however, a complaint - being smart enough and | giving a damn enough to realise that straightening it out | immediately was a really good idea is impressive and laudable | in and of itself. | throwawaymanbot wrote: | junon wrote: | Thanks, this is the correct sort of response to this problem. | It wasn't clear by the title this was an automated change, | hence the pitchforks. | withinrafael wrote: | I know Jeff personally and he's great. This happens all the | time at Microsoft though. Teams try to do OSS themselves, | haven't a clue how GitHub or licensing works (e.g. they think | the CLA transfers copyright), and after a slap aside the head, | I send them to Jeff for guidance and all is well. | dapids wrote: | Do you mind addressing the reason why an employee did exactly | what you are claiming the bot did in error? | | https://github.com/microsoft/cups/commit/8100595a3a3a6d5c7d0... | | Again, this is a person, not a robot. How does this play into a | "software bug"? | cdcarter wrote: | If you read the repo history carefully, you'll see a bot was | responsible for rewriting the "LICENSE" file from an Apache | license to the Microsoft (c) stamped MIT license. This human | commit simply copied that same language to the file named | "LICENSE.txt". It's unclear why they did that, but that human | was not responsible for introducing the license text into the | repo. | will4274 wrote: | ? Instead of a software bug, it was a human error. Is it | really surprising that with a company of Microsoft's size, | some employees fuck up? Likely the employee was trying to say | that the contributions in this fork that were not present in | upstream are covered by the new license, but failed to do so | properly (by leaving the original license intact and | identifying precisely which files the new license applied to | and which it didn't). | | Courts will take a far more generous view than you are here. | If Microsoft is not profiting from the change, and fixes it | promptly when pointed out, the courts will shrug at any case | - no harm, no foul. It's not even clear to me that it's | illegal to have the wrong license on GitHub, assuming the | shipping product does not violate the correct license. As | nobody has pointed to any infringing Microsoft product... | What are we talking about? | jeffwilcox wrote: | Honestly, I'm not sure what happened here. | | My guess is that they were going through a checklist of what | to do when releasing open source changes, and didn't | understand what they were doing. | | A lot of why we've had to put some guardrails in our system | has been to point people to guidance and training on open | source. | | I've sent the team that works on this repository an e-mail, | but I don't expect to get a response on the holiday. | dapids wrote: | Thanks for the response. Mistakes happen, human or | computer, not the end of the world, and I get it. I was | just more curious to know if there is a manual process for | this type of forking that was not being vetted via the bot, | and to bring another example to your attention. | oblio wrote: | Just don't shoot down the poor schmuck, mistakes happen. | | The pitchforks will come down, anyway :-) | sydney6 wrote: | Is Tay still alive? | mkdirp wrote: | I saw your comment on the cups repo. Please don't feel horrible | about it. An honest mistake is an honest mistake, as long as | the issues are remediated. Merry Christmas | yardie wrote: | And here I was ready to sharpen my pitchfork. Thanks for | communicating the error and the correction. I know this time of | year can be especially challenging. | brobinson wrote: | FYI: when linking to a line of code, simply press Y on your | keyboard to have Github switch from the | _branchname/path/to/file.xyz_ URL to the | _sha1/path/to/file.xyz_ URL. The former can result in your URL | pointing to unrelated code if lines are added or removed in | future commits on the referenced branch. | | https://github.com/microsoft/opensource-management-portal/bl... | sillysaurusx wrote: | Amusingly, this works on gitlab too. I was surprised that the | shortcut was "so good that competitors had to implement it." | jeffwilcox wrote: | TIL. Thanks! | sarahnovotny wrote: | This is my favorite part of the culture change which is | happening at Microsoft. | | We are still working on it. And, it will take time. | | Jeff's team, my team, the java team whose forked repo this | unintentionally highlighted are working with dozens of other | teams every week. Satya says we're all in on open source. | | Hold Jeff and Me and all the leaders of Microsoft to that | vision. Keep us accountable. And, know this takes time. Let's | make technology and humanity healthier and more sustainable in | 2022. | oblio wrote: | > Satya says we're all in on open source. | | You're not, just as your competitors aren't. | | None of the secret sauces are Open Source: Windows, Office, | Visual Studio, SQL Server, the Azure control stuff, and I | don't expect them to be. | | You're half in, at best, only Red Hat was all in. And they | were bought out by IBM, so here we are. | thisoneistheone wrote: | xafnuaetrf8764 wrote: | dang wrote: | We've banned this account. Nobody gets to attack others | like that here. | | https://news.ycombinator.com/newsguidelines.html | Shared404 wrote: | Unlike the sibling to my comment, I appreciate both this and | the GP. | | I was all in on MS as a kid/young teen. | | Eventually I started looking at the actions of Microsoft, and | as stupid as it is, felt betrayed. | | I still don't trust MS, and still hate the direction Windows | is heading, I will probably never daily drive it again. | | However, comments like these give me hope that MS can turn | itself around. Maybe some day MS will be the company I | thought it was! | | Tl;dr: Thanks for making changes! | [deleted] | phkahler wrote: | I realize that Microsoft is composed of many pieces, but that | doesnt prevent me from treating it like a single entity. And | that entity has IMHO done horrible things to it's own | products and customers, so I'd rather they keep theirs hands | off FLOSS as much as possible. | throwaway984393 wrote: | But if you treat it like a single entity, that means you | also treat all the people working there like that entity. | The janitor working at Microsoft doesn't deserve your ire, | nor the secretaries, etc. But they work there, and carry | around their logos on their backpacks and what not. Those | people have feelings, and those feelings feel bad when the | entity they work for is lashed out at. It does make one | feel bad when one's company is raked over the coals, | because it makes one feel responsible, even if one doesn't | even know what's going on. | | So, for the sake of the feelings of the innocent people who | work there, I would ask everyone to please modulate the | volume and intensity of ire that they project. Please speak | truth to power, but don't be harsher than is needed to get | your point across. | citygm wrote: | Ni Men Suo You Kai Yuan Zuo Zhe ,Ying Gai Xiang Wei Ruan Dao | Qian ,Ni Men Qin Fan Liao Wei Ruan De Quan Li ,Ni Men Zai Kai | Yuan Dai Ma De Tong Shi ,Ju Ran Dan Gan Xie Shang Zi Ji Ban | Quan Suo You ?Huan De Ma Fan Wei Ruan Qin Zi Bang Ni Men Yi Yi | Gai Zheng Guo Lai . Gei Ni Men Yi Tian Shi Jian ,Kuai Zi Ji | Zhu Dong Gai Cheng Wei Ruan . Suo You githubXiang Mu ,Ban Quan | Gui Wei Ruan Suo You . Fan Qing Suo You Kai Yuan Xiang Mu ,Zao | Ri Gai Xie Gui Zheng ,Bu Yao Mi Tu Bu Fan . | j4hdufd8 wrote: | I'm really sorry you had to deal with this during the festive | period. | | I certainly understand how scandalous this looks to crowds like | Hacker News. | | But this seems a little bit blown out of proportion, as if | Microsoft just forked the kernel or something and put their | name on the license. | victorvscn wrote: | >I certainly understand how scandalous this looks to crowds | like Hacker News. | | I don't. I'm with the Microsoft employee who was pissed at | how people think it's edgy to diss on Microsoft. What were | the chances that Microsoft was openly doing that? Some dude | who has now deleted his post said Microsoft was trying to | "create a monopoly of web IDEs". These are clearly people who | barely have a passing knowledge of how Microsoft works these | days. | | People think critical thinking means complaining endlessly. | It doesn't. You can't think critically if you don't think | clearly. And you can't think clearly if you're only looking | for a reason to lift the pitchforks. | 3np wrote: | I don't know if you're aware of other not-that-ancient | incidents like these? | | https://keivan.io/the-day-appget-died/ | | https://web.archive.org/web/20180715225433/https://threadre | a... | | It took significant public outrage and press coverage | before either of those were even acknowledged, a long time | after. | | > What were the chances that Microsoft was openly doing | that? | | After reading the above, is it really that edgy to be | assuming the worst? If it's truly just recurring instances | of different rogue employees, doesn't that speak to a | systemic and/or cultural issue that needs to be addressed | with additional internal safeguards and/or deterrents to | prevent it from happening again? | | To the credit of the relevant team here, today this was | promptly addressed as soon as it got their attention. But | it will take more than that to set to rest decades of | precedence. | | (I did not partake in the flaming and don't find it | constructive or beneficial; just saying I have full | understanding of the suspicion and understand that MS are | still on probation) | tomnipotent wrote: | > After reading the above, is it really that edgy to be | assuming the worst? | | Yes. Neither of this are particularly damning. | | > doesn't that speak to a systemic and/or cultural issue | | No, not particularly. I think it says more about the | person jumping to such conclusions considering the | evidence. | tiahura wrote: | It was immediately obvious that it was a script gone awry. | Sorry your team had to spend your holiday on something so | trivial. | freediver wrote: | Hanlon's razor to the rescue! | bloqs wrote: | I have enormous respect for your response here. | tptacek wrote: | What happened here was obviously a mistake. The thread is full | of lurid accusations, because those are fun to write and talk | about, but it shouldn't take even a minute's thought to see how | dumb a heist this would have been. | | The thread would have been a lot more fun if we could have | spent it talking about what prompted your team to build this | thingy, and bounce other people's approaches to the same | problem off, and maybe share some war stories about dumb things | bots have done on our behalf. | | Thanks, regardless, for the information you've provided here. | It's interesting. | HugoDaniel wrote: | tptacek wrote: | Are you still trying to make this a thing? I'm pretty sure | it's over. | HugoDaniel wrote: | ad hominem | PragmaticPulp wrote: | > The thread is full of lurid accusations, because those are | fun to write and talk about, but it shouldn't take even a | minute's thought to see how dumb a heist this would have | been. | | Another good reminder that Hacker News is not above assuming | the worst and gathering pitchfork mobs like any other social | media. | | The issue looked like a mistake from the start to anyone | paying attention (committed by a bot, changes were consistent | with a boilerplate LICENSE file being checked in). | | If someone at Microsoft wanted to steal some code, forking it | on Github and then publicly documenting the history of the | code in the most visible way possible would truly be the | dumbest way to do it. | tptacek wrote: | Especially here, when the smoking gun is a change to an | _MIT licensed project_. One of the torch-holding commenters | remarked that developers at Microsoft ought to know enough | about how licenses work to know what a big deal this was. | Physician, heal thyself. | dapids wrote: | It's not just bots, it's real people: https://github.com/mi | crosoft/cups/commit/8100595a3a3a6d5c7d0... | will4274 wrote: | How is this commit in May related to the current thread? | Your post doesn't contain enough information for me to | understand your meaning. | dapids wrote: | ignoramous wrote: | Apparently that's a commit made by a human re-assigning | copyright of a forked FOSS project [0] to MSFT, | presumably without attribution [1] | | [0] https://openprinting.github.io/cups | | [1] MSFT moved attribution to _NOTICE_ file, which is | cleaner, but trips people who aren 't paying attention: | https://github.com/microsoft/cups/blob/main/NOTICE | bayindirh wrote: | > Another good reminder that Hacker News is not above | assuming the worst and gathering pitchfork mobs like any | other social media. | | As a person who read "The Halloween Documents" [0], I think | I have the right to distrust Microsoft on every level. | | I use their hardware, subscribe to their Office suite, have | their licenses for family computers, but they've filled | their "Honest Mistake" quota for me long time ago. | | I wholeheartedly applaud them for acknowledging what | happened and taking preventative measures, esp, on | Christmas, but I can't forgive them for all the thing | they've done in the far and recent hisory. | | [0]: http://www.catb.org/~esr/halloween/ | tptacek wrote: | The obligation you're not living up to is to HN, not to | Microsoft. If you want to participate here, the onus is | on you not to be knee-jerk; avoiding knee-jerkism is the | subtext of like 3/4 of the site guidelines. | bayindirh wrote: | This is veering to the meta, however, one of the best | things came out of my HN experience is how to converse | and discuss better. Actually I strive hard to not to be a | knee-jerk person. I always take my time while writing | something and try to back-up with actual events and/or | facts. | | The point I was trying to make that for companies like | Microsoft, reaching for the pitchfork is not always a | knee-jerk reaction IMHO. For all the things they have | done, my initial reaction is always _Oof, not again..._ , | which is actually sad for a company of this size. | | It's actually unfathomable to me for a company like | Microsoft to not test these flows adequately and allowing | this to happen. | | For a change, I want to see a more open computing | platform, a less intrusive Windows version, or a longer | maintenance window for CentOS, but we all have is a | brawl. | tptacek wrote: | One big clue you have that the reactions here were knee- | jerk is that they all turned out to be totally wrong. | There's a lot of corncob dot gif happening in the | aftermath. | bayindirh wrote: | I'm glad that my assumption proven to be wrong, by | Microsoft itself, nonetheless. However, is being wrong is | always equal to being a knee-jerk? Does the reputation of | the company in question doesn't play a role here? | | Or, shall we be stateless, and evaluate every events | without any prior experience? I don't think that holds a | lot of water in real world, either. | tptacek wrote: | Another clue that it's knee-jerkism is that the | accusations make no sense. It's hard to see what | Microsoft plausibly stood to gain by modifying an MIT | license. I suspect a lot of the accusations here are | being made by people who simply don't know what an MIT | license means. For that matter: even with a restrictive | license like the GPL, it's hard to make sense of this as | a heist, especially since _it 's right there in the | public git log_. | | I don't think it's going to be possible to salvage the | torch and pitchfork comments on this thread. For lack of | a better way to put it: they're pretty dumb. | bayindirh wrote: | > It's hard to see what Microsoft plausibly stood to gain | by modifying an MIT license. | | Actually, not being able to find a plausible gain in five | minutes doesn't automatically clear Microsoft (or any | company) in my mind. From top of my head, I can list | three technologies which I find suspicious in the long | run: LSP, WSL, SecureBoot. | | All in all, I _just don 't trust Microsoft_, and think | about the worst of their actions first. They're the only | company (ORACLE being a firm second) which evoke this | reaction for me, and this their own making over the | years. | | Just because I don't trust a company and assume the worst | of them, and telling this openly makes me a knee-jerk | person, so be it. | | As I said, I'm happy to be proven wrong, but I refuse to | be stateless, and look every action of this company with | completely neutral eyes. | tptacek wrote: | If you don't have anything well-considered to say about | an event on HN, the best thing to do is not to say | anything at all. Believe it or not, your personal | distrust of a giant company isn't all that interesting to | the rest of HN. | J0BC6xEIDNi4 wrote: | I think what he has to say is well-considered, and | interesting. Meanwhile, the fact that you consider | yourself qualified to speak for "the rest of HN" is... | deeply fascinating. | wnevets wrote: | I figured something like this was the cause. I must say I'm | quite disappointed by all of the negative comments before | anyone from MS had a chance to explain what happened. | pjmlp wrote: | Thanks for jumping in and trying to explain what actually | happened. | mrVentures wrote: | Good job owning the mistake and planning to prevent it in the | future. | [deleted] | squidgyhead wrote: | So, you are adding licenses automatically? This seems pretty | risky. Why not just prevent commits that don't have a license? | Shouldn't there be a human somewhere in that loop? | phillipcarter wrote: | Hugs Jeff, keep up the good work and hopefully the rest of your | holidays are a lot more cheerful | gautamcgoel wrote: | A lot of commenters are sharpening their pitchforks, but this | comment, in my opinion, makes it very likely that it was an | honest mistake. Amazing what taking personal responsibility and | earnestly apologizing can do to restore trust and credibility! | beckman466 wrote: | laumars wrote: | If you read the comments, most people believed it was an | honest mistake. What we didn't agree with was that it was an | excusable mistake. Microsoft have since acknowledged it's not | excusable and thus will rectify that error. So as far as I | see it, all parties, both for and against MS, should be | satisfied with the outcome. | HugoDaniel wrote: | ... "honest mistake" ... | | dude read yourself | dang wrote: | Could you please stop breaking the site guidelines? You've | unfortunately been doing it repeatedly in your HN comments. | People are supposed to get the benefit of the doubt here. | | https://news.ycombinator.com/newsguidelines.html | csilverman wrote: | Yeah, I think this is an example of addressing a mistake that | other companies should take note of. I don't trust Microsoft- | sized corporations as a matter of principle, and I don't | typically give them the benefit of the doubt, but when one of | their own engineers explains in human-readable terms what | specifically happened--on a holiday, no less--I'm impressed | enough to believe him. Some PR flack showing up with vague | boilerplate about how Microsoft values the open-source | community and they'll look into it would only have encouraged | more outrage. | | I always appreciate communication that acknowledges I'm a | person, not a data point or a customer. I wish more companies | ditched the greasy PR approach and allowed folks like Jeff to | do their talking for them. | victorvscn wrote: | This shouldn't be a reason to believe Microsoft or any such | company. It's remarkably easy to fake. | | Here's what should be a reason: their history (considering | if they reformed--which anyone paying attention knows | Microsoft has). | | Even that is not 100%. But it should tell you to hold the | pitchforks until the company has a chance to explain | themselves (and whether you should believe the | explanations). | itzprime wrote: | How has Microsoft reformed? Windows 11 is more intrusive | than ever, it changes default programms more frequently | to their desired programms and it is so annyoing to | switch browser. THey still are the same old. | novok wrote: | I think a key reason that corps do try to avoid admitting | fault, is because in a lawsuit that can be used as evidence | for a guilty verdict in a civil lawsuit in some of the most | slam dunk ways. | | If we remove this feature of common law legal systems, I | think you will get far more admissions of fault like this | one. | | If you hurt people, organizations, etc for admitting their | mistakes, they're going to stop doing it. | jdsully wrote: | The key take away is that apologizing and admitting fault | doesn't absolve one of liability. There are a number of | "amnesty" laws on the books where admitting fault can | server to limit or reduce your sentence - especially with | tax issues. I'm not sure how desirable such a thing would | be in civil law among private parties. Especially in | cases where a tort is minor to one party but a big deal | to the other because of disparate wealth. | | E.g. if Microsoft burned your house down would an apology | and explanation be enough to settle the matter? How could | we encode this principle into law for minor things but | not large things? | Debug_Overload wrote: | Is the bar really that low? "This person used human- | readable language and acknowledges that I'm a person, so | it's impressive and all is forgiven"? | | I'm not trying to pull a straw man here but it's really | strange how low the bar is; the PR folks must've been | really busy if they managed to cultivate this level of low- | expectations environment. | laserbeam wrote: | Alright... What is a proper response to an honest mistake | in your book? We have links to a bug, explanation of what | happened, a clear response (that they will check to see | if this happened on other forks), they reversed the | change... | | Unsure why the bar would need to be higher. This is all | reasonable given the circumstances. | robertlagrant wrote: | An engineer who can write straightforwardly is worth 100 | PR people in situations like this. | | They're not paid like that, but they are worth that. | PragmaticPulp wrote: | > makes it very likely that it was an honest mistake. | | I don't have any doubt that it was an honest mistake. They | also took accountability for the mistake, shared their steps | to prevent it from happening again, and they're in contact | with the original repo author directly. | | At this point, anyone digging for excuses to further demonize | Microsoft isn't interested in honest discussion about this | issue. This is a textbook mistake followed by rapid | resolution (on Christmas Day, no less), with great | communication on top. | hawski wrote: | In a way I'm glad that this is not taken lightly. We all need | to be informed and calm, but mega-corporations should be held | to higher standards. They should feel breath of an angry mob | once in a while. I imagine, that if reactions to things like | that would be just "meh, it's probably just a mistake" it | would not be resolved as quickly or it could just be ignored. | But now that it is all cleared up let's go home and Merry | Christmas. | throwaway82931 wrote: | Now, will Microsoft cease violating the copyrights of | everyone on Github via Copilot? | | That the pitchforks have come out for Microsoft should come | as no surprise to anyone. | novok wrote: | Lets also get rid of web search engines while we are at it, | or transparent caching CDNs /s | throwaway82931 wrote: | Web search engines claim fair use for snippets, and MS | claims fair use for Copilot. However, a web search engine | result page is only an aggregate of the excerpted pages, | and it refers back to them; unlike software authored | using Copilot, it does not draw those snippets together | into a coherent purposeful whole, strip all reference to | the original author. and claim complete originality. | | That MS went ahead with training Copilot on open source | code authored by people who are clearly not OK with it is | why they are so short on goodwill. | tptacek wrote: | It was obviously a mistake. Still nice to have someone | involved give the backstory. | sharken wrote: | Yes, very nice writeup from Microsoft. | | Had a similar experience with AzureCli v2.30, where the | environment variable to ignore certificate errors suddenly | did not work anymore. | | It turned out it was removed but there was no mention of it | in the release notes. | | On the GitHub page quick response was provided by | Microsoft. | rdl wrote: | Thank you for showing up on Christmas to address this. Have a | great holiday! | smnscu wrote: | Feels like the reverse Streisand effect at play here; a high- | profile minor fuckup that helps popularize a positive thing. | This was fun to meme on, but I'm glad Microsoft appears to be | on an upward slant ethically. It also makes me more comfortable | being a Microsoft customer. | filomeno wrote: | Do you mean it was done on purpose? Coming from Microsoft one | would never know... | giancarlostoro wrote: | Thank you for the full transparency, sadly we may hear for | years of people saying how Microsoft blatantly ripped off | someone else's copyright, but that's probably okay, those | people probably wouldn't use your projects for whatever reason | anyway, when in fact it was a bot meant to keep you guys from | releasing code prematurely without a reasonable license to | begin with (at least that's what it sounds like?). | explaingarlic wrote: | Very nice to see someone take ownership of a problem. Thanks | Jeff :) | snthd wrote: | Please consider | https://github.com/microsoft/azuredatastudio/issues/102#issu... | | >SQL Operations Studio was built on the back of many open | source projects that all use the MIT License for a reason: it's | the right way to keep moving the community forward, empowering | your users to do cool stuff and build useful things for the | community. | | >We're just asking SQL Operations Studio to use the same | license that Visual Studio Code does. | andrei_says_ wrote: | Thank you for taking responsibility for this and for the | transparency. | | It is good to be reminded that care and integrity can exist, | even in large corporations. | severino wrote: | > It's code that I wrote to try to prevent other problems [...] | | Don't worry, man, nobody expects people from Microsoft to write | code that behaves as intended. Merry Christmas. | akyoan wrote: | dang wrote: | You broke the site guidelines so badly and so repeatedly in | this thread that I've banned the account. If it were just a | question of a single thread, I'd put it down to going on tilt | (which happens sometimes), but you've also been breaking the | guidelines egregiously in other places too. | | If you don't want to be banned, you're welcome to email | hn@ycombinator.com and give us reason to believe that you'll | follow the rules in the future. They're here: | https://news.ycombinator.com/newsguidelines.html. | | We detached this subthread from | https://news.ycombinator.com/item?id=29683556. | zenexer wrote: | It doesn't matter that it was an accident; it's still a serious | issue that needs to be corrected and deserves an upvote. It's | also quite curious, and I appreciate hearing about the | incident. | | Incidents don't need to be malicious to be newsworthy or | intriguing. | akyoan wrote: | bayindirh wrote: | Eh, considering Microsoft made similar "harmless" mistakes | in the past, I don't give them "harmless mistake" credits. | | e.g.: Anyone remembering AppGet? [0][1] | | [0]: https://www.theverge.com/2020/5/28/21272964/microsoft- | winget... | | [1]: https://www.theverge.com/2020/6/2/21277863/microsoft- | winget-... | akyoan wrote: | bayindirh wrote: | > Do you have brain? | | Just tapped to my head, looks like there's one. | | > Leave a message when you realize that forking a repo on | GitHub is not the same as publishing a copy under your | name. | | First, you send me a message when you realize you can't | just change an MIT License's copyright line as you see | fit, then we can discuss the rest. | | Also, milking knowledge from someone with an implicit | promise of hiring, and re-implementing the software and | tossing the original developer aside like an orange pulp | is nowhere ethical. | anonymousab wrote: | Bot-driven crimes would be crimes nonetheless. | [deleted] | kstrauser wrote: | - You're at work looking for an appropriately licensed | library to do X. | | - You find one with an MIT license and use it. | | - Oops! It was really GPL and now you have some undesirable | options to face. | | Microsoft's had a few "accidents" lately that remind me too | much of their old war on the GPL. | feanaro wrote: | The mistake is not harmless. Corporations don't get to hide | behind their bots' mistakes. Microsoft needs to reverse the | change, explain why it happened and implement precautions | so it doesn't happen again. | coliveira wrote: | You wouldn't believe how long "harmless mistakes" are | maintained without correction, as long as they're | benefiting a big company. | luckylion wrote: | How often did the bot make the same mistake? In how many of | those cases does Microsoft now assume they have copyright | and make their army of lawyers enforce it? Are you willing | to go up against Microsoft in a court, rolling the dice? | Crosseye_Jack wrote: | Problem is in a world of moderation actions being taken by | bots and not humans often the only way to get a human to | review its decision is to raise awareness on social media | like HN. | | How often have we seen closed accounts getting resolved | after complaining about it on HN/Twitter/Etc. | | I'm not saying tha to how it should be, just what it's | become. | AdrianB1 wrote: | How about stop blaming the bots and take responsibility? | The bots have none, the humans behind the bots have full | responsibility. | frob wrote: | Bots don't steal licenses; people who program bots steal | licenses. | | It's the latter action that's being addressed here. | akyoan wrote: | xigoi wrote: | If I accidentally write a program that deletes all files | on your computer, are you not going to hold me | accountable? | Aperocky wrote: | That just meant Microsoft have done many more of this? Wouldn't | it make it worse? | | Intentional, manual or not, projects are now attributed to | Microsoft when they should not. | jwsteigerwalt wrote: | ghjklpoiuy wrote: | [deleted] | Tepix wrote: | I don't think that just because some "bot" did this Microsoft is | to be excused. Someone decided that using a piece of software to | automatically alter license files. This is a genuinely stupid | idea. And they already fucked up in the same way with the CUPS | project. Will they learn without someone taking them to court | over this? I don't think so. | nickelpro wrote: | The bot's job was to get MS-originated repos onto the correct | standard license for MS open source code. That forked repos got | their license changed is an unintentional bug, not something | anyone "decided" to do. | CameronNemo wrote: | An unintentional bug that keeps happening. The correct | remediation is to disable the bot or feature until it stops | violating the law. | wutwutwutwut wrote: | > Will they learn without someone taking them to court over | this? | | Only on hackernews I see this level of crazyness. You need to | reduce your caffein intake drastically. | dang wrote: | This sort of attack will get you banned here, regardless of | how right you are or feel you are. If you'd please review | https://news.ycombinator.com/newsguidelines.html and stick to | the rules when posting here, we'd appreciate it. Note this | one: | | " _When disagreeing, please reply to the argument instead of | calling names. 'That is idiotic; 1 + 1 is 2, not 3' can be | shortened to '1 + 1 is 2, not 3._" | | and this one: | | " _Please don 't sneer, including at the rest of the | community._" | genesor wrote: | People on HN are completly crazy and uneducated... Whenever | there is something like this you can be sure you will find | hundreds of insulting or mean comments on the commit or PR... | It gives a really bad image of the community. | dang wrote: | This sort of name-calling breaks the site guidelines badly, | regardless of how right you are, or how superior you feel | to the rest of the community. If you'd please review | https://news.ycombinator.com/newsguidelines.html and stick | to the rules when posting here, we'd appreciate it. | misnome wrote: | I think people should be as forgiving as Microsoft would be if | someone "accidentally" changed the licence of Microsoft | software and started distributing it. | doubled112 wrote: | My copy of Daz's Windows Loader accidentally activated my | Windows pre-upgrade. | | It was just accidentally run in a script. No worries right? | nexuist wrote: | I don't know what point you're trying to prove here, since | I don't think I've ever heard of Microsoft suing | individuals for illegal Windows keys and certainly not in | the past 10 years. If you start an LLC and attempt to | commercialize on piracy then you'll probably get sued, but | regardless they are a lot more lax than, say, Oracle on | this issue. | IgorPartola wrote: | FWIW it does look like a bug in a bit and not company | policy to me. But having said that the equivalent | situation would be some _larger_ than Microsoft copying | their work. For example the US Federal government | distributing Windows under the MIT license. | rvba wrote: | 1) bot changes license | | 2) bot2 takes data for copilot | | 3) we are "sorry" for bot 1 | | 4) bot2 took data | [deleted] | helsinkiandrew wrote: | How did it used to go? | | Embrace, Extend, and Extinguish | | But now not even bothering with the extend. I'd guess this is a | mistake of some kind. | [deleted] | implements wrote: | Dismiss, Embrace, Extend and Extinguish - if I remember the | early histories of Netscape and Java accurately. | 3np wrote: | So sure, this is far from a good look. But the verdict is still | out on if it is an unfortunate mistake or malicious. | | It's far from the first time I see this kind of reaction and, | IMO, rather than everyone spending time on piling on the | flamewar, how about opening the door for MS to set this straight | and do the right thing? Assume good faith even if you personally | don't sincerely believe it? Give them an easy way to save face | and present a plausible narrative rather than having everyone dig | their trenches deeper? If you'd prefer MS not to screw people | over, it helps no one to solidify them in doing just that. | | Already so many people shouting "YOU ARE THE DEVIL", not one | going "hey, looks like this is a mistake, let's sort it out". IMO | the latter is more constructive. It's almost as if people _want_ | Microsoft to do bad things. Remember it 's a huge organization | with all kinds of people and ideologies internally. It's too | early to tell which way the individual behind this particular | change is leaning. | | It took me all of 1-2 minutes to make this PR[0], probably less | than any of the meme pictures in that commit thread. Let's see | how it goes. Last time it went through[1]. | | [0]: https://github.com/microsoft/grpc_bench/pull/1 | | [1]: https://github.com/dotnet/sdk/pull/22262 | | EDIT: ...And, it's merged. I'm assuming the rest of the affected | repos will be fixed as well and an apologetic blog post issued by | Monday. Anyone who feels that's too long time can always open | corresponding PRs instead of wasting their time by replying to | this with how that's not our job. Happy holidays. | 3np wrote: | Another aspect of this: Rejecting such a change, or | indefinitely leaving it hanging as open, is a _much_ worse look | than simply ignoring all the complaints (which is already bad | enough but has more plausible deniability). Providing a ready- | to-merge PR is effectively pushing them to take a public | stance. | goodpoint wrote: | Reminder: if you want to protect your software or your community | from similar issues you can use [A]GPL and let Free Software | Conservancy handle any legal battle on your behalf: | | https://sfconservancy.org/copyleft-compliance/ | rdpintqogeogsaa wrote: | I observe some confused comments on this page that seem to argue | that the MIT license doesn't come with a requirement to keep the | copyright line intact (which is demonstrably false, you don't get | two paragraphs into the license without finding the attribution | requirement). | | The part that caught my interest is: How many people consciously | picked the MIT license when they actually meant a non-attribution | license? | throwaway2037 wrote: | I like your last question. Can you give an example of a "non- | attribution license"? | rdpintqogeogsaa wrote: | If you're attached to your copyright: 0-clause BSD is a thing | that exists[0]. Toybox uses it. | | If you want to throw your copyright out the window: The | commonly accepted solution seems to be CC-0[1], which tries | very hard to disclaim rights and limit liability in as many | jurisdictions as possible, complete with a fallback license | grant for failed public domain dedications. Because CC-0 | makes some people uncomfortable despite the lengths it goes | to reach its goals, some projects work with dual-licensing to | cover the other side, such as Monocypher. | | Neither of them address patents. If patents are something you | want to/need to address, you could perhaps paste the patent | clause from BSD-2-Clause-Patent onto 0-clause BSD. | | See also the discussion on [2,3]. | | [0] https://spdx.org/licenses/0BSD.html | | [1] https://spdx.org/licenses/CC0-1.0.html | | [2] https://en.wikipedia.org/wiki/Public-domain- | equivalent_licen... | | [3] http://landley.net/toybox/license.html | redthrow wrote: | I wondered why more FOSS projects aren't using CC0 instead | of "permissive" licenses like MIT, considering a lot of | folks who work in FOSS are against copyright/software | patents system in general, and most of them don't really | seem to care about attribution. | | People who release code under MIT not only won't/can't take | legal action but they probably won't even bother writing an | email to the person who they believe violated the | attribution part. | numpad0 wrote: | Because permissive licenses promote proprietary use cases | and that's not what FOSS movement aims to achieve. | redthrow wrote: | MIT doesn't promote proprietary use cases any more than | CC0. | | I do (somewhat but not really) get why people use GPL but | that's another story. Here we are only talking about | people who use MIT instead of CC0. | TrueDuality wrote: | I think most people explicitly choose MIT for this. It's a very | very free license, allowing you to do pretty much anything you | want with the code. Among the opensource developers I know the | one thing they consistently care about is attribution for the | work they've done for free. | axiosgunnar wrote: | Sure this might be an innocent mistake, but if you were to | infringe a nanometer on Microsoft intellectual property, never in | hell would they be like ,,oh an innocent mistake, we don't sue | you into oblivion then!" | ramsundhar20 wrote: | Is this the commitment, Microsoft shows towards Open source. | Things never change. | gjs278 wrote: | iamleppert wrote: | Tyriar wrote: | MS dev here. I contacted the internal repo owners to bring this | to their attention, people may be out for the holidays but I | expect it to get fixed up soon. | bennyp101 wrote: | Could be it got caught by mistake? | | I know I can run "Update Copyright" on my projects in JetBrains - | could just be an innocent mistake that hit the wrong folder. | | I know everyone jumps on the big corp as everything they do is | intentional, but it's the holidays, someone was doing a bit of | work, maybe not fully concentrating and hit push. | | Seeing how quickly this was plastered everywhere, and the | responses to it, do you really, like REALLY think that this is a | deliberate play? | rolph wrote: | exdsq wrote: | It's fixed | | https://github.com/microsoft/grpc_bench/pull/1/commits/30561... | noodlesUK wrote: | This is a clear violation of the MIT License. MSFT can and should | get in hot water over this. The copyright doesn't belong to them, | just a license to use the software. | alkonaut wrote: | They'll be in hot water on social media because of a the | automation mishap. Then it'll be corrected. There will be no | legal hot water. | sandworm101 wrote: | "You haven't changed at all. You're still evil. And when you're | trying to be good you're even more evil!" - LS | phkahler wrote: | franky_g wrote: | Ok Jeff | | We forgive you... | | ;) | bmitc wrote: | What's surprising to me about all the negative reactions | Microsoft receives, especially on here, is that from my point of | view, they are currently the most open out of all the big | companies (Google, Facebook, Apple, etc). I cannot remember a | time Apple has admitted to anything or made any effort to have | anything that could be considered open, but they do no wrong in | most people's eyes, where even a simple mistake by Microsoft gets | turned into some nefarious narrative. | peakaboo wrote: | Yes they are still working on world domination and needs to act | kind and responsible, unlike Google and Apple that is ahead of | them. | | If Microsoft had the most popular search engine and the most | popular mobile operating system, they would be gathering all | our data and putting ai robots to answer our questions. | | These big tech companies do not have the best interest of us in | mind. They are a force for centralization of power into the | hands of billionaires. | | It doesn't have to be this way but it requires users to smell | the coffee and want another Internet and another big tech | industry. | throwaway82931 wrote: | Barrin92 wrote: | what surprises me the most about Microsoft related hate is | that, despite the fact that they had (still have pretty much) | control over the OS market they never locked their system down | or charged people in any capacity. | | People take it for granted that you can just run what you want | on your windows machine but they could have turned it into | smartphone style locked down system. Imagine if every app | developer in history had to fork 15-30% of their sales over to | Microsoft just for building on Windows, they could have made a | trillion bucks or something. | viraptor wrote: | While it's not locked, they're certainly pushing you that | way. For example the only built-in installer for VS projects | right now essentially gives you a choice of either a plain | directory of files, or a nice process to release to the | windows store. Want a simple MSI/installer - deal with the | pain yourself. | | Once you do try to distribute your own app, you need to shell | out >$200/yr for code signing certificates which pass the | smartscreen filter, otherwise your app will be randomly | prevented from running. | | And other issues... With every version things get just a tiny | bit more inconvenient for out-of-store software releases. | Mikeb85 wrote: | They didn't do it because regulators were already on them, | hard. They literally funded Apple to try have a competitor so | they wouldn't be broken up. A judge did, at one point, rule | that they should be broken up anyway. | emodendroket wrote: | Well we're all just lucky nobody had thought of that yet. | bayindirh wrote: | > they never locked their system down | | Oh, they wanted to do it badly, since 1999. See the Bill | Gates' memo on the issue [0]. | | [0]: http://antitrust.slated.org/www.iowaconsumercase.org/011 | 607/... | dang wrote: | We detached this subthread from | https://news.ycombinator.com/item?id=29685852. | Kye wrote: | Releases of all open source things Apple uses, by OS: | https://opensource.apple.com/releases/ | | These mostly link to repositories under one of their GitHub | organizations: https://github.com/apple-oss-distributions/ | | Apple's open source projects: | https://opensource.apple.com/projects/ | | Which mostly link to repositories under their main GitHub | organization: https://github.com/orgs/apple/repositories | glandium wrote: | Note these are thrown-over-the-wall source dumps, with no | valuable VCS history, nothing more recent than at least 2 | releases ago, and sending a PR will likely only receive | crickets (said as someone who recently found an easily | patchable bug in dyld, contemplated the idea of opening a PR | and was told by an ex-colleague who now works at Apple that | my best shot would be through feedbackassistant.apple.com). | | BTW, those repos don't take issues. | dapids wrote: | I just got a security bug fixed last month in dyld in one | release cycle. Didn't strike me as difficult. I emailed | them, and they fixed it. Not much more to add then that. | Have you actually tried? | | Also dyld isn't just some thrown-over the wall code. It's | completely designed and built by Apple and is the | cornerstone to making the user-space runtime functional. | glandium wrote: | All the code designed and built by Apple is thrown-over- | the-wall. That's old-version-of-source-available, barely | open source. | | I tried emailing ld64's author about a bug in the past | without success. I don't remember how I found their | name/address back then, but I sure can't find any names | or contact information for dyld right now... | dapids wrote: | What on earth are you talking about? ld64 is a completely | different beast than dyld in today's world. | | Also, I'm not sure looking for individual points of | contact in a large org is the best idea. I emailed | security@apple.com. Even if it's not a security bug they | will help direct you to the right team. | | Again, have you even tried? | glandium wrote: | > What on earth are you talking about? | | I'm talking about trying to contact people at Apple about | bugs in their "open source" code. | | Why would I send an email to security@apple.com for | something that is not a security issue? | | > Again, have you even tried? | | Yes, I tried for ld64 in the past, and I tried through | what I was told had the best chances to work by an Apple | employee this time for dyld. I'm not holding my breath, | though. | filomeno wrote: | simfree wrote: | Saas like Office 365 seems to be Microsoft's current flavor | of proprietary, closed software moving forward. | | MS has released some quality open source code, there are many | organizations running fully open source stacks atop Dotnet | Core, in our case atop Debian and Postgres. Microsoft makes | no money off use cases like this (beyond hopefully selling | Azure VMs) | afiori wrote: | Chrome is not open source, Chromium is. | baumatron wrote: | Edge is released as open source in literally the exact same | way Chrome is. Microsoft is a Chromium stakeholder and | contributor as well. | Mikeb85 wrote: | Please, Google contributes far more to open source than both. | Between Chromium (which seemingly most other browsers are based | on now as well as things like VSCode) to Android, GSoC, Golang, | Dart/Flutter, the Linux kernel and a bunch of other random | stuff, Google has probably done as much or more for the open | source ecosystem than pretty much anyone. | | Pretty much MS' only useful contributions to open source are | from MS Research, everything else feels like a Trojan horse, | designed to make you like them and then lock you in to | something proprietary later. | | Lots of plugins don't work on open-source VSCode, they tried a | bait and switch with .NET features, Windows 11 has a bunch of | anti-patterns, GitHub is being dodgy about how they train | Copilot, etc... | thisoneistheone wrote: | neatze wrote: | Google also contributes substantially to coreboot, I would | not be surprised if Microsoft started working in open source | because of google. | sangnoir wrote: | > ...from my point of view, they are currently the most open | out of all the big companies (Google, Facebook, Apple, etc) | | I'm curious to know how you're measuring openness. I agree | Apple is the least open of the group, but Facebook and Google | owe their existence to FLOSS, and were always in harmony with | it from their origins. | billti wrote: | But is Facebook the product or it's social/recommendation | algorithms open source? Is Google's search engine or ad | platform open source? | | Companies are open source where it's of value to them, but | they don't give away the family jewels if they can help it. | dapids wrote: | Literally half the operating system is open source macOS, they | have an entire site dedicated to it. opensource.apple.com. | | Oh and don't forget googles ridiculous amount of effort poured | into Android open-source source tree, just to name one of many. | | I honestly can't tell if you are trolling here or not. | [deleted] | alsetmusic wrote: | > I cannot remember a time Apple has admitted to anything or | made any effort to have anything that could be considered | open... | | This was a while back, but Tim Cook apologized[0] after a | poorly received rollout of Apple Maps. That said, I applaud | this response and agree that more like it is needed across the | industry. | | [0] https://techcrunch.com/2012/09/28/tim-cook-apologizes-for- | ap... | DistractionRect wrote: | Perhaps I'm the one misinterpreting your comment, and the | others have it right. | | I'm assuming you mean open as in communication. Apple basically | is a stone wall, facebook just spouts empty platitudes, google | processes are opaque and unyielding (unless you know a someone | or raise a massive community response on social media), but | Microsoft continues to be staffed by humans. | | They aren't a shining pillar of FOSS, but they've taken some | good steps in the right direction in the past few years. And of | all of them, user feedback, support, and escalation seems to | still be handled by people instead of algorithms | robertlagrant wrote: | Google contributed the enormous k8s to the community, which has | thankfully made Microsoft's proprietary Service Fabric mostly | go away. | | Apple have caught huge flak recently e.g. for the phone-local | image scanning software. | zekrioca wrote: | Although Google was the one which prepared it for production | before its releasing, k8s originated from academia (more | precisely, University of Massachusetts Amherst). | | Ps.: check follow up comments. My comment in here is wrong. | jsnell wrote: | Do you have a source for that claim? | zekrioca wrote: | My mistake. One of its founders has a PhD from there | (thus my mistake), but k8s was actually created while he | was working at Google, after his PhD (which has nothing | to do with k8s..). | zekrioca wrote: | [1] https://kubernetes.io/blog/2018/07/20/the-history-of- | kuberne... | novok wrote: | Apple is active in their OSS work although, if you go look at | their OSS project forms and such. Look at webkit, swift, etc. | brisad wrote: | Since they also removed a full stop at the end... | | What is the point of using all caps? For me it makes legal texts | like these really annoying to read. I'm not a native English | speaker, is that really correct English writing? Aren't there | clear rules when to use capitalization? Like, at the beginning of | sentences. Feels like they are abusing the language. | | Can they just lower case the paragraphs, to make things more | convenient to read? Or does that change the legal meaning? For me | it would feel like they would stop screaming :-) | brianwawok wrote: | https://www.termsfeed.com/blog/all-caps-legal-agreements/amp... | | It's legally important | feanaro wrote: | Your text says it's not. What's legally important is to make | certain parts of the text _conspicuous_. | | Using all-caps is one way of achieving this, but there are | other options, such as using a different typeface, font size | or colour. | numpad0 wrote: | BUT ALL - CAPS TEXT IS EASIEST AND AT LEAST TO ME SOUND | RIGHTEOUS ENOUGH. I THINK THIS IS A CLASSIC CASE OF QUOTE | IT AIN'T STUPID IF IT WORKS END QUOTE. | Ensorceled wrote: | How do you use a different typeface in a plain text file? | rdpintqogeogsaa wrote: | _Disclaimer_ : I am not a lawyer. The following is not | legal advice and, in particular, has not been tested in | court to the best of my knowledge. | | You can't use a different typeface, font size or color in | a plain text document. That does not mean you have no | options. The criterion is that it is "written, displayed, | or presented that a reasonable person [...] ought to have | noticed it." | | Consider the following: Nihil harum | autem impedit commodi ut occaecati. Nihil | quisquam ab molestiae veritatis consectetur. Quis | molestias sunt facere tempore est. Eum quia | quisquam veritatis illo minus sint atque ipsa. | Omnis optio ducimus minus nemo non deleniti | voluptas. Blanditiis nisi eum eum beatae fugit | delectus. Optio neque sed nostrum veniam eos. Culpa ut | no- bis rem est dignissimos est eum sed. | Occaecati dignissimos eveniet odit aut est ipsum | minus nisi. | !! IMPORTANT !! | DISCLAIMER OF WARRANTY | The software is provided "as is", without warran- | ty of any kind, express or implied, including but | not limited to the warranties of merchantability, | fitness for a particular purpose and noninfringe- | ment. In no event shall the authors or copyright | holders be liable for any claim, damages or other | liability, whether in an action of contract, tort | or otherwise, arising from, out of or in connec- | tion with the software or the use or other deal- | ings in the software. | Unde sint ab qui ut. Debitis qui deserunt fugiat aut | nihil impedit vel saepe. Et ad voluptas quia. | Omnis libero ni- hil perferendis aut ab. | Illo et neque voluptatibus. Et animi consequatur | enim eius aut at veritatis. Modi error a ratione | tempore velit inventore. Accusantium accusantium | et quam quis nemo id. | | This seems rather noticeable to me, gets to the point, | and is considerably more readable. | | By using the all-caps sparingly, we've made way to draw | attention to the heading, then offset the passage with | large amounts of whitespace to draw attention to the | passage itself. At the same time, this keeps readability | of the actual text that you want people to read. | garaetjjte wrote: | Arguably all-caps is harder to read, making these clauses | less conspicuous. | kube-system wrote: | "Easy to read" is not part of the criteria. The definition | is explicit. | | > "Conspicuous", with reference to a term, means so | written, displayed, or presented that a reasonable person | against which it is to operate ought to have noticed it. | Whether a term is "conspicuous" or not is a decision for | the court. Conspicuous terms include the following: (A) a | heading in capitals equal to or greater in size than the | surrounding text, or in contrasting type, font, or color to | the surrounding text of the same or lesser size; and (B) | language in the body of a record or display in larger type | than the surrounding text, or in contrasting type, font, or | color to the surrounding text of the same size, or set off | from surrounding text of the same size by symbols or other | marks that call attention to the language. | [deleted] | vegetablepotpie wrote: | Apparently it comes from commercial codes from the '50s, which | says that important text must be _conspicuous_ [1] | | Conspicuous could mean all caps, contrasting text, or different | colors. My guess is that CAPITALIZATION was used because most | typewriters at the time could do caps, whereas doing different | font sizes, colors, bold would have required a special | expensive machine. When technology evolved, lawyers being | process oriented creatures, stuck with all caps because it was | the way things were always done, and therefore safe to do. | | [1] https://www.termsfeed.com/blog/all-caps-legal-agreements/ | stillicidious wrote: | Someone has pushed a button and it's run the equivalent of | cookiecutter on the repo. | | Original author could send a DMCA, or they could simply enjoy | Christmas and assume a ticket will undo this sometime in January. | radicalbyte wrote: | This, the reason why we have the DMCA is to protect copyright | holders, now the copyright holders should exercise their right. | uda wrote: | What? no, this goes entirely against the idea of laws. | | Copyright laws have one major purpose: protect the right | holders. It does so by giving them tools to mitigate their | loses by deterring people from infringing. | | If a right holder has to invest more time in complaining on | people about infringement than actually having time to do | other stuff, like creating, then we've got it all wrong. | noodlesUK wrote: | The relevant Reddit thread also points out that MSFT has | illegally relicensed Apache licensed Apple software in the same | way. Apple is very litigious... | | https://github.com/microsoft/cups | ognarb wrote: | I created an issue in the original cups repo: | https://github.com/OpenPrinting/cups/issues/315 | bayindirh wrote: | I was contemplating a PR with original license, but your | course of action is much better. | 88j88 wrote: | I guess this is grounds for a valid DMCA take down? They are | obviously breaking license agreement, effectively stealing | copyrighted software. | noodlesUK wrote: | It looks like Jeff Wilcox who seems to be in a decision making | position about this has addressed this (on Christmas no less), | and I think whilst this is bad and definitely violating, I | don't think there was any ill intent, and I hope we can all put | the pitchforks down for a while. | TedShiller wrote: | Microsoft | abhishekjha wrote: | Hey, why are the comments repeating on the page? Is this a UI | bug? ___________________________________________________________________ (page generated 2021-12-25 23:00 UTC)