Microsoft: Sorry we used GPLv2 code illegally

Microsoft tonight issued an update on the reports that the company used open source code in their Windows 7 USB/DVD tool, illegally.

Neowin originally reported earlier this week that Microsoft had pulled the tool after complaints by Rafael Rivera over some of the content of the Windows 7 USB/DVD download tool.

Microsoft issued the following statement regarding the reports:

After looking at the code in question, we are now able to confirm this was indeed the case, although it was not intentional on our part. While we had contracted with a third party to create the tool, we share responsibility as we did not catch it as part of our code review process. We have furthermore conducted a review of other code provided through the Microsoft Store and this was the only incident of this sort we could find.

Microsoft also confirmed it will be making the source code as well as the binaries for the tool available next week under the terms of the General Public License v2. The software giant also said sorry, stating "we apologize to our customers for any inconvenience this has caused." The tool allows end users to upgrade to Windows 7 in an easier way.

Report a problem with article
Previous Story

Microsoft Office 2010 beta build leaks

Next Story

Google Chrome OS to launch within a week?

70 Comments

Commenting is disabled on this article.

I just read that Xbox article about Microsoft stepping up their efforts on "piracy". Isn't this rather hypocritical of themselves. Its not like this is the first time either.

All I care about is that they did the right thing to rectify the situation and that the tool is again available for downloading. I really hate doing it the long way, this just makes it easier/faster to make whatever image I need when I need it. Too bad Technet subscriptions are not free.

I find it rather sad people actually go deconstructing binaries just to see if GPL code is used so they can raise a fit.

Does the open source community have anything better to do with their time?

So if you made something and released it, say you had two licenses, one was GPL free for use so long as people gave the source away of modifications and the other was commercial (say your source of income) and all the companies silently used the GPL version without releasing the source code; what'd you do?

Well nothing I guess because you'd be dead from not being able to afford food.

microsoft is huge.... why'd they outsource?
i don't trust outsiders..... after they borked up my servers and caused a 4 day down time......

In order to grow your developer base, and yes, most of them are outside of MS, there has to be trust. MS trusts things to it's partners etc, this time it just had a road bump.

mocax said,
microsoft is huge.... why'd they outsource?
i don't trust outsiders..... after they borked up my servers and caused a 4 day down time...... :(

Yeah, outsourcing can go pretty badly. I've been there too. But I'm sure Microsoft has relationships with these third parties that allows them to have more involvement in things or better treatment. Of course as is evident here, that can still go awry... LOL

how can you tell GPL code is GPL code unless you know that it's GPL code? My point is that code reviews are cool, but they cannot catch things that the reviewers don't know to look for. And it's impossible for anyone to be familiar with every piece of GPL'd code out there, and it's impossible to build a database of such code. The best way to handle it was the way that they handled it. Someone found the error, told MS, and MS became compliant by releasing the code.

Strike X said,
how can you tell GPL code is GPL code unless you know that it's GPL code? My point is that code reviews are cool, but they cannot catch things that the reviewers don't know to look for. And it's impossible for anyone to be familiar with every piece of GPL'd code out there, and it's impossible to build a database of such code. The best way to handle it was the way that they handled it. Someone found the error, told MS, and MS became compliant by releasing the code.

Because part of the GPL license for GPL code is that you include the GPL license with the GPL code, so the GPL code is known as GPL code.

Unless the 3rd party dev who made the tool left the GPL license out of that piece of code so that MS didn't know? If all you do is use just part of something GPL'd but not all of it, leave out the license info, then what Strike X is saying is a very valid point.

Strike X said,
how can you tell GPL code is GPL code unless you know that it's GPL code? My point is that code reviews are cool, but they cannot catch things that the reviewers don't know to look for. And it's impossible for anyone to be familiar with every piece of GPL'd code out there, and it's impossible to build a database of such code. The best way to handle it was the way that they handled it. Someone found the error, told MS, and MS became compliant by releasing the code.

Good point. Who knows how this third party revised it... They could have removed any comments the GPL Developer had put in, the license, etc. Considering Microsoft didn't actually work on the code, and didn't know what it looked like at the onset (Or what was copied into it), I don't know how they could know...

GP007 said,
Unless the 3rd party dev who made the tool left the GPL license out of that piece of code so that MS didn't know? If all you do is use just part of something GPL'd but not all of it, leave out the license info, then what Strike X is saying is a very valid point.

You are required to include a notice/copy of the license. Either the third party failed to do this (and thusly also violated the license terms), or they did have a copy of license.txt in there, but Microsoft failed to notice it.

BANNED!

didn't MS get caught before using a fake signature key too?

Nice how the big dogs can break the law, and say im sorry and its all OK. we get jipped our $60, and get crippled xbox functionality along with no live access.

Ruciz said,
BANNED!

didn't MS get caught before using a fake signature key too?

Nice how the big dogs can break the law, and say im sorry and its all OK. we get jipped our $60, and get crippled xbox functionality along with no live access.


Wtf are you talking about? Wrong topic lol?

You only lost your Xbox Live Access because your Xbox was modified and you were playing pirated games. If on the other hand your Xbox was not modified you can contact them and have the ban lifted. Don't play pirated games, especially on Xbox Live and especially before they are released.

cerealfreak said,
You only lost your Xbox Live Access because your Xbox was modified and you were playing pirated games. If on the other hand your Xbox was not modified you can contact them and have the ban lifted. Don't play pirated games, especially on Xbox Live and especially before they are released.

Yeah. The ban seems fair...

Not that the OP had anything to do with the article...

Shadrack said,
-1 for only doing it because they were caught.

You can say the same thing for Google Chrome, that thing had a license that says they OWN your browsing data, until they got caught.

The only difference is, Google Chrome invades privacy. The Windows USB Software does Not.

Shadrack said,
-1 for only doing it because they were caught.

Well, if they weren't caught they wouldn't have even known... They found out and resolved it... Seems fair...

"Less expensive" you think all this hoopla was cheap? They really should have just chucked the tool, it's just not worth the effort for them to get involved with a viral license like GPL.

stgeorge said,
"Less expensive" you think all this hoopla was cheap? They really should have just chucked the tool, it's just not worth the effort for them to get involved with a viral license like GPL.

The only "expenses" are directly tied to the fact that the license was not followed.

Gee. Same as if I illegally distributed copies Windows and got my chops busted over it.

Using terms like "viral" tells me you are in the same court that loves to use terms like "a cancer" and "un-American". In other words, not open to reason.

markjensen said,
The only "expenses" are directly tied to the fact that the license was not followed.

Gee. Same as if I illegally distributed copies Windows and got my chops busted over it.


Well, considering that violating the GPL is illegal, Rafael broke "the law" by reversing the code. I don't see how people can complain about one and not the other.

iamwhoiam said,
Well, considering that violating the GPL is illegal, Rafael broke "the law" by reversing the code. I don't see how people can complain about one and not the other.

Are you making up laws here?

What law is being "broken" by reversing [sic] (did you mean reverse engineering?) the code? Copyright law exists. EULA violations (such as for some agreements that include this) are just that. An EULA violation. A matter of civil interest at best.

markjensen said,
Using terms like "viral" tells me you are in the same court that loves to use terms like "a cancer" and "un-American". In other words, not open to reason.

Yeah. Like Richard Dawkins!

Wonder why they contracted a 3rd party to write the software? I would think Microsoft would have enough resources in-house to do it :P.

Microsoft's full-time software developers are mostly assigned to product group. Other parts of Microsoft (such as the Microsoft Store) generally turn to contractors. Even apart from software development tasks, Microsoft outsources a huge amount of work to fulfillment companies, contractors, temp agencies, and other vendors. These people all act like part of Microsoft as far as the average consumer can see. This is fairly common at all large companies, but it's extremely common at Microsoft.

Chris said,
Wonder why they contracted a 3rd party to write the software? I would think Microsoft would have enough resources in-house to do it :P.

To lay blame to others, rather than Microsoft themselves.

Amodin said,
To lay blame to others, rather than Microsoft themselves.

Don't get too excited. Read the article again.
Microsoft shared the blame, they did Not pass the blame. It's fair.

I'm impressed.

X Employee using GPL and Microsoft publishes software unaware.
Y find GPL code, MS informed / finds out - pulls software & investigates
Ms gets all the info, will release gpl code asap (along w/ tool)

ricknl said,
Haven't you read the article? It was not a Microsoft employee who developed it. They had outsourced it to a third part.

A third party that I'll bet it hurting now... lol

Considering that code is probably not from somewhere else, they will never release that.

Although, they have released portions of the code in the past if necessary.

Please, if people really wanted to improve Microsoft software they'd do the same thing as the KernelEx team did with Windows 98. People only want their source so they can get the OS for free.

java2beans said,
Hmmm....I wonder what would it take for Microsoft to release Windows 7 source code?

ReactOS is probably closest you'll get but either way Microsoft have all their own licenses and protection for Windows as they've coded and developed it themselves internally. It's not public general use or open software.

java2beans said,
Hmmm....I wonder what would it take for Microsoft to release Windows 7 source code?


Don't kid yourself, they'll be releasing the source for this utility because it's ultimately of no consequence to them.

As for as releasing the source for Win7...I guarantee you that Microsoft would instead remove/rewrite any component that used something they'd find themselves violating the licensing terms for. MS is absolutely terrified of having any source code they don't own finding its way into their mainstream apps.

java2beans said,
Hmmm....I wonder what would it take for Microsoft to release Windows 7 source code?


Depends on what you want it for...

If you want to see how it works with some things removed, very easy...

If you want to pirate it or modify it to release as something else, not so easy...

MS has several 'programs' that educational and OEMs can participate in that gives them access to both a more public version and a NDA restricted version of portions of the NT code. (Windows)

For educational purposes you can obtain most of the NT kernel and its constructs to demonstrate and teach from. (The NT kernel technology is quite impressive if you can step back from the anti-MS thinking and see it for what it is and how it works. It is rather strong/elegant.)

Microsoft isn't going to open source Windows anytime soon, at least not NT. You will see things like Win32 and other API sets and subsystems of Windows released years before NT is completely released to the public.

NT is unlike other kernel technologies, and is a great technology to demonstrate and teach from. If you are lucky enough to be involved with an educational institution or professor that have obtained NT source and teach what is happening, you won't ever look at MS or other kernel technologies the same again.

thenetavenger said,
Depends on what you want it for...

If you want to see how it works with some things removed, very easy...

If you want to pirate it or modify it to release as something else, not so easy...

MS has several 'programs' that educational and OEMs can participate in that gives them access to both a more public version and a NDA restricted version of portions of the NT code. (Windows)

For educational purposes you can obtain most of the NT kernel and its constructs to demonstrate and teach from. (The NT kernel technology is quite impressive if you can step back from the anti-MS thinking and see it for what it is and how it works. It is rather strong/elegant.)

Microsoft isn't going to open source Windows anytime soon, at least not NT. You will see things like Win32 and other API sets and subsystems of Windows released years before NT is completely released to the public.

NT is unlike other kernel technologies, and is a great technology to demonstrate and teach from. If you are lucky enough to be involved with an educational institution or professor that have obtained NT source and teach what is happening, you won't ever look at MS or other kernel technologies the same again.


Good post NT kernel is by far the strongest and most impressive source code ever released, I've only ever seen parts of it under an NDA working for an OEM, it was good

if the general public wants to have a hint / insight into code, look into their sterling work with their opensource / education projects such as singularity, microsoft does give out quite a bit, channel9 is a good place to start if your a developer.

cerealfreak said,


Good post NT kernel is by far the strongest and most impressive source code ever released, I've only ever seen parts of it under an NDA working for an OEM, it was good :)


Yeah, that whole "must request and agree to NDA" seems to put a bit of a monkey wrench into using the source code for educational purposes. Plus, it would be impossible for any educator or student to publish anything such as a thesis on this, what with there being an NDA and all.

The source code that is made available to students aren't under any NDA. You just can't use it for any commercial applications.

The source code that is made available to OEMs and other organizations, is.

You may use and modify this software for any non-commercial purpose within your educational institution, including making a reasonable number of copies. Teaching, academic research, and personal experimentation are examples of purposes which can be non-commercial. You may post copies on an internal secure server, and it may be installed and used on personal machines of eligible users.

You may distribute snippets of this software in research papers, books or other teaching materials, or publish snippets of the software on websites or on-line community forums that are intended for teaching and research. The total amount of source code in each of your snippets should not exceed 50 lines. If you wish to use a larger portion of the software, please contact compsci@microsoft.com.

Well now they just need to update the tool to accept ISOs that we make of our discs in Imgburn or the like, rather than being restricted to MSDN/Technet ISOs instead.

Ci7 said,
so if you have GPL code . you are forced to share them :/

No, only if it's used/shared/distributed publicly or commercially. Private/personal modifications/use of code without sharing is fine.

Ci7 said,
so if you have GPL code . you are forced to share them :/

Or, more accurately: if you do something against the terms of a license you agreed to, it's not the license's fault.

Ci7 said,
so if you have GPL code . you are forced to share them :/

Yes, that's part of the whole point with open source.

Edit: Ah yes, within the constraints Digix gave.

Correct me if I'm wrong, but if you only link to code licensed under the GPL you don't have to open up our source (i.e.: linking to a DLL).

If instead of dynamic linking you statically link to code under GPL you have to share the full thing.

KaoDome said,
Correct me if I'm wrong, but if you only link to code licensed under the GPL you don't have to open up our source (i.e.: linking to a DLL).

If instead of dynamic linking you statically link to code under GPL you have to share the full thing.


I believe your statement is correct.

Microsoft is to be commended for investigating and doing one of the two right options: release the code in question, or cease distributing the infringing product. Good on them!

KaoDome said,
Correct me if I'm wrong, but if you only link to code licensed under the GPL you don't have to open up our source (i.e.: linking to a DLL).

If instead of dynamic linking you statically link to code under GPL you have to share the full thing.


That's the LGPL. The GPL requires opening your source even if you use dynamic linking.

Jugalator said,
Yes, that's part of the whole point with open source.

uhm, no? that's the whole point with GPL, which is not the only open source license. BSD or MIT/X11 does not force you to release a heck, they basically say "do whatever you want with this code".