Flutterby™! :

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

2000-05-11 22:07:04+00 by Dan Lyke 6 comments

Since I can't get through to <link url="http://www.slashdot.org/">/.</link>, I'll point to the Salon article instead: Microsoft built an almost but not really implementation of Kerberos that's broken in some really wonky ways. They'd been working with the Kerberos folks, then broken that trust, when pressed promised that they'd release the details, but they've done so only with an NDA. Someone posted the Microsoft Kerberos docs on /. and now Microsoft's pissed. C'mon, kiddos, haven't we all seen this game played before? Security which depends on obscurity isn't. Using Microsoft products in enterprise applications is equivalent to using lead paint in nurseries. Sure, it's cheap and effective at the time, but...

[ related topics: Web development Games Microsoft ]

comments in ascending chronological order (reverse):

#Comment made: 2002-02-21 05:29:58+00 by: delfuego

Dan: This isn't a case of security through obscurity, since anyone can get a copy of the spec -- Microsoft just had a method where you had to click-through a non-disclosure agreement in order to read it. But ANYONE could download and read it. This is a pretty BIG case, though, of someone deciding to flagrantly violate copyright law by posting an entire copyrighted document on a website. Yes, Microsoft working with an open standard and then placing a restriction on the result isn't fair in the general sense of the word, but it IS legal, and isn't preempted in any way by the licenses surrounding the public spec that they started with. Why is it OK for Slashdot to violate a major, longstanding copyright law (since the posting violates even the earliest versions of copyright law, not just the Digital Millenium Copyright Act), but god forbid, if you or I were to violate the GNU Public License, Slashdot would come down on us like a ton of bricks? It's just silliness. If they want to complain about Microsoft's tactics in their implementation of kerberos, then they should do so. If they want to complain about the laws that allow Microsoft to copyright the spec, then they should do so. If they want to try to change the laws, then they should do so. But if they want to VIOLATE those laws, and they do so, then they should prepare to take the legal consequences as well.

#Comment made: 2002-02-21 05:29:58+00 by: jra

He's right, of course. Slashdot is *going* to have to pull the posting, and I hope they don't get to looking too foolish before they do it. This is *not* the battle they need to fight. But, as I noted on MetaFilter, 'trade secret' is a red herring; a click-wrap license isn't good enough, you need a signed contract to enforce that; if you don't get one, it is *you* that is screwed.

#Comment made: 2002-02-21 05:29:58+00 by: ebradway

Think about this for a second. Is Dan responsible for this: No, this isn't Dan's illegitimate child. This is a picture of my daughter taken by a professional photgrapher, the kind that retains the copyright on all images. I am violating the copyright by posting the image on the 'net in a public forum. According to the DMCA and Microsoft, Dan is responsible for policing all posts on his site and removing any copyrighted material or links. Note: the image above does not exist on Dan's server. It is a link to an image on my server. Where do we draw the line to determine who is responsible? This is the same problem we had with idiot sherrifs seizing SYSOPs computers in the BBS days because some L00ZER posted a n00d t33n GIF. I believe the Supreme Court determined that it is the posters responsibility, not the operator of the messaging service. Otherwise, AT&T would be responsible for any discussion of illegal activity that occured on their long distance network. Most important, who do we want drawing this line? Microsoft? The RIAA? The MPAA?

#Comment made: 2002-02-21 05:29:58+00 by: delfuego

No, this is totally wrong. (I hesitate to scold, but I am really getting tired of people perpetuating notions of legal and illegal according to what they hear, rather than what the law actually says.) Consistently, online services have been granted the same legal protections as the phone companies have -- for phone companies, it's called "common carrier status," although I don't think that any court has actually used that exact term for the online services yet. According to the DMCA, if the image were on Dan's server, Dan is responsible for pulling the image down ONLY AFTER he receives notice that the picture represents a copyright violation. And even then, the user that's affected can ask Dan to reinstate the ostensible violation, and then the entity that demanded that the image come down has 10 days to file a lawsuit, or else Dan can put the image back up. Of course, there are also steps that Dan, and that all individuals who are responsible for forums accessible to the public in the 'net, need to take in order to guarantee the above protections -- they need to have an identified individual who is responsible for accepting and dealing with reports of copyright protections, for example. Read the DMCA for details. Ultimately, my point is: don't stir up the pot without knowing what the recipe is. If you don't understand the DMCA, then say so; don't post sheer conjecture and claim it as fact. And as for your last question (who should draw the line): I'm comfortable letting copyright law draw the line. It's been a pretty stable line over the last century-plus; Microsoft, the RIAA, and the MPAA haven't moved it at all. It has always been illegal to post entire tracts of copyrighted material. (You asking this is like me asking if I want to let the opensourcers draw the line that I'm not allowed to violate the GPL; in fact, they aren't drawing that line, the LAW is, and they are just constructing a license that can be enforced by that law.)

#Comment made: 2002-02-21 05:29:58+00 by: Dan Lyke

In general I think that Microsoft is, indeed, within their rights to demand that the source be pulled. Where I do have questions is about their integrity in claiming copyright in the first place. As for copyright law being a pretty stable line over the last century, I totally disagree. With the big revamps of copyright in the 1970s and '90s, and all of the court decisions modifying and clarifying copyright in the last 30 years, and especially in the last two or three as issues like deep linking and similar come to light, copyright law has been at least as fluid as any other legal lines I can think of, more so than most.

#Comment made: 2002-02-21 05:29:58+00 by: ebradway

Gee, I'm sorry I got my acronym screwed up. I guess I'm not worthy of the debate here. My concern with Microsoft, the RIAA and MPAA, is that they are 800-pound legal gorillas Sure, the LAW defines the lines on copyright violations. But it's also possible for one of these 800-pound gorillas to use their interpretation of the LAW to justify bringing you to court and making your life miserable. Microsoft can afford to spend the equivalent of the entire ACLU budget on a single case if they really wanted to win by default. Heck, they are even trying to do it with the Anti-Trust suit. I do agree that Microsoft has a right to enforce their copyrights. But I disagree that Microsoft should try to force a