How Microsoft stole my code and then spit on it
threadreaderapp.comHey – I’m Martin Woodward from Microsoft. I have talked to Jamie and are investigating his concerns and will come back to this thread with any findings. An initial review hasn’t indicated we’d previously heard about this issue. We’ve also reached out to the original copyright owner to ensure we’re taking all the needed steps. If anyone has concerns or spots an issue where a project is missing correct and full attribution then please log it as an issue with the project or contact opensource@microsoft.com and we’ll be sure to take action right away. We have over 1,800 repos in the Microsoft org and thousands of Microsoft engineers contributing to open source. We try really hard to get it right, and we take this very seriously.
FYI - I created this issue to track any fixes needed: https://github.com/Microsoft/web-build-tools/issues/673
What happened was truly awful, but I don't think it's fair to blame MSFT when probably what happened was a few employees trying to take all credit for code they didn't write. From the thread it seems that he did not reach out to MSFT via any official channels and only informed "people he knew at MSFT".
Unfortunately, the thing about corporate personhood is that corporations are responsible for the actions of their employees. Unless of course, they can show that the employee was acting against explicit instructions or policies.
Without a doubt, stealing code like this is against policies at Microsoft.
So, someone should be fired for violation of these (serious) policies?
If what the author says is true then yes. Unfortunately they really bungled their case by trying to reach out through unofficial channels first.
Why does reaching out informally bungle the case?
Under the principle-agent relationship (the concept, not the legal definition), I do think it's fair to blame Microsoft if they don't remedy this soon.
Out of curiosity, who _would_ the right person to contact at Microsoft be? In my experience public channels exist to isolate the rest of an organization from having to deal with the outside (including complaints about bad behavior).
opensource@microsoft.com or make an issue in GH or tweet any one of a dozen people like Miguel or me or Martin who care deeply about this stuff. It’ll all get routed eventually to the Office of Open Source.
There isn't a single link to a commit, file or repo that shows the similarities between the two code bases, let alone alleged plagiarism. It is conceivable that they truly are two different projects that happen to be developed around the same time. It's not the first time that has happened.
I wish the author actually substantiated his claims a bit better.
I also seems like the projects have different architectures. The author claimed they were copying his code and modifying it for their "weird event system they added". It is not clear to what degree they changed any of his code or if they only used his project is an inspiration.
Based on this description, it sounds like an employee committing plagiarism in order to defraud their boss. Retroactive editing of the commit history is particularly suggestive; it implies someone tried to cover their tracks.
Are you sure that it wasn't Microsoft, the corporate person? They are a company of 35,000 people and I'm quite sure that they always act in unison.
Also, when some random blogger contacts Microsoft and asks Microsoft to do something about something, then Microsoft better stop what they're doing and listen!
Enjoy your Microsoft-hate-train all. yawn
Please don't do sports-team-style BigCorp flamewars on HN. It's not substantive and leads to worse.
You’re kidding right? I’m responding to the one that already going.
Sure, but please don't. That's going the wrong way down a one-way street.
Oh, OK so you’re not going to say anything to people who are fucking putting all the anti-Microsoft bullshit out there and just say something to me because I disagreed?
I just dug around in the rush GitHub, and was surprised to find no pull requests by the author of Lerna trying to rectify the missing copyright ("Hey guys, you forgot to keep my copyright in there since this is a fork of Lerna, so here's a pull request"), or any issues raised ("The copyright of my MIT-licensed project is missing. What's up with that?").
The only instances of lerna being mentioned are people who use or work on rush mentioning differences between the two projects.
Assuming the lerna author is accurate, why just the angry blog post? If I had contacted MS and raised the issue via email, and nothing happened, I would have started raising issues on the project GitHub and making pull requests to rectify the situation. Not only could that actually work to resolve the issue, but the discussion would be public.
You are assuming someone who is scrambling to change function names and hide git logs will be going back to the code they stole to re-check for an update license?
a pull request would be the same as an email or blog post at this point. it is just a way to communicate. why is a PR better then what they are doing now?
It would be publicly visible on github, such that the community can see the dispute and the response (or lack thereof) from the other project. While it won’t necessarily fix the problem, it is more visible.
If true then it’s bad faith use of open source at MSFT and not typical of them. Have you tried contacting Scott Hanselman - @shanselman on Twitter - or anyone else via twitter instead of “normal” channels? One of the great things about the Devs at MSFT is that they are very responsive on twitter. If someone was being a douche with your code then the right people haven’t gotten the message yet.
> If true then it’s bad faith use of open source at MSFT and not typical of them.
Only if you ignore pretty much all of Microsoft's history.
Clearly you ruffled some feathers, but I have to agree. Microsoft playing nice with open source is a very new phenomenon.
Sounds to me like a fork that isn't being heavily worked on and the repo should of just been private. It's probably not ready to be fully worked on and probably had goals for a different direction than the original project. What's sadder is that nobody at Microsoft didn't just try to contact the original project to try and collaborate. There's too many layers to the onion that is Microsoft that its hard to tell. Best way to find out is to have contacted the maintainera of the forked project I would say.
> Files and directories were named the same things, it had many of the same core functions with code that I distinctly remembered writing.
Here are the respective codebases as of Christmas Day 2015, 21 days into the lifetime of one and 11 days into the lifetime of the other. They do not appear to match that description.
* https://github.com/lerna/lerna/tree/9aabe1664399d5f233a89d37...
* https://github.com/Microsoft/web-build-tools/tree/c4bb2127e6...
I will start by saying I'm not giving Microsoft or the "Rush author" a pass on this.
Obviously the license was broken by removing the copyright notice of the original author, but it also doesn't sound like the author really did anything to try and handle the issue properly so now they are posting a rant.
Here is the extent of what the author did, "So I reached out to people I knew at Microsoft. This was probably a year ago now. They were shocked and apologized. But since then nothing has happened."
We don't know who those people are, what they're roles are, but I suspect they are not involved with the Rush project nor is it their job to handle potential copyright violations for all of Microsoft.
The author could have posted an issue to the repo expressing their concern. If this was ignored then they could issue a DMCA takedown notice through GitHub. If this was not successful then the author could contact Microsoft legal or file a lawsuit.
Lerna was released with an MIT license as was Rush.
So, nothing was stolen and if the story is true, the only infraction here would be that the Lerna copyright line was not included in the Rush license.
This sounds dangerously like "oh, it was open-source code, so it's not so bad they violated it's license". I strongly disagree with that.
So you have just one single thing to do, and you don't do it - how can you be trusted then?
Do you disagree about what the actual infraction was here if the story is true?
My comment isn't about trust, it's about what the actual infraction was. Microsoft is made up of 35,000 people. There's no way I trust all of them. Of what company do you actually have trust in every employee?
Which is one of the very few things they are required to do. Following the clauses in the MIT license is not really rocket surgery.
That's exactly what I said - that was the only infraction.
What part of my comment are you disagreeing with??
Copyright infringement is not theft.
Simple. Distributing MIT-licensed code without the original license disclosure is theft.
The X11 license (MIT has used multiple licenses so there is no single "MIT license") does say "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software." but not doing so is not theft.
The grandparent poster is correct -- copyright infringement is not theft and the two ought not be conflated. https://www.gnu.org/philosophy/words-to-avoid.html#Theft explains why: "Under the US legal system, copyright infringement is not theft. Laws about theft are not applicable to copyright infringement (http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vo...). The supporters of repressive copyright are making an appeal to authority—and misrepresenting what authority says.".
The GNU Project also recommends pointing people who misuse the word "theft" in this way to https://www.theguardian.com/books/2013/may/04/harper-lee-kil... -- "which shows what can properly be described as 'copyright theft.'".
Please don't join people in getting this wrong. Even some of the most hostile abusers of that conflation have recanted (the MPAA was denied use of that conflation per https://torrentfreak.com/mpaa-banned-from-using-piracy-and-t... and the MPAA's Chris Dodd admitted that conflation was wrong according to https://torrentfreak.com/mpaa-piracy-is-not-theft-after-all-...).
The copyright holder in this case has options including suing, but calling what happened as "theft" is not an option and is unlikely to get anywhere with a judge.
Incorrect.
“Courts have distinguished between copyright infringement and theft. For instance, the United States Supreme Court held in Dowling v. United States (1985) that bootleg phonorecords did not constitute stolen property. ” - https://en.wikipedia.org/wiki/Copyright_infringement#"Theft"
But both included the MIT license
The copyright notice is what must be included. The license states this very clearly.
The "above copyright notice" must be included; i.e. the general MIT license itself, without credit to any author. https://en.wikipedia.org/wiki/MIT_License
The original BSD license did have a credit clause which led to considerable trouble and controversy, so they don't do that any more. IANAL, and this is extremely bad manners on someone's part, but no laws were broken.
> Copyright (c) <year> <copyright holders>
That's the copyright notice. The license text is "this permission notice". So no, you can not leave the original author name off.
The BSD license differs in that it requires the resulting software to display the credits, not just the source code to contain it. (Which is why e.g. phones or cars have somewhere deep in the menus a point where they show license information, to fulfill the BSD requirement)
My bad reading.
And downloading a scientific paper is theft too.
To be clear Copyright infringement is a crime
Also to be clear it’s not theft. Its also not spitting.
"The consolidation of our infrastructure is dangerous."
Have we not learned our lessons yet, by boiling, basically, the entirety of the internet down to Google, Facebook, Twitter, and Reddit? (And maybe Amazon.) The trend in the US capitalistic system towards monopoly is inescapable, and harmful in so many ways.
The developer’s twitter pic is distracting. He has a point but I have a hard time taking him seriously. That’s just me being an old man i guess.