Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Response to Fatal Flaw in BSD (part 2)

0 views
Skip to first unread message

James Howard

unread,
Jun 19, 2000, 3:00:00 AM6/19/00
to
I sent an earlier version of this to the list a couple weeks
ago. A lot of people liked and someone (I forget who, I am
sorry) suggested I offer it to ZDNet who ran the original. I offered it
to them but never heard back. In the mean time, Terry Lambert explainedto
me my premise was all wrong anyway. So I decided to let it go.

But last night, ZDN got back to me telling me they liked it. I explained
it needed reworking and they gave me a couple days (like, Tuesday
afternoon) to fix it. So here is the revised version, please send me
anything you think needs changing.

Thanks, Jamie

Kerberos and the GPL

James Howard

On Tuesday, June 6, Evan Leibovitch wrote \protect\url{http://www.zdnet.com/zdnn/stories/comment/0,5859,2582875,00.html}
about Microsoft's wrangling of the Kerberos protocol. Microsoft had
taken the open source MIT software, made changes affecting compatibility,
and released the new version without the source code. The Kerberos
code is licensed under a license similar to both the BSD operating
system and the X11 Windowing system.

Leibovitch blames the license for allowing Microsoft to introduce proprietary
extensions into the protocol and claims that if Kerberos had been
licensed under the Free Software Foundation's General Public License
(GPL) Microsoft would have been unable to embrace and extend the Kerberos
standard. However, Leibovitch does not get it. This was the best possible
outcome and it was forced by the liberal license.

There are four possible paths this project could have taken:

* First, Microsoft could have ignored Kerberos completely and left
the broader community with an entirely new standard with zero support
from other software in the community.

* Second, the Kerberos code could have been released under the GPL.
If this had happened, the Microsoft would have surely refused to
use the code to prevent having to reveal proprietary source. Microsoft
would have then reimplemented the code and still modified the protocol.
Had Microsoft been forced to reimplement the code, it would surely
contain an unknown number of bugs and compatibility issues.

* Third, the Kerberos code could have been released under a Berkeley-style
license. Microsoft could have then taken the code and distributed
a modified version and maintained some level of compatibility with
existing implementations and installations of Kerberos.

* Finally, the Kerberos code could have been released under a Berkeley-style
license and Microsoft could have reimplemented it. This is, in fact,
what happened.

Why did Microsoft choose not to use existing code? I cannot say. The
license would have allowed them completely use the existing code without
legal ramifications.

However, despite legal availability of code, it was not used and this
allows Microsoft to open the flood gates. Since they wrote their own
code, they are not, nor ever were, bound to the M.I.T. license. This
means that even if the code had been released under the GPL, Microsoft
could have released a new version with proprietary extensions without
violating the M.I.T. license or running afoul of the law.

So we are now left with Leibovitch's articlewhich is clearly designed
only to attack BSD systems. Leibovitch states that Microsoft's treatment
of Kerberos is an ``example of real harm to the frees software community
that occurred because a BSD license was used.'' But as we have already
seen, the GPL could have not have prevented it.

In fact, the BSD license is responsible for more good in the industry
than the GPL could ever hope for. For instance, TCP/IP's widespread
acceptance stems directly from the fact the first versions were released
under such liberal terms. Apache's enormous popularity, beating all
other web servers combined, is due directly to the liberal license
which is based on a BSD license. The X Windows System's widespread
availability and interoperability is also based on it's liberal licensing
and the fact any vendor who wished to include the tool could with
not hassel.

The BSD license is clearly superior and offers more options for compatibility
and interoperability because it poses no risk to business and offers
independent developers incentive for using the code as well.


To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-advocacy" in the body of the message

Brett Taylor

unread,
Jun 19, 2000, 3:00:00 AM6/19/00
to
Hi,

On Mon, 19 Jun 2000, James Howard wrote:

> So here is the revised version, please send me anything you think
> needs changing.

> * Second, the Kerberos code could have been released under the GPL.


> If this had happened, the Microsoft would have surely refused to

then

> Why did Microsoft choose not to use existing code? I cannot say. The
> license would have allowed them completely use the existing code without

license allows them to use the existing code as is without

> However, despite legal availability of code, it was not used and this

the code,

> So we are now left with Leibovitch's articlewhich is clearly designed

article which

> of Kerberos is an ``example of real harm to the frees software

free software

> which is based on a BSD license. The X Windows System's widespread
> availability and interoperability is also based on it's liberal

its

Brett
*****************************************************
Dr. Brett Taylor br...@peloton.runet.edu *
Dept of Chem and Physics *
Curie 39A (540) 831-6147 *
Dept. of Mathematics and Statistics *
Walker 234 (540) 831-5410 *
*****************************************************

James Howard

unread,
Jun 19, 2000, 3:00:00 AM6/19/00
to
In message <Pine.BSF.4.21.000619...@peloton.runet.edu>, Brett
Taylor writes:
> On Mon, 19 Jun 2000, James Howard wrote:
>
> > So here is the revised version, please send me anything you think
> > needs changing.
>
> > * Second, the Kerberos code could have been released under the GPL.
> > If this had happened, the Microsoft would have surely refused to
>
> then

All fixed, thanks :)

Jamie

James Howard

unread,
Jun 19, 2000, 3:00:00 AM6/19/00
to
In message <20000619231154.A233@parish>, Mark Ovens writes:

> Good article. I don't want to sound like I'm nit-picking, but I
> spotted a few typos and since this is going for publication I figure
> it's important:

Why do you think I send them here? You guys are good at catching silly
mistakes. I may started sending my English assignments here...come to
think of it, I have...

Rahul Siddharthan

unread,
Jun 20, 2000, 3:00:00 AM6/20/00
to
> availability and interoperability is also based on it's liberal licensing
> and the fact any vendor who wished to include the tool could with
> not hassel.

"without hassle"?

Other things (eg "it's" above) seem to have been pointed out already.

R.

Daniel C. Sobral

unread,
Jun 23, 2000, 3:00:00 AM6/23/00
to
I wish I had been reading my mail... Anyway, just to point out in
hindsight some flaws...

James Howard wrote:
>
> I sent an earlier version of this to the list a couple weeks
> ago. A lot of people liked and someone (I forget who, I am
> sorry) suggested I offer it to ZDNet who ran the original. I offered it

Me. :-) I have OSOpinion in very low regard.

> Leibovitch blames the license for allowing Microsoft to introduce proprietary
> extensions into the protocol and claims that if Kerberos had been
> licensed under the Free Software Foundation's General Public License
> (GPL) Microsoft would have been unable to embrace and extend the Kerberos
> standard. However, Leibovitch does not get it. This was the best possible
> outcome and it was forced by the liberal license.

It wasn't the best outcome. It *would have been* the best outcome if MS
had done that. And, obviously, the license didn't "force" anything.
That's the whole point of the BSD license, anyway. :-) GPL forces
things, BSDL doesn't.

> There are four possible paths this project could have taken:
>
> * First, Microsoft could have ignored Kerberos completely and left
> the broader community with an entirely new standard with zero support
> from other software in the community.
>

> * Second, the Kerberos code could have been released under the GPL.
> If this had happened, the Microsoft would have surely refused to

> use the code to prevent having to reveal proprietary source. Microsoft
> would have then reimplemented the code and still modified the protocol.

> Had Microsoft been forced to reimplement the code, it would surely
> contain an unknown number of bugs and compatibility issues.

These lines ought to have been removed from here, since Microsoft did
reimplement the code, by Terry's account.

> * Third, the Kerberos code could have been released under a Berkeley-style
> license. Microsoft could have then taken the code and distributed
> a modified version and maintained some level of compatibility with
> existing implementations and installations of Kerberos.

Instead, you could have added here that this would result in an
implementation which is widely used and open for all to see, thus being
relatively bug-free, and avoid the 65.000 problems that seems to come
with new versions of software, and ensure that the protocol is correctly
implemented, avoiding subtle protocol interaction problems (protocol
design/implementation is a very treacherous (sp?) subject).

> * Finally, the Kerberos code could have been released under a Berkeley-style
> license and Microsoft could have reimplemented it. This is, in fact,
> what happened.

This is silly. You could have added dozens of cases of "Kerberos could
have been released under a XYZZY-style license and Microsoft could have
reimplemented it". You should have reworked the GPL paragraph to just
point out that Microsoft would be unwilling to use that code, and add a
final paragraph saying Microsoft decided to reimplement the code, with
all the problems that result from that.

And this whole section should have been rewritten to show that MS did
not do what Leibovich said they did, and if they HAD done it, we would
have been better off. And, above all, that GPL vs BSD has nothing to do
with it.


> The BSD license is clearly superior and offers more options for compatibility
> and interoperability because it poses no risk to business and offers
> independent developers incentive for using the code as well.

The statement that BSD license is clearly superior is always dangerous.
It isn't clearly superior to the goals of FSF. You could have said BSD
license is superior for reference implementations, as it increases the
chance of the reference implementation being actually used (and, as a
consequence, the chance of the protocol itself actually being adopted).

I'm sorry I couldn't get to you in time, I just post the above as a
feedback, so you can improve future articles.

Still, I think the rebuttal was very good, and the lack of attacks on
the rebuttal itself is a clear proof of that.

BTW, the guy defending Microsoft's implementation of Kerberos was
hillarious. :-)

--
Daniel C. Sobral (8-DCS)
d...@newsguy.com
d...@freebsd.org
ca...@the.great.underground.bsdconpiracy.org

Windows works, for sufficently small values of "works".

0 new messages