Update 11/7: The example I provided yesterday (ReadBytes) was replaced with a new one. Note that it is only an example. I’m not here to prove my case in a huge exhaustive post for you. That’s left as an exercise for the reader.
Update 11/7 (2): The code in question is not a part of the IMAPIv2 Code Samples. If you visit Codeplex and actually download the source code, you’ll see this code is separate.
Update 11/7 (3): ImageMaster UDF parsing is a valid derivative work licensed under GPL. The original parsing code is from LGPL 7zip. Here’s a comparison. And another.
Update 11/9: Microsoft has pulled the tool pending further investigation.
Update 11/13: Microsoft has acknowledged the code use, see Port 25 for more details.
While poking through the UDF-related internals of the Windows 7 USB/DVD Download Tool, I had a weird feeling there was just wayyyyyyyyy too much code in there for such a simple tool. A simple search of some method names and properties, gleaned from Reflector’s output, revealed the source code was obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project. (The author of the code was not contacted by Microsoft.)
I see two problems here. (I’m not a FSF professional, so there may be more.)
First, Microsoft did not offer or provide source code for their modifications to ImageMaster nor their tool. According to GPLv2:
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
Second, Microsoft glued in some of their own licensing terms, further restricting your rights to the software (TermsOfUse.rtf). According to their terms:
1. Scope of License. The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not
· work around any technical limitations in the software;· reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;
· make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;
· publish the software for others to copy;
· rent, lease or lend the software;
· transfer the software or this agreement to any third party; or
· use the software for commercial software hosting services.
I understand Microsoft is a big company and that this could have been externally contracted work, but someone dropped the ball during code review/licensing. Cue the fail horns, Drew.
Example of reflected Microsoft tool code and ImageMaster source code on CodePlex
OMG I just realized I am soooo cool for finding out this tool utilized something open source for the benefit of the IT community. I can’t wait to get famous all over the web by posting how smart I am and getting this tool taken down!! Holy cow, I may actually get a girlfriend from this!!!
(in reality – I have no security on my comments section and anyone can appear to be someone else – I am in fact pretty stupid for setting this up like this)
@Thanks Jackass
Everyone can plainly sees the problem of of having Microsoft claim the work of other developers as their own. Rafeal stood up for what was just and right, which makes him have my support and endorsement. We need more individuals in society willing to do the right thing. As for a tool to install Windows 7, Microsoft has the resources and technical means to develop their own software solution whom are PAID, which they don’t need to steal the work of other developers NOT paid by Microsoft.
Another tool called WintoFlash.exe (another FREE solution by free open source code software) also provides the means to convert a DVD ISO over into a bootable USB Flash drive. As many end uses know, there are many solutions. The fact is Microsoft didn’t care themselves to insure their customers would have the means to install the operating system on netbooks without a DVD drive. This isn’t the GPL or LGPL fault, it’s was Microsoft’s own failure. Microsoft knew most of the netbooks (8″, 10″, 13″) don’t all have DVD drives.
bah, i don’t freaking care if they’re using gpl code or about the licenses, but now ‘coz of that i can’t install windows 7 in my netbook, thanks sir.
Microsoft are quite happy to demonize copyright infringers, willing or not. This is just role reversal. And it’ll only be temporary while they either rewrite or license the offending code, so chill out.
dont listen to the haters. its responsible what you did.
@Thanks Jackass
Heard that windows 7 is also an “incredibly useful tool”. Why don’t microsoft make it available to the world for free and in the process give us something that just works and is quite useful and functional.
Look everyone, Microsoft obviously took the source code of ImageMaster and made a CARBON COPY of its routines and classes. It doesnt take much of a programmer to work out that the two are more or less the same. I guess they didnt expect people to open it up with red tools reflector.
If I was Microsoft I would have:
1- Made sure that code was obviously not used from somewhere else, and if it was, that it was released under the same license
2- If i was evil, I would have continued with this and protected the EXE from being decomplied in tools such as Reflector. Very sloppy work Microsoft.
Either way Microsoft used GPLd code and did not notify the origanal developer of the project, and WOW its like cheating on your own client base??? CodePlex??? They could have at least ripped off from Google Code instead!?!
If i was the ImageMaster creator I would have filed a lawsuit already haha!
Not to stir up more trouble here, but if you look deep into the internals using reflector of Windows Media Center DLLS and EXEs, there is some similar code to a project I saw a year back (if anyone knows the name of this media program jog my memory of it please)
@emucosmos, & ThanksJackass, I don’t much care what you and your ilk think. You are obviously only concerned with your own self interest, and not the interests of everyone in general. So you can’t install 7 on your netbook, cry me a river. I would advise you to either take up the issue with MS, or go and learn how to do what needs to be done. There are more than one ways to skin this cat. You are either too dumb or too lazy to figure out another way. The fact that you are inconvenienced by this pesky little license thing bothers me not one bit.
If it is in fact true that MS was infringing on GPL code, I am sure it is an oversight, ie some contractor or individual did it, either willfully or not; and from there it slipped past review. Not that it would bother MS a lot, or that MS haven’t done it before, but that it is a big risk for MS to take, for such a small gain. What they do about it will be interesting to see.
and more importantly, the bigger issue here is such blatant violation of the GPL undermines ALL available open source software. if you want to have authors continue to create open source software, you need to prevent stealing it and charging for it. the original author could have charged for it in the first place, but chose not to. … @thanks jackass — you’d repay him by …. stealing his software? sounds like a great idea …
microsoft can do what everyone else does. either use open source code and leave the code open, or create proprietary code, and leave it closed. they can’t have their cake and eat it too.
Oh man. Microsoft… Did what we all thought was unlikely [O.O]
http://port25.technet.com/archive/2009/11/13/update-on-the-windows-7-download-tool-or-microsoft-to-open-source-the-windows-7-download-tool.aspx
I wonder if all the doubters who insulted Rafael will apologize now.
I wonder why ImageMaster source code isn’t available from codeplex anymore!!! ketching!!!
Microsoft has stepped up to the plate. I’m sure there are people here who would be dissappointed with anything less than an execution. I’m sure that Microsoft will do better next time, but that mistakes like this will continue to happen in the future at a reduced rate.
It’s clear that many of the people posting here need to leave their parents basement and live in the real world for a while. If you worked at Microsoft (cue the 5-year-olds to say they would never work at M$) and it was your responsibility to keep this from happening, how would you do it. Really, how. There are probably hundreds of millions of lines of open source code, if not billions. I’m certain that Microsoft’s legal department requires a complete code review, but no business process is perfect. The legal system does not expect perfection from people or companies. The legal system discourages actions on trivial matters, and generally seeks to make someone whole again after a wrong is done to them. If this were based on closed source code, and the developers lost money because of Microsoft’s actions, then Microsoft would be expected to replace their lost income (Of course lawyers so pervert the course of justice, that it matters only a little who is right and who is wrong, but that’s another subject). So sorry to dissappoint those looking for an excution.
Anyone who really thinks that Microsoft would intentionally steal GPL code should go jump off a cliff now to help improve the average intelligence in the world. The only asset that Microsoft has is Intellectual Property. That’s it. They would like to make IP laws even stronger, not weaken them.
Thanks to Rafael for his service in uncovering this. I read about this at another blog and came here. On the other blog it made it seem that he was subjected to terrible harassment and scorn for even suggesting this, but that’s not the case. I think that most comments questioning this were restrained and reasonable. On the other hand, some of the anti-Microsoft comments are truly outlandish.
I don’t know how to break this to a lot of you, but computers are a tool. They are like a hammer or a screwdriver or an extension cord. They are not a religion. They are not objects that are shrines, nor are they alters at which you should worship.
I personally use both Linux and Windows, and I use open source software daily and I really enjoy using it, but I don’t pray to it every day. It’s just a tool.
There are a lot of really smart people who use Linux, and a lot of really smart people who use Windows. And there are social misfits who use each one as well. For some reason the social misfits seem to be drawn in one direction. I’ll allow each of you to pick whichever side you want as the one that draws the social misfits. But you do know that it’s true.
That the project has disappeared off codeplex is a worry. Hopefully this has not displayed another issue. Ie have project on codeplex find a issue with MS distribution stops from codeplex until fixed.
Big thing here this should be a clear warning to people using .net. Their code is not secret it can be compared to other projects out there. Steal while using .Net expect to get caught. You might as we release the source code of .net programs anyhow. This way if there is something wrong in there is just a minor notice no major head hunt.
.Net is no more secrets. It is designed that way. MS need to be able to audit code for secuirty flaws to stay ahead of game. So methods for hiding what code was made from is missing from .net. Idea while using .net bytecode you can protect from Reflector pull apart is wrong.
One way slow down pull apart is use native code. But items like IDA are getting better at pulling that apart as well.
Final one is encrypt the binary and make sure no one can get the key to decode.
There are Misfits on the MS side as well. MS cannot have done anything wrong people. Or MS did not know about it. Licences don’t care about did you know about it or not. It is if you did wrong or not.
If I was microsoft, I’d sue the hell out of the programmer who included open source code in one of the company’s programs without disclosing it. He has tarnished Microsoft’s image, there is no excuse and no possible redemption for this.
Sue him to death, make sure his life is hell from now until the day he dies ! And, then, throw him to the dogs !
ROFL
errare humanum est, sed perseverare diabolicum
license crap ;] what dumbs still cares about it
Microsoft claims, “We have furthermore conducted a review of other code provided through the Microsoft Store and this was the only incident of this sort we could find”, but that is taking credit away from Rafael report, which he had found the illegal code claimed as Microsoft’s own.
To add more salt to the wound, Microsoft goes on in the first paragraph, stating “Windows 7 USB/DVD Download Tool, might contain GPLv2 code” and then in the second paragraph states, “After looking at the code in question, we are now able to confirm this was indeed the case”!
So here Microsoft wasn’t able to deny the FACT, but they try to limit the damage of them stealing the open source code to claim it as their own.
Why is Microsot “we’ve been investigating a report that the Windows 7 USB/DVD Download Tool”, as clearly they NEVER did before, NOT until it was reported by Rafeal’s Within Windows webpage. This is matter of the courts to investigate, NOT Microsoft, because Microsoft BROKE th LAW, and having the abuser download play the criminal behavior to be made judge and jury is completely biases of the FACTS, which they have been serving themselves in favor of!
Why doesn’t this go to court, as damages were done against GPL laws. Or is it that Microsoft dosn’t need to follow the laws, it’s above “justice”?
Microsoft also claimed “As you’ve likely read” from PC Magazine! Huh? Why is Microsoft posting a link to PC Magazine, when in FACT, the discover was made by Rafeal who posted it on his Within Windows website!
The PC Magazine article claims “several concerns” instead of reporting the truth, that Microsoft stole GPL code, and then PUSH it out their doors in the Microsoft Store as their own tool!
Where is ImageMaster?
Of course I would need a util. right at the time Microsoft decides to kill it…
WinToFlash Turns Your Windows Installation DVD into a USB-Based Installer
WinToFlash (wintoflash.com) starts a wizard that will help pull over the contents of a windows installation CD or DVD and prep the USB drive to become a bootable replacement for the optical drive. It can also do this with your LiveCD.
http://www.downloadsquad.com/2009/08/27/make-a-bootable-usb-installer-for-windows-xp-vista-7-with-wint/
It’s amazing, how Windows 7 end users need to be rescued, and by open source software tools! No wonder Linux works better, because Linux is built and used by geeks with knowledge, who can figure things out, and resolve issues without waiting for Microsoft to get around to providing a solution stolen from free software tools.
Yes, Microsoft stole the work of other developers, but claimed it as their own, totally breaking the law to grant everyone using the free software the same free rights! Instead, Microsoft change the free rights into their own limited and restricted rights denying everyone else what you can do with th stolen free software.
How else to put it, but Microsoft still hasn’t shown remorse, where is the justice for those developers working to make free software for all? If we don’t support them (free software developers, if only by insuring these rights remain the same legal rights for everyone else), then don’t come crying here later complaining about how you are extorted our of money to afford software tool solutions, since you didn’t care or concern yourself to help when needed now!
Stand up for justice, stand up for Rafeal and stand up for GPL legal laws, which help you have the legal rights, that Microsoft DENIES you!!!
oiaohm: “MS need to be able to audit code for secuirty flaws to stay ahead of game. ”
I don’t think so.
On the rest of oiaohm’s post: Note that the same is true for Java bytecode too, which also can be decompiled in pretty much the same way.
“Final one is encrypt the binary and make sure no one can get the key to decode.”
In fact, there is indeed both .NET and Java code obfuscators.
I’m NOT surprised!!
Often I commented about the old and good PCTolls 4.0 Deluxe, Norton Disk Doctor, Word Star, and others and people said I was crazy!!!
No, I am NOT!!!
If we really dig on deeper in the redmond company, we’ll find much more!!!
I have something else to comment, I found in the web that they registered the “sudo” command, that doesn’t even work on win systems. Can you believe that???
Regards,
Very nice find. Open source should remain open source.
StopenCould this be why Microsoft products are closed sourced? As most of us know, Window’s 7 is just a repackaged Window’s XP. Raphael, what other things are you working pertaining MS that may reveal more the little dirty source secrets.
Great job!
M Saun
http://port25.technet.com/archive/2009/11/13/update-on-the-windows-7-download-tool-or-microsoft-to-open-source-the-windows-7-download-tool.aspx
Microsoft Code review process was not OK
Microsoft is now fixing their code review
Microsoft will release code modification under GPL2
Microsoft do what they had to do when they discover this borrowing of GPL code
Compare Microsoft to SONY when it come to handle “stolen” GPL code.
1 Microsoft was told about “borrowing of GPL code”
2 Microsoft investigate
3 Microsoft discover error in Code Review process
4 Microsoft is fixing/changing Code Review process
5 Microsoft releasing modification to GPL code under GPL
6 Microsoft make a statement “We apologize to our customers for any inconvenience this has caused”
7 Microsoft did not “apologize” to FSF for breaking GPL
I think microsoft behave well when they have to ……….
Microsoft is a Pirate, for having pirated open source code software, and by pushing stolen code on their Microsoft Store as if it was their own! That clearly shows after all these years you still cannot trust Microsoft who clearly knows better for having told everyone else, NOT to steal their software!
I’m sure we all know the reasons behind Windows activation, Windows Update validation, Windows Genuine Advantage, DMI, TPM, WAT and of course HDCP all built into windows, and yet Microsoft went ahead and ripped off open source developer code, claimed it as their own, repackaged by adding their own Microsoft branding and criticizes GPL as “Cancer” when in FACT, it’s been Microsoft itself doing the harm all along!
Harming developers everyone, by locking them into Windows only, pre-load and pre-installed without refunds, even when you don’t agree to the EULA end user license agreement) having pre-paid for the Microsoft license if you wanted it or not. But wait, to insure open source cannot work with Windows, Microsoft forces it’s own digital signatures, knowing full well the cost of applying for the right to incude FREE open source code solutions to the public would prohibit developers working for free, to afford the huge high cost code signing certificates only Microsoft allows, as it holds the root keys, which come pre-installed and pre-loaded on Windows.
That makes FREE software anti-competitive, as it is forced by Microsoft to pay the Microsoft tax, and it’s more than you think, costing hundreds to thousands of dollars, yearly!
It’s also the same issues with patents, as the cost are greater than the public can afford, insuring Microsoft with it’s vast fortunes has claimed more than 6000 patents. What other software developer is going to be able to innovate knowing 6000 reasons why you cannot use those benefits, and yet is required to use Microsoft’s tools like .Net Framework, to build upon, instead only by Microsoft’s methods?
Microsoft couldn’t be worse, it has killed off developers and it’s gotten so bad, even Rafeal had noticed Microsoft isn’t developing it’s own solutions anymore, it’s stealing them from other developers. Why should open source developers produce free software for Microsoft to profit and gain only having stolen their work?
Just how many other open source software programs did Microsoft pirated into it’s hidden source code?
I’m a PC, pirated computer from Microsoft!
@ Jo Doe
Microsoft is NOT fixing “their code” it wasn’t theirs from the beginning! Microsoft stole the source code and claimed it as their own. Microsoft NEVER checked because they KNEW they had repackaged the source code, it wasn’t by accident, it had to be planned, premeditated in advance, as evident of the copy and paste tactics involved.
Microsoft didn’t “borrow” the works of other developers at all, they claimed it as their own!
Nobody should compare Microsoft with Sony, this was Microsoft’s own fault, they were the criminals, who stole the works of others claiming as their own.
That statement of apologizing is insufficient, as it’s no different than robbing a bank and then expecting to say, if I apologize by stealing the money, I get to keep it now?
Why should Microsoft be allowed to use the works of others to claim it as their own? Microsoft broke the law, and admited it, sonce they could hide it from the public anymore!
Rafeal is a hero, Microsoft should has been found guilty, and for that crime of stealing the works of others, having become pirates, they think just by saying no harm was done, that those developers work was stolen, just who are they kidding?
And “Jo Doe” thinks Microsoft “behaved well” as pirates, stealing the works of others, claiming the source code was their own!!!
We demand Justice! – Independent Business Foundation for Law and Order
Cool down folks. If people sued over a minor infraction such as this, when the other side has made clear intentions to fix their error, that just looks petty. I’d sure like a good reason to see them fail too, but not like this.
On the other hand, they are taking their time with the source release.
No code review in the world is going find GPL code in a software product unless they are looking for it and know what they are looking for. To expect a Microsoft code review of a contracted out piece of software (that’s right…Microsoft did NOT write the code for the tool themselves) to catch a GPL violation would require the reviewers to know and recognize all GPL code dealing with disc mastering. Maybe next time they’ll include a clause in the contract specifying no open source code used.
I image they probably said something along the lines of “build us a tool that does X for X amount of dollars”. They then did a code review to check stability of the product and then took delivery. Once brought to their attention they acted in the manner consistent with the GPL. News @ 11.
its funny they cant even release in the week time frame they claimed now its going to be weeks which means they are recoding the whole project.
fucking lame microsoft!!!!
Microsoft now plans to issue a new version of Windows 7 USB/DVD Download Tool (WUDT) in the “next few weeks,” said Peter Galli, Microsoft’s open-source community manager in a post to the firm’s Port25 blog last Friday.
Microsoft admits acknowledging the source of the code embedded in WDUT, and by not sharing the source code for its modifications, or the tool itself, as required by the terms of GPL (GNU General Public License).
Galli also promised on November 13, 2009 that Microsoft would make the source code and the binaries for WDUT available the following week under the GPLv2 terms.
Why should anyone respect Microsoft for stealing open source code software, for breaking the law, for claiming the code was their own solution and for not keeping their word as promised to make available within the time frame the source code under the General Public License?
http://images2.store.microsoft.com/prod/clustera/framework/w7udt/1.0/en-us/Windows7-USB-DVD-tool.exe (947KB file)
MD5: D5813F05661542E546133250172785DF
It’s very clear and obviously to everyone, by stealing the works of others and by claiming the code was their own, that makes Microsoft a Pirate of software! It’s disgusting because Microsoft own code review failed to discover their theft of software, making you wonder had Microsoft planned this all along, as they didn’t develop their own solution, despite being the world largest software developers or someting along those lines to that effect.
Nope, instead, Microsoft clearly sought and want after the works of other open source code developers, claimed it as their own, branded as Microsoft’s own and downplays th whole event as if breaking the law is okay for them to get away with. Perhaps, that explains why Microsoft has been found guilty in so many courts all over the world of wrong doing, having broken the laws in penalties greater than the sum of some 12 billion dollars! That’s a long history of breaking a lot of laws folks. There is more than enough good reason to surmise Microsoft cannot be trusted with it;s long, long history of infringement activities and anti-competitive behavior.
Embrace, extend and extinguish has remained a core strategy of Microsoft corporation. Let’s this be a lesson to all open source code software developers, NEVER trust Microsoft!
Just how much more open source intellectual property has Microsoft been hiding in it’s hidden proprietary software code?
What gives Microsoft the right to hide the evidence when they have been found guilty so many times? Nobody wants to hold them accountable, because they control a monopoly? So with this logic, the same would be said for Kim in North Korea, making nobody want to end that regime of oppression?
You really got to ask yourself, why didn’t Microsoft develop it’s own software solution to install Windows 7 without stealing the works of other developers?
Microsoft has had a long, a very long history of litigation, court orders, patent infringements and antitrust lawsuits against it since the very beginning of its history.
http://www.theinquirer.net/inquirer/news/1048246/microsoft-lawsuit-payouts-usd9-billion (Thursday, 14 July 2005)
Should Microsoft be rewarded for breaking the law, stealing the works of others, repackaging the code as their own, claiming the software tool as their own solution, failing to catch the stolen code in their own review process, and failing to follow through on time to release under the GPL license the source code as promised?
This is justice?
I don’t know if anyone cares about this thread anymore.. This whole thing is very interesting to me because I had no idea all of this was happening. I wrote an article called “Burning and Erasing CD/DVD/Blu-ray Media with C# and IMAPI2″ on CodeProject at http://www.codeproject.com/KB/miscctrl/imapi2.aspx which I extended the interop.cs that Microsoft provided in their MSDN sample. Their sample only implemented a small portion of IMAPI2 and I created the article and provided a sample which implemented the full IMAPI2. I had discovered that the ImageMaster project had used my work and not given proper attribution which violated The Code Project Open License. It happened on one of the releases where he broke out the interop.cs file to its own project that had a separate file for each interface. I contacted the author on November 9th, not knowing that all of this had started to blow up just 2 days earlier. He was very kind and provided “an explanation” on how this happened and said that he would add my attribution to all of the files that were from my project if I would just provide him a list of the files that he broke out. I did not have the time as I was working a ton of OT and also getting ready to go to PDC. So I was getting ready to get back on this and discovered that the project was gone and then discovered that all of this was going on. From the posts here, it appears that he took the project down 4 days after I contacted him. I don’t know if that had anything to do with it, but I find it very interesting. I still have his name and email, but I have a feeling he is done with it. Also, the version that Microsoft used was a version before my code was integrated into the project.