Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Microsoft Windows IT

Microsoft Now Credits Maker of Package Manager it 'Copied' -- But Offers No Apology (zdnet.com) 67

Microsoft has now admitted it failed to give due credit to Canadian developer Keivan Beigi for his role in the new WinGet Windows 10 package manager. From a report: Last week, Beigi, who built the open-source AppGet package manager for Windows, accused Microsoft of copying his work for WinGet without acknowledging his product's influence. Beigi says Microsoft copied large parts of AppGet to deliver WinGet, the Windows package manager announced at Microsoft Build 2020. Last week, he detailed his discussions with a senior manager at Microsoft named Andrew who approached him in July 2019 with an invitation to meet and discuss "how we can make your life easier building AppGet".

Andrew Clinick, a group program manager on the team responsible for how apps install on Windows, has now admitted Microsoft failed to give Beigi proper credit for AppGet's influence on WinGet. "Our goal is to provide a great product to our customers and community where everyone can contribute and receive recognition," wrote Clinick. "The last thing that we want to do is alienate anyone in the process. That is why we are building it on GitHub in the open where everyone can contribute. "Over the past couple of days we've listened and learned from our community and clearly we did not live up to this goal. More specifically, we failed to live up to this with Keivan and AppGet. This was the last thing that we wanted."

This discussion has been archived. No new comments can be posted.

Microsoft Now Credits Maker of Package Manager it 'Copied' -- But Offers No Apology

Comments Filter:
  • Why apologise (Score:2, Informative)

    when stealing is a lot more fun!
    That's been the MS way for a long, long time. Copyrights and Prior Art do not matter to them.
    They have been caught with 'hot code' before and paid up to make bad things go away.

    • Re:Why apologise (Score:5, Informative)

      by phantomfive ( 622387 ) on Monday June 01, 2020 @10:04AM (#60131032) Journal
      This was entirely a licensing problem.

      IF you want companies to give back their changes, use the GPL.
      IF you'd rather have your work used as widely as possible at the cost of changes becoming closed source, use MIT/Apache or similar.
      IF you want companies to give you attribution, use a BSD attribution license, or other attribution license.
      IF you want to dual license with a paid closed-source version, use the GPL.

      There's a reason these licenses exist, think about what you want when you choose one.
      • Which license is AptGet under?

        • Re:Why apologise (Score:5, Informative)

          by Bad Ad ( 729117 ) on Monday June 01, 2020 @10:14AM (#60131066)
          apache - https://github.com/appget/appg... [github.com]
          • Re:Why apologise (Score:5, Insightful)

            by Aighearach ( 97333 ) on Monday June 01, 2020 @10:23AM (#60131112)

            These issues are why I choose Apache License for open source I write. And the vast majority of third party code I use at work is Apache licensed.

            Everybody can use it. They don't need your permission, and they don't need to credit you.

            This is either a bug or a feature. Know which you think it is before you decide on a license.

            That's why MS doesn't need to apologize. They should have credited him not because of the license but because of the context of their use. And they've corrected that. He gets it on his resume now, everybody wins.

            • Re:Why apologise (Score:5, Insightful)

              by Immerman ( 2627577 ) on Monday June 01, 2020 @11:07AM (#60131246)

              No one ever *needs* to apologize, but it's still courteous to do so.

              Just as no one *needs* to give credit for Apache licensed software, but it's still courteous to do so.

              When did sociopathic corporate behavior become socially acceptable? This is a minor issue, now corrected, but it's emblematic of a larger and much more troublesome trend.

              • Just as no one *needs* to give credit for Apache licensed software, but it's still courteous to do so.

                Absolutely not. It turns the gift into a lie.

                Love the terms of the license, or use a different license.

                You can make proprietary use, and you don't have to tell anybody. That's a feature that you're offered up front with Apache license.

                • Ah. So if you bring cupcakes to the office, and I thank you when I take one, then it turns your gift into lie?

                  Courtesy suggests acknowledgement of a gift in almost all cases. Not *requiring* acknowledgement can indeed extend the value of the gift into situations where acknowledgement is impractical for any of a wide variety of reasons, but it does not remove the common-courtesy obligation to do so when it's convenient. Such small courtesies are to a large extent the grease that help a society function sm

            • by Rob Y. ( 110975 )

              'Stealing' Apache-licensed code isn't illegal. In fact they can't steal it - and so can't be sued for using it for any purpose. That doesn't mean it's right for them to do it. They seem to half understand that they need the good will of the open source community for their current strategy (whatever that is - IMO, it's to maintain whatever hold on developers they still have) to succeed. So, strategically, they ought to apologize. Maybe they don't quite believe that they really can't be sued - after all,

              • by Shaitan ( 22585 )

                "That doesn't mean it's right for them to do it. They seem to half understand that they need the good will of the open source community for their current strategy"

                It's also morally and ethically wrong, not just a poor strategic maneuver. The idea is to do the right thing morally and ethically all the time, not just when it is sound strategy, or even of neutral or no consequence, but also when it carries negative consequence. Even to the point of extreme negative consequence. It's called character.

      • I do not have the mod points, but modding your post as 'Informative' would be useful
      • Re:Why apologise (Score:5, Informative)

        by ISayWeOnlyToBePolite ( 721679 ) on Monday June 01, 2020 @10:38AM (#60131164)

        This was entirely a licensing problem.

        IF you want companies to give back their changes, use the GPL.

        IF you'd rather have your work used as widely as possible at the cost of changes becoming closed source, use MIT/Apache or similar.

        IF you want companies to give you attribution, use a BSD attribution license, or other attribution license.

        IF you want to dual license with a paid closed-source version, use the GPL.

        There's a reason these licenses exist, think about what you want when you choose one.

        This was not a licencing issue! From Keivan's blog https://medium.com/@keivan/the... [medium.com] (which contains additional info):

        Code being copied isn’t an issue. I knew full well what it meant to release something opensource and I don’t regret it one bit. What was copied with no credit is the foundation of the project. How it actually works. If I were the patenting type, this would be the thing you would patent. ps. I don’t regret not patenting anything.
        And I don’t mean the general concept of package/app managers, they have been done a hundred times. If you look at similar projects across OSes, Homebrew, Chocolaty, Scoop, ninite etc; you’ll see they all do it in their own way. However, WinGet works pretty much identical to the way AppGet works.

        • by Paxtez ( 948813 )

          But your quoted bit doesn't disprove phantomfive's post.

          He didn't patent it, and purposely selected a license that was not restrictive. Without any patent or whatever the bones of the software is in the code, so they are free to use the "how it works" aspect of it also.

          Correct me if I'm wrong but they would have been able to download the source, change only the name icon, and then give it away or charge for it with better marketing, and never credit the author.

          In this case they were nice and credited him a

          • I think a lot of people are missing the fact that MS didn't actually copy AptGet's source. They wrote their own version that largely worked the same way, and used similar data formats. So, it was the design they copied, not the source. Hence, the quotes in the headline.

            Crediting him would have been the right thing to do from the start, of course. But this is 100% their own implementation, and not a licensing issue. Using a less permissive license would not have prevented them from doing this.

            • by Paxtez ( 948813 )

              Ahh. Ok. Now I get it. Thank you for clarifying it. For some reason I read the quoted bit from the author as ~"I chose the license specifically, I don't care they copied my code..."

              So I guess a patent would have been the only way to "protect it".

              • Yeah, it's really not your fault. Neither the summary nor the original article makes this very clear at all. You have to go waaay down in the article before realizing they're just talking about copying the design, not the source, and even then, it's only indirectly implied:

                "You will see our package manager is based on GitHub too but obviously with our own implementation etc. Our package manager will be open source too so obviously we would welcome any contribution from you."

                I only knew about this because I had stumbled upon this information earlier, and read one of the original authors Reddit posts. He had talked about how their software worked the same way, and how even some of the file formats were near

          • by Shaitan ( 22585 )

            "In this case they were nice and credited him after the fact.

            It's actually a shame it was released this way. It seems like MS likes the program and had the author set it up differently, he might have got a nice payday out of it?"

            Ummm... no they were shady and pretended he didn't exist until he made it a PR problem for them.

            There are other reasons to credit and/or pay him than licensing requirements or being strong-armed by PR consequences. Once upon a time people actually believed we were all better off eng

    • by sad_ ( 7868 )

      Copyrights and Prior Art do not matter to them.

      it does if it's their code!

    • don't just Git, git gud !
      the don goes to confession
      the medieval lord bought a certificate to clear its sins and still go to heaven
      iCrosoft owns your mods .. what's new
      if i shoot someone tomorrow and no one's watching i get away with it
      o THAT's why they put that cam ... i thought it was for my protection, hm... something seriously wrong with inbreeds in the hinterlands
      so whats new ? if they cant buy it they rip it then wait ... who would even bother to sue for simple credit on something open sourc
  • by jellomizer ( 103300 ) on Monday June 01, 2020 @09:52AM (#60130996)

    Unfortunately in Today's culture apologizing is a side of weakness, and opening themselves for further problems.

    We no longer see an apology as a notification that they did something wrong and will put an honest attempt not to make the same mistake again.

    Today is OK we got caught, here is minimum fix, while we hope our other problems don't get caught.

    • by AmiMoJo ( 196126 )

      I'd like to hear how this happened and even more importantly why WinGet exists.

      Chocolatey is already very popular and has a lot of packages. Now WinGet looks like it might be big because it has the backing of Microsoft, so which should I use?

      Does WinGet bring anything new to the table? Chocolatey's support for portable apps is not great and it lacks some useful features like suppressing creation of desktop icons and context menu shortcuts, but WinGet doesn't seem to do those things either.

    • I am tired of listening to "Beggars of Forgiveness", what would it take to automate oligopolies and monopolies to a desk top level ?
    • Unfortunately in Today's culture apologizing is a side of weakness

      No, but fear of apologizing correlates with short fingers.

      I'm not saying it makes your chode shorter, that's cause. The cause might go the other way, or it might be pure random chance. I'm just saying there is a correlation.

      Sorry if it is painful to learn about this detail.

    • by bws111 ( 1216812 )

      I have a hard time reading the second paragraph of the summary as anything other than an apology. In what way is that NOT an apology?

    • Unfortunately in Today's culture apologizing is a side of weakness, and opening themselves for further problems.

      I'm sorry, I disagree. In some cases apologizing might open you you to"bad things", such as having a fender bender, admitting to analogizing might be considered admitting being at fault.

      But I think in more casual cases, not apologizing because you're "afraid of showing weakness" is probably more akin to being insecure (Most people aren't this insecure). But I think that's probably a very kind observation to assume it's because people don't want to show weakness. I'm seeing a pretty frighting trend in my

    • by Kjella ( 173770 )

      We no longer see an apology as a notification that they did something wrong and will put an honest attempt not to make the same mistake again. Today is OK we got caught, here is minimum fix, while we hope our other problems don't get caught.

      But what's the cause and effect here? I mean you can always begin with the premise that a corporation is an artificial legal entity, so it can't feel remorse and any apology is per definition fake and damage control. I have the distinct feeling there's people here who'd accept no apology of any kind from Microsoft...

    • by GrahamJ ( 241784 )

      While I mostly agree, "we fucked up" is pretty refreshing to hear from a big company. Maybe they didn't apologize per se, but they did admit fault and express regret which is pretty much the same thing. Of course it would have been better if they did this without prompting.

  • It's FOSS (Score:2, Insightful)

    by Merk42 ( 1906718 )
    Isn't the whole point to copy and modify?

    Oh wait, this is Microsoft, so everything they do is bad and wrong.
    • Re: (Score:3, Informative)

      by Hentes ( 2461350 )

      Depends on the licence. AppGet is Apache licenced [github.com] so Microsoft should've included a notice where they copied the code from.

      • by Merk42 ( 1906718 )
        Is it not in the code? It seems Keivan Beigi's issue is that when Microsoft announced it at Build, they didn't say it came from AppGet (which they were under no obligation to do)
      • Depends on the licence. AppGet is Apache licenced [github.com] so Microsoft should've included a notice where they copied the code from.

        Microsoft didn't actually copy any code. They implemented it themselves, clean-room. Or almost clean-room, since they have now acknowledged that they discussed concepts with Keivan Beigi before deciding and proceeding to implement themselves.

        That's why Keivan Beigi talk about the patent analogy. He simply wanted to have been publicly recognized for providing MS with the ideas to the core concepts.

        Which MS should have done.

    • Re:It's FOSS (Score:4, Informative)

      by Mark of the North ( 19760 ) on Monday June 01, 2020 @10:32AM (#60131144)
      It's not the whole point, the most important point, but there are other obligations depending on the license. AppGet uses the Apache 2.0 license which obligates anyone redistributing the work to include attributions.
  • Last week, Beigi, who built the open-source AppGet package manager for Windows, accused Microsoft of copying his work for WinGet without acknowledging his product's influence. Beigi says Microsoft copied large parts of AppGet to deliver WinGet,

    Microsoft has recenty become a fan of open source, but I don' think they quite have the hang of how it works yet. Although, the AppGet web page doesn't actually say what "open source" license it uses, so maybe it's BSD and this is fair play, just a bit dickish?

    Also, if you're the maintainer of an open source project with its own web site, please make it obvious what license is used.

    • by Bad Ad ( 729117 )
      It is clearly licensed, with the apache license. https://github.com/appget/appg... [github.com]
    • Re: (Score:3, Insightful)

      by gtall ( 79522 )

      They do have the hang of how it works and this is an example of how they intend to screw it up.

    • by Junta ( 36770 )

      Basically they saw the concept and did a 'clean room' reimplementation rather than using the source code.

      Either they were enamored of the design but disliked the code or they didn't want to appear to 'need' a third party project to source such a key capability and so they redid it.

      From a licensing perspective, they are in the clear not giving credit. It's inconsiderate to go out of their way to not acknowledge the external third party who came up with a design they liked in the first place.

    • Last week, Beigi, who built the open-source AppGet package manager for Windows, accused Microsoft of copying his work for WinGet without acknowledging his product's influence. Beigi says Microsoft copied large parts of AppGet to deliver WinGet,

      Microsoft has recenty become a fan of open source, but I don' think they quite have the hang of how it works yet. Although, the AppGet web page doesn't actually say what "open source" license it uses, so maybe it's BSD and this is fair play, just a bit dickish?

      Also, if you're the maintainer of an open source project with its own web site, please make it obvious what license is used.

      "without acknowledging his product's influence" is the key, it's not a licensing issue. Keivan's blog https://medium.com/@keivan/the... [medium.com]

      • by Merk42 ( 1906718 )
        Yeah it's just that it would have been nice if they said where WinGet came from when the first announced it. They were under no obligation to do so. They even did later credit him.

        But this is MIKKKRO$OFT so they, idk, somehow burst through his door, laughing maniacally, stole FOSS code and shot his dog or something.
  • ....would you, for free, build an open source package manager for a closed source operating system? The mind boggles.

  • Like, lifted the source code, or "copied" the concept? Because how many different ways are there for package managers to work? Are pacman / apt / yum / rpm all copied from one another? I have no doubt that are bits of Keivan's influence in the bones of WinGet. But you can easily say that Microsoft's new package manager is just a copy of existing Linux package managers, too.

    • by Junta ( 36770 )

      They spoke with the developer about his project and how it works, then proceeded to create a distinct codebase using the same design.

      It seemed they were hoping to just gloss over the fact that someone on the outside gave them the design they liked rather them being able to come up with a strategy themselves.

      • They spoke with the developer about his project and how it works, then proceeded to create a distinct codebase using the same design.

        So basically like web browsers today. Different implementations of the same idea written by different people.

      • by NuAngel ( 732572 )

        This is why the Operating System than ran the Mac, and the early versions of Windows even existed. Both companies did the exact same thing to Xerox PARC to get their GUIs.

  • From the summary:

    "More specifically, we failed to live up to this with Keivan and AppGet. This was the last thing that we wanted."

    That sounds pretty apologetic to me!

    • They can't have credit for apologizing unless we get to see Ballmer press his shiny forehead to the ground.

    • by Merk42 ( 1906718 )
      Because they didn't literally say "We're Sorry" and furthermore.. *runs movegoalposts.sh*
  • where's this from?

    Plagiarize
    Let no one else's work evade your eyes
    Remember why the good Lord made your eyes
    So don't shade your eyes
    But plagiarize, plagiarize, plagiarize -
    Only be sure always to call it please 'research'
  • Hire him (Score:4, Interesting)

    by stikves ( 127823 ) on Monday June 01, 2020 @10:36AM (#60131158) Homepage

    Obviously he did a great job. He built a product so good, that your own engineers used it as a baseline for a top tier Windows feature. And he also demonstrated ability to maintain a project over time.

    These are very good qualities seeked in an employee. Why not hire him? If he does not want to come onsite full time, why not offer a contractor position to maintain the system?

    • by olau ( 314197 )

      If you read his blog entry, they did actually approach him for an aqui-hire, but it fizzled out with no definite answer from their part, perhaps he didn't pass their standard interview process.

  • given that i am only looking at a quote from clinick, which may be taken out of it's full context, i am disgusted by the choice of words.

    everything in this statement is an advertisement for andy's product, and there is no apology at all, they just failed to live up to their own marketing shill.

    i try to like microsoft, honestly i do, but they are such backward creeps, sometimes.

  • by edis ( 266347 )

    That is why we are building it on GitHub in the open where everyone can contribute.

    That's why you are acquiring Open.

  • where everyone can contribute." So this is being released under the GPLv3 right!! To benefit the community.

    Just my 2 cents ;)
  • This is Microsoft's WinGet:
    https://github.com/microsoft/winget-cli
    Seems to be coded in C++

    This is AppGet:
    https://github.com/appget/appget
    Seems to be coded in C#

    I took a superficial look at both trees, and they definitely doesn't look similar to me.
    Maybe they were inspired by the features, command line interface design and design decisions, but it doesn't look to me actual code was copied.

    However, this is what the author says in https://medium.com/@keivan/the-day-appget-died-e9a5c96c8b22 [medium.com] :

    Code being copied isn’t an issue. I knew full well what it meant to release something opensource and I don’t regret it one bit.

    "Code copying isn't

  • I remember long long ago, when the zip compression function appeared in Windows (Win3.1? I forget now.). Curiously, I seem to recall doing a grep of the Windows directory and finding our familiar "Info-ZIP" heading buried deep in the zip-related binaries.

    Not for long, of course: later updates quickly removed that little mistake. Nothing illegal with copying all the Info-ZIP C source, of course: the Info-ZIP Workgroup worked ahrd to distribute it as widely as possible, to port it to as many different syst

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...