Why Microsoft can't ship open source code

I've suggested a few times that Microsoft could go beyond just cooperating with the open source community and actually ship open source code. For instance, Paint.NET is a great alternative to MS Paint, so not just bundle it? Tonight I had a very long conversation with someone who is in a position to really understand both Microsoft and open source. Now I understand why my suggestion - though well intentioned - was hopelessly naive.

Update: As pointed out in the comments, I'm referring to cases where Microsoft would be shipping open source software they didn't write. Microsoft ships several projects as open source via CodePlex and SourceForge.

The problem boils down to code pedigree, the nightmare scenario, and software patents.

There are only really four software license - proprietary, and copy-left, public domain, and copy-center. Here's a gross oversimplification, just for the sake of discussion:

  • Proprietary - The code is covered by copyright and / or patent. It is illegal to use this code without a license.
  • Copy-left - Think GPL. You can use the code, but must ship the source and contribute any changes back to the original project.
  • Public Domain - The code is yours to use. Have fun, don't blame us if it doesn't work.
  • Copy-center - BSD, MIT - You can use the code, but you have to keep the copyright notices with it.

So, you can understand why Microsoft couldn't ship code under proprietary and copy-left licenses. But why not ship public domain and copy-center code? For instance, Paint.NET is under MIT license, which clearly says that it's okay to distribute or even resell the application or derivative application. Because it's not possible to verify the code pedigree.

To understand the code pedigree problem, let's talk about the nightmare scenario. Let's say Microsoft took my advice and shipped Paint.NET as a Windows Vista Ultimate Extra. Unbeknownst to Microsoft - or even the Paint.NET project leads - a project contributor had copied some GPL code and included it in a patch submission (either out of ignorance or as with malice aforethought). Two years later, a competitor runs a binary scan for GPL code and serves Microsoft with a lawsuit for copyright infringement. Microsoft is forced to pay eleventy bajillion dollars and damages. Perhaps even worse, they're hit with an injunction which prevents selling the offending application, which requires recalling shrinkwrapped boxes and working with computer vendors who've got the software pre-installed on computers in their inventory. All for shipping a simple paint program.

So, the risk is too great to justify the small reward.

Note that this is a simple business decision, not a religious one. Microsoft's not avoiding the open source code because they don't trust the code quality, features, etc. They're a big target, and they just can't take a major risk like that.

That also explains why Microsoft can't just bundle developer tools like NUnit and NHibernate with Visual Studio and ends up re-implementing those features in Microsoft-native releases. Since there's no real way to prove the code is "clear" for redistribution, in most cases the code can't be shipped. There's no real way out of that until software patent law changes.

That doesn't prevent Microsoft from participating in the open source community, though. There are two main ways it can do that:

Microsoft can release projects with source code on sites like SourceForge and CodePlex when the potential damage is low. The kinds of projects you'll see released as open source are generally good tools which will benefit developers, but wouldn't cause a major crisis if they had to be pulled. They can't, however, accept community contributions since they can't verify that the code is free of copyright / left restrictions.

Microsoft can support open source projects run by non-Microsoft developers (by support, I'm not really talking about financial contributions). I've been part of some great talks with Sam Ramji and others who are working hard to help out Microsoft's growing open source developer community[1]That . You can connect with Microsoft's open source strategy team on Port 25.

[1] Note that while I've had several good talks with Sam here at MIX, he wasn't the person who explained the above issues to me. That person asked that I not use his name, then vanished behind a ninja smokebomb cloud. I've done a good amount of editorializing here, so I'll take all the blame for this post. These views are my own and should not be construed to express the views of Microsoft, its employees, your neighbors, or of Forest Whitaker.

21 Comments

  • Great post Jon, I can see two ways around.

    A product that is shipped for free (like Paint.net) could be shipped in binary and code form. It does not cost anything for the user at all. Contributing to the code means not using GPL code but the a open model means your not having any cycles of over QA to CYOA. If Microsoft still want more CYOA then a terms of use agreement (click here to download if you agree to the following terms) with a legal protection from such claims means that your not risking action.

    second issue is that shipping ms products with oss products runs the risk of "your paying for a free bit of software". Ways around this may be that the license terms of preinstalltion clearly set out that license terms of the oss software and your (as a user) use of it. In addition that the box clearly states what your paying for and what you get for free.

    I know ms legal will never buy it a millon years so ideally I'd like ms products to engage oss products more. So its really down the user to install mbunit or nunit in there vsts installation but if they do it works like a dream.

    Andy

  • Jon, I managed contributions to open source projects by third-party developers at two big internet companies (eBay and Yahoo). Somehow we (and many other companies, including IBM) were able to manage it without getting the pants sued off us. Why, then, isn't mighty Microsoft able to figure it out?

    It would seem that this has to do with an anti-open source hysteria that Microsoft has been fostering for more than a decade. I fear that the conversation you had at Mix was a part of that.

  • The simple question that comes to my mind is how does company like google, IBM, Novel, Yahoo..... do it then

  • Yeah, I call BS. It's easy for them to hide behind the supposed risk and FUD that they've been peddling for years (and which they apparently now believe themselves). And other commenters pointed out that Microsoft continually ignores perfectly good open-source projects, especially when they might want to move into those markets.

    The truth is that Microsoft only believes in open source as a means to draw people into their commercial offerings. They only support open source just enough to look nicey nicey for the headlines. Releasing DLR as open source but not the rest of CLR needed to run it is a perfect example.

    And there's another truth here...at the same time that Microsoft claims their hands are tied by copyright and patent laws they continue to file scads of new patents and kowtow to the recording and motion-picture associations. They're part of the problem, when they could be part of the solution. It is the same with Microsoft's open source strategy...you can't send minions out to talk about how dangerous and evil open source is while simultaneously doing the open source happy dance on stage to whooping fans.

  • Microsoft shares the code for Enterprise Library. Doesn't that count?

  • Uh... MS ships open source code today, AFAIK. SFU/SUA I believe ships with gcc and other gnu tools, and is now part of some Vista releases (i.e. this isn't an add-on). Silverlight will almost certainly be bundled in the future, and it contains the DLR under a BSD derived license (Ms-PL). They have BSD code in core parts of the OS, and have had since nearly the beginning.

    You give a good argument for why every company should be cautious, but that doesn't mean MS can't ship OS code.

  • I think that an important distinction is lost here.
    OSS project that Microsoft is the sole contributor to isn't what we refer to here.

  • Just curious: why would Microsoft, as an organization, want to ship or contribute to open source projects in any significant way? How would Microsoft (and its' shareholders) benefit?

    (Note that I'm not denigrating open source, or saying that Microsoft wouldn't benefit from doing so, I'm just asking people to look at the world from the Microsoft corporate point of view, then ask why the organization should make such a decision.)

    I just don't see it happening in any significant way. It goes against the 'observed' culture ('observed' from the outside looking in.)

  • Michael,

    Because the open source tools promote the use of the Windows platform, even if they outperform the tools that Microsoft itself is putting out.

  • I think that someone may point out the price of the commercial project if open source software is included. There would always be somebody accusing microsoft of selling the Open source software at some point.

    Surely It would be easier if microsoft made a free bundle for different classes of people (developers, home users etc.) like google have made. ( pack.google.co.uk )

  • "Microsoft doesn't even PROMOTE applications like NUnit...."

    Enterprise Library ships with both VS and NUnit tests.

  • I think the biggest reason Microsoft won't do it comes down to the fact that it seems so many people want to sue them for everything why should they add one more thing to the list of items that people want to sue them over. I know this will upset many but it seems like there are many out there that exist solely to sue Microsoft for every little thing. The sad part of that is many of those who consider suing should look in the mirror at themselves first and how they treat others.

  • This must be a more modern Microsoft policy then. The original Windows NT Winsock stack was ripped from BSD sockets. It even included the requisite BSD copyright info.

  • Usually in a market, if two offerings are complementing each other, such as licenses and services, the provider of one offering tries to make the other offering cheaper, so customers can spend more money on his offering.

    Microsoft fails to make the shift most bigger IT companies made, no matter if HW or SW initially: from products/licenses to services. It probably will fail to do the shift a long time from now, hopefully to the point where they destroy themselves.

    Open Source is an enabler for services. You can build cheaper custom apps if you start from some open source code, which doesn't imply license costs. Conversely, cheap services are enablers for licensing - you are willing to spend more money on licensing various servers if there are cheap development services available for these servers. So Microsoft is providing a huge network of development partners to its customers, and a lot of easy to use development tools to its partners - this should foster sales of licenses.

    Unfortunately for Microsoft, corporate IT consumers become more and more aware that since there are providers of software as a service for all kinds of projects, and consuming software as a service is cheaper than buying licenses and cheap development srevices, their market position will continue to erode, and the pace of erosion will increase.

    That's why I think it would be a good thing for the IT industry if Microsoft disappeared from the market. On one hand, the obsolete business model they push would disappear, on the other hand, many of the big customers of Microsoft, where Microsoft holds its position solely on a political basis, would recognize the mistakes they made, and start working towards a general situation in the business so that something alike should never happen again. This would only benefit small services companies like the one I'm working for, and would elliminate very much of the unreasonably expensive and inacceptably bad software offerings available on the market today.

  • Most serious OSS projects have fairly hefty copyright assignment agreements. In other words, when you as contributor submit a piece of code to the project, you agree to assign copyright and ownership to the project, as well as assert originality of the code, and that you have permission to contribute it.

    I do not see why Microsoft, with it's veritable army of lawyers, is not able to draft an ironclad contribution agreement that protects them.

    Why couldn't Microsoft implement a similar policy for projects where community involvement makes sense?

  • Sun ships plenty of open source programs that they didn't write in their default install of Solaris. Furthermore they indemnify all of their Solaris customers, so if you use Sun products, and Sun screwed up in licensing something, they'll take the hit for you.

    I don't see how Sun can do it, but Microsoft can't.

  • Microsoft can't ship any software they didn't write because of patent and lawsuit worries?

    Absolutely false.

    Ftp.exe in Windows 95 used BSD code and it includes the string "Copyright (c) 1983 The Regents of the University of California."
    They already shipped a program based on open-source code.

    Also, Apple ships all kinds of things based on open-source projects. Safari is based on KHTML, OSX includes CUPS, Apache, and all kinds of open-source tools. Apple would be a good target for patent and lawsuit issues, but they don't seem worried about it.

  • @Scott: The GPL has never been tested in court, because if the violator wins, they've lost their license to use the software. The software then reverts to proprietary, copyrighted software, and is not available for use.

    FWIW, the code provenance question is just as significant for closed source companies like microsoft; they are simply relying on security through obscurity to defend themselves against any of their employees who choose to take unethical shortcuts.

  • > Isn't the whole proprietary Mac OS based
    > upon the open source Mach kernel and the
    > open source BDS Unix?

    yes, but so is Microsoft's own Services For Unix (aka Integrix). So Microsoft is also doing this.

  • Jon, that is a pretty poor argument. Contamination with code for which you do not have a license is not restricted to open source. There have been several incidents where unlicensed code was illegally used in proprietary programs. So if MS really worries about gigabillion dollar lawsuits that never seem to harm MS's competitors, they should have a lawyer check each line of code. MS is not doing that, so this can't really be the reason.

    In the real world, judges do not force companies to pay large amounts of money for honest mistakes. They tend to forbid you from shipping the code for which you have no license, although they will usually be fairly lenient (especially when the costs are high). In your example of an 'illegal' Paint.NET shipped with Windows, I expect that the judge will order MS to replace the shinkwrapped boxes and OEM installs in a reasonable period of time. It's even possible that they are allowed to wait for the next service pack. In any case, there will be no lost sales. More importantly, this exact same scenario can happen when MS developers copy code illegally or infringe on patents. So MS already runs risks by shipping Paint and WMP with Windows. Shipping Paint.NET is not particularly more risky.

  • As has already been pointed out, MS policies have nothing to do with actual financial risk. Its a customer psychology thing. If Microsoft starts relying heavily, and promoting, a diverse range of open source offerings, it can't enact control over distribution and usage.

    Case in point visual foxpro (from wikipedia):

    In late 2002, it was demonstrated that Visual FoxPro can run on Linux under the Wine Windows compatibility suite. In 2003, this led to complaints by Microsoft: it was claimed that the deployment of runtime FoxPro code on non-Windows machines violates the End User License Agreement.

    As long as Microsoft writes the code they can be Nazis about how it is used. Extensively relying on an open source library decreases the level of Microsoft integration in a system, even if it doesn't expose their proprietary code. Where comes that line when customers realize they can just switch to Linux and it won't kill them. This isn't about developer apps, that's just symptom. This is about making sure that the customers who don't know any better or don't have the time to work out an open source integration, don't go anywhere.

    Mac, isn't the issue, they are a different kind of enemy? There just as bad as MS, only they nail the customer in a different way. Instead of locking them into the software, they lock them into the hardware. I can tell any bozo in an email how to build their own PC. You can't do that for a Mac; that should tell you something. CD drive broken? Ship it back and we'll fix it for a hundred dollars vs. get a new one at the mall for $40 and swap out the screws.

    Microsoft knows that the war against Mac isn't about software distribution, its about getting Joe Sixpack (or was he a plumber), to spend more money than he needs to on a flashy system.

Comments have been disabled for this content.