The attitude in these threads always boggles my mind. When YOU, your teammates or someone else you know makes a mistake, then it’s just a mistake. But when someone at Microsoft makes a mistake it’s because Microsoft is evil and by extension so is the person who offended.
“It’s a big company”, you say. They should have a process! And I’m sad to say, they do/will have a process exactly because of this attitude. Then, everyone wonders why it takes forever to fix that bug they’re furious about or why features are slow to come.
Full disclosure: I work for MS, though have nothing to do with this. It’s a huge company. I know hundreds of people and most of them are upstanding and try to do the right thing.
This is a bot that is supposed to configure the right license when employees start a new repo in the Microsoft GitHub org.
It seems the automation is also triggered when Repos are forked into the Microsoft GitHub org which isn't correct behavior.
This isn't a deliberate action. If it were plenty of employees (myself included) would be outraged.
I assume it's a bug in the bot - an edge case that was not considered. It is very rare to fork something into the Microsoft GitHub org after all.
I looked at some of the other forked repos (95 out of 4.5K repos) and all the human commits from MS I saw seem to care about getting the licenses right. So it really is just a broken bot.
I hope the bot can be fixed soon and I'm going to put my figurative pitchfork down now.
He wrote a great response. Not many people I know would stand in front of a online mob and say "It's code that I wrote". And then fix it on Christmas!
While I'm glad this got resolved so quickly, I'm slightly ashamed of myself and the HN community for how we handled this. In hindsight the outrage was wildly out of proportion for a simple bug.
If you look at life as good & evil, you won't solve any conflicts. You should rather focus on "incentives". Correcting bugs and errors take time and other resources, therefore require incentive to prioritize.
If their bots were to stamp Microsoft projects with open source licenses, there would be huge incentive for them to tackle this problem within this sprint, and make sure it never happens again.
This bug profits them, or does not harm them at worst case. Therefore, by drawing attention and applying pressure, we should create the incentive for them to allocate resources to fix it, and make sure it does not repeat.
How can someone be so bad at their job that they realize that a bot that writes to the license file needs to avoid overwriting an existing file? A certain degree of malfeasance cannot possibly be explained as incompetence.
Please don't pile on like this. You can make your substantive points without "how can someone be so bad at their job" hyperbole. Any mistake can be made to look terrible if you're uncharitable enough.
> A certain degree of malfeasance cannot possibly be explained as incompetence.
This is a missing conditional check, a mistake that is extremely easy to make and one I’m sure you’ve made at least once if you’ve been a professional programmer for any significant length of time.
or maybe they do not know/they missed that creating a fork from an existing project actually triggers “new repo created” event in the github organization, which has an unintended effect.
I agree with you in principle but "stamp out" and "be better" are phrases that produce the opposite of what you're aiming at. We're trying to avoid the online callout/shaming culture here.
These forks may be done for security purposes for projects that use source-based build systems so that the depending project doesn't have 3rd party repo dependencies.
As someone whose developed similar GH integrations, getting things right with their API is fairly tricky. What would actually be desirable is public-to-private forks so that the fork-dependency pattern is more enterprise friendly and this kind of confusion is mitigated.
Have you considered that the reason for the outrage is because people don't actually trust Microsoft to do the right thing? I can see this is a mistake, but surely the litany of awful business practices by Microsoft in the past precedes it?
Sorry, I didn't mean to imply you were. But no offense, so what if it isn't acceptable to employees? The decisions by Microsoft are made by the management of the company. As an example of another company with severe credibility problems, I'm sure there are plenty of employees at Facebook who don't like working there now, but they are still there. And still implementing the policies and directions of management.
MS dev here. Thanks for calling this out. I contacted the GH@MS admins to look into this and to consider adding some safeguards to the tooling so this doesn't happen in the future.
How is it remotely possible to not understand you cannot automatically overwrite a license file with your own. If you yourself were creating such automation wouldn't that be one of the first and most obvious things you would think of?
A simple solution prior to writing to a file in this case is to check if it already exists. It shouldn’t matter what triggers this bot if it’s programmed safe and idempotent.
Nuking the existing LICENSE file and replacing with the canonical one is a good move when it's your own developers' work. They could easily have picked "a" MIT license or screwed up the copyright string, and getting this normalized from the moment the repository is published is important.
But it's important that this -not- get applied to outside work from forks.
It should raise an exception that causes a person to have to deal with the matter. I should not be surprised if I were to find that this is actually in fact so and the extra step is responding to a prompt which people got used to not reading.
The world is full of important people performing vital tasks either without fail or wherein failures can be caught by other individuals and processes that serve as guard rails.
The solution isn't merely to be perfect it is to have a process that is tolerant of the level of imperfection that one would expect. For example it is perfectly reasonable that a someone could have foreseen it not clobbering a license file without prompting the user this could have brought the matter to immediate attention, its reasonable to suppose that if the first person didn't foresee it someone reviewing their choices might have thought of it, its reasonable that someone might have viewed the commit logs and noticed what was going on.
None of this is an acceptable level of failure from people that drawing a 6 figure salary for a position of expertise or leadership.
I am not a MS employee but I do work as a software engineer at a small company and make six figures a year. Mistakes like this happen. In fact they happen all the time. There are a lot of people out there writing code on any given day. Some of them may have been staring at the screen for 12 straights hours trying to make a release date. Sure its a lot more visible when someone like MS makes one, but think about the actual issue here. They did not create a feature with the intent to overwrite existing licenses files, they made a feature to ensure the correct licenses were added to new repos. Now they forgot one edge case (out of how many thousands or millions?), took ownership of the mistake, and are taking actions to correct it. Overall to me that seems like a very small bug that they took/are taking steps to fix on Christmas no less.
>>None of this is an acceptable level of failure from people that drawing a 6 figure salary for a position of expertise or leadership.
If the rest of the world thought like you we would not have any people left in high paying jobs. Everyone is bound to make mistakes. Owning up and setting things right is what is important in my eyes.
> The world is full of important people performing vital tasks either without fail or wherein failures can be caught by other individuals and processes that serve as guard rails.
Sometimes planes literally fall out of the sky. NASA caused a space shuttle to explode killing the entire crew. It is fundamentally untrue that anywhere in the world we have perfect people or processes.
> The solution isn't merely to be perfect it is to have a process that is tolerant of the level of imperfection that one would expect.
I expect that occasionally sometimes people will ship bugs and neither they nor the processes in place will catch them. This is a very minor bug. This is not the sort of bug that keeps engineering leaders up at night.
> For example it is perfectly reasonable that a someone could have foreseen it not clobbering a license file without prompting the user this could have brought the matter to immediate attention, its reasonable to suppose that if the first person didn't foresee it someone reviewing their choices might have thought of it, its reasonable that someone might have viewed the commit logs and noticed what was going on.
It’s really easy to point at others’ errors with the clarity of hindsight. But everything you said here boils down to just predicting the specific broken case, which is useless advice. Even your suggestion to check commit logs is useless unless you know the bug you’re looking for. It’s not as if Git spews errors when a license file is changed and it shouldn’t be. And if they knew what to look for in the logs, they wouldn’t have checked in the bug in the first place.
This team has doubtless shipped thousands of features. It’s unsurprising that they’ve shipped some bugs.
> None of this is an acceptable level of failure from people that drawing a 6 figure salary for a position of expertise or leadership.
You’re talking about a bug that caused a license file to be incorrectly changed and the fix is a revert. There is an audit trail of what happened and what repos were affected. It literally had no meaningful negative effect except to Microsoft’s image with the severest of critics, and to Jeff Wilcox’s holiday break. This is not a Therac-25 level incident.
I find it very interesting that none of the hyper-critical people in the comments here have discussed catching any broader class of issues. There are many comments criticizing the author for failing to check for an existing license file. (e.g.” How can someone be so bad at their job that they realize that a bot that writes to the license file needs to avoid overwriting an existing file?”) None of those comments that I’ve seen addresses the fact that adding a license file during a fork at all is probably an error. No, just criticism about this one case because someone told them about the exact observed bug so now it’s obvious.
The ability to criticize an error someone else already found is not valuable or constructive. And if this is the best you can bring, your judgement is certainly no better than the engineer who created the bug in the first place.
Disclosure: I’m a Microsoft employee.
Further disclosure: If someone showed up to a postmortem for my team with this level of condescension and no useful advice, I’d tell them to be quiet or leave.
> Further disclosure: If someone showed up to a postmortem for my team with this level of condescension and no useful advice, I’d tell them to be quiet or leave.
If I worked with you it would be my responsibility to support my coworker and help them improve. As it is neither of us has much of an obligation to the other we are uninvolved third parties giving our unsolicited opinions to one another. It is a privilege as an uninvolved observer to another to analyze it frankly without worrying about hurting someone's ego. It is OK I think to look at some mess or other and the inevitable conciliatory excuses and or hostile push back against criticism and call bullshit.
> None of those comments that I’ve seen addresses the fact that adding a license file during a fork at all is probably an error. No, just criticism about this one case because someone told them about the exact observed bug so now it’s obvious.
This is an excellent point insofar as explaining why the bug might have happened. I disagree however that it is sufficient explanation. Such code should still check for the presence of an existing license file for another license and raise an error that requires human intervention to override. That is constructive and actionable.
> This is an excellent point insofar as explaining why the bug might have happened. I disagree however that it is sufficient explanation. Such code should still check for the presence of an existing license file for another license and raise an error that requires human intervention to override. That is constructive and actionable.
Sure. In retrospect, that seems like a really good idea. But I'm sure you've done an awful lot of stuff that is dumb in retrospect, too.
Legal asks for tooling to ensure that the correct license file ends up on all developer projects. It's known that developers will often Google license agreements, copy them from places that don't belong, end up with the wrong LICENSE from a templating mistake. Someone builds tooling to just smash the correct LICENSE file in as a first commit on any repo that shows up in the Microsoft org: if it's an active developer and this is the rare case where this logic is wrong, surely they'll notice that this has happened, and this will prevent code from being up with an incorrect license.
Then, the use case evolves: people start to fork things into the Microsoft organization, and this code does the wrong thing an appreciable fraction of the time. But no one is scrutinizing commits on forked repos to the same extent and doesn't notice.
Maybe you do much better and have never made a mistake like this. But real people make real mistakes. Yes, when you encounter a mistake, you try to get better for next time! But that doesn't mean that we should expect a 0 mistake rate out of ______ org or not assume good faith with an ordinary rate of bad outcomes until proven otherwise.
Unlike the GP poster, I am not a MSFT employee-- I am often skeptical of MSFT actions but they get a pass here. Obliterating the license file has no advantage for MSFT, and has the risk of legal exposure and this kind of public black eye. Obviously someone screwed up, but screw ups happen. Now that Jeff Wilcox has had to work on Christmas, you can be sure he will be even more attuned to this type of issue in the future.
Wrong. The more links, the easier it is to argue that it's a mistake. Automation is hard, you know? Especially if no one noticed these and called them out on it until now.
> Wrong. The more links, the easier it is to argue that it's a mistake. Automation is hard, you know?
Is it wrong though? I mean, if Microsoft's reiterated pattern of license switches is automated, wouldn't this also mean that the error would be easily detected based on public feedback alone? And given this was not the first or second or third separate and independent occurrence of this pattern, if this was a honest mistake then wouldn't this already be addressed in any of the multiple past shout-out?
Microsoft, a collective group of people trying to do the right thing, has made many choices over their time. Many of those choices have been in direct violation of things like, but not limited to, the spirit of the Internet, anti-competiton, spying on their customers, and many other negative things. Should we have let those things slide because Microsoft employs others that weren't involved? No. You can say this may have been a mistake but that is a slippery slope. Microsoft deserves negative press on "mistakes" because this acts as a balance to keep the power they wield in check. Beyond that you have a significant bias against biting the hand that feeds.
In my opinion, this gets a strong reaction because:
1. They made similar mistakes in the past.
2. They didn't fix it for half a year.
3. They can expect strong financial benefits from making these mistakes.
4. They've recently burned a lot of goodwill by deliberately infringing licenses on a large scale when they trained Copilot.
5. They could have easily prevented this kind of mistakes.
My summary would be that Microsoft deserves to be punished for making this mistake. If nothing bad happens now, then we'll have the same discussion again in half a year from now.
In some cases, they changed other licenses to MIT. That would then allow them to train their AI models on this source code, or redistribute a closed-source monetized GPL rip-off.
Team A) makes a mistake and changes the license.
Team B) uses the fork under its new license and forgets to check the original branch's license.
Two honest mistakes leading to a de-GPL-ed library.
I was talking not only about this specific instance of it happening, but Microsoft had similar mistakes throughout the past 6 months. Here's the one from CUPS, a Linux printing library:
It used to be Apache License, then it became "MIT License (c) Microsoft Corporation". Thanks to the attention that this thread got, it has now been fixed:
But that source code was online with the wrong license for more than 6 months. Imagine if you had hosted Windows source code with a misattributed MIT license for 6 months... They would also bring out the pitchforks ;) Or even worse: well-paid lawyers.
I asked what Microsoft had to gain from altering an MIT license. You're answering a different question. But, fine, I'll bite: tell me how Microsoft stood to make a nickel by modifying an Apache license.
The MIT license puts essentially no restrictions on them that they would need to relicense out from under. They can't un-MIT it. So I'm still not clear on how you propose for them to make money by doing this. Do you have an answer to my question?
If they can change the copyright ownership from an individual to themselves, then they could (however unlikely) change the license on subsequent revisions to no longer provide the software free of charge, and could prevent anyone from using the software and associated documentation files in an unrestricted form.
> then they could (however unlikely) change the license on subsequent revisions to no longer provide the software free of charge,
You don't need to change the "ownership" to do this. MIT licensed software can be put under more restrictive licenses for subsequent revisions by anyone.
I think the OP is playing 20 questions for their own entertainment. I think what they're not telling you is that there's nothing to prevent someone from making a closed-source product incorporating something which is MIT licensed (but they're still supposed to give credit where due). That's also not the whole story. Squirrel!
If they don't know the answer to the question I actually asked, all they have to do is not answer it. I object to the notion that I'm the one playing games here.
It does seem like you are doing this. I have tried to answer you. Instead of asking questions, just state how you believe I’m wrong. I’m ok with this, if I’ve not understood something or made a mistake, I’m happy to concede.
Asking questions until you get an answer you want worked for Socrates, but for everyone else it is better to just state what is wrong about my and other’s argument and the reason why.
As was pointed out upthread: your theory about what Microsoft stood to gain from this license change was simply incorrect. I'm not sure what we're still discussing at this point.
You said I hadn’t answered your question. What I said was incorrect. Ergo, I answered your question. You told me I hadn’t answered your question, now you say I answered your question but I was wrong. Try to make up your mind.
If you are confused what is being argued about, perhaps stop.
Again, as was pointed out to you upthread, the license terms on that project already allow them to do the thing you claim Microsoft was hoping to do by altering the license. It's a MIT license! It's practically the least you can do beyond writing "these files are placed in the public domain".
I'm sorry to beat up on you. It's not your fault, but someone upthread wrote that Microsoft's developers should have known better than to have this bug, because developers should all understand licensing. That set me off, because in hate-reading this thread (something I should obviously not be doing), it's clear that a lot of Microsoft detractors here simply don't know what the MIT (or Apache) licenses do.
But then, the reason I started hate-reading this thread in the first place was that I clicked on the story link, saw an authorship edit to an MIT-licensed file, and thought to myself "how can so many people here give a shit about this?"
Ah. I see, that’s fair. You aren’t beating up on me, it’s better for me to find out about an error than not at all. Thank you for explaining the problem.
They're asserting ownership. By asserting ownership they're converting good will and assuming the mantle of authority, which will sway plenty of weak-minded people: hey it's Microsoft.
I see how that gets them a C-grade Mastodon lyric, but not how it gets them a nickel. Did I ask this question in a particularly weird way? The responses it's getting are a little confusing.
This isn’t just one person making a silly mistake. This is a catalogue of failings. Where’s the peer review? Are you suggesting that anything published in the main branch on Microsoft’s GH org gets commit without any branch protection? And as pointed out by others, this isn’t even an isolated case.
A healthy org doesn’t blame individuals, it blames failures in process. Thus Microsoft should own this mistake. Stating it’s the fault of an individual sounds more like your team operates a blame culture. Which, frankly, is a major red flag for a failing organisation.
I’m satisfied that the situation has been, or at least will be, resolved.m however there is still the unanswered question of who audits the changes the bot makes.
There is a definitely lesson to be learnt here that bots aren’t infallible themselves and thus need reviewing too. Automation undoubtedly enhances our developer experience but we do need to ensure that automation doesn’t make unchecked changes. This is something a great many engineers can learn from too.
Just pointing out this (reality distortion) is a general phenomenon. Have seen the same in all big companies (& many small). As an employee you want the best for the company and you naturally imbibe the company culture and that is perfectly fine. But there is a line and this is something one has to watch out for as an employee. As an example, seeing any critical comment from outside as an attack on the company.
It is good that an employee explained how this particular event happened and that is to their credit.
I respectfully, and vehemently disagree. Informing someone that they may be drinking too much of their company's Kool-Aid, without knowing what is in it, is a moral obligation.
Despicable that you present this as a bannable offense.
Sorry, but garden-variety internet comments and cheap personal attacks don't rise to the noble level of moral obligation. The comment plainly broke the site rules. That's not allowed here. If people have noble duties to fulfill, they can do that without breaking the rules.
I too don't think there is any "moral obligation" involved but I did feel it was perfectly fine to point out what I did. I quoted their "I work for MS" to provide the context for my comment, nothing more.
Sorry, but that's definitely not accurate. You quoted it as part of a personal attack: implying that someone was lying about making a mistake, imputing sinister motivations to them instead, and adding a name-calling putdown into the mix (accusing them of being inside a "reality distortion field", as if you know more about their world than they do). All that is clearly against the site guidelines: https://news.ycombinator.com/newsguidelines.html.
You are insinuating astroturfing with no evidence other than "I work at Microsoft" and your personal, albeit somewhat justified, belief of "MS bad". It's not a constructive comment.
Ok, but anyone could say that about any comment, so from a moderation perspective that is either an empty point or means that we shouldn't moderate anything at all.
For practical purposes, someone has to make judgment calls about these things. The way we do that is that we have a set of guidelines (https://news.ycombinator.com/newsguidelines.html), and moderators who make calls about which accounts are breaking them. We try to be as even-handed as possible when we do that, but certainly no one is going to agree with every call we make. Nevertheless, someone has to do the job, and that includes banning accounts when people break the rules and aren't interested in modifying their behavior.
Moderation is absolutely necessary. What bothers me is that we are 4 or 5 comments deep, and you still seem to not understand why I spoke up in the first place.
The comment you initially replied to did not come off as a personal attack at all to me, in fact, there was nothing personal about it. They took data that was shared with them and used their experience to spit out their own thoughts on the matter.
So, I am calling you out for being a bit too zealous with the power you wield. What you do with my perspective being shared with you is up to you, but you're doing a lot to not just ask yourself "Was I being too harsh?" ... Here you have a human telling you that yes, that was too harsh.
Calling out the bitter flavor of a corporation's kool-aid is not a personal attack on anyone. Period.
If you (edit: I meant the original commenter) had just said it about the corporation, it would still not have been a high-quality HN comment, but I wouldn't have posted a moderation reply.
Sorry? I did not attack anyone. I am defending a comment by somebody else in which you presume they are personally attacking someone who has openly admitted they work for Microsoft.
You really are lost aren't you? Along with the irony of mentioning "high-quality" comments. Wow. What is the _level of quality_ when the commenter has lost track of the person with whom they are speaking...? In case you missed it, I'm talking about you.
I will re-iterate, because I'm patient. I am telling you that you were overzealous in moderating a harmless comment about Microsoft as a company. There is no personal attack in the comment, no matter how you choose to view it.
Feel free to understand the perspective of others before you blindly share more of yours. What a disgusting interpretation of "moderation." Censorship is a much better word to describe where you're headed.
You're right, of course: the comment I described as containing a personal attack was by bakul (https://news.ycombinator.com/item?id=29684540), not by you. Sorry for mixing that up! I've added edits to the GP to clarify.
> I took the comment to be a refreshing dose of reality.
This is how I meant it but I could have phrased it or presented it differently as this point got lost at least with the moderators and may be many more. Will try to be more careful in the future.
I appreciate your speaking up. And I also appreciate the moderators in trying to keep the discussion standards high. They have a tough job trying to decipher the intent of every commenter.
I don't work at Microsoft but I can confirm. There are so many "suggestions" for Microsoft Teams. I don't know if there exists another company whose employees are more critical of Microsoft Teams than Microsoft.
My personal conspiracy theory is Teams would have died long ago if not for strong support from the top.
Which is odd because Github doesn't use Teams, they're Slack based. As in, if I set up a meeting with my Github counterparts they're late because they had to install Teams.
when $new_repo in $msft_github:
echo $standard_license > LICENSE.md
Could just be normal practices, and doesn’t check if a license already exists because it’s usually handling non-forked OSS repos. What’s the phrase? “Never ascribe to malice that which is adequately explained by incompetence”.
I don’t know why people assume the more money you make the more infallible you are. Trust me that every FAANG engineer has written code with some similar pitfall that seems so obvious from the outside.
Respecting a license is completely orthogonal to the unintended behavior of an automation used on something it wasn’t really meant for (fork rather than a new repo)
This is the peril of the imaginary "corporation" identity. People expect a company to be one coherent and consistent entity, but although a company can be managed well, establish culture and processes, and progress towards cohesion, it can never become as coherent as one person. And a person is not that coherent in the first place.
I am sure I subconsciously make the same mistake when I think about other companies. But I am making conscious effort to get better, take a more forgiving view on the humankind and give people as well as corporations chance to try again and be a better version of themselves, build the mental capability to remember that corporations are comprised of real people, and people make mistakes, and reasonable people who make up the majority of the population are constantly seeking (just struggling) to be better versions of themselves.
Ok. I worked at MS from 2005-2015. As I recall, there was this huge formal legal process and due diligence around including a single line of open source code. Is that not still the case? Am I remembering it wrong?
You have to take "companies doing good" always with a grain of salt. They're profit seeking companies, who act aggressively in their own interests.
It doesn't have to be a debate on "good vs evil" I've always hated those terms applied in these contexts, it's childish and for the naive. Fix the problem and move on.
'Profit-seeking companies' begs a common pejorative that actively reduces the variety in the pool of companies. It may not be descriptive of the companies for which this is not an overarching motivation. Many of them really want to make a happy customer by crafting as good a thing possible for the price they charge, and be well by their employees.
That said, I can relate the the cynicism especially for the giants. But painting them all as 'profit-seeking corporations' may deaden a satisfaction that comes from being a customer for a company you believe is good.
A company is merely a useful legal and organizational fiction. It's all people all the way down and those people don't act in a different moral context when they act on behalf of a company.
Microsoft is a rather special case of a company that has virtually no goodwill in the open source world. These are the dividends that result from statements and actions over decades. So when something like this occurs, the default reaction is often 'of course... it is Microsoft after all'.
Few people are likely to know <insert employee here> but many people are very familiar with decades of bad behavior undertaken by Microsoft not as isolated misdeeds but as a matter of policy. Lacking personal context misdeeds or mistakes are extremely apt to be interpreted in context of literal decades of bad behavior by Microsoft.
I mean come on the seismic change in leadership at Microsoft is just former lower echelon leaders during the time frame that MS was doing wrong now moving up and taking the helm.
We are after all talking about the company that tried to destroy the competition by funneling money into a fraudulent lawsuit/pr campaign that was a front for a pump and dump. The only thing separating MS leadership and felony charges is meeting notes between them and SCO and the fact that important people don't go prison in the US if can at all be avoided. Lest we forget the current CEO was at this time an executive VP as well.
Maybe it boggles your mind merely because you yourself are an ethical person who comports themselves properly professionally and would want people to see your efforts good and bad in context of who you are. This is entirely reasonable but people don't know you personally whereas your company makes headlines for bad behavior.
I am finding it hard to accept that it is an honest mistake.
From my personal experience, every software engineer that works in a company of this scale is obligated to take a training course on software licensing and understand the differences, and the "dos and don'ts".
If Microsoft doesn't have such a program in place then that's a big problem and should expect harsh criticisms when such events take place and if they do then it probably needs to be revised because it doesn't seem adequate.
On the other hand, outside the context of MS, if a software engineer doesn't feel they are doing something dirty as they are replacing the license or the thought of I might get in trouble with legal doing that doesn't cross their mind, then they probably shouldn't be allowed to be at the front line taking actions that represents the company's name.
...Given that several engineers employed at Microsoft have been part of armchairing this along everyone else now, why is not one of y'all (not necessarily you but come on, this is getting absurd, holidays aside) still just busy discussing around it rather than spending the <5 minutes required per repo to start actually fixing the fallout of it?
if I did this to microsoft do you think I’d be granted the same leeway? could I tell them they need to cut me some slack because i’m one person and “there’s a process”?
This isn't true – the only billing system bug I've seen undercharged. Also if it was an overcharge, they would have made customer whole, whereas they wrote off the undercharge.
Microsoft doesn't really gain anything here – there's a clear "forked from" qualifier in the repo, they aren't republishing these packages, etc. The only people who noticed noticed in a negative light.
To reiterate, I'm not saying there's malicious intent in any single bug. Yes, billing errors don't lead to more revenue for the firm. I'm describing rather a systemic bias in incentives for the people doing the work (programmers) and supervising the work (managers).
Approximately. Moral hazard typically refers to sins of commission. Deliberately taking on more risk because you're insured. Here I'm thinking more of sins of omission. You just forgot to do something. You didn't have enough attention to devote to the task, so you rationally apportioned the attention budget to the areas most likely to be checked by others.
I'm just curious, is Microsoft actually in violation of the MIT license here?
All future changes to this repo are copyright Microsoft, so Microsoft's copyright should be in the statement.
Arguably there should be an additional statement indicating that LesnyRumcajs holds copyright to bits of code that Microsoft hasn't changed.
But
(1) exactly which bits have LesnyRumcajs's copyright would have to be verified by examining source control history. Since LesnyRumcajs's copyright statement is visible on any commit where LesnyRumcajs holds copyright, this setup makes actually makes it easy to verify which portions LesnyRumcajs has copyright claims on.
(2) Including LesnyRumcajs's copyright statement in repo history seems to be all that the MIT license requires. The license doesn't forbid there being another more easily accessible copyright notice that doesn't list all copyright holders. It only requires that LesnyRumcajs's statement be included in all copies of the software, which it currently is.
What you're saying doesn't make any sense. If what you're saying was true you could take any MIT repro, fork it and replace the license with a fully proprietary copyright claim or any other license. You absolutely can't take code and just change the license to anything more permissive without the original copyright holders permission.
It's definitely the case that at a given snapshot of the repository which has copyrighted code owned by someone else the copyright notice has to be there at that same revision.
The license wasn't changed. But yes, generally you can make changes to MIT code that aren't released under the MIT license.
> It's definitely the case that at a given snapshot of the repository which has copyrighted code owned by someone else the copyright notice has to be there at that same revision.
This isn't in the license. Where is this laid out?
MIT license is very permissive but the original author retains copyright and one of the very few restrictions is that you must maintain the original authors copyright notice. So you can use MIT code in a GPL project but you can't remove the original copyright notice and MIT license text.
I don't quite follow your thinking about removing the notice but having it somewhere in history; a given snapshot/ revision will be a distribution where someone can show up and download just the master branch newest state and not the full git history. In which case you surely have distributed a copy of the copyrighted MIT licensed code without complying with the terms of the license, right?
Folks who work at mega corporations with outrageous amounts of power have a correspondingly large responsibility to the communities they interact with. Their mistakes have a much larger impact. Honest mistakes by hugely powerful entities are not mere trivia. They have an effect on the rest of the world commensurate with their power. Thus they should be held to a much higher standard than everyone else.
Everytime I've taken the route that there is some evil, no good as come out of it but when you give a group of people the benifit of the doubt, I would argue the majority of the time it's just a mistake.
I feel like the only people with an attitude against Microsoft these days are teenagers trying to look edgy and critical thinking or pretending they are insiders.
You should see how HN would react if Google has done anything remotely close to it. If it was Google your comment would be downvoted to oblivion instead of being the top comment. Not to mention you'd be disparaged for protecting your employer.
Most processes for that type of thing come about only after someone has made a mistake.
Source: experience in the industry. Including having made a similar mistake myself a couple of years back (and receiving a fair bit of internet hate for it)
Nobody manually changed a license. The commits were made by a bot named "microsoftopensource" that exclusively adds copies of Microsoft's license file, support file, readme file and code of conduct to every new repository under their account.
If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future. They're here: https://news.ycombinator.com/newsguidelines.html.
For those of us that remember the “old” Microsoft, they are still obviously evil. Nothing they have done will change that view. Incidents like this prove that this zebra cannot change its stripes.
I think your comments does not add anything meaningful to discussion. Yes, Microsoft screwed up. Yes, a Microsoft employee is trying to make excuses for them. This does not mean we couldn't have a civilized discussion, though.
“It’s a big company”, you say. They should have a process! And I’m sad to say, they do/will have a process exactly because of this attitude. Then, everyone wonders why it takes forever to fix that bug they’re furious about or why features are slow to come.
Full disclosure: I work for MS, though have nothing to do with this. It’s a huge company. I know hundreds of people and most of them are upstanding and try to do the right thing.