alt.hn

4/21/2025 at 11:05:44 AM

Getting forked by Microsoft

 https://philiplaine.com/posts/getting-forked-by-microsoft/

by phillebaba

4/21/2025 at 12:53:53 PM

In distant times (before Microsoft's Satya era) I was the maintainer of a popular OSS product that scratched an important itch for specialist people who were doing work in the early cloud days. It solved my own problems, and I didn't want to make a business out of it, so I was content to release it as OSS.

A Microsoft director who ran a portfolio of product teams reached out to ask about a "collaboration". I said I'd be happy to send them my consulting agreement. There was a little grumbling about the rate but I just reiterated that it was my rate. After a lot of legal back and forth, they signed, I answered a bunch of questions for them in a 2-day workshop, and they paid.

If they want you badly enough, they'll pay. Don't work for free.

by jxf

4/21/2025 at 4:28:36 PM

They want you to be intimidated by their reputation because it's easier if you make concessions first hoping to get some benefit later. Keep in mind, these are business people and they're very good at it (otherwise they wouldn't be giants). The benefit will never materialize. Working for free just means it was an easy win and you left money on the table.

Do not work for free. Large companies have a shit ton of money. All you need to do is provide an economical argument in the form of your rate (which should take into account their expenses for having an employee / team work on it instead, hint: 2 x total compensation). Getting paid is just a matter of the guy who reached out to you to talk to his skip manager to get a verbal 'ok', and then the accounting department takes care of it. They're not going to pass on you just because you asked to be paid for your time - a business is used to paying for services. If they do pass on you without even negotiating your rate, then they were definitely not serious and nothing good would have come out of it for you.

Source: dev working at FAANG with 3rd party companies.

by optymizer

4/22/2025 at 8:19:21 AM

> these are business people and they're very good at it (otherwise they wouldn't be giants)

just adding the point that the people who made them giants have all left by now, and the people they have now are incredibly good at internal politics rather than actual biz. You will probably find that they are more interested in how you can make them look good rather than how you can make their company money.

But yes, do not work for free. Large companies have a shit ton of money. Agree 100% with parent.

by marcus_holmes

4/21/2025 at 2:56:11 PM

And as you illustrated, for a one-off project, rate doesn't really matter. It just needs to get approved by someone senior enough, who will ask "Do we have anyone in-house that knows this?" and "How much will it cost to do all this ourselves?"

If the answer to the first question is "No" then you'll be very cheap compared to the second answer no matter how much you cost.

by mathattack

4/21/2025 at 6:55:36 PM

Even just the salaried hourly rate of the people that work at the company that attend a 2 day workshop is already likely to be more than your megacorp rate. It doesn't matter to them, it's a rounding error to their initiative.

by vasco

4/21/2025 at 5:29:07 PM

Before the economy tanked the last time I was at a couple of places that still sent people to conventions. I took a notebook and went to a mix of talks about stuff I was interested in and stuff my company was interested in. I don’t think there has ever been a conference that cost more to send devs to than what we cost the company for a day, so having us out of the office is the most expensive part of the deal (maybe that’s why some conferences go into the weekend).

I usually came back with enough notes to save me at least a couple of weeks of work. If you know how to listen, talking to an SME can save you a ton of time.

And from what I understand Microsoft is good at planning interviews to sound like they’re extemporaneous while they’ve actually worked out ahead of time what questions they need to ask you to get what they want.

by hinkley

4/22/2025 at 12:10:35 AM

I always tell this cautionary tale when talking to friends turned founders. I was going to a 1-1 with a Director (Bob) in a FANG company. As I was walking to his desk, another Director and a Senior Director (Gus) called out to him that the meeting was starting and he should join -- he asked me to come along and tell him my thoughts.

It was a sales call with a 2-person tech company building some tools in the cloud native space. They were super eager, walking through the product. My manager put the phone on mute and asked "So what are we trying to do here" to the other directors. They replied "We just want to kick the tires to figure out how they built it, we're not going to buy". They let these guys pitch for 20 minutes, periodically asking questions and then muting to mock them. My manager nudged me to ask something, since I ran a similar initiative internally. I asked how they would handle a gnarly case we had and they didn't have a solution yet, but could come up with one (super eager, wanted the deal).

At the end of the call, Gus un-muted the phone and said "This looks great but I'm having a hard time following the demo. Can you fly out and show us in person?". The sellers paused and then started asking when the other was free etc, one was going on vacation but could "make it work" to come out the next week. Gus replied "Great, see you next week".

I left that meeting realizing they were all psychopaths. Notably, Gus had the charism of Gus Fring from Breaking Bad.

by leoqa

4/22/2025 at 11:36:20 AM

This happens at all levels of scale. Many years ago I was a PHP freelancer for a while and as often as not prospective "customers" would try to 20-question me out of the shape of a solution for them so they could avoid paying me.

by dickersnoodle

4/22/2025 at 2:56:59 AM

Did you eat any of these people and if not, why not?

by spiritplumber

4/21/2025 at 3:06:47 PM

This article and your comment reminds me of the story about winget/appget https://medium.com/@keivan/the-day-appget-died-e9a5c96c8b22

Note - maybe they don't pay you the developer sometimes, however.

by hypercube33

4/22/2025 at 4:02:15 AM

Steve Jobs and Winamp

by gscott

4/22/2025 at 9:34:39 AM

[dead]

by gnuly

4/21/2025 at 6:08:19 PM

I worked for them for six months just to help them collaborate with Mozilla, about 20 years ago. They will absolutely pay.

by burnte

4/22/2025 at 8:13:16 AM

> Don't work for free.

I may encounter this situation some day. Could you share how you structured your fees (and give the hourly rate you charged them :P) ?

by fabiensanglard

4/22/2025 at 1:15:29 PM

There was no hourly rate. It was roughly US$125,000 in today's dollars for the 2-day workshop with some other riders (e.g. additional consultation rate).

This factored in my prep time, prototyping, flights (since I didn't live in Redmond, where this team was headquartered, and this was before video calls were more popular), et cetera.

by jxf

4/22/2025 at 2:47:00 AM

> There was a little grumbling about the rate but I just reiterated that it was my rate.

Would you be willing to share what your rate was? I think it'd be useful for other FOSS maintainers to get a better understanding of their worth.

by joshdavham

4/22/2025 at 4:15:41 AM

I'm curious as well, but simply to understand why Microsoft would even waste time discussing the rate for a 2-day workshop.

by sureIy

4/22/2025 at 4:45:38 AM

I'm guessing that somebody pitched it to their superiors as a free solution with all the source code they could just take over and use, and now they had to have an awkward conversation about spending some money on the author. At which point it behooved them for it to at least be as cheap as possible.

by kazinator

4/21/2025 at 11:29:27 PM

They definitely will open the checkbook pretty quick for small, well-defined projects like this. Stuff where they don't want to waste their internal resources; stuff that has an end game, like "build this complete widget and then go away."

by qingcharles

4/22/2025 at 3:36:34 AM

They got a good deal; a ready-made solution (at least suitable for some real-world purposes similar to, if not quite theirs) for the price of 2 days of consulting.

by kazinator

4/22/2025 at 7:00:31 AM

A good reminder that we're allowed to value our time and expertise, especially when dealing with companies that can pay but often hope you'll give it away for free in the name of "collaboration."

by interludead

4/21/2025 at 7:51:17 PM

Hi Philip, I'm Lachlan from the Cloud Native Ecosystem team at Microsoft. Our team works in the cloud native open-source community with a goal of being great open-source collaborators in these projects and communities, and I’m sorry that this happened.

We appreciate your leadership and collaboration on Spegel and see your project solving a real challenge for the cloud native community. I wanted to thank you for your blog post https://philiplaine.com/posts/getting-forked-by-microsoft/, let you know what we’re doing, and address a few points.

We’ve just raised a pull request https://github.com/Azure/peerd/pull/110 amending the license headers in the source files. We absolutely should have done better here: our company policy is to maintain copyright headers in files – we have added headers to the files to attribute your work.

I also wanted to share why we felt making a new project was the appropriate path: the primary reason peerd was created was to add artifact streaming support. When you spoke with our engineers about implementing artifact streaming you said it was probably out of scope for Spegel at that time, which made sense. We made sure to acknowledge the work in Spegel and that it was used as a source of inspiration for peerd which you noted in your blog but we failed to give you the attribution you, that was a mistake and I’m sorry. We hear you loud and clear and are going to make sure we improve our processes to help us be better stewards in the open-source community.

Thanks again for bringing this to our attention. We will improve the way we work and collaborate in open source and are always open to feedback.

by lachie83

4/21/2025 at 8:26:16 PM

Now that you got caught you are fixing it and writing fancy PR fluff. An org the size of MS should have clear policies and processes of how to handle open source forks like this. Unless we assume “bad faith” here. This is a pretty bad look.

I wonder how many other projects are not attributed correctly. Are you checking up on them also or just waiting for the next HN post?

That said, the author of Spegel should have used another license if he wanted more “recognition” or the like.

by tacker2000

4/22/2025 at 2:16:51 PM

> Now that you got caught you are fixing it and writing fancy PR fluff. An org the size of MS should have clear policies and processes of how to handle open source forks like this. Unless we assume “bad faith” here. This is a pretty bad look.

What would you prefer them do? A public flogging? Bring back the stocks?

I agree with the sentiment with these types of comments (I hate PR fluff too), but the aggression when a company has screwed up and not only admits it but tells you their plan going forward is silly. The best case scenario is it does nothing, worst case it encourages them to ignore it next time it happrns.

by averageRoyalty

4/23/2025 at 5:01:14 AM

I’d like them to explicitly set out how they’re going to avoid such an issue occurring in the future, rather than symptomatically commenting on an HN post that’s now a top post.

They say:

> We hear you loud and clear and are going to make sure we improve our processes to help us be better stewards in the open-source community. Thanks again for bringing this to our attention. We will improve the way we work and collaborate in open source and are always open to feedback.

…which is a lot of nice words with absolutely NO accountability. They could write a sticky note “do better” and technically that’s all that’s required from their side. Is that okay with you?

by user_7832

4/22/2025 at 4:23:02 PM

Their plan? “We hear you loud and clear and are going to make sure we improve our processes to help us be better stewards in the open-source community”? That’s not a plan. It’s PR fluff.

Nobody is expecting this one incident to make Microsoft change. It’s about reputation, which can take a long time to shift, but can be important in the long term.

We don’t have to just accept it when a company issues a statement apologizing for their screwup. It’s perfectly acceptable to say “this apology means little to me, and if you want your reputation to change you need to do more”.

by Vegenoid

4/23/2025 at 4:35:52 PM

What would Microsoft do if I forked their repo, removed all the licenses and then held talks at conferences about my amazing new tool?

Pretty sure their legal department would have my fork obliterated from the face of the earth and I would be crossing my fingers that all I got was a cease and desist letter instead of a lawsuit in Texas.

by hmottestad

4/22/2025 at 3:43:30 PM

Well how does Microsoft react if some company "forgets" to licence windows/office/some other product? Because that is what happened here a clear licence violation so Microsoft essentially pirated the software.

by cycomanic

4/23/2025 at 12:26:04 AM

I bet Microsoft would do something similar. If Microsoft entered an agreement with another company, Apple for instance, to build a version of word for the Mac, a fork, and part of the license has a requirement to attribute in the help file or something like branding requirements, and then Apple doesn't do it right, then Microsoft reaches out to Apple and tells them to fix it else be in breach of the license. They fix it, happy happy. They don't fix it and lawyers get paid.

This was MIT licensed open source software and an attribution clause was not properly respected. Hardly piracy.

by davidron

4/23/2025 at 2:07:05 PM

>A public flogging? Bring back the stocks? Yes, great idea.

by mauer1361

4/21/2025 at 8:37:53 PM

> I wonder how many other projects are not attributed correctly. Are you checking up on them also or just waiting for the next HN post?

As I wrote in my parallel post (https://news.ycombinator.com/item?id=43756102): these copyright violations (not giving proper attribution of the license requires it is copyright violation) from Microsoft's side (the more, the "better", and the clearer the message) can be considered de-facto, implicitly stated corporate messages from Microsoft's side that they are from now on officially fine with copyright violations, and thus everybody is from now on free to violate the copyright on every software product that Microsoft has ever produced.

by aleph_minus_one

4/22/2025 at 12:01:26 AM

Sounds like a very expensive legal gambit.

by leoqa

4/22/2025 at 8:27:07 AM

You have to prove the mens rea, and even then, people committing crimes don't automatically deserve crimes committed upon them.

by xwolfi

4/22/2025 at 11:11:21 AM

In reality they do, in some cases, e.g. capital punishment.

by johnisgood

4/22/2025 at 3:29:36 PM

I think I am being misunderstood here. I do not agree with it, I am just referring to practices in some countries.

by johnisgood

4/22/2025 at 6:47:36 AM

> Now that you got caught you are fixing it and writing fancy PR fluff.

Nope, "the revenge of Clippy" is doing the writing.

by arkh

4/21/2025 at 10:30:37 PM

I mean what else are they supposed to say or do to correct a mistake other than "sorry, here's what happened, we have fixed it, we are taking steps to reduce the chances of it happening again"? Sometimes you just have to correct an error.

by wilg

4/21/2025 at 11:17:04 PM

Ideally a list of other projects they have since found and attributed.

by epanchin

4/21/2025 at 11:38:12 PM

From the tone of the response to Microsoft response, people will not be happy unless Microsoft publicly executed the engineers that did it.

by NewsaHackO

4/21/2025 at 11:53:41 PM

I think people tend to forget that large companies are made up of flawed individuals and their policies mitigate but don't eliminate mistakes

by kshahkshah

4/22/2025 at 7:11:30 AM

They are also fully funded to compensate when they do something wrong. An apology from a Fortune 500 company with a history of unethical behavior is worthless.

by oatmeal1

4/22/2025 at 7:43:28 AM

That would be a start yeah

by Fraterkes

4/22/2025 at 12:02:50 AM

What if there aren't any or they have not yet done that because they wanted to respond to this person first?

by wilg

4/26/2025 at 1:23:59 AM

I think financial damages are realistic here. They materially damaged another brand, it’s all business at the end of the day.

by toobulkeh

4/22/2025 at 6:51:09 PM

This tsk-tsk is misguided. There's a time and place to shame companies for acting in bad faith, and we should do it, but I don't think it's the case here. It does not seem like damage control for intentional malice.

The TL on the project should have done better, but it was a good sign that they had originally taken the time to acknowledge Spegel's author's help. It's very likely that someone else dealt with the actual code and license text and didn't know any better.

The PR text is reviewed by lawyers. The default advice from lawyers is "do not admit any wrongdoing". They probably suggested that the license text be fixed silently with no apology. The PR department likely convinced them that a public apology would be good for optics and it doesn't seem soulless either.

They should have done better. They admitted that. They may or may not change their internal processes, but it's now in the record book. Case closed.

And the author of Spegel should not have used a different license if he wanted "more <<recognition>>". He wanted the recognition specified by the MIT license.

by optymizer

4/21/2025 at 9:45:28 PM

He is lucky microsoft doesn't have 30,000 ai-agents out there just stealing everything he has ever done and spinning up 10 competitors to each project all with new license and money flow into microsoft in any number of ways.

I mean they made sure to get all the consent from all authors on github before training on it right

by beefnugs

4/21/2025 at 8:58:57 PM

[flagged]

by owlstuffing

4/21/2025 at 8:27:34 PM

> but we failed to give you the attribution you, that was a mistake and I’m sorry.

In other words: there exists some responsible person at Microsoft who violated the copyright (yes, removing the attribution is also a copyright violation!) for Microsoft.

In consideration how Microsoft has been treating copyyright violators for decades, if Microsoft does not give this responsible person the same crual treatment, it should be considered an honest, clear, implicit official statement from Microsoft's side that they are perfectly fine if hackers violate all of Microsoft's copyright. In other words: it means that all of Microsoft's software now (spiritually!) will become public domain.

Also, if Microsot does not make make this responsible person pay the caused damage from their own pocket to the original author of Spegel with the same monatery magnitude as if Microsoft would sue other entities for a violation of copyyright of Microsoft's software, the same statement applies.

by aleph_minus_one

4/21/2025 at 9:15:48 PM

> it means that all of Microsoft's software now (spiritually!) will become public domain.

You have said many things like this in this thread. I don't think you understand how laws or courts or legal fees work. Good luck defending yourself against MS's army of lawyers during your court proceedings though!

by 9_ZPK7-

4/21/2025 at 10:33:42 PM

> I don't think you understand how laws or courts or legal fees work. Good luck defending yourself against MS's army of lawyers during your court proceedings though!

I have no hope that the courts currently (!) agree with this. But let us spread the gospel so that as many people as possible know how Microsoft's "real" stance on copyright is. If a lot of people become aware of this and this truth stays in lots of people's heads for a sufficiently long time, the public opinion might change so that juries (representing the public opinion in courts) will indeed begin to judge against Microsoft in the way that I described.

by aleph_minus_one

4/22/2025 at 3:38:00 AM

If I accidentally pick up your jacket instead of mine and apologize when you point it out this doesn't mean I give you blanket rights to steal my stuff forever. If I keep doing it, then it's probably worth looking into, but you're going to have to bring up evidence of serial abuse for that.

by saagarjha

4/22/2025 at 6:01:10 AM

What if someone takes your jacket and removes your name tag and sews his own tag to your jacket though?

by Tepix

4/22/2025 at 10:11:59 AM

You still can't steal their jacket.

by saagarjha

4/22/2025 at 9:37:10 AM

> the public opinion might change so that juries (representing the public opinion in courts) will indeed begin to judge against Microsoft in the way that I described

I'm pretty sure that's exactly how juries shouldn't work.

by robertlagrant

4/22/2025 at 5:27:11 AM

> When you spoke with our engineers about implementing artifact streaming you said it was probably out of scope for Spegel at that time, which made sense.

It seems like it would have been a much better strategy to add artifact streaming, submit a pull request and then if the maintainer isn't interested in adding it, proceeding with a fork.

"Probably out of scope" sounds like "I dont have time to implement a feature of that scope"

by mixologic

4/22/2025 at 7:13:30 AM

It sounds more like "I don't want to maintain a feature of that scope" or "I don't want to commit to the design decisions this feature would require". Both of those aren't solved by a PR.

If you're discussing with potential collaborators and want to communicate that you don't have time to develop such and such a feature but would be open to accepting a PR, it's very natural to say "I don't have time to develop this feature but would be open to accepting a PR".

by dmurray

4/22/2025 at 6:41:57 AM

"probably out of scope" sounds like "there would need to be some major refactors and you're the only user who wants it, so I am turning this down for now"

try to assume good faith :)

by spongebobstoes

4/22/2025 at 11:11:39 AM

> It seems like it would have been a much better strategy

Better for whom? Now there is Peerd and Spegel that are different projects. Imagine if Microsoft had opened PRs into Spegel and the maintainer had merged them. Then at some later point Microsoft had decided that they need to have ownership of that project (maybe because they want to have the control over what gets merged into the project because they depend on it). Imagine this ended up with a Microsoft fork of Spegel, becoming more popular than the original one. What would people say?

Probably something along the lines of "embrace, extend, extinguish", right?

by palata

4/22/2025 at 12:45:24 AM

Kudos for stepping in here, but I think the team at Microsoft need to do some more investigation, no?

Microsoft is a large, wealthy corporation has a big target painted on its back, and, consequently, CELA (corporate, external, and legal affairs) are, for good reason, a very strong force inside Microsoft. You can't just grab some code from someplace at Microsoft. Your PM has to run it past your division's CELA rep, look at the terms, assess exposure, etc. Did that happen?

If not, that's a big hole and you should probably beg forgiveness from them as you ask for an audit of every other piece of code you've picked up.

If it didn't happen, well, I suspect someone in your group just became the new Nelson, the hapless developer, in Microsoft's Standards of Business Conduct videos. You really don't want to be Nelson.

by kjellsbells

4/21/2025 at 9:12:20 PM

I think this is a good case for applying Hanlon's Razor. The person that did the forking and removal of copyright text may simply not know that it needed to stay there.

I would love to know what processes MS is considering to prevent this in the future as well as what kind of auditing might be done to look at other projects that started as forks.

by cmgriffing

4/21/2025 at 10:08:13 PM

> The person that did the forking and removal of copyright text may simply not know that it needed to stay there.

That person never learned what plagiarism is throughout their entire academic career, much less once they landed at Microsoft?

by frumplestlatz

4/21/2025 at 10:34:57 PM

There are other possibilities, for example, the person may have thought that they were complying with the MIT licence by releasing the new project under the MIT licence too + including a mention of the original project in the README.

This, of course, is incorrect, and a cursory read of the very short licence text would show it to be incorrect.

But I, too, am strongly favouring Hanlon's razor.

by isp

4/22/2025 at 3:39:51 AM

Hanlon's razor can indicate an absence of malice, but that doesn't mean what they did wasn't wrong, nor should Microsoft skimp on taking steps so it never happens again.

by saagarjha

4/22/2025 at 11:32:16 AM

I agree on both points, and with the earlier comment:

> I would love to know what processes MS is considering to prevent this in the future as well as what kind of auditing might be done to look at other projects that started as forks.

In response to:

> ... going to make sure we improve our processes to help us be better stewards in the open-source community.

by isp

4/22/2025 at 11:14:43 AM

Most software developers I know have no clue how open source licences work.

Hell, I have been reading a lot about them (including the licences themselves and stuff like the GPL FAQ) many times, and in situations like this it's still not entirely clear to me what Microsoft should do (surely there are different valid ways to handle this).

Would you consider yourself competent as a lawyer regarding open source licences? If not, can I say that "you apparently never learned it" and aren't better than the rest of us?

by palata

4/22/2025 at 4:48:41 PM

Compliance here is simple — preserve the original license and copyright.

This isn’t complicated, but if you truly don’t understand it then you should speak to a lawyer before incorporating someone else’s code into your or your employer’s project.

by frumplestlatz

4/22/2025 at 5:01:28 PM

> Compliance here is simple

Have you read the threads here? My feeling is that there are many mutually exclusive interpretations of what can/should be done.

I don't know if it's simple or not, but what I see is that it's obviously not 100% clear for everybody (me included).

by palata

4/22/2025 at 5:31:50 PM

Ignorance is not a surprise or a fault. Anyone choosing to act from ignorance very much is.

I reiterate that this is not complicated. If you still find it complicated, then you need to speak to an attorney or someone else qualified to give you direction before attempting to use someone else’s code.

We have been doing this for nearly 60 years. Correct examples abound if you’re willing to do basic research.

by frumplestlatz

4/22/2025 at 9:14:04 PM

I will reiterate that most developers I know have almost no idea how open source licences work.

by palata

4/22/2025 at 11:48:21 PM

That’s willful ignorance at this point, and they shouldn’t be incorporating open source code into their projects without speaking to an attorney or someone otherwise qualified to answer their questions.

by frumplestlatz

4/24/2025 at 1:39:29 PM

It wouldn't be surprising to me if an expert Leetcoder simply copy/pasted the code, knowing nothing of licensing. What would surprise me though is the engineering team not having at least one open source expert that didn't intervene.

by Shocka1

4/21/2025 at 8:37:25 PM

Not good enough. All previous commits still infringe Spegel's copyright, given they are still available and distributed. I would assume the point release also infringes copyright.

You are Microsoft. You can do better.

by vvillena

4/21/2025 at 10:32:43 PM

Very silly, they can't rewrite the commit history nor would it be proper to update old packaged releases.

by wilg

4/21/2025 at 10:35:59 PM

What do you mean they can't rewrite the commits? They can, they should, and it's really easy to do so. As for the packages, they should be taken offline.

by vvillena

4/22/2025 at 12:02:24 AM

They should neither rewrite the commits nor take the old packages offline. It's not worth a huge potential clusterfuck when the issue has been fixed on the latest version.

by wilg

4/22/2025 at 12:33:41 AM

They should absolutely do it. They made a serious mistake and should pay for it, even if that means every Microsoft developer having to rebase all their WIP branches. The more expensive it gets the more they’ll pay attention to those things in the future.

by kassner

4/22/2025 at 3:40:31 AM

Why not just fire the entire division? Maybe they should shut down the company?

by saagarjha

4/22/2025 at 12:49:11 AM

You might be overestimating how hard this is, because it's not hard at all. It takes less than half an hour to create a script that does it.

by vvillena

4/22/2025 at 8:39:25 AM

What is the benefit of re-writing the git history?

by Mashimo

4/22/2025 at 10:30:38 AM

Complying with the terms of use instead of infringing copyright

by guappa

4/22/2025 at 9:25:42 PM

The terms of the license don’t require you to modify the git history that’s a goofy interpretation.

by wilg