MIT license requires attribution, not "a copyright header". It's not concerned when headers, or with sources being pristine, but with people being credited. If I release my software MIT-licenced, but don't have copyright headers, you are not free to copy files without crediting me.

And no, their note in the readme is not an attribution. It's thanking them for "sharing their insights", which in no way is code attribution.

Microsoft violated copyright here, bar none. There is no other reasonable interpretation.

Right, they should copy the LICENCE file somewhere in their repo. Why not opening a PR, before writing a blog against Microsoft?

They actually thanked the project, it doesn't feel like they were trying to steal it. Maybe they will just accept such a PR and that's all.

Maybe they will, maybe they won't. I refuse to believe that Microsoft doesn't understand how attribution, copyright, or open source licenses work, though. I believe this is a mistake, but it's a very egregious one that showcases a lack of respect for the communities that Microsoft is exploiting. This mistake should not be possible from an entity like Microsoft.

Maybe the engineers did not go through a 12 months process with their legal department and did it wrong.

And with the bad publicity coming back to Microsoft, maybe those engineers will now understand that they should just avoid re-using open source projects when possible. And the next HN post will be about "BigTech reinvents the wheel in order to have control".

We're all nitpicking here: they mentioned the original project in the README. Peerd is quite different from Spegel, it's not just a copy with a small patch.

Sure, they should do it right. But really, a polite, small PR fixing that would probably be a good first step.

You don't need a 12 month process with a legal department to not take code without giving credit. This is not untrodden ground.

> they mentioned the original project in the README

They thank them for their "generous insights". That's not the same thing. If I take chapters unmodified from Harry Potter and thank Rowling for her "generous insight", that's still not okay.

> Peerd is quite different from Spegel, it's not just a copy with a small patch.

Nobody said it was. It does, however, copy functions and other entire blocks of code with comments directly from Spegel without giving attribution. That is wrong. That is plagiarism.

> You don't need a 12 month process with a legal department to not take code without giving credit. This is not untrodden ground.

Well, I have been in big companies where it takes a lot of time for the legal department to check those things. Not because it's fundamentally hard, but because the queue of things they have to do is pretty big.

> They thank them for their "generous insights". That's not the same thing.

Sure, it's wrong. But it's not "purposely stealing without giving any credit at all" either. It feels like an engineer did that, tried to give credit and did it wrong. And now we go on and on saying how this engineer is evil.

It's not that an engineer is evil, it's that this mistake should not be happening in a company like Microsoft. It's professionally incompetent at the very best. No trained and professional programmer should be accidentally plagiarizing code.

> No trained and professional programmer should be accidentally plagiarizing code.

In this case I still feel like they are more attributing incorrectly (there is a link to the original repo with a "thank you" note) than plagiarizing.

If there was no mention of the original project at all, then I could call it "accidental plagiarism".

Your argument is fairly asinine. When you fork an open source project under the MIT license you have an obligation to include the original license in all copies or substantial copies of the code. The author of the fork may also sublicense, which allows them to add new terms to the license, but not remove the original license.

Forking and/or copying files from the Spegel code base into the Peerd code base is permitted, but since the Spegel code base had a single license file covering the entire repo, then the onus is on Microsofts engineers to update the code they copied and include the original license terms, for example, by including something like:

// Copyright (c) Microsoft Corporation.

// Licensed under the MIT License.

// Some code Copyright (c) 2024 The Spegel Authors, under MIT license

If your argument is that they aren't required to do this because the original code didn't have a license header in the file, then it would follow that you are arguing that the MIT license doesn't apply to the code that was copied, in which case Microsoft is using unlicensed code stolen from an open source project.

While I haven't worked at MS specifically, I would assume that like every other tech company I have worked at, they have a team or working group that specializes in adherence to open source licenses specifically to avoid both the legal implications and the bad PR implications of misusing open source software.

Do they have to copy the licence in every single file, or do they have to copy the licence somewhere in their fork?

The details are less important. The code that is copied needs to be attributed, either with comments, or a license file that states which files came from the project, or something else, but the specific code does need to be recognizable by a reader as coming from that other source. Comments and copyright headers are the easiest way to do this.

Still, to me it's not even clear if "substantial parts of the code" were copied. What the article shows is really small snippets of pretty generic code. Ok, it keeps the original comment and the overall form. But if it's 15 lines, it may even count as "fair use", couldn't it? Remembering how LLMs use the concept of "fair-use" by stealing everything everywhere...

My point is that Peerd seems like it's loosely based on Spegel. Maybe a fork that was heavily modified. Not sure if they should track all the code that looks like it was not modified enough and attribute it everywhere.

Probably they should keep a copy of the original LICENSE file somewhere, sure. And if one asks politely, maybe they will do it.

Again: they did credit the original project. So it feels a bit aggressive to say that they "stole it without giving any credit".

> Still, to me it's not even clear if "substantial parts of the code" were copied. What the article shows is really small snippets of pretty generic code. Ok, it keeps the original comment and the overall form. But if it's 15 lines, it may even count as "fair use", couldn't it? Remembering how LLMs use the concept of "fair-use" by stealing everything everywhere...

Fair use allows for commentary, news reporting, criticism, teaching, research, and scholarship and there are guidelines. Most cases where fair use is sought as a defense requires litigation to clear it up. The other alternative when forking an extremely permissive MIT license is to just follow the license.

> Probably they should keep a copy of the original LICENSE file somewhere, sure. And if one asks politely, maybe they will do it.

They are required to do so by the original license of Spegel. Does Microsoft ask politely when people violate MS licensing by say, pirating their software, or do they work with 3 letter agencies and a massive enforcement team to ensure their licenses are followed?

> My point is that Peerd seems like it's loosely based on Spegel. Maybe a fork that was heavily modified. Not sure if they should track all the code that looks like it was not modified enough and attribute it everywhere.

Yes. Every other tech company I have worked at, including Mozilla, a company that publishes almost everything they do as open source, has had folks dedicated to ensuring license compliance.

> Again: they did credit the original project. So it feels a bit aggressive to say that they "stole it without giving any credit".

They didn't provide credit in the way that the license requires. This isn't a case where a new community member forked or copied code into their first open source project. This is one of the biggest companies in the world with a well-known history of taking and using OSS without proper attribution. I like and use many MS products, but they absolutely do not deserve the benefit of the doubt.

> This isn't a case where a new community member forked or copied code into their first open source project. This is one of the biggest companies in the world with a well-known history of taking and using OSS without proper attribution.

Next time you work in a big company and you feel that the legal department is a PITA and slows you down, remember how people react when they are not, like here :-).

I don't know why you are trying so hard to carry water for a team of engineers at a company that has the history to know better.

The team that built peerd had the good sense to consult with the author of Spegel before moving forward with their project. A simple note to their business line lawyer (or whatever they call them at Microsoft) at work to say "hey, we are going to use some of this code from this open source project, what do we need to do?" would have taken less time and effort than setting up the meeting with the Spegel person/folks. That is assuming there isn't an easy to find page on how to consume open source software on Microsoft intranet. Every major company I have worked for (HSBC, Mozilla, Amazon, Fastly, Cisco, to name some) has had this going back to 2005. This isn't rocket science.

You also don't need to be a legal expert to comply with most open source licenses, and the MIT license in particular is really easy to comply with. Just copy the code, and whatever file you copy the code into gets an attribution comment at the top.

I'm all for going against leadership when they purposely abuse people (like Zuckerberg telling his engineers to torrent copyrighted data for their LLM).

I would be in favour of checking what small companies do with licences. In my experience, the vast majority of startups blatantly abuse open source all the time.

But here it seems like it's all about an engineer who did some kind of attribution, but didn't do it correctly. And people are happy to say that it's all part of a big evil plan by Microsoft to take over the world.

All this uncertainty is caused by Microsoft's copyright infringement.