Independent Windows blogger and author Rafael Rivera recently discovered, in the Windows 7 USB/DVD Download Tool, code that had been lifted from an open-source project that used the General Public License -- the widely used free-software license that requires derivative works to be offered under the same terms as the original.

Microsoft acknowledged the mistake on Friday, blaming an unnamed third-party vendor but saying the problem should have been caught in its own code review. Microsoft said it would comply with GPL version 2 by releasing the source code under the free-software license this week. (The USB/DVD Download Tool lets people install Windows 7 on machines without optical drives, as CNet's Ina Fried explains.)

We got in touch with Rivera via phone over the weekend to get his take on the situation, and to get more background on what happened. Read on for edited excerpts from our conversation.

TB: For people who may not be familiar with you, how would you describe what you do?

Rivera: I tinker. I just download Microsoft software, tear it apart, see how it works. It's more about self-discovery of how Microsoft software works, kind of a hobby.

TB: On your site you say one of your goals is to eventually get a job with the company, working for Mark Russinovich, but how did you start doing this? Have you just always been into computers?

Rivera: Yeah, going all the way back to the beginning, my birthday is actually on the Windows 1.0 release date, Nov. 20, 1985, so it's kind of in my blood to go down this Windows path. But yeah, my father brought me up on software and computers, and it kind of just took off from there.

TB: So how did you end up finding open-source code in a Microsoft tool?

Rivera: Originally this started out as me downloading this tool, and finding out, with Paul Thurrott -- we work on things together -- that the tool doesn't work with homemade ISOs, the image format. Readers were complaining that they downloaded, for example, the Windows 7 student media, they were creating ISOs from this, and they were trying to use this tool to create a bootable USB stick. Doesn't work. You have to use the "official" ISOs, which were syntactically no different. So I was digging through this tool, trying to figure out what the heck's going on. Are they implementing some kind of artificial limitation, or is it some kind of technical reason, is it a bug? You know, doing the thing I do. I was digging through this, found out it was a bug in the code. So I wrote a post about why, technically, it was a bug, and I created a tool to help mitigate that.

But then, after I wrote that post and published it, I kept digging through it, and I realized, this is a lot of code in here. What the heck's going on? By the way, when I mention code, I really mean, I took the executable and used a tool called Reflector that basically transforms a .NET compiled executable into somewhat more readable code. But I was looking through the code, and I thought, a lot of this stuff looks familiar, so I started Googling around -- or "Binging," whichever one suits you best -- and I found this code also lived in a CodePlex project. So I downloaded the source code for that, and I realized, this looks pretty similar. I kept going through it and eventually discovered it was a direct copy. I created a blog post based on that.

Initially, I got a lot of negative feedback, from especially the Slashdot community. So I went ahead and provided an example of the code theft, a side-by-side comparison. That still wasn't good enough. I provided more data. That still wasn't good enough. I finally gave up and just left it to simmer on the site. Then Microsoft pulled the tool from their website, and they said they were going to start their investigation. So that simmered for a while. Now we have this Port 25 blog post saying, yeah, a contractor did a bad thing. That's where we are today.

Now, they mention they're going to release source code, but I want to see if this source code actually matches, one-for-one, the executable that was previously available. I have this sneaking suspicion that they're not going to be exactly the same. But maybe that will be a story for later.

TB: What would be the implications if they weren't the same?

Rivera: I would be concerned that Microsoft was potentially removing some source code that they didn't want to get out there. I'm not a GPL expert, so I'm not sure of the ramifications behind that, but I would think that the code for the executable that was infringing at the time needs to be released. They're kinda stuck there.

TB: Do you think the company did this on purpose originally, or was it really the lone act of a random contractor?

Rivera: It's kinda hard to believe that someone would do this intentionally. There's no way they would develop this in house -- with the limited scope of this tool, it's easier to push that out to contractors, let them figure it out, get it back and then publish it on their site. I think with the success of the Windows 7 image, they kinda rushed to get that out there without the proper code review. Hopefully they'll fix that.

TB: How do you feel about how they responded?

Rivera: I think it's great, actually. It's been a time span of about a week. I think that's excellent, and their decision to release the source code is also excellent. I'm surprised they didn't just try to pull the tool and say, yeah, we're not going to do this anymore, sorry.

TB: This is a good example of you in the role of watchdog, from a technology perspective. Do you see yourself that way?

Rivera: I see myself providing a candid insight into what Microsoft is doing with their software. I'm not trying to promote their products to the point where I'm a fanboy, and I'm not trying to bury them. I'm just trying to be honest -- saying, hey, look, here's how it really works.

Rafael Rivera blogs at WithinWindows.com and is the co-author, with Paul Thurrott, of "Windows 7 Secrets." He'll be in Los Angeles this week covering Microsoft's Professional Developers Conference, and live-blogging the keynote addresses there along with several other Microsoft/technology bloggers.