Today's SCO News

joebeone writes "Linus has commented on the SCO v. IBM suit saying "SCO is playing it like the Raelians" and that he will withhold his judgement until the code in question is shown in court. He has also recommended that former slashdot editor, Chris DiBona, be appointed to a panel offered by SCO to examine the evidence." Businessweek has an interview with SCO's CEO. The Open Group would like to remind everyone that SCO is only one of many in the Unix world.

Does it...

[frodo from middle ea]

Does it occur to any one , that the result of this problem is not of much importance.
Think about it, Microsoft has been spreading the FUD that GPL is THE big problem in enterprise environments not open source.
With all the bad publicity this is generating for linux, even if SCO were to loose its case in court, the Damage has already been done

Do managers really care whether linux code has or has not infringed upon copyright code? Do they ?

All they will see is that, GPLed code could potentially land them in problem.

This has a two fold implications on a IT manager thinking of deploying linux

• One:- As long as the case is not resolved, using Linux could mean risking being sued for copyright infringments. Also what's to gurantee that no other company could sue in future.
• Secondly mixing GPLed code, or even using the GPLed libraries with their own propritory code is now a NO-NO

This has been probably the most successful attack policy of Microsoft. Shoot from the shoulders of SCO and scare the IT managers.

Remember programmers like you and me, don't matter as long as IT managers are scared to use linux in their enterprise.

Re:Linus for Panel Member

[GGardner]

Linus is the last person you want on the panel, for once he's seen the Unix(tm) source code in question, he is "unclean", and further work he does on the kernel (even the integration work he mostly does now) would be suspect.

Key quote. My question: how to remedy?

[LinuxParanoid]

The key quotes from the CEO are:

"We have examples of code being lifted verbatim. If you look at the code we believe has been copied in, it's not just a line or two, it's an entire section -- and in some cases, an entire program. "

Now this may or may not be true or may be true in some mostly-irrelevant way. But that leads me to a question.

My question would be, if, theoretically, a coder knows in their conscience that they did violate copyright in this way, what would be their best recourse to fix the situation?

Should they patch the code themselves and submit a patch? Would such a patch withstand legal scrutiny?
And should they warn the person who they send the patch to about the urgency/motivation of the patch?

Alternatively, should they merely notify/tell someone else ASAP so that the violating code can
be removed and replaced by someone 'clean', and sooner rather than later?

It would seem one of these two would be wise. That way, the amount of time between when the violation is ruled to have occurred, and the time when it is 'made right' through a fix is minimized, and the effects of any judge-ruled injunctions to correct things are minimized. Or if the issue is fixed particularly before the case is ruled upon, perhaps the point can be ruled as 'moot' since the violation has since been fixed.

Either way, this raises some sub-questions:
A) who should they tell in the open source community about their indiscretion?
B) should they attempt to be anonymous in their communications? (to avoid legal liability)
C) does telling someone else then open the tell-ee to some sort of potential legal liability?

Clearly a swamp of legal issues that are better avoided entirely. Any answers though?

--LP

P.S. Of course Slashdot advice/commentary isn't legal advice/comment. But it's an interesting question and I figure *someone* on here has a more considered opinion than I.

Nope

[FreeLinux]

As Linus himself has already stated, he cannot be on the panel. Remember that this panel is a SCO setup and SCO is requiring panel members to sign NDAs before seeing the code. This would contaminate and restrict panel members, making them unable to contribute further to the kernel. Linus is too close and too omportant to the kernel to be retired by SCO's NDA. So is Alan Cox et al. Linus recommended chrisd because he feels that chrisd is knowledgeable enough about the kernel to make sense of it all, yet chrisd does not actively contribute to the kernel's development so his restriction by the NDA would not impact future kernel development.

In any case, the whole panel thing is just a ruse by SCO. They are not going to disclose anything outside of court and I am sure that they will make every effort to have this whole thing settled out of court. If the case is settled out of court, the supposed infringment evidence will never be revealed.

Comment removed

[account_deleted]

Comment removed based on user account deletion

This is the real concern

[AppHack]

I was at a meeting yesterday with 60 or so Security and IT leaders from around our city. One of the items being discussed was the use of OSS. The general consensus of the non-techie leaders was that they would steer away from OSS when things like SCO were going on. The more technical leaders were trying to explain some of the issues, but that largely fell on deaf ears.

This entire issue has nothing to do with the code. It doesn't matter when SCO release the "offending" code or if the code is really an IP infraction or not. Most people's understanding of this will simply be a headline here and there. The idea that you might get sued for using Linux will be all they remember. If the courts determine there is some basis to this, it will get even worse. Those things take a long time for the general population to forget.

Re:Does it...

[LMCBoy]

Remember programmers like you and me, don't matter as long as IT managers are scared to use linux in their enterprise.

Why do you think that? I seriously do not understand this. Linux is and always has been of the hackers, for the hackers, and by the hackers. Who cares if Linux is adopted by the "enterprise" or not? Sure, it's nice to have the boost in development that large companies can bring, but to say that IT managers are more important than active members of the community just boggles my mind.
Don't think of Linux as a business product. If we fall into that trap, they've won.

Re:SCO's Ineffable Fallacy

[spitzak]

Revealing the code would not remove the fact that copyright infringment has been done already, and they could still collect exactly as much damages as before.

There are only two reasons for them not to reveal the code:

1. There is no such code

2. The code is in some laughably insignificant or obsolete part of Linux, which would backfire on them because everybody would then say that SCO's code is obsolete and this proves that Linux has far surpassed them.

Some people say there is a conspiracy and Microsoft is paying SCO to cast fear and doubt on Linux, and that this doubt is more valuable to them than winning the case. But this still does not explain why they don't reveal any of the code. If there was any code of value, it would likely be in several pieces. They could reveal one piece so that everybody knows they are serious and they can prove they have a case, and say "there are several others that we will reveal later". This would be far more damaging to Linux than their current actions and would make Microsoft happy. Therefore I feel pretty confident now that they have no case whatsoever.

Re:considered the father of Linux?

[RoLi]

What if someone has, in the past or future, malicously or accidentally, injected proprietary code w/ copyright or patent entanglements, into core Linux systems? What are the implications for users who have no way of recognizing the code in violation?

What if Microsoft has, in the past or future, malicously or accidentally, injected proprietary code w/ copyright or patent entanglements, into core Windows systems? What are the implications for users who have no way of recognizing the code in violation?

There are no implications for the user, period. If someone uses code he is not allowed to, it's his problem and nobody else's. And this applies to all licenses and all development models equally.

Suggestions for panel members

[GGardner]

There are many reputable, old-school Unix hackers, who won their Unix kernel hacking merit badges by working on the original Unix source code. As these people are already, in some way, "contaminated" by the copyright code, further looking at the Unix(tm) source code won't be a problem.

People like the BSD team of Quarterman, McKusick, Karels, and Leffler would be good choices. People from the Bell Labs team, like Ken Thompson, or even Rob Pike would be good to have on the panel. I don't know who the expert witnesses were for the BSD vs. ATT case, but they would probably also make good panel members.

I can think of many University Professors who would be good candidates. Perhaps not Andy Tannenbaum, though.

Re:considered the father of Linux?

[killmenow]

There is nothing disturbing about this. It is a ruse.

My favorite quote from SCO's CEO: "You need some comfort level other than 'We can warrant none of this...' "

That's odd, Darl. Ever read a fucking Microsoft EULA?

LIMITATION OF LIABILITY.

To the maximum extent permitted by applicable law, in no event shall microsoft or its suppliers be liable for any special, incidental, indirect, or consequential damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising out of the use of or inability to use the software product or the failure to provide support services, even if microsoft has been advised of the possibility of such damages. In any case, microsoft's entire liability under any provision of this eula shall be limited to the greater of the amount actually paid by you for the software product or u.s.$5.00; provided, however, if you have entered into a microsoft support services agreement, microsoft's entire liability regarding support services shall be governed by the terms of that agreement. Because some states/jurisdictions do not allow the exclusion or limitation of liability, the above limitation may not apply to you.

Re: SCO's Ineffable Fallacy

[Black Parrot]

> Some people say there is a conspiracy and Microsoft is paying SCO to cast fear and doubt on Linux, and that this doubt is more valuable to them than winning the case. But this still does not explain why they don't reveal any of the code.

My take on that yesterday [slashdot.org]:

That's also why I believe that this is an anti-Linux FUD campaign. If they were really concerned with IP then they have nothing to gain by keeping the code secret. If they announce it now it will get removed now (which is what they want, right?) but they'll still be entitled to any legal remedy they'd be entitled to without announcing it (assuming any at all). There's simply no IP-based reason not to announce it.

But as for FUD-based reasons, well, it's only FUDworthy so long as everything is up in the air and businesses thinking about making the switch have something to worry about. Point to the code and the argument switches to the facts of the claim, or the code gets ripped out, and the FUD-bubble bursts overnight.

The IP motivation says "announce it", and the FUD motivations says "mum's the word".

No, this isn't about IP.

Re:show us the CODE!

[cshark]

Be that as it may, the community is facing a major problem with this. The more FUD they can muster up, the less likely people are to buy any nix system. Truth is, we're probably going to see Windows 2003 sales explode regardless as to the validity of SCO's claim. The way we've been handling intellectual property in this country over the last several years is really bothering me. The recent string of cases with the RIAA for example seem to put due process and burden of proof completely aside in favor of severe and swift punishment. There are many of the same kind of elements in this case as well. SCO is threatening to hurt or otherwise damage our livelihood. This is of critical importance. It would seem to me that if these claims they are making do not have merit, and they are consciously dissuading the public and their consumer base with false and costly information information, then they should be held accountable. Or is that something else we don't do in this country?

Re:Scaring OSS consumers

[Azureflare]

That's a good analogy. However, in the case of closed source, how does one go about analyzing the closed source code to see if it is in violation of the law? By it's very nature, closed source prevents outside scrutiny. I mean, who has gone through Microsoft's code and ensured they don't have code that belongs to someone else, to whom they have not given credit? Unless you have a suspicion that copying of code has taken place, there's really no way to determine this (as far as I know! I'm just an idiot after all.) This is kind of interesting; this seems like there is a certain amount of discrimination against open source vs. closed source.

So lets see

[91degrees]

IBM misappropriated SCO's code, which was then incorporated into the Linux kernel released by Caldera, making Caldera liable. SCO then bought Caldera, thus implying that SCO had been misled into buying a license to their own code. SCO fails to realise this and releases Linux as per the GPL.

Okay. That bit makes sense. SCO then realise that some of their code is amisapprpriated. They contuinue to distribute it under the GPL even though they claim the GPL doesn't cover it. They also claim that some of SCO's code is in the Linux kernel, but fail to say what. All this time they continue to distibute their own code under a license which states that either they are not allowed to, or that they must allow others to do exactly what they're claiming everyone else shouldn't do.

SCO make some statement that says that it isn't being distributed under the GPL, and the GPL says so, disregarding the fact that says that if they distribute GPLed code they give a license to use all the code that's included.

This is where I sart getting a headache. I just can't make the facts of that last sentence sound coherent however hard I try.

Case in point...

[gillbates]

So, even if you buy a proprietary closed source application, you might as well be in violation of the law.

IIRC, Microsoft's customers are now facing the threat of legal action because Microsoft improperly included Timeline's intellectual property in their SQL server offerings. So even though Microsoft's customers bought licenses from Microsoft, they may still end up owing money to Timeline! And IIRC, Microsoft is also being sued by their customers for this practice. So much for the "safe" proprietary code model....

Re:Scaring OSS consumers

[jcknox]

It's funny how, way back when Microsoft was facing the same kind of problem for user Stacker's compression technology without permission, no one ever mentioned the possibility that all users of MS Windows could be in trouble for, in essence, possession of stolen property.

Of course, MS bought Stack, and the case evaporated.

Follow the Money

[bill_mcgonigle]

• SCO releases trivial code under GPL.
• SCO sues IBM (Microsoft's most feared competitor) for releasing said code in Linux distro - plans large court battle to find IBM guilty/GPL invalid. Announces intention to sue linux system integrators.
• Major media all run articles spreading FUD as to whether developing for linux is a recipe for disaster. Microsoft purchases advertising in said media.
• Microsoft pays SCO 'undisclosed sum of money' to license code most people think they likely don't and won't use.
• SCO announces GPL irrelevant.

A conspiracy theorist might imagine this scenario:

Microsoft: "Hey, you're on a cash burn deathmarch - how would you like to make a bundle of money and keep your jobs for a couple more years?"

SCO: "OK, what do we have to do?"

Just because you're paranoid doesn't mean they're not out to get you...

Re:Can the paranoia and defensiveness

[RoLi]

In fact I was very bothered by the suggestion because if it was it would threaten the hoarde of Linux systems in my office and home.

Then SCO has already achieved their goal.

My question wasn't meant to be whether users would be criminally liable, but whether the product they were using would be considered illegal and subject to any kind of claim by the copyright owner. In property law, one who purchases a stolen item isn't entitled to keep it once it is found to be hot, even if they bought it unaware.

Let's please realize the difference between theory and praxis.

Let's also realize that the chance Linux contains relevant SCO code is nil.

With that in mind - In theory you would have to upgrade to a newer version if some infringing code is found. However, in real life it won't matter because: 1) The courts are so slow that the infringing software would be out of date long before you would have to upgrade, 2) Nobody cares. 3) Nobody knows. Neither MS nor SCO have the registration information of SuSE, RedHat or Mandrake customers, many customers don't register and for those who use debian or Gentoo, such registration information doesn't even exist. They might force their own users to upgrade, but quite frankly they can't even prove that they haven't already jumped to another distribution.

Sorry for overreacting in my last post, but I feel very frustrated and sad that SCO is so successful with this pure FUD campaign.

Re:SCO's own goal

[jedidiah]

That dog won't hunt.

There are really only two possible choices for SCO once they found out that Linux was contaminated.

a) They willfully violated the GPL.

b) They willfully released their own code as GPL.

Either way, they needed to stop distributing Linux IMMEDIATELY.

Re:SCO's own goal

[jedidiah]

Not quite. SCO did nothing to attempt to mitigate the impact of the situation. It didn't try to cove it's own ass once things started hitting the fan. They didn't come clean. They didn't abide by the GPL.

SCO has done nothing but act in contempt of the GPL and the rights of all other Linux contributors. They have failed to live up to the spirit or letter of the relevant licenses.

Most arguments that advocate SCO's loss of property rights center around the fact that it chose to ignore the implications of the GPL once they were aware that their code had been improperly released.

Re:Does it...

[Planesdragon]

Don't think of Linux as a business product. If we fall into that trap, they've won.

What are you fighting for, anyway?

Everyone having Free Software / All Software being Free (GNU)? Then you want to be a business product.

Better Linux? Then you want the resources that being a business product will give you.

Support for Linux from the hardware world? Then you want as large a market as possible, and being in the business world will help that.

As many people using Linux as possible? Again, business world.

Of course the IT managers, as a group, aren't more important than the Linux programers, as a group, to Linux--but when it comes to hackers actually using it, a goodly portion of potential Linux hackers won't be able to if their IT Managers are scared of it.

Re:Linus for Panel Member

[number6x]

This is not the problem most people think it is. Having knowledge of copyrighted or patented materials is not damaging. Using that knowledge without authorization is damaging.

If you consider patents in the U.S.A., all patented 'inventions' are open sourced! The specifications of every patented item, and a working model is available for the public to see. The reason for this is to promote competition.

If Cyrus McCormick invents and patents a reaper or a harvester, he has to file plans and a working model with the patent office. John Deere can also make and patent a harvester. But he better do his homework and examine good old Cyrus' filings with the patent office. If John doesn't check the prior art, he may inadvertantly re-implement a method already patented by Cyrus.

Patenting or copyrighting a mouse trap or an operating system does not exclude all other mouse traps or operating systems from being created.

It just gives you the right to your own work. If someone examines your work, and comes up with a better mouse trap, they can patent their own alternative.

Open source software follows this same pro-business, pro-competition model. The current business climate that threatens law suits for rival products is anti-free market, and leads to lethargic weak businesses, that are unable to compete on the basis of merit or cost.

When you read a Tom Clancy book, you actually get to read the copyrighted material. If you try to steal that material by changing the names of the characters and the places of the events, you risk legal punishment. Mr. Clancy and other works are protected by copyright. However you can write your own novel, full of espionage and intrigue. Just read a bunch of the other books out there to make sure you are not stealing any prior art. If books, music and movies were closed source, you would not be allowed to read them, listen to them, or view them. You would just be allowed to hear Roger Ebert or someone's review, and then have to pay full price!

If you are familiar with prior copyrighted software, and cannot create a 'better' alternative, don't! Check archives for an already existing alternative. Try to interest a better programmer in creating one for you ( with pay or with kudos ). If you can't find or create a solution, pay the original copyright holder for the rights to use theirs.

AT&T sued BSD for copyright infringement. I think there were only three or four snippets of code that were questionable. BSD replaced the code with alternatives, and the problem was solved.

It turned out that AT&T actually had more BSD code in its UNIX without giving proper credit to the original authors, than BSD had AT&T code! I wonder if the same would be true for SCO UNIXWARE with respect to Linux?

Re:IBM response to SCO :

[cdrudge]

3 reasons.

First because it would give at least the appearance that SCO was right. Even if they were wrong, there will always be someone that says IBM did contribute code they were not suppose to. This reason is a PR/Marketing move for IBM.

Second, every little crappy company will then start suing IBM (and possibly other companies) in the attempt to inflate their price for a buyout or settlement. This is a Financial/Legal reason for IBM.

Third, they just want to stick it to IBM because of the principle of the whole thing. Unfortunatly, this could ultimately cost IBM more then what SCO is worth and also, if SCO comes out a winner some how, be a major blemish for IBM. I don't think this is why IBM is fighting this. #1 and #2 are much more likely.

Re:show us the CODE!

[Anonymous Coward]

The code will not be made available until the last possible minute.

This is not because SCO is attempting to kill Linux or because they are necessarily lying per se.

It is simply a common tactic for winning a lawsuit.

Attorneys want to give the opposing side the least possible amount of time to prepare their arguments based upon the evidence.

It does not seem right but that is how the legal system works.

It is up to the judge to straighten this out.

People should not be blaming SCO or their lawyers, because it is the judge's responsibility to rule that public good would be furthered by early disclosure of offending source code.

SCO is merely following their atty's advice in not releasing code.

The atty's are doing what they are supposed to do: giving their client best opportunity to win the case vs. IBM (a simple chess match strategy).

The judge is the one who needs to step up to the plate.

Thats the way it is, like it or not.

Re:considered the father of Linux?

[Anonymous Coward]

I would answer your question with another question: What if someone has, in the past or future, malicously or accidentally, injected proprietary code w/ copyright or patent entanglements, into core (insert ANY proprietary software here) systems? What are the implications for users who have no way of recognizing the code in violation? Is this really a serious flaw in the closed-source model?

The point is, if the source is not open, there's an even greater chance of stolen code going undiscovered. There are a LOT fewer eyes that can see the code and compare it to other (also secret) proprietary code for infringement.

Their argument does nothing to indict the open-source model that does not also indict, to a higher degree, the closed-source model.

Re:Should the GPL be used to legitimize theft?

[no_code_charlie]

I can't imagine how your analogy has anything to do with the SCO situation. Who is the publisher and who is the theif? Are your books published under some license analogous to the GPL? Did the thief publish under such a license? Oh well. Look, if SCO lost some IP due to its publication under the GPL, that's only due to its own lack of diligence, IBM's wrongful conduct, the inherent nature of trade secrets, the inherent nature of copyrights, the inherent nature of license agreements or some combination thereof. The primary cause of SCO's wierd predicament really isn't the GPL. (Although anyone who really wants to see it that way certainly can.) It's easy to precent the GPL from gobbling up your IP lack pack-man: just don't release anything under the GPL or, if you do, make damn sure that you know what it is that you're releasing. (The latter is a good business practice anyway.)