Welcome!

Paul Nowak

Subscribe to Paul Nowak: eMailAlertsEmail Alerts
Get Paul Nowak via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Article

SCO Admits To Not Knowing Own Code History in Recent Q&A

SCO Admits To Not Knowing Own Code History in Recent Q&A

From the start, questions have surrounded the process and people SCO used to determine the alleged code violations in Linux. There is the phantom MIT mathematics department team which MIT itself can’t identify and which SCO has since said were people with former MIT mathematics department relationships, not MIT employees.  These former MIT people have still not stepped forward and given anyone an indication that they are up to the task, what methods they used, or that they even exist. 

 

The MIT problem casts doubt on the process SCO uses to identify allegedly infringing code but now we have to wonder more deeply about what steps SCO is taking to validate or understand its own claims.  Is it just a Jr. programmer at SCO that has been grudgingly tasked with writing some simple scripts to do some string comparisons?  When you hear SCO mention that just a few people at the top of the company are involved with the case, and none of these people have much history in UNIX code development, you get the idea that SCO’s internal discovery process is pretty thin.

 

On Tuesday, SCO published an open letter here. The letter is mostly posturing with very little information but the interesting thing is that on Thursday, Computer World came out with a Q&A with CEO McBride on the SCO letter.  In this Q&A, CEO McBride states, “Well, at SCO Forum, there were some folks that came out and basically sniffed out some of the [disputed System V] code we were showing and [concluded] that it emanated from SGI.”  That this code “emanated” from SGI was news to SCO.

 

Immediately after the SCO Forum, SCO stated that it should be in a position to know where disputed code came from.  But these SCO statements were another case of SCO officially guessing wrong, given McBride’s comments this week.  SCO showed this week that it has no idea what the history of a particular snippet of code might be – even a high profile snippet like the one SCO highlighted at SCO Forum.  It’s no surprise that SCO has shown ineptness again but there is more going on here than ineptness.

 

If SCO had no idea of the history of the code they showed at SCO Forum, that means they probably also have very little or no idea about the history of the other snippets of code that they alleged infringe.  More clearly, SCO does not know the history of the UNIX historical code base or its own code.

 

Let’s extend this thought a little further.  If SCO did not know the history of the SCO Forum snippets, their lack of  knowledge confirms that SCO did not do any detailed digging on even the most public chunk of code they have made available to the public so far.  If SCO couldn’t verify a poster child code example, it’s very safe to say, they have no spot method (per snippet) and no systematic method (millions of lines) for determining the history of any of the code in their legal claims.  SCO may be doing string comparisons to say code X looks like code Y but, as the SCO Forum example shows, SCO needs to dig far further than this to prove any type of infringement exists. That SCO accepts the Raymond / Perens conclusion as both correct and as new information, shows that SCO is not performing these checks, even on a per-snippet basis for code they choose to show.

 

From another perspective, we can also see in McBride’s comments that SCO is, unfortunately, using the analysis of Raymond/Perens to attack SGI.  This reliance on Raymond and Perens shows two other things are happening:  1) SCO is using the analysis of the open source community above its own analysis (or lack thereof), and 2) SCO does not seem to have done any work that can refute the Raymond / Perens analysis.  Not only can SCO not do the checks itself, this shows that even on a per-snippet basis, SCO has no hope of matching the credibility of analysis of the open source community.  SCO should be afraid of identifying any more code because they would have no earthly idea what the history of the code might turn out to be. Court will be a nightmare of surprises for SCO - just like SCO Forum.

 

So, for all purposes, it’s safe to say SCO and its crack legal team just can’t do the deeper historical analysis needed here.  Would a junior programmer be able to produce the findings that the open source community can?  No way.  Such an individual simply would not have the depth of historical knowledge to know where to look.  Eric Raymond and Bruce Perens are very smart, highly experienced individuals.  SCO has nobody on its staff with similar levels of knowledge of the UNIX family tree history and the various licensing actions and cases over they years that have opened UNIX to the public at various times and in various ways.

 

That SCO turned to an alleged MIT team admits they don’t have the resources in house to begin to tackle the job of researching code history.  String comparisons yes; code history, no.  And this job is not about writing an algorithm, as MIT mathematicians might be wont to do, this is all about historical, bookish research.  Now that the MIT team seems to be missing in action, it may be all up to SCO senior managers and executives and yet, I don’t see anyone in that group with the ability to make these determinations either.  SCO needs an Eric or a Bruce and they can’t get one.

 

Having no idea if its claims have merit has not stopped SCO so far so we can expect more from SCO along the lines of big claims with no merit.  And merit has risen up again with the open source code analysis having more merit within SCO than even SCO’s own analysis.  With little hope of ever effectively analyzing the history of the code, SCO is simply placing a tall order on the side of hope and wishful thinking when they claim "code infringement."

More Stories By Paul Nowak

Paul Nowak first used Linux in 1995 while migrating from Sun to Linux at the University of Michigan. He used Linux in subsequent IT projects including web, telecom, telemetry and embedded projects and is currently CIO of a small professional association based in Washington D.C.

Comments (65) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
episodesusdbz 04/09/04 03:21:11 AM EDT

I could get into Linux if they could rid us of the d#*n client server architecture. Why can't on "box" to both?
If I want to make a web page and have a little code that says send this page to a friend with email to I have to a freaking server to do this. Clowns just want to sell hardware and hosting. Smoke them Linux dudes.

oldguy 12/24/03 11:29:44 AM EST

This whole thing brings out the ugly in people, and makes me sick. Now that it has become obvious that Linux is a superior system, there is a mad scramble to "own" it. Greedheads at companies like SCO can't wait to "secure" Linux ( or $ from it - - directly or indirectly ) for their own. They will all find that it will be easier to catch the wind. As soon as they "own" Linux , it will cease to be "theirs". Corporate money worshipers cannot understand this. They never will.

anonymous 12/21/03 05:45:31 AM EST

Any way we could fit in a bunch of references to x-windows windows or KDE windows or Gnome windows during this case? It sure would be nice to make the general public aware that windows is a generic term in the computer world.

Tom L 12/01/03 08:37:49 AM EST

Since it appears to be gone now, For newbies my comment also referred to a prior comment containing nothing other than links (webspam) we could probably find on our own if so inclined, about a hundred of them. Concerning SCO and links, I found the nomination of Groklaw as having value.

Interesting so far in all the debates concerning SCO antics, is that unlike the Linux vs MS, this one is so one sided, it seems that there is no other side to an issue. Looks just like any other dot-com scam, - for another comment on that see the movie Confidence, where they try to explain the angles.

So what's new since holiday? Last I heard was SCO complaining IBM donated their own code to linux and that they'd be suing Google next since they haven't fallen to the extortion of $700 per server. Where do they get that number anyway, is $700 a 'fair' fee to license some code for sale in market? (come to think of it, Linux is not offered for sale yet, is it?).

Stephen Samuel 11/28/03 12:48:05 PM EST

Please go to the above site, and give them FALSE data. (mess up their database)

Tom L 11/25/03 12:39:15 PM EST

> "Having no idea if its claims have merit has not stopped SCO so far so we can expect more from SCO along the lines of big claims with no merit. "

I agree. It is about short-term personal financial gain, not about products or support.

Since 'a someone' thinks comments (public text) are for personal URL posts, try this one on about spam:
http://informationweek.com/story/showArticle.jhtml?articleID=16400563

SCO is claiming an "inheritance". Maybe they are right about that, but not about the source. Unix came from AT&T (and open-source free-internet community).

SCO's FUD, OTOH, can be conceived of as inherited.

Bobo 09/23/03 03:51:53 PM EDT

The whole thing is about two sets of principles, one set from 1992 (which I believe originated out of the Reagan Administration, I could be wrong though based on my limited memory) and another set from 1998 (Clinton Administration) which unfortunately contradicts each other. Though I am not a linux user, I will say the current outcomes of the Digital Millennium Copyright Act of 1998 is very interesting to view. The outcomes have indeed effected every social group (consumers, enterprise and small business, etc) alike. The next event will likely involve the FCC to regulate recording devices (such as VCRs, Digital and Photo Cameras, HDTVs, Cassette recorder, CD Burners, etc) as illegal or banned products from the consumer mainstream. My question is, who benefits from all this? I doubt companies such as Kodak or Philips.

But I will say, this is what would have happened if Judge Moore got his way with establishing the laws of The Ten Commandments on state property in Alabama. Even the Bill of Rights claims that Congress shall not make a law in favor of a religious establishment (which I believe could also be interpreted as a Christian bookstore which sells religious products rather than a Church whom distributes their own version of religious principles.) As what an Atheist said to the Jew: "One man's religion is another man's mythology" as the Jew replied: "One man's mythology is another man's faith." But a computer company isn't a religious establishment, however a company may constitute as a religious establishment by the products sold, such as a video game based on mythology of demons, deities and the supernatural. In other words, you are what you eat, produce and distribute.

To sum it up, it's going to be an interesting debate to watch.

Richard Steven Hack 09/16/03 03:30:29 AM EDT

Stephen Samuel
---------------
>The GPL is a contract. A license is a (specific kind of) >contract.

I'm aware of that. That was my point. The SCO dispute with IBM is about a specific contract between IBM and SCO - no GPL was involved in that specific contract. And the breach of THAT contract is what the COURT CASE is about. The rest of SCO's harassment of the Linux community is EXTERNAL to that court case and to some degree at least dependent on the outcome of that case - at least to the extent that SCO can prove that IBM released any code into Linux which is still in Linux and still covered by SCO copyright or patent or the IBM-SCO contract involved.

>On the other hand, the SCO suit against IBM is only >peripherally about the GPL -- in that their complaint is >that IBM publicly released code that SCO claims control >over. The GPL just happens to be the manner in which IBM >released the code.

Precisely what I said. Which means, as I indicated earlier, that there are two separate issues here: the court case which is strictly a breach of contract case between IBM and SCO over a contract between IBM and SCO - not Linux or the GPL per se - and the wider claims being made by SCO against Linux and the GPL. We should not unduly conflate these two separate issues, even if SCO does.

>IBM's counter-suit does involve the GPL directly. It
>makes two claims:

Correct, but again while this is significant because of the IBM suit against SCO, it is not relevant to the SCO suit against IBM. If SCO can prove IBM released code to Linux that was covered by SCO's contract with IBM, then they win THAT lawsuit. Whether that will have any effect on Linux depends on whether the code involved has any significance in Linux and/or whether SCO then extends its lawsuit to third parties in an attempt to prove copyright and/or patent violations by the Linux community. But the initial court case does NOT revolve around whether Linux PER SE has copyrighted or patented code in it but rather whether IBM released such code into Linux in breach of a contract with SCO.

Obviously, it will be important for SCO to prove that code that is in fact in Linux came from IBM. The point of the above article is that it seems they don't know where anything came from, at least as far as Linux is concerned. One wonders, therefore, whether they will be able to prove their more limited case against IBM, let alone their wider so-far-in-the-media-only case against the Linux community.

The bottom line is that until SCO can PROVE - not merely assert - that there is code in Linux which falls under their copyrights and/or patents that was released to Linux by IBM (or anyone else), it is premature to start asserting that open source has a serious problem with intellectual property control. Linus has denied this, and I haven't seen anyone but SCO trying to prove him wrong, let alone succeeding.

So all we need to do now is make sure that every time SCO makes an unsupported claim about Linux, that that claim is refuted by the Linux community. We need to do this to insure that Linux is not harmed in the business and consumer markets. And as IBM is the main target of SCO at this time, it falls on IBM to make sure SCO does not win its case in the media or in mindshare. But the Linux community should also assist IBM in this effort. Probably the best way to do this is to start a project to insure the history of all the code in Linux. I believe Eric Raymond has come up a change analysis tool that can do just that. It should be used on the source code for Linux going back as far as possible to pinpoint any areas where there is the slightest suspicion as to the original source of the code.

This is a defensive step that needs to be taken in case by some legal trickery SCO does win its court case against IBM, and then attempts further extortion again the Linux community by claiming tainted source code which the community cannot prove is not tainted.

But we don't need to panic and assume open source is dead in the business world because of IP concerns being raised by some Mafia software company.

Stephen Samuel 09/15/03 04:30:38 PM EDT

Joe Mason says I"m wrong when I say that the dispute between SCO and IBM is a contractual one because the GPL is not a contract.

The GPL is a contract. A license is a (specific kind of) contract.

On the other hand, the SCO suit against IBM is only peripherally about the GPL -- in that their complaint is that IBM publicly released code that SCO claims control over. The GPL just happens to be the manner in which IBM released the code.

IBM's counter-suit does involve the GPL directly. It makes two claims:
1) SCO is estopped from making claims about code that they have been (and still are) distributing publicly (they may, or may not make this claim, but I think that they are).

2) Because SCO is now attempting to limit/charge for distribution of (effectively) all of Linux, they're violating the GPL, and no longer have the right to distribute it (which they still are doing). As such, IBM would be counter-suing SCO for copyright and/or contract violations on the IBM owned code within Linux that SCO is still distributing.

Stephen Samuel 09/15/03 02:33:04 PM EDT

Lock of copyright violation liability only applies if you're buying one copy of the software for each system you're using it on. For entities taking advantage of the GPL to use one (often copied) disk to install 200 servers, they'll be liable for copyright violations on the last 199 of them.

This is one of the (stated) reasons why IBM decided to use Red Hat and Suse distributions rather than rolling their own: They get to fob off any liability on the distributors who made the copies.

Stephen Samuel 09/15/03 02:28:33 PM EDT

Concerning the BSD Packet filter software: If SCO is claiming the BSD code as their own, might this be taken as (indirect) proof that they've (once again) tried to usurp and Obfuscate BSD code as their own (i.e. removed the appropriate copyright attributions?).

If so, it might be time for the BSD people to get into this fray. If SCO has already publicly stated that they think that this code is obfuscated and is a copyright violation, then all that is needed is to prove that it originated elsewhere, and we get to hoist them by their own petard.

Richard Steven Hack 09/15/03 12:00:51 PM EDT

Joe Mason says I"m wrong when I say that the dispute between SCO and IBM is a contractual one because the GPL is not a contract.

Please read up on the case. The entire dispute as it will be heard in court is in fact a contract dispute. SCO alleges that IBM breached a contract by including SCO code into Linux. This has nothing to do with the GPL of Linux.

The rest of SCO's claims are entirely external to the court case and rest on the presumption of their winning said court case. They are attempting to profit in the marketplace by showing FUD about the legality of Linux as a result of the alleged contract breach by IBM - which they have not established even exists yet.

Steve Pierce 09/15/03 08:57:25 AM EDT

"That SCO turned to an alleged MIT team admits they don’t have the resources in house to begin to tackle the job of researching code history.That SCO turned to an alleged MIT team admits they don’t have the resources in house to begin to tackle the job of researching code history."

SCO may not have the resources in house to tackle the job of researching the code history, but you can bet that IBM does. IBM as a corporation, has a very long memory. I guess this David vs. Goliath story may end up with David as a bloodied husk on the courtroom floor. My only thought is "Go Goliath!!!"

Wol 09/15/03 08:16:53 AM EDT

I'm afraid, Hawkie, that you seem to have got your patents and copyrights mixed up.

There is no legal liability to the end-user from copyright. The nasty there is that the copyright owner can present you with a choice - cough up or destroy the copy. Both could be disastrous for the end user. The GPL is great here because even if somebody has been stealing code, these options aren't available. You might find you have to ditch the software because you can't upgrade it, though.

As for the MS/Timeline patent case, you need to read up on it. MS *are* *in* *the* *clear* !!! They licenced the patent, and Timeline have no suit against them. The problem is, they only licenced it for themselves, and then they put it into SQL-Server, so ALL THEIR CUSTOMERS ARE AT RISK !!!

And as others have said, it's the end user that gets slammed in a patent violation suit.

Please read up on things. You said others need to learn the difference between copyright and patents. I'd agree. It's just a shame you seem to know the difference, but you can't tell which is which!

Cheers,
Wol

Hawkie 09/15/03 06:28:52 AM EDT

Well i notice that there is a few people that can not distinct the difference between Copyright and Patents. I expressively specified copyrights, and thus all my comments goes to binaries and not to source. When it comes to binaries the end user is NOT the liable party, but the distributor. When it comes to patents it involves the use (producing binaries) and the modification (re-use) of it. And here it is that OpenSource projects with publishing of the source moves the liability to the end user. In the previosly mentioned cases with Timeline and MSSQL i must state that the end users can not be sued for using MSSQL 7.0, but MS and its partners using the source code is under fire. Here we again come back to who has access to the source.

As a open source developer myself i off course want the initiative to succeed, but i see clear issues that must be addressed before corporations can easily adapt OpenSource software. Many screams for corporations to switch to Linux and use OpenSource software, but that will not happen as long as we stick the head in the sand and doesnt address these issues. A major size company (one of the 10 biggest oil producers in the world) whom i do work for (projects) presented a internal legal study due to the need to maybe adapt some OpenSource software, and this study came with these exact same conclusions as i am presenting. Their lawyers estimated that within 4 years they would face a Copyright/Patent violation lawsuit and this would cost them more than complete development from scratch.

And this is where we stand now. We must address this issue. And PS. Please learn the legal difference between copyright and Patent.

JonB 09/15/03 05:29:00 AM EDT

As a consultant and with the current regime of assigning blame you will already bear liability for any recommendation you make. All recommendations bear risk otherwise there would be no need for experts.

There is no advancement without risk. We can accept the challenge "... and do the other things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win, and the others, too."

Otherwise, we can continue to be paralyzed by fear and do nothing but that which is safe. If our ancestors were so timid, we would still be sitting in caves debating whether rocks are edible. Assess the risk, understand the risk, take responsibility for the risk and accept the challenge.

Open Source developers will continue to move forward and I am sure the open review processes will evolve to address any deficiencies that might exist in code submissions and their screening. However, things are never perfect and there is always a risk some significant portion of stolen code may enter open source. In this, there is probably low risk of large contributions from a single person as the process is usually highly collaborative and reviewed by many people. Nevertheless, there is a risk.

I note in an article from Business.Scotsman.com that Ford is adopting Linux for running "sales operations, human resources, customer relations management and the rest of its infrastructure operations". So perhaps there are other business concerns beyond that of the liability for source code IP infringement. After all, you can always rewrite the offending portion of source code as a remedy for the charge of source code IP theft.

Blighter 09/15/03 05:23:42 AM EDT

To Hawkie
You say:
The liability issue is a major one, as the OpenSource end user is actually the liable party. Proprietary software is developed by a company that is a legal entity, and as such this one guarantees for the copyrights involved.

This is incorrect. Buying the software does not shield a user from copyrights/patent infringement by the company that developed/sold. There are a couple of Microsoft trials out there that prove this: in particular a trial regarding FoxPro and MS-Sql misuse of patents. For more information on this try a Google search.

If that would be the case, given that SCO produced and sold Open Linux all Open Linux users should be shielded from SCO claims for as long as they comply with the licence - which includes free _redistribution and sublicensing_ of Linux kernel code.

One is not shielded from copyright claims, but some licences provide "limited liability" - in the case of Microsoft - up to the price of the product... And I believe RedHat started some sort of fund to help indivdual/corporate users fight SCO claims.

Hawkie 09/15/03 04:51:37 AM EDT

Found something weird looking around. Berkeley University ( www.berkeley.edu ), the "home" for BSD and a lot of the base code for Linux, is themselves using Windows computers in most administration !!!!! I would love to know what their reason for not using in-house free solutions are.
Can it be the legal implications ? Because i know for sure they dont lack the brains to maintain and switch core OS.

Things like that clearly shows OpenSource OS's are still in its infancy when the home for several of them still uses proprietary software like windows.

Hawkie 09/15/03 03:32:22 AM EDT

As i pointed out earlier the legal issues involving a company using OpenSource software, i still can not see anyone actually willing to address this issue. As i see it, this is the main issue to convince corporate users to use OpenSource. The liability issue is a major one, as the OpenSource end user is actually the liable party. Proprietary software is developed by a company that is a legal entity, and as such this one guarantees for the copyrights involved. In such cases the end user can not be sued by a party claiming copyright issues, only the distributor/manufacturer can be sued. So who will be willing to make a legal change to shield end users of OpenSource ? Well most certainly not any US government, because that would in reality be the same as opening up for re-use of any code found anywhere. So how can this issue be solved ? Well i know that lawyers will have filed day when OpenSource really enters the business market. They will hire fleets of people to look for cases in the source codes, and then get tons of revenue from legal proceedings as those using that software.
I can almost see the scenario where i as a systemspecialist recommends a OpenSource alternative for a customer, and eventually he gets sued for copyright violations, as well as beeing put in a position where he has to find another alternative for the software. That can be coslty for the customer as well as for me and my employer. So what do i recommend today ? Proprietary software off course.

I am myself involved in openSource projects and as such i also love to study what others do, and reads through their code. And more than once i have found code snippets i can clearly guess is borrowed from the employer of one of the particpating programmers. One example is some code in a project for clustering Linux, where i KNOW that none of the programmers had access to their own mainframes, or heavy duty servers, but several worked for companies that had some, and that was involved in making similar solutions. Imagine the future lawsuits here.

Well as i said, no use of OpenSource in corporate enviroments until the legal issues are solved.

If my clients asked me to sign a statement that i took on the legal responseability for OpenSource software i recommended i would not dare to sign it, not even if it was concerning the Linux kernell itself, because i can not say for sure where they got all their code from.

Would you sign such a statment ?

JonB 09/15/03 02:12:22 AM EDT

I'm rather late in this discussion so I apologize for going over perhaps some old points.

Not too much of the general Linux kernel community were working on the IA64 architectures at the time the chips were due to be released. Notably though, IBM, old SCO and Sequent were working on a Unixware and AIX port to IA64 in 1998-1999, called Project Monterey, prior to the IA64 becoming available. At the same time, there was separate work in Project Trillian to port Linux to IA64, led by HP, Intel and VA Linux. By mid-1999, many vendors had joined Project Trillian. Cygnus, SGI, SuSE and RedHat contributed many tools and software ports. RedHat developed an IA64 distribution. IBM, Caldera and TurboLinux then contributed to Project Trillian with performance tuning tools and experience with IA64. In October of 1999, old SCO and TurboLinux entered into a strategic agreement to develop services for the TurboCluster server and deliver Professional Services to TurboLinux customers. Caldera and TurboLinux produced Linux IA64 distributions. It is important to note that these actions by contributors to Project Monterey seems in direct competition to Project Monterey.

With regards to the SGI code in question, it was added in 2.4.19 and relates to the IA64 architecture. Since IA64 servers are not easily available to the general populace the development work was most likely restricted to those who had access to the servers provided through Caldera's development center and to SGI. It is most likely that the prior sharing and cross-pollination of code experience for IA64 led to the code having been introduced by SGI and that the implementation algorithm had some influence from SVR 4. However, it also seems likely that legally available, existing code provided the base template. No doubt there will be on-going debates about whether ASSERT calls make the performance scalable or indeed contribute any significant proportion of capability to justify the compensation claims made by SCO Group. The code was subsequently removed from the Linux kernel for aesthetic coding reasons as noted in an earlier response.

The various uses of the word, UNIX and in conjunction, the term, UNIX-derivation are confusing. To clarify:
"Regarding SCO's positioning on UNIX, The Open Group would like to make it clear that SCO holds the rights only to the operating system source code originally licensed by AT&T and does not own the UNIX trademark itself or definition of what a UNIX system is. "

AND

"As the owner of the UNIX trademark, The Open Group has separated the UNIX trademark from any actual code stream itself, thus allowing multiple implementations. Since the introduction of the Single UNIX Specification, there has been a single, open, consensus specification that defines the requirements for a conformant UNIX system.

There is also a mark, or brand, that is used to identify those products that have been certified as conforming to the Single UNIX Specification, initially UNIX 93, followed subsequently by UNIX 95, UNIX 98 and now UNIX 03. Both the specification and the UNIX trademark are managed and held in trust for the industry by The Open Group. SCO, along with all other vendors of UNIX systems (regardless of whether they are members of The Open Group or not), distributes a UNIX system that has been certified through the X/Open and The Open Group certification process."

Finally, as a comment on SCO Group's knowledge of their intellectual property, let me supply this comment by Dr Warren Twoomey - "I'd like to point out that SCO (the present SCO Group) probably doesn't have an idea where they got much of their code. The fact that I had to send SCO (the Santa Cruz Organisation or the old SCO) everything up to and including Sys III says an awful lot." - Sydney Morning Herald. It would appear the defence may have a number of willing expert witnesses on hand.

duncan campbell 09/15/03 12:22:46 AM EDT

Dorks who talk about IP and SCO are missing the point.

This manouver by the Vole of Redmond is straight out
Sun Tzu.

Hey, none have *ever* accused Hisself of original
thought.

Dhu

Joe Mason 09/15/03 12:14:16 AM EDT

First I need to respond to anon that claims that propietary code doesn't always provide attribution either. I think anon is a little confused. Propietary source code is NOT generally published therefore the need to attribute isn't as necessary. Linux is published and needs to have full copyrights attribution. When companies like AT&T, IBM and SCO share proprietary code with others they have nondiscloser agreements and restrictive licenses. If they are using someone elses code like SGI, they need to attribute it properly.

Second, Linux users need to read and get Mr. Samuel's comment. Open Source code is NOT public domain. If you treat it as such you will get yourself and Linux into legal trouble. The GPL isn't a waiver of copyrights, without copyrights the GPL is not enforcable.

R. S. Hack claim the SCO case is a breach of contract with Linux. Wrong. The GPL isn't a contract, the license says so itself. A license is a grant of some copyrights to another. There are many parts to copyrights, copying, distributing, selling, make derivative works, sub-licensing, etc. Licenses generally only grant limited rights. The GPL requires that donated code include the GPL language with the owners name inserted where required. The right to distribute copyrighted material is different from authoring and licensing material. Exercising one right under the GPL doesn't give up all rights to code not given directly by the owner with required license language.

Linux programmer may be skilled at writing code, but that doesn't mean they no beans about publishing and copyright law. The Linux community maybe their own Trojan Horse to infecting Linux with proprietary code. Don't let the blind lead the blind. Understand the rights and limitation of the GPL and read a good IP book before shooting your mouth/fingers off about the law.

BIll Gates 09/15/03 12:02:18 AM EDT

I'm personally not a Linux fan for many reasons; I'm a BSD fan - OpenBSD and FreeBSD where applicable to be specific. But this SCO FUD with Linux I think is utterly pathetic!

Karl 09/14/03 10:58:48 PM EDT

SCO has no intention to win - it gets clearer with each passing week that they are only out to create FUD for Linux - it begs the question of what M$ is doing to inspire this.

jtheory 09/14/03 09:54:01 PM EDT

Matt -
You have a valid point that journalists need to be very careful to separate conjecture from known fact. I don't think Paul overstepped the bounds here, though.

Your rewording loses the main thrust of his point; it *is* logical to expect that when SCO chose a few examples out of the *millions* of lines of infringing code, they chose from the examples they had researched most thoroughly. They *knew* these few samples would be subject to huge scrutiny. The idea that they would choose a random, poorly-checked sample is very unlikely -- why would they want to take such a huge risk to their credibility?

That rates a "probably", doesn't it? If they *have* thoroughly researched code, why in the world wouldn't they have shown it? There could be a reason... hence "probably" (since we can't prove this yet) instead of "undoubtedly" or "obviously", other words used for logical inferences that are even stronger.

Matt Siemens 09/14/03 09:13:46 PM EDT

"If SCO had no idea of the history of the code they showed at SCO Forum, that means they probably also have very little or no idea about the history of the other snippets of code that they alleged infringe."

Paul,

This statement in your article is, in my opinion, bad journalism. In this paragraph you are saying that because of something, something else is "probably" true, when there is absolutely no evidence to support this claim. One snippet of code was addressed. This certainly does not mean or imply that, "they probably also have very little or no idea about the history of the other snippets of code that they alleged infringe."

The reason I point this out is because wording (and reasoning) like this, can easily mislead people by distorting the picture, when I am sure this is not your intension.

Consider this wording instead:

"Since SCO had no idea of the history of the code they showed at SCO Forum, it could, in some people's minds, affect their credibility as other allegedly infringing code snippets are revealed.”

Cheers,

--Matt

Anonymous 09/14/03 06:51:26 PM EDT

If there was any merit to SCO's IP claims, they would have sought (and been granted) an injunction against the Linux vendors, web sites, ftp sites, and developers from further distribution of Linux source. To date, they haven't done so.

Richard Steven Hack 09/14/03 05:53:46 PM EDT

I would like to remind everyone that the basic court case has nothing to do with the Linux community at all. It is a court case about breach of contract between SCO and Linux. The rest of the SCO crap has been a media war against Linux in an attempt to extort license reveneue before even the case was proven in court that IBM has ever breached any contract with SCO. IBM has used its vast patent library to countersue, which was a predicted response. As someone said once, if IBM ever took its patents to court systematically, the entire software industry would be out of business. Some people view this as more dangerous than the SCO suit, although most believe IBM will continue to use its patent portfolio defensively, not offensively. In any event, unless SCO can prove its contract breach case in court, there is little or no threat to Linux at all, since all the rest of their claims rest on the IBM contract breach.

What is important is that SCO NOT be allowed to "win" its case in the media to the degree that Linux's adoption is injured. Therefore, it is important to show that SCO's claims are inaccurate and to impugn the motives for these claims. IBM has only recently made steps in this direction, so it is up to the open source community to handle this end of it. The article above admittedly does some extrapolation as to whether SCO had or has the capability of doing adequate source code history research. But the extrapolation is not too unreasonable given that SCO appears to have botched its method of presenting so-called infringing code. If the code presented so far is either their best or even a reasonable sample of their "evidence", they are clearly in trouble.

On the other hand, is the code they presented intended to be evidence of IBM's contract breach, or evidence of Linux infringement? If the former, their court case is weak. If the latter, we don't know how good their court case against IBM is (irrespective of their Linux infringement claims).

As for Linux's code base, Linus seems to have made it clear that while it is not impossible for infringing code to have slipped into the system in some small areas, there is NO WAY "millions" of lines could have. Linus is convinced the majority of Linux is clean. Until someone (other than SCO) can prove him wrong, I think it is premature to suggest, as one poster did, that infringing code is a problem for Linux.

kwalther 09/14/03 04:47:46 PM EDT

Contrary to some beliefs, I am not on crack, but you brought it up, so maybe you know something I don't.

Here's the deal with my Torts vs Copyright Law view: "Torts" are injuries that occur outside a contractual framework -- like negligence, intentional infliction of harm, slander, etc.

After contributing my time and effort by trying out programs like Mozilla, sending feed back to the other open source geeks about the program, and then having the Canopy Group put their sticky fingers on my time and effort to report bugs; this is something outside of the contractual framework of the GNU.

Therefore I claim TORT. My input to the project is very minimal, but I'm only one of many thousands of human beings who experience a pure enjoyment seeing the computer work.
AND I don't care about the syntax differences between GNU and GPL. Save it for your notes when it goes to trial.
"Free Software Licenses" are Alternatives to Public Domain, and Public Domain in one country may not be in another. I'm not going to argue that point.

Basically, I am not responsible for the negligence of Canopy Group if they blundered into GNU territory, and now want to run away from the Open Source Definition.

The intent of the GNU project is not to "make a buck" off Canopy, or "Infringe on Copy writes..etc", and a reasonable person will defend this argument in court.
Nitpicking over this or that,...big waste of time until everyone is sitting in court.

If you want to lay down and play dead while the Canopy Group moves in on a free project, have at it. I'm not going there.

My vision, (you may say I'm a dreamer...etc.), is to nurture the Linux project into a state where anyone/everyone can use it for free. A standards platform upon which to build, learn and enjoy. Programming is complex enough; why should someone have to pay for it? Sounds anti-American to some folks. Sorry Linux is a world project. It may end up being the defining thread that keeps the world together.

Linux is a platform ABOVE the Canopy Group.
I take it personally, as does the open source community.
When it goes to court, I want to see this thing done legally, Linux will prevail because people like me have the enduring spirit to "work-around" the Canopy Group.
The legal basis of the suit will be upheld in favor of the linux project and open source communities because The Open Source Definition was written for just this occasion. It's all here. Read it yourself.
http://www.opensource.org/docs/definition_plain.html

MonkeyPoop 09/14/03 04:21:44 PM EDT

lastangelman stated: "[..] Buy their stock! [..] buying MSFT shares until [we] owns a majority stake in company. Then we can call the shots and run Redmond as we see fit. You can't beat them with just code alone."

I respectfully disagree. Although I don't truly believe that Microsoft will go out of business (you really have to be stupid to go out of business with tens of billions in your warchest), I DO believe that their stock is going to deflate in the coming years. That means less profit on your MS shares. Dump them while they are nice and fat, because Linux will be directly responsible for thier stock delfation in the coming years.

Why? Because, in what could be called an historically remarkable change in the course of high-technology, a free operating system *will* become the majority choice for those who want to save money. Everyone wants to save money - don't you always shop for the best buys? Even when I made a huge salary, I always looked for shoe blowout sales because I can buy 4 pairs for the price of 1. This isn't being cheap, it's being financially prudent. The high tech population isn't made up of idiots, and they are consumers liked all of us. If something is free, and it works equal to, or better, than the competitor, the world will beat a path to your doorstep. Such is the case of Linux.

There's a second issue regarding reliability, which is widely unstated. In the entire time I used Windows, on many, many machines, it has proven to be unstable. It wasn't the hardware's fault, as most technical support would want you to believe. It was Windows - a technically inferior operating system that was pushed on the community by Microsoft's bullying (they are a convicted monopolist, you know).

Linux is the model of reliability - I moved to Linux about 2 years ago, and I have been able to leave my machine on *months* at a time with no system instability. Sure, I had a few applications blow-up, but the underlying OS did it's job... I killed the process, and the machine remained completely stable. I have yet to lose ANY data because of a machine lockup (which was commonplace using Windows).

I like to think I am impartial, and to be fair, Linux can be difficult to install at times. Unless you have years of high-tech experience, debugging a Linux installation can be a nightmare. Even with the infinite resources available to help you on the internet, a solve for a harware recognition issue can prove to be quite a challenge. Even configuring Linux using the hybrid of "configuration menus" they give you can be very difficult. But once it works, it's like driving a Mercedes on a freeway.

When Linux solves this installation issue, they will kill the core of Microsoft business: the desktop OS.

This is why I heartily recommend dumping your MS stock now. Linux will steamroll Microsoft in the next year or two.

anon 09/14/03 04:08:08 PM EDT

Maybe SCO wants the Community to find out the code what is infringing?
The court is more than a year away. There is plenty of time.
What about doing some windowing?
Let's point a piece of kernel code to SCO and ask is the infringement hiding in this part of kernel.
In two year time plenty of Linux code could be proven clean.
Well, this might not work. They always can keep silent.

I think the main point is to gain some money out of linux or to turn linux ( by their licensing program) into a product that is owned by a company and thus could be licenced to some company currently selling licences for some Linux rival (not unix) system. Even this would be later shown false it would rise up a totally new situation where another company (why not MS) has been selling linux licences further on based on SCO licence having added in their own propritary code. What would be the legal situation if this code had been passed to a huge number of big customers?

Paul Nowak 09/14/03 03:06:15 PM EDT

I think John Douglas up above makes a good point. SCO could learn the history of the UNIX family tree and develop within themselves the ability to systematically analyze code snippets and larger bodies of code. I think it's been shown that SCO has not, to this point displayed this kind of capability but it's certainly possible.

Because of the difficulties SCO has with code analysis, I think it's more likely that SCO is going to want to stick to much more broad claims regarding NUMA and JFS than look at inidividual files if they get to court. Even this "big chunck" assertion has weaknesses because while SCO talks big bodies of code, they decided to show net filter which doesn't fit this pattern. So, is their strategy to talk big hunks of code and then show little snippets to avoid directly addressing any issues that will be at the core of their claims in court? Perhaps, but certainly other plausible arguements could be made.

I think the article's basic claim that the open source community will be more effective at analyzing the code histories than any team SCO can assemble will hold. This should be yet another disincentive on top of a pile of disincentives for SCO to want to do anything other than hang around and issue open letters and send bills out.

In general, I think the issue of what does SCO know and what do they not know and how does this affect their strategy is a very interesting aspect of this saga -- especially given that SCO is comfortable proceeding without information or with partial information in lots of areas.

Paul Nowak

duncan campbell 09/14/03 02:32:56 PM EDT

Anyone with any knowledge of unix's historical
evolution is going to know, a-priori, that their
claims are bogoid.

Will this "prior knowledge" be expressly forbidden
to the jury?? Probably what SCO is counting on.

Dhu

Dave Lozier 09/14/03 02:32:50 PM EDT

Great points made. SCO seems to be speaking loudly and not carrying any stick to back it up. This isn't wise, for sure.

Stephen Samuel 09/14/03 02:26:28 PM EDT

On being a bonehead:
SCO's supposed case against the Linux community is based on Copyright law, not tort law. Copyright laws allows for damages even when the infringer has not made money. RIAA cases against 12 year old file swappers are an obvious example.

Finally: Linux code is definitely copyright. If it were public domain, there would be no leverage upon which to base the requirements of the GPL. Given that you're nitpicking someone else on legal nicities, it would be a good idea to b legally accurate yourself. There is a world of difference between Open Surce and Public Domain.

I expect that SCO would be required to release their list of infringing code in any related lawsuit, because their allegations are really against the myriad of programmers who have contributed the code to Linux. As such, keeping the list of impugned code from the public would be patently unreasonable.

There might be an argument to be made against releasing the related SYSV code, but -- given that it is copyright, and that the judge in the BSD case concluded that code available to anybody willing to pay the license fee is not a trade secret, I don't really think that SCO would win there. This is especially true because the infringed code is likely to be a very small percentage of the SYSV code base.

Ted Powell 09/14/03 01:57:49 PM EDT

Public domain n. 1: (relates to land ownership)
2: the realm embracing property rights belonging to the community at large, subject to appropriation by anyone; _specif_ : status unprotected by copyright or patent
Merriam Webster Third New International--whimsical personal definitions may of course differ.

Linux is protected by copyright, independently of personal opinions or definitions.

Mike 09/14/03 01:57:47 PM EDT

kwalther: Are you smoking crack?

John Douglas 09/14/03 12:55:50 PM EDT

Guys, this really left a bad taste in my mouth. There is enough indisputable evil foolishness coming out of SCO that it is not necessary to resort to the kind of wild inductive leaps this article makes.

Up to this point, reporting from the Linux community has reponded to SCO's claims logically, with restraint and most importantly with lots of research and facts. When you make make an argument to the effect of, "SCO didn't know the history of the code they showed at SCO Forum. Therefore, they are incapable of knowing the history of the UNIX historical code base or its own code", you don't hurt SCO, you undermine your own credibility.

Stephen Samuel 09/14/03 12:41:55 PM EDT

Eric and Bruce did not to most (if any) of the research into the snippets presented by SCO. They did, however, prove the advantages of the open source method over the proprietary approach. The research on those code snippets was done by the same Open Source community that SCO has accused of being unable to police their code for copyright violations.

That this open source crew could, in the space of less than a day, do so much better at tracking the code than SCO has is both a vindication of the open source method ("To a thousand eyes, any problem is shallow") and an indicator of the difficulties that SCO faces in court.

Phil 09/14/03 12:37:06 PM EDT

In reply to Chris, the forum in question was "Linux Weekly News" (http://lwn.net)

Chris 09/14/03 12:23:38 PM EDT

If you are going to credit people for the excellent research in finding the origins of the code snippets presented by SCO, the entire open source community should be it. I wish I remembered the forum address now, but Bruce gathered all his research from a large group of people who donated their time and energy to debunking SCO's claims. Even the simple Greek translation was recognized and translated by a couple of the members in that forum, not by Perens himself. Perens just took the thread and put it into an easy-for-media-to-digest webpage.

Kris Van Hees 09/14/03 11:17:08 AM EDT

Although I very much respect Bruce Perens and Eric Raymond, and their knowledge, I think that the article is a bit over the edge when claiming that those two people are about the only ones that have the knowledge needed to dig into the historical source of source code. There is quite a large group of people that would be able to do that. And by putting a couple of them together with e.g. former Bell Labs people, you'd get pretty far.

I'm not claiming that SCO did this or is even able to get cooperation form such a group of people, but claiming that you'd need a Bruce or Eric is a bit of a stretch...

Kris Van Hees 09/14/03 11:17:05 AM EDT

Although I very much respect Bruce Perens and Eric Raymond, and their knowledge, I think that the article is a bit over the edge when claiming that those two people are about the only ones that have the knowledge needed to dig into the historical source of source code. There is quite a large group of people that would be able to do that. And by putting a couple of them together with e.g. former Bell Labs people, you'd get pretty far.

I'm not claiming that SCO did this or is even able to get cooperation form such a group of people, but claiming that you'd need a Bruce or Eric is a bit of a stretch...

SiliconJon 09/14/03 10:48:49 AM EDT

rabble! rabble! rabble!

Oh, never in my life have I shaken my head so often when reading about just one company...now what would be great would be the exposure of the beginnings of this "assault" from SCO, explaining how and why they began this venture into oblivion.

Vaino Vaher 09/14/03 10:44:54 AM EDT

Two things are obvious to me:
1) SCO doesn't care if they can win in court or not.
2) They will try to delay any evidence, and even appearing in court, for as long as they can.
The reasons? They will try to collect their money *before* this case ever reaches the court. They send threatening letters to companies, issue 'licenses' to anyone willing to pay, and collect royalties from those who want to assure their customers that their Linux product is legit.
So far, they have proven to be quite successfull.
Evidence? Look at the stock price! And note that some large corporations are actually swallowing the bait!
I belive that this is a very short-term strategy, similar to Bagdad Bob's attempt to mislead the world while the Iraq'i leadership was planning for a comfortable retirement.

If SCO was serious about their claims they would be working hard to refute Raymond, Perens et al. They would also come ut with at least ONE example of copyright infringement.
Instead they are content with producing more nonsense, as long as it contains enough buzzwords to convince Corporate Level Management.
If there are 'millions of lines of identical code' they must have a case, mustn't they? Only us techies know that there aren't millions of lines of code in the Linux kernel.
It is obvious to me that SCO isn't pursuing truth. Isn't it obvious to you, too? So why do we fall in the trap and argue with them about this or that statement or code sniplet? By doing so we are playing *their* game, and they will get away with the money.
We need not talk with SCO, we need to approach those who might be inclined to hand money to SCO. We need to inform Corporate America.

misternobody 09/14/03 10:33:30 AM EDT

In this article is an interesting one of resources. You can imagine during the trial that SCO shows some code snippet and that immediately 1000 open source linux coders are available to track down every bit of information about the source and history of the code. In other words, the number of technical resources available to the open source community is very large compared withe the resources available to SCO.

layton baker 09/14/03 09:51:26 AM EDT

As I understand it...the code contributed by SGI has a proper BSD style liscense to be included in Linux, as Perens pointed out in his analysis. I may have missed something (I was away from the net for about 2 weeks but I done everything in my power to say up to date on this issue), but I believe McBride, in his recent open letter, distorted Perens comments so as to indicate that there was an admitted IP infraction... I don't think that is what Perens or anyone else has said. And thus far SGI is telling SCO they are making noise without basis.

lastangelman 09/14/03 07:19:41 AM EDT

1.Initially, when larger companies started to get heavily involved with Linux and then started paying engineers to write and contribute to the OS, I started to get the heebiegeebies. I figured it was going to be inevitable that some lazy engineer was going to strip the copyright off and lift some propriatory code and submit it as their own. No matter that the Linux community has great "filters" built in for identifying and isolating such violations, with the volume of contributed code increasing, some prop. code had the chance of creeping in past Linus & company, they are not superhuman or machines after all.
2.Which company had or has the sloppiest and or laziest engineers and had the least to lose if they were found out to be the contributors of prop. Unix code to Linux? When the offending code is pointed out in court, will not Linus and company be able to pinpoint when the code was submitted and by whom? Was it by the very company playing the most serious game of chicken right now with the entire open source comunnity and all for the sake of making a couple of bucks at the expense of other people's hard work and dedication?
3.Despised as the folks in Redmond are, I do not think they are behind SCO's incompetent machinations but have welcomed it nonetheless, and happily "funded" their survival with a token license fee long enough for SCO to create the FUD necessary in Redmond's long battle to maintain market supremacy. Steve Balmer is a lot of things, but he is not an idiot. Whatever the outcome of court case it is a win-win for Redmond.
3.In response to Monkeypoo, don't sell your Microsoft stock on such silly and spirited premise. In fact I have a better idea for the entire open source community. Do you want Microsoft to share their source code? Control the company! How? Buy their stock! The entire open source community should sink every dollar, euro, yen, peso, etctera, buying MSFT shares until it owns a majority stake in company. Then we can call the shots and run Redmond as we see fit. You can't beat them with just code alone.

delong 09/14/03 07:12:40 AM EDT

"So, for all purposes, it’s safe to say SCO and its crack legal team just can’t do the deeper historical analysis needed here. Would a junior programmer be able to produce the findings that the open source community can? No way. Such an individual simply would not have the depth of historical knowledge to know where to look."

In all fairness, this statement is bunk. The history and all its gory details is public. And SCOs attorneys would, if they were competent, have all the case files for the legal history at their disposal to research before making claims. It isn't a matter of SCO not being ABLE to make the same kind of historical analysis as Perens and Raymond, but rather the WILLINGNESS, or even just FORESIGHT, to do so. Really points to boneheaded legal representation, to go off exposing the company half-cocked on such shaky grounds.

anon 09/14/03 06:09:29 AM EDT

>> If more SGI problems come up in the future, that will also hurt the Linux code base.

SGI says flatly that there is no problem. If SCO feels the opposite, they can prove it in court.

SCO isn't accusing college students of pirating Linux in their dorm rooms. It's accusing companies far larger, more established and better respected than SCO of openly and publicly violating their rights for years.

During these years, SCO didn't even send an email asking them to stop. Instead SCO released the product of this supposedly illegal behavior themselves and tried to profit from it.

We'll see what happens in court.