The Coral Snake Ping.
Calling all Anti Commies and Anti Pirates
<=>
Posted on 08/20/2003 10:26:31 PM PDT by Russian Sage
You may re-publish this material. You may excerpt it, reformat it and translate it as necessary for your presentation. You may not edit it to deliberately misrepresent my opinion.
An SCO presentation shown in Las Vegas on August 18th alleged infringement by the Linux developers. The presentation, in Microsoft PowerPoint format is here, and a conversion of the presentation that can be viewed using a web browser is here .
SCO released the presentation to Bob McMillan, a reporter for IDG News Service, without any non-disclosure terms. Bob asked me to comment upon it. here's his story. I will start with SCO's demonstrations regarding "copied" software. It is likely that SCO would present the very best examples that they have of "copied" code in their slide show. But I was easily able to determine that of the two examples, one isn't SCO's property at all, and the other is used in Linux under a valid license. If this is the best SCO has to offer, they will lose.
Slide 15 shows purports to show "Obfuscated Copying" from Unix System V into Linux. SCO further obfuscated the code on this slide by switching it to a Greek font, but that was easily undone. It's entertaining that the SCO folks had no clue that the font-change could be so easily reversed. I'm glad they don't work on my computer security :-)
The code shown in this slide implements the Berkeley Packet Filter, internet firewall software often abbreviated as "BPF". SCO doesn't own BPF. It was created at the Lawrence Berkeley Laboratory with funding from the U.S. Government, and is itself derived from an older version called "enet", developed by Stanford and Carnegie-Mellon Universities. BPF was first deployed on the 4.3 BSD system produced by the University of California at Berkeley. SCO later copied the software into Unix System V.
The BPF source code is here on the Lab's web site. A paper on its design, published in 1993, is here
BPF is under the BSD license. That license allowed SCO to legally copy the code into Unix System V in 1996, but since SCO doesn't own the code, they have no right to prevent others from using it.
So, in this case the SCO "pattern-recognition" team correctly deduced that the Linux and SCO implementations of BPF were similar. But I was able to determine the origin of BPF after a few minutes of web searches on google.com . Why couldn't a "pattern-recognition team" do the same? It's difficult to believe they simply didn't bother to check. It's also likely that SCO dropped attribution of the Lab's copyright from the System V copy of the BPF source code, or the team would have known.
The Linux version of BPF is not an obfuscation of the BPF code. It is a clean-room re-implementation of BPF by Jay Schulist of the Linux developers, sharing none of the original source code, but carefully following the documentation of the Lab's product. The System V and Linux BPF versions shown in slide 15 implement the same virtual machine instruction set, which is used to filter (allow, reject, change, or reroute) internet packets. And the documentation for that VM even specifies field names. Thus Schulist's and the Lab's implementations appear similar. Had Schulist chosen to directly use the Lab's code, it still would have been legal. But the version in Linux is entirely original to the Linux developers. There is no legal theory that would give SCO any claim upon it.
Slides 10 through 14 show memory allocation functions from Unix System V, and their correspondence to very similar material in Linux. Some of this material was deliberately obfuscated by SCO, by the use of a Greek font. I've switched that text back to a normal font.
These slides have several C syntax errors and would never compile. So, they don't quite represent any source code in Linux. But we've found the code they refer to. It is included in code copyrighed by AT&T and twice released as Open Source under the BSD license: once by Unix Systems Labs (a division of AT&T), and again by Caldera, the company that now calls itself SCO. The Linux developers have a legal right to make use of the code under that license. No violation of SCO's copyright or trade secrets is taking place.
The oldest version of this code we've found so far is in Donald Knuth's The Art of Computer Programming, published in 1968. Knuth was probably working from earlier research papers. He didn't write in C, so details differ but the algorithm is the same. The implementation shown in the slides was written by Dennis M. Ritchie or Ken Thompson at AT&T, in 1973. You can see the 1973 version of the function in this file, originally called dmr/malloc.c. The code is from Unix version 3, the oldest known version of Unix that still exists in machine-readable form. The complete source for that system can be found here on the net. In 2002, Caldera released this code as Open Source, under this license. Caldera is, of course, the company that now calls itself SCO. The license very clearly permits the Linux developers to use the code in question. Historical information on why Caldera released the Unix source code to the public is here, and contains some information relevant to the SCO court cases.
Another version of the code is copyrighted by the University of California as part of the BSD Unix system that they produced for the U.S. Army and released as Open Source. That code is also under the BSD license, and appears here in this file released in 1984. It's interesting to consider how this code came to belong to the University.
In the early 1990s, AT&T's Unix Systems Labs (USL) sued BSDI, a company vending the BSD system, and the University of California, over this and other code in the BSD system. The claims that SCO is making are very similar to the AT&T claims. AT&T lost. It was found that AT&T had copied heavily from the university without attribution, and thus AT&T settled the case. In the settlement, the University agreed to add an AT&T copyright notice to some files and to continue to distribute the entire system under the BSD license. AT&T agreed to pay the University's court costs. Some details of the lawsuit are here.
AT&T was actually found to have lost its copyright to the code in question during the lawsuit, because the code wasn't published. This would not be the case today, as there have been changes in copyright law. But the judge's decision back then was:
Consequently, I find that Plaintiff has failed to demonstrate a likelihood that it can successfully defend its copyright in [Unix version] 32V. Plaintiff's claims of copyright violations are not a basis for injunctive relief.
The result is that between the judge's finding and 1996, when there were additional changes to the Bern copyright convention that would have made the AT&T code copyrightable, the code was essentially in the public domain. Code derived from Unix before and during that time would be legal.
The AT&T code that was subject of this lawsuit survives into SCO's current system. SCO's "pattern analysis team" found this code and correctly concluded that it was similar to code in Linux. But they didn't take the additional step of checking whether or not the code had been released for others to copy legally.
The code in question has already been removed from the most recent development versions of the Linux kernel, for technical reasons. It duplicated a function provided elsewhere, and thus never should have been included. The code was intended for one SGI system that was never sold, and another that is extremely rare, and was not used in the mainstream Linux kernel.
In slide 20, SCO alleges that it owns essentially all of the code in Linux that has been touched at all by IBM, SGI, and other Unix licensees. These contributions constitute over 1.1 Million lines of code, 1549 files, totalling 2/3 of the new code developed between the releases of Linux 2.2 and 2.4. But how could SCO possibly own all of this code that is copyrighted by other companies and individuals? SCO's legal theory, explained in slide 6, is that the AT&T Unix license compelled all of these companies to assign to AT&T, and later SCO, all derived works that they created incorporating the Unix source code. Here is the key clause on slide 6:
Such right to use includes the right to modify such SOFTWARE PRODUCT and to prepare derivative works based on such SOFTWARE PRODUCT, provided the resulting materials are treated hereunder as part of the original SOFTWARE PRODUCT.Under SCO's theory, if any code created by a Unix licensee ever touches Unix, SCO owns that code from then on, and can deny its creator the right to make use of it for any other purpose.
SCO's legal theory fails, because they ignore the fact that if a work doesn't contain some portion of SCO's copyrighted code, it is not a derived work. This is especially glaring on slide 20, in which SCO claims ownership of JFS, IBM's Journaling File System. The version of JFS used in Linux was originally developed for the OS/2 operating system, and was later ported to both Unix System V and Linux. SCO's claims fail in a similar manner for the other products they mention: RCU or Read Copy Update, software that keeps processors in a multi-processor system from interfering with each other, was developed by Sequent, a company later purchased by IBM. Sequent developed RCU under Dynix, a Unix-derived operating system. They later removed RCU from Dynix - separating it from any code owned by SCO - and added it to Linux. Similarly, SGI's XFS, the eXtent FileSystem, was separated from IRIX, a Unix-derived operating system, and ported to Linux.
SCO's contention is that copyrighted software can never be separated, that any code created by a Unix licensee that ever touches SCO Unix or is even loosely based on Unix is entirely SCO's from that moment on, and can never be used for another purpose by its creator without authorization from SCO. SCO's contention goes against any reasonable understanding of the boundaries of intellectual property. It's unlikely that it would survive a court room.
SCO's responses to this document are We own Unix and would know what it looks like, and It's his word against ours. I'm not, however, asking you to rely on my word. I've presented you with links to the evidence, most of which is available at web sites not under my control. Please examine it and make your own conclusion.
Bruce Perens
They have been raking in millions of dollars this year in insider stock sales on newly minted options and other shell games. See for example GROKLAW's SCO Scoop.
They are playing the naive investor community for fools, pumping and dumping their stock. Their software license claims are bogus six ways from Sunday.
They don't own what they are suing over, and they have given it away, under both GPL (continuing to provide ftp download of Caldera's Linux) and BSD (releasing Unix Version 7 and older to the public) licenses to boot.
Microsoft is happily playing along (at a safe legal distance), giving SCO a few million for a trumped up "license", enjoying the FUD (Fear, Uncertainty and Doubt) that they are attempting to cast over the Open Source Linux markets. The Microsoft "license" money helped them keep their paper profits up, continuing to support a bogus stock price.
There can only be one just outcome to such shananigans.
Calling all Anti Commies and Anti Pirates
<=>
Exactly. This site recently went down, before you could read about this poor sap who lost everything on his open source project:
www.linuxrouter.org (just went down, or not available this morning)
He is certainly not alone. Yesterday one of the very top OSS advocates Alan Cox left Red Hat to persue an MBA of all things, crushing their ideals of free software. The very first thing he will learn in school is, first, you need income.
Microsoft raps open-source approachby Ben CharnyStaff Writer, CNET News May 3, 2001 NEW YORK--Microsoft on Thursday stepped up its long-running battle against the open-source software movement as one of its chief strategists compared the movement to business practices that helped sink hundreds of dot-coms. "A common trait of many of the companies that failed is that they gave away for free or at a loss the very thing they produced that was of greatest value--in the hope that somehow they'd make money selling something else," according to a white paper authored by Senior Vice President Craig Mundie. In the paper, which accompanied remarks Mundie made to an audience at New York University's School of Business, he argues that releasing source code into the public domain is "unhealthy", causes security risks and "as history has shown, while this type of model may have a place, it isn't successful in building a mass market and making powerful, easy-to-use software broadly accessible to consumers." The speech by Mundie--regarded as one of Microsoft's chief software strategists--is the latest move in a long-running public relations campaign by Microsoft to combat the open-source movement. Under the open-source model, which has created successes such as the Linux operating system, the underlying code of a program is freely available for other programmers to examine and modify. Next up, Microsoft Group Vice President Jim Allchin calls open source software un-american. Film at 11. |
Coral Snake wrote:I'm curious as to your position on The SCO Group's claim that IBM, SGI, and others can't use code that they wrote in any operating system other than UNIX?
Calling all Anti Commies and Anti Pirates
To me, that claim sounds a whole lot like theft of intellectual property. It's much worse that anything in the GPL, because in order to "lose" your work to the GPL, you actually have to use code covered by the GPL.
As just one example, The SCO Group doesn't claim that IBM's Journaling File System code contains any code written by AT&T or the Santa Cruz Operation. As a matter of fact, SCO Group spokespeople have stated that IBM owns the copyright on JFS. Still, the SCO Group claims that even though IBM paid all the development costs for JFS and holds all the copyrights on JFS, somehow it is still the SCO Groups intellectual property and IBM can't use it in any operating system other than AIX without the SCO Group's permission and license.
I'm definitely not a supporter of Communism, but open source software isn't communism. Communism is "from each according to his ability," and they just take it. Open source software is "from each according to his voluntary willingness to give," and I find nothing objectionable in that. If you don't want to contribute to open source projects, nobody holds a gun to your head and forces you to contribute.
In the SCO Group's situation, though, they are asking the courts to hold the gun while they go out and "take" all the intellectual property developed by their licensees. If there is anyone in this whole mess who is following communist examples, it's the SCO Group.
He's taking a one-year sabbatical to study. This is hardly "left RedHat". Get your facts straight or you look like an ass.
In all fairness, I think we should stink up the thread with comments from Microsoft executives. Their opinions on Open Source are of course unbiased and a valuable contribution to discussion.
From: Alan Cox [email blocked]
Subject: Next Month/Changes to where to send stuff
Date: 20 Aug 2003 13:05:10 +0100
At the end of September I'm off back to University on a years sabbatical
from Red Hat to study for an MBA. I've made the decision that I'm
basically going to vanish for the year so I can concentrate on the
course, and on the pet side project of learning Welsh.
I've passed all my userspace projects on to other people already, and
I'll be vanishing from kernel space too (except to a few priviledged
processes ;)). Lots of people send me stuff as a gateway to getting it
into 2.4 and 2.6. Lots of people send me security related stuff.
Can you in future please send stuff to
Security: [email blocked]
2.4: Marcelo/the list/someone he nominates to do that job
2.6: Andrew Morton or for small stuff Rusty Russell's trivial patch
manager.
The 2.2 tree needs a new maintainer, someone who can spend their entire
life refusing patches, being ignored by the mainstream (because 2.2 is
boring) and by vendors (who don't ship 2.2 any more).
I'm not sure what to do about the -ac patch. Most of the remaining stuff
is "pending Marcelo" for 2.4 mainstream, but not the O(1) scheduler and
some of the odder cool stuff (like the morse bits). As 2.6 becomes
relevant 2.4-ac basically becomes a fixed collection of add-ons that
aren't mainstream anyway. And of course there are other people keeping
patch sets in the same way nowdays.
A few years ago I'd have worried about doing this, the great thing is
that with the kernel community we have today I know I'm not a critical
cog in the machine. In fact I'm surrounded by people far better than I
am and we even have Andrew Morton to keep Linus in check 8)
Dal ati!
Alan
Your mission is to uphold the Rule of Law by writing your state's Attorney General, urging him to put McBride and Co. behind bars for stock manipulation and extortion.
It depends on which ones you are referring to. My observation is they fall into a number of categories:
Open source development is also a form of personal networking. It's a way to develop a career, by establishing yourself as a competent developer -- leading to a job that does indeed pay the bills.
This seems to me to be plausable, and is backed up later in the article when talking about JFS:
SCO claims ownership of JFS, IBM's Journaling File System. The version of JFS used in Linux was originally developed for the OS/2 operating system, and was later ported to both Unix System V and Linux.
How can SCO claim ownership of JFS when it was developed on OS/2?
Under SCO's theory, if any code created by a Unix licensee ever touches Unix, SCO owns that code from then on, and can deny its creator the right to make use of it for any other purpose.
There are plenty of closed-source binary only drivers for Linux, particularly for older video cards. The GPL was designed to do one thing, keep code that was wriiten under an open source license under an open source license. The only way to violate the GPL is to incorporate GPLed code into your software. This is a violation of the GPL, but there is nothing wrong with releasing proprietary software for Linux, software vendors do it all the time, Oracle, Tivoli, MATLAB, the list goes on....
But here SCO is claiming because JFS was ported to AIX, UnixWare, and Linux that it now becomes property of SCO? Despite the moaning and gnashing of teeth about the GPL, this is even more "viral" than the GPL and any other open source license I know of! Imagine if you wrote a commercial driver for Windows, and after it was released Microsoft now had an intellectual property right interest in your work!
You believe anything the puppet masters tell you, don't you. LMAO.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.