Posted on 08/26/2003 7:04:02 PM PDT by Golden Eagle
SCO Defends Against Open Source Advocates
By Mitch Wagner
SCO defended itself against criticism by the open source community, saying Unix code used in Linux comes from its own, copyrighted version of Unix, not - as Linux advocates argued last week - earlier versions that have been released into open source.
SCO also said the General Public License (GPL), a popular license for releasing software into the open source community, violates U.S. and international copyright law.
SCO, which owns intellectual property of Unix, is fighting a legal and marketing campaign to show that Linux contains sufficient proprietary Unix code that Linux distributors and users are ripping off SCO. SCO sued IBM in March, claiming that IBM included proprietary Unix source code in Linux, and later SCO warned Linux users that they, too, could be subject to intellectual property lawsuits if they failed to obtain legitimate licenses from SCO. SCO introduced a $699 license this month for Linux users.
SCO has been closely guarding its evidence - the allegedly stolen source code - disclosing it only people willing to sign a nondisclosure agreement. However, last week SCO disclosed some of the code at a presentation at its SCO Forum conference in Las Vegas. Linux advocates, including Bruce Perens and Eric Raymond, obtained copies of SCO's slides, and posted responses to the Web, saying that SCO's own evidence undercut its case.
Perens and Raymond said that some of the code disclosed on the slides, governing memory allocation, comes from early, "ancestral" versions of Unix that were released into open source by SCO itself, while SCO was doing business as Caldera.
But SCO said that, while ancestral Unix versions have earlier versions of the code, the code was refined in SVR4.1, and it's the later version of the code - still proprietary to SCO - that appears in Linux.
Chris Sontag, senior vice president and general manager of SCOsource, the company's business unit for licensing SCO's intellectual property, said another vendor copied proprietary memory allocation code from Unix into Linux, removed the original copyright notices and attached its own. SCO would not identify which company did the label-switch.
Linux advocates also said last week that the memory allocation code is only used in versions of Linux for IA-64 systems, such as systems running on the Intel Itanium chip, representing fewer than 10 percent of Linux installations. The vast majority of Linux installations are running on IA-32 systems such as Intel's Xeon processors.
Sontag accused the Linux advocates of splitting hairs.
"What's at issue is that there is copyrighted Unix System V code, Version 4.1 code, copied into Linux. Whether it is used broadly or not, it is widely published and available. SCO's copyright is stripped out and others are taking credit in violation of the copyright," Sontag said.
Perens said that one of the examples of allegedly stolen code shown by SCO last week was, in fact, from Berkeley Packet Filter (BPF) routines taken from BSD, which is covered by an open source license.
But Sontag said the BPF routines were not intended to be an example of stolen code, but rather a demonstration of how SCO was able to detect "obfuscated" code, or code that had been altered slightly to disguise its origins. The slide displaying the code should have been written differently to reflect that intention, he said.
"It was an example of our ability to find moderately changed or obfuscated code, it was not an example we are using in court," Sontag said. "If they want to go off and make a big defense on that, they are welcome to it."
Sontag said the code examples SCO chose to disclose last week were not its best examples, merely the most easily understood ones. Perens had said the examples SCO disclosed were likely to be SCO's best, and underscored the weakness of SCO's case.
"He's wrong, he doesn't have examples of the evidence. We do. He is trying to put a happy face on a problematic situation for the Linux community," Sontag said. "Try as they might to come up with arguments to bolster their position, the facts and everything we know are extremely strong in SCO's favor."
SCO also focused criticism on the GPL, which is the license for many open source projects, including Linux. The license states that GPLed software and source code must be available to anyone. Modifications to GPL software are subject to the same provisions.
The Free Software Foundation developed the GPL, and defines free software on its Web site.
Linux advocates say that SCO undercut its own case by releasing its own version of Linux under the GPL. The SCO version of Linux contains the disputed code and - even if the code was once proprietary - SCO released it into open source when it released its own Linux, the advocates argue.
However, Sontag said that argument holds no water because SCO never intended to release its proprietary code into open source. "U.S. and international copyright law asserts you cannot inadvertently and accidently assign your copyright to someone else," Sontag said.
Moreover, SCO said its proprietary code in Linux does not meet the definition of free software as stated in the Linux GPL.
"The Linux GPL itself asserts that the valid legal copyright holder has to place a notice at the beginning of their copyrighted work, the source code, identifying the code and the GPL. It requires an overt action. SCO has not contributed its code, and as soon as we became aware of the copyright violation we suspended our distribution," Sontag said.
No, it is not.
Before SCO GPL'ed its Linux distro, they should have looked at the code (it's not like it's hidden). They didn't. End of case...
Well, if you're interested in stock prices, try to remember that they had a 1:4 reverse stock split not all that long ago... That puts SCO's stock value at about 1/10th of what it was while it was still Caldera.
Mark
Well, apparently some of it did happen to say "copyright SGI" instead of "copyright SCO". I'd say that's a pretty good reason why they may not have noticed it, although I imagine you disagree.
This is utterly incoherent. Are you saying that if I write a program, I should not be able to make it available under terms less strict than the default of copyright law? Or are you one of those people who believe that if you accidentally type a single line of GPLed code, ninjas dressed in penguin suits will immediately storm your offices and steal all your code?
All well and good, but apparently their stock did hit a 52 week high today, so I doubt too many stockholders are complaining about the latest trends.
Well, some of the stuff $CO thinks they own says "copyright Regents of the University of California" so that doesn't really seem to matter.
If SCO were so concerned about exerting its rights, they would identify the infringing code so that it could be removed. Why do you think they haven't done so?
CS can speak for himself, but I don't think it's ninjas people are worried about, I think it's more the online underground army that posts on every message board "they no longer own the code because our GPL took it from them when they released a version of Linux [insert sinister laugh]". Of course neverminding the fact that the code in question may have said "Copyright SGI" or "Copyright IBM" even though SCO may have actually owned distribution rights.
There was a very interesting post at the ZDNET website yesterday in response to the "SCO site was hacked" story:
"Hackers cut off SCO Web site" says the headline. How do we know that? Because SCO said so.
It's not just ZDNet, it's all over the press now. Guess what? It isn't true. How do I know that? Because I watched a fairly clever group of people using netcraft.com and traceroute tools over the weekend to try to figure out what was going on. I know this for a fact because I did it myself: NONE of the other Canopy Group companies had any delays whatsoever, even while sco.com was dead as a doornail, even though ALL OF THEM were going through the same router at Viawest, which is an internet provider owned by Canopy Group. There was no DDoS attack. The SCO sites were taken down voluntarily late Friday, and brought back up Monday morning, with substantial new content on them.
Look at the SCO site. Just LOOK at it. It's had a complete cosmetic make-over since Friday. DDoS attack, my foot. These guys took their own site down for maintenance.
So how come they claim it's an attack? Because big-mouth Eric S. Raymond fell for some Howard Stern caller who told him, "Oh yeah, it's an attack... I know the guy who did it."
So Raymond ran to the press with it, apologizing all over the place for the DDoS attack.
You can't give opportunists like SCO that kind of an opening without expecting them to jump at it. So they did.
And once again, our fearless trade journalists, who apparently have neither skepticiam nor investigative skills, print every word SCO says as Gospel truth.
Because it is a "trade secret", that they wish to keep secret? Here's an analogy - admittedly of signifcantly more importance - but what if classified US Government material got into a book of some sort, would you then expect the government to publicly say "It starts on page 87 and ends on page 95"? I sure hope not.
Sorry, but I have been to the site before, and went again earlier tonight. There is very little that has changed (if anything?), so I'd be careful reposting what some anonymous poster claimed on a seperate message board to be true without further verification of your own or other trusted source.
Note: sco.com is down right this very minute, possibly more denial of service attacks going on tonight?
If it's in Linux source code, by definition it's not secret. *If* any infringing code exists, all they're doing by refusing to identify it is to prevent the infringement from being corrected. Courts are not amused by this; see "mitigation of harm".
but what if classified US Government material got into a book of some sort, would you then expect the government to publicly say "It starts on page 87 and ends on page 95"?
It wouldn't matter; again the information would already be out there.
You seem to have this fantasy that SCO will be able to stop all Linux distribution based on their alleged ownership of a tiny portion of the code, without ever identifying what that code is. Not gonna happen.
Please, stick with Windows and recommend it to others. I offer security services and appreciate your help.
It very well most certainly would matter, especially as the Government would not publicly identify it, being the very point I was making.
Bottom line is without specific identification, you have no idea where it is. Obviously true, since even though Linux source is published, you likewise have no idea where the supposedly stolen code is.
You will note that in my post, I didn't comment on whether or not the other post was true. I simply said it was interesting. I particularly found the claim that other sites using the same router were not impacted to be quite interesting. Of course, I have no way of verifying at this point in time what happened over the weekend other than to try to elicit reponses to information such as that which I posted. I thought that's what forums were for, to exchange ideas and information.
The outage prompted Netcraft to declare that SCO was again the target of a DoS attack. However, the outage was actually due to preventative measures taken by SCO and its hosting service to mitigate the effects of future attacks, according to company spokesman Marc Modersitzki.
Incorrect. It will certainly depend on how much code the judge views as infringing. However if it's everything that was ever in AIX, then you could easily see version rollback or IBM/SCO attempting to license the code to Linux users for a fee.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.