Hardly a week goes by that The SCO Group doesnt launch a public assault on Linux. In this weeks attack, SCO CEO Darl McBride fist accuses the president of the Open Source Initiative, Eric Raymond, and the open-source community in general of not doing enough to stop Distributed Denial of Service (DDoS) attacks on SCOs Web site.
Next, McBride takes Bruce Perens, a director of Software in the Public Interest, a nonprofit open-source development organization, to task for admitting that at least one small part of SCO Unix System V code is, in fact, in Linux. Finally, he reiterates SCOs recent arguments that SCO is defending not only its own claims, but the basic principles of intellectual property.
Needless to say, Raymond and Perens didnt let a day go by before responding. They claim, in an e-mail note sent by Raymond, that McBrides arguments are “falsehoods, half-truths, evasions, slanders, and misrepresentations.” Specifically, Raymond denies that he has somehow hidden that person behind the SCO DDoS attacks. Indeed, he points out that Blake Stowell, communications director for SCO, e-mailed him a thanks message for his public stance against the SCO DDoS attack.
As for the Unix code, the open source pair doesnt address this issue directly. This might be because issue has already been dealt with in Perens analysis of SCOs Unix claims: “It turns out that we have a legal right to use the code in question, but it doesnt belong in Linux and has been removed.” In short, even before McBride made his claim of IP theft, Perens had actually pointed out the incident and that the code in question had “already been removed from the most recent development versions of the Linux kernel, for technical reasons. It duplicated a function provided elsewhere, and thus never should have been included. The code was intended for one SGI system that was never sold, and another that is extremely rare, and was not used in the mainstream Linux kernel.”
In the note though, the pair do address the broader issue of McBrides claims that there are “fundamental structural flaws in the Linux development process” writing, “We in the open-source community are accountable. Our source code is public, exposed to scrutiny by anyone who wishes to contest its ownership.”
Finally, the open source duo state, “You invite us to negotiate, but you have persistently refused to state a negotiable claim. You have made allegations of a million lines of copied code which are mathematically impossible given the known, publicly accessible history of Linux development. You have uttered vast conspiracy theories which fail to be vague only where they are slanderous and insulting.”
So it is that while McBride ends his note with a call for the open-source community to work together with SCO, the open source leaders are taking his message as simply yet another deliberately misleading declaration of war against Linux.
Linux & Open Source Center Editor Steven J. Vaughan-Nichols has been using and writing about Unix and Linux since the late 80s and thinks he may just have learned something about them along the way.
SCO Takes the First
September 9, 2003
Open Letter to the Open Source Community
The most controversial issue in the information technology industry today is the ongoing battle over software copyrights and intellectual property. This battle is being fought largely between vendors who create and sell proprietary software, and the Open Source community. My company, the SCO Group, became a focus of this controversy when we filed a lawsuit against IBM alleging that SCOs proprietary UNIX code has been illegally copied into the free Linux operating system. In doing this, we angered some in the Open Source community by pointing out obvious intellectual property problems that exist in the current Linux software development model.
This debate about Open Source software is healthy and beneficial. It offers long-term benefits to the industry by addressing a new business model in advance of wide-scale adoption by customers. But in the last week of August, two developments occurred that adversely affect the long-term credibility of the Open Source community, with the general public and with customers.
The first development followed another series of Denial of Service (DoS) attacks on SCO, which took place two weeks ago. These were the second and third such attacks in four months and have prevented Web users from accessing our web site and doing business with SCO. There is no question about the affiliation of the attacker – Open Source leader Eric Raymond was quoted as saying that he was contacted by the perpetrator and that “hes one of us.” To Mr. Raymonds partial credit, he asked the attacker to stop. However, he has yet to disclose the identity of the perpetrator so that justice can be done.
No one can tolerate DoS attacks and other kinds of attacks in this Information Age economy that relies so heavily on the Internet. Mr. Raymond and the entire Open Source community need to aggressively help the industry police these types of crimes. If they fail to do so it casts a shadow over the entire Open Source movement and raises questions about whether Open Source is ready to take a central role in business computing. We cannot have a situation in which companies fear they may be next to suffer computer attacks if they take a business or legal position that angers the Open Source community. Until these illegal attacks are brought under control, enterprise customers and mainstream society will become increasingly alienated from anyone associated with this type of behavior.
The second development was an admission by Open Source leader Bruce Perens that UNIX System V code (owned by SCO) is, in fact, in Linux, and it shouldnt be there. Mr. Perens stated that there is “an error in the Linux developers process” which allowed UNIX System V code that “didnt belong in Linux” to end up in the Linux kernel (source: ComputerWire, August 26, 2003). Mr. Perens continued with a string of arguments to justify the “error in the Linux developers process.” However, nothing can change the fact that a Linux developer on the payroll of Silicon Graphics stripped copyright attributions from copyrighted System V code that was licensed to Silicon Graphics under strict conditions of use, and then contributed that source code into Linux as though it was clean code owned and controlled by SGI. This is a clear violation of SGIs contract and copyright obligations to SCO. We are currently working to try and resolve these issues with SGI.
This improper contribution of UNIX code by SGI into Linux is one small example that reveals fundamental structural flaws in the Linux development process. In fact, this issue goes to the very heart of whether Open Source can be trusted as a development model for enterprise computing software. The intellectual property roots of Linux are obviously flawed at a systemic level under the current model. To date, we claim that more than one million lines of UNIX System V protected code have been contributed to Linux through this model. The flaws inherent in the Linux process must be openly addressed and fixed.
At a minimum, IP sources should be checked to assure that copyright contributors have the authority to transfer copyrights in the code contributed to Open Source. This is just basic due diligence that governs every other part of corporate dealings. Rather than defend the “dont ask, dont tell” Linux intellectual property policy that caused the SCO v. IBM case, the Open Source community should focus on customers needs. The Open Source community should assure that Open Source software has a solid intellectual property foundation that can give confidence to end users. I respectfully suggest to Open Source developers that this is a far better use of your collective resources and abilities than to defend and justify flawed intellectual property policies that are out of sync with the needs of enterprise computing customers.
I believe that the Open Source software model is at a critical stage of development. The Open Source community has its roots in counter-cultural ideals-the notion of “Hackers” against Big Business-but because of recent advances in Linux, the community now has the opportunity to develop software for mainstream American corporations and other global companies. If the Open Source community wants its products to be accepted by enterprise companies, the community itself must follow the rules and procedures that govern mainstream society. This is what global corporations will require. And it is these customers who will determine the ultimate fate of Open Source-not SCO, not IBM, and not Open Source leaders.
Some enterprise customers have accepted Open Source because IBM has put its name behind it. However, IBM and other Linux vendors are reportedly unwilling to provide intellectual property warranties to their customers. This means that Linux end users must take a hard look at the intellectual property underpinnings of Open Source products and at the GPL (GNU General Public License) licensing model itself.
If the Open Source community wants to develop products for enterprise corporations, it must respect and follow the rule of law. These rules include contracts, copyrights and other intellectual property laws. For several months SCO has been involved in a contentious legal case that we filed against IBM. What are the underlying intellectual property principles that have put SCO in a strong position in this hotly debated legal case? Id summarize them in this way:
1. “Fair use” applies to educational, public service and related applications and does not justify commercial misappropriation. Books and Internet sites intended and authorized for the purpose of teaching and other non-commercial use cannot be copied for commercial use. We believe that some of the SCO software code that has ended up in the Linux operating system got there through this route. This violates our intellectual property rights.
2. Copyright attributions protect ownership and attribution rights-they cannot simply be changed or stripped away. This is how copyright owners maintain control of their legal rights and prevent unauthorized transfer of ownership. Our proprietary software code has been copied into Linux by people who simply stripped off SCOs copyright notice or contributed derivative works in violation of our intellectual property rights. This is improper.
3. In copyright law, ownership cannot be transferred without express, written authority of a copyright holder. Some have claimed that, because SCO software code was present in software distributed under the GPL, SCO has forfeited its rights to this code. Not so – SCO never gave permission, or granted rights, for this to happen.
4. Transfer of copyright ownership without express written authority of all proper parties is null and void.
5. Use of derivative rights in copyrighted material is defined by the scope of a license grant. An authorized derivative work may not be used beyond the scope of a license grant. License grants regarding derivative works vary from license to license-some are broad and some are narrow. In other words, the license itself defines the scope of permissive use, and licensees agree to be bound by that definition. One reason SCO sued IBM is due to our assertions that IBM has violated the terms of the specific IBM/SCO license agreement through its handling of derivative works. We believe our evidence is compelling on this issue.
The copyright rules that underlie SCOs case are not disputable. They provide a solid foundation for any software development model, including Open Source. Rather than ignore or challenge copyright laws, Open Source developers will advance their cause by respecting the rules of law that built our society into what it is today. This is the primary path towards giving enterprise companies the assurance they need to accept Open Source products at the core of their business infrastructure. Customers need to know that Open Source is legal and stable.
Finally, it is clear that the Open Source community needs a business model that is sustainable if it is to grow beyond a part-time avocation into an enterprise-trusted development model. Free Open Source software primarily benefits large vendors, which sell hardware and expensive services that support Linux, but not Linux itself. By providing Open Source software without a warranty, these large vendors avoid significant costs while increasing their services revenue.
Today, thats the only viable Open Source business model. Other Linux companies have already failed and many more are struggling to survive. Few are consistently profitable. Its time for everyone else in the industry, individuals and small corporations, to understand this and to implement our own business models-something that keeps us alive and profitable. In the long term, the financial stability of software vendors and the legality of their software products are more important to enterprise customers than free software. Rather than fight for the right for free software, its far more valuable to design a new business model that enhances the stability and trustworthiness of the Open Source community in the eyes of enterprise customers.
A sustainable business model for software development can be built only on an intellectual property foundation. I invite the Open Source community to explore these possibilities for your own benefit within an Open Source model. Further, the SCO Group is open to ideas of working with the Open Source community to monetize software technology and its underlying intellectual property for all contributors, not just SCO.
In the meantime, I will continue to protect SCOs intellectual property and contractual rights. The process moving forward will not be easy. It is easier for some in the Open Source community to fire off a “rant” than to sit across a negotiation table. But if the Open Source community is to become a software developer for global corporations, respect for intellectual property is not optional-it is mandatory. Working together, there are ways we can make sure this happens.
Best regards to all,
The SCO Group
-Source Leaders Fire Back”>
Tue, 9 Sep 2003
Mr. McBride, in your “Open Letter to the Open Source Community” your offer to negotiate with us comes at the end of a farrago of falsehoods, half-truths, evasions, slanders, and misrepresentations. You must do better than this. We will not attempt to erect a compromise with you on a foundation of dishonesty.
Your statement that Eric Raymond was “contacted by the perpetrator” of the DDoS attack on SCO begins the falsehoods. Mr. Raymond made very clear when volunteering his information and calling for the attack to cease that he was contacted by a third-party associate of the perpetrator and does not have the perpetrators identity to reveal. The DDoS attack ceased, and has not resumed. Mr. Raymond subsequently received emailed thanks for his action from Blake Stowell of SCO.
Your implication that the attacks are a continuing threat, and that the President of the Open Source Initiative is continuing to shield their perpetrator, is therefore not merely both false and slanderous, but contradictory with SCOs own previous behavior. In all three respects it is what we in the open-source community have come to expect from SCO. If you are serious about negotiating with anyone, rather than simply posturing for the media, such behavior must cease.
In fact, leaders of the open-source community have acted responsibly and swiftly to end the DDoS attacks — just as we continue to act swiftly to address IP-contamination issues when they are aired in a clear and responsible manner. This history is open to public inspection in the linux-kernel archives and elsewhere, with numerous instances on record of Linus Torvalds and others refusing code in circumstances where there is reason to believe it might be compromised by third-party IP claims.
As software developers, intellectual property is our stock in trade. Whether we elect to trade our effort for money or rewards of a subtler and more enduring nature, we are instinctively respectful of concerns about IP, credit, and provenance. Our licenses (the GPL and others) work with copyright law, not against it. We reject your attempt to portray our community as a howling wilderness of IP thieves as a baseless and destructive smear.
We in the open-source community are accountable. Our source code is public, exposed to scrutiny by anyone who wishes to contest its ownership. Can SCO or any other closed-source vendor say the same? Who knows what IP violations, what stripped copyrights, what stolen techniques lurk in the depths of closed-source code? Indeed, not only SCOs past representations that it was merging GPLed Linux technology into SCO Unix but Judge Debevoises rulings in the last big lawsuit on Unix IP rights suggest strongly that SCO should clean up its own act before daring to accuse others of theft.
SCO taxes IBM and others with failing to provide warranties or indemnify users against third-party IP claims, conveniently neglecting to mention that the warranties and indemnities offered by SCO and others such as Microsoft are carefully worded so that the vendors liability is limited to the software purchase price, They thus offer no actual shield against liability claims or damages. They are, in a word, shams designed to lull users into a false sense of security — a form of sham which we believe you press on us solely as posturing, rather than out of any genuine concern for users. We in the open-source community, and our corporate allies, refuse to play that dishonest game.
You invite us to negotiate, but you have persistently refused to state a negotiable claim. You have made allegations of a million lines of copied code which are mathematically impossible given the known, publicly accessible history of Linux development. You have uttered vast conspiracy theories which fail to be vague only where they are slanderous and insulting. You have already been compelled to abandon major claims — such as the ownership of SMP technology alleged in your original complaint against IBM — on showings that they were false, and that you knew or should have known them to be false,
Accordingly, we of the open-source community do not concede that there is anything to negotiate. Linux is our work and our lawful property, the distillation of twelve years of hard work, idealism, creativity, tears, joy, and sweat by hundreds of thousands of cooperating hackers all over the world. It is not yours, has never been yours, and will never be yours.
If you wish to make a respectable case for contamination, show us the code. Disclose the overlaps. Specify file by file and line by line which code you believe to be infringing, and on what grounds. We will swiftly meet our responsibilities under law, either removing the allegedly infringing code or establishing that it entered Linux by routes which foreclose proprietary claims.