Slashdot Mirror

I think this means the SCO can't distribute these tools, but that their customers can use these tools. IANAL but I read Groklaw

Ok, this has been brought up a lot on Slashdot in the past few years, and I really think everyone should read this speech by Eben Moglen on why there will never be a test of the GPL in court (and a bunch of other interesting stuff). Here's the relevant portion :

Let me show you why. The grave difficulty that SCO has with free software isn't their attack; it's the inadequacy of their defense. In order to defend yourself in a case in which you are infringing the freedom of free software, you have to be prepared to meet a call that I make reasonably often with my colleagues at the Foundation who are here tonight. That telephone call goes like this. "Mr. Potential Defendant, you are distributing my client's copyrighted work without permission. Please stop. And if you want to continue to distribute it, we'll help you to get back your distribution rights, which have terminated by your infringement, but you are going to have to do it the right way."

At the moment that I make that call, the potential defendant's lawyer now has a choice. He can cooperate with us, or he can fight with us. And if he goes to court and fights with us, he will have a second choice before him. We will say to the judge, "Judge, Mr. Defendant has used our copyrighted work, copied it, modified it and distributed it without permission. Please make him stop."

One thing that the defendant can say is, "You're right. I have no license." Defendants do not want to say that, because if they say that they lose. So defendants, when they envision to themselves what they will say in court, realize that what they will say is, "But Judge, I do have a license. It's this here document, the GNU GPL. General Public License," at which point, because I know the license reasonably well, and I'm aware in what respect he is breaking it, I will say, "Well, Judge, he had that license but he violated its terms and under Section 4 of it, when he violated its terms, it stopped working for him."

But notice that in order to survive moment one in a lawsuit over free software, it is the defendant who must wave the GPL. It is his permission, his master key to a lawsuit that lasts longer than a nanosecond. This, quite simply, is the reason that lies behind the statement you have heard -- Mr. McBride made it here some weeks ago -- that there has never been a court test of the GPL.

It's quite simple see. The GPL cannot be tested in court, because if it is found invalid, the defendant can't continue to distribute the copyrighted work. If it is found valid, the defendant either has to abide by it's restrictions or can't continue to distribute the copyrighted work. Do you understand the pattern here ? Anyone who tries to fight it will only lose. That's the beauty of it.

That said, Groklaw pretty much solely exists because of the SCO mess (PJ Interview). But groklaw is perhpas is the best thing to come out of said mess. We should perhaps start a thread for suggestions for what courtroom drama PJ should follow next.

If Microsoft "borrowed" GPLed code and tried to hide it not only would they open themselves up to a serious lawsuit from the copyright holders (with serious monetary penalties), but they could theoretically end up having to share any source code that came in contact with the GPLed code.

This is what the FUDsters would have us believe, but it's not true. As Eben Moglen, General Counsel for the FSF, has repeatedly pointed out, the GPL is a license, not a contract.

One of the consequence os this is that you can't force someone to open up their own code if they link against GPL'ed code in violation of the license. At most, you can force them to stop using the GPL'ed code.

See this lengthy rebuttal by Pamela Jones of Groklaw fame, or this more accessible, shorter version.

Ulrik

*Cough* gave "license" money to SCO *cough*

"This product may incorporate intellectual property owned by Microsoft Corporation. If you would like a license from Microsoft, you need to contact Microsoft directly."

Sec. 1202. Integrity of copyright management information

. . . (b) REMOVAL OR ALTERATION OF COPYRIGHT MANAGEMENT INFORMATION- No person shall, without the authority of the copyright owner or the law--

(1) intentionally remove or alter any copyright management information,
(2) distribute or import for distribution copyright management information knowing that the copyright management information has been removed or altered without authority of the copyright owner or the law, or
(3) distribute, import for distribution, or publicly perform works, copies of works, or phonorecords, knowing that copyright management information has been removed or altered without authority of the copyright owner or the law,

knowing, or, with respect to civil remedies under section 1203, having reasonable grounds to know, that it will induce, enable, facilitate, or conceal an infringement of any right under this title.

In other words "Thou shalt not do anything we don't like."

Having just read this Groklaw article, I must admit - I fear poor SnowMold Industries (See toy#2) could be in for a lawsuit!

"But what about BSD?" I asked. Sontag responded that there "could be issues with the [BSD] settlement agreement," adding that Berkeley may not have lived up to all of its commitments under the settlement.
"So you want royalties from FreeBSD as well?" I asked. Sontag responded that "there may or may not be issues. We believe that UNIX System V provided the basic building blocks for all subsequent computer operating systems, and that they all tend to be derived from UNIX System V (and therefore are claimed as SCO's intellectual property)."
SCO Owns Your Computer by Trevor Marshall

It does not change the fact that line-by-line SCO IP code is found in Linux.

Now all I need to do is learn how to be extremely cynical, sarcastic, and coldly technical all at once. But that's just me.

Not necessarily, they could sell a list of all the Trojan infected hosts flooding their network. Perhaps that might be a more viable business plan than suing IBM et al.

There was a post from someone on Groklaw A while back, sorry I can't find it. But the guy basically called 5-6 times, trying to buy a license, they said "Um, Uh, we'll get back to you on that". They never called. I agree, they are not selling them, because they are not sure they can.

We DO know who bought licenses from SCO. In Mark Heise's response to IBM's letter about missing discovery items, he says there are only three that he knows of, Computer Associates, Questar and Leggett & Platt. Links here or here.

On Aug 20 of last year Chris Sontag is quoted as saying, "the company has uncovered more than a million lines of copied code in Linux, with the help of pattern recognition experts."

Then on Feb 6 of this year, in court before the judge, IBM states that SCO has publicly made such a claim but has in fact only shown a few lines of code in 17 files to which SCO replies, "With respect to the overriding issue, that SCO failed to identify line-for-line code copying", Heise (SCO's attorney) claimed "that has not and is not what the case is about." At that point, Heise said SCO cannot identify the violations.

Now, either they had the evidence they said they had when they filed the suit in the first place or they didn't. It's beginning to look more and more like they didn't and the whole affair was merely a fishing trip. If this is the case they should be held accountable for everyone's time and money that they wasted since they never had the evidence they claimed in the first place.

Heh, actually Kevin is moving from Utah to California, and he had to file something about that with the court, which you can read about here.

Umm. Slight absence of any mention of virus writing for profit: there's enough evidence that a number of recent virii were mainly about installing SMTP Relays on infected machines to propogate spam, or leaving a backdoor open so that this could later be done.

Or else installing DDOS software aimed at Spamhaus servers, or leaving backdoors open for same.

So. Art: Check. Vandalism: Check. Profit Motive: Check. Insubstantial "infiltration" by journalist: Check.

Ferinstance

http://yro.slashdot.org/article.pl?sid=03/12/03/14 23258&mode=nested

- Oops. There goes Spamhaus

http://securityresponse.symantec.com/

- most of this week's crop install backdoors.

http://www.groklaw.net/article.php?story=200402210 51056136

- Your IP Addy for sale to a spam-merchant near you...

SCO has still not given us exact line numbers or snippets of code.

SCO has still not given us exact line numbers or snippets of code.

How did slashdot miss this article?

Take a look at this article from a week or two ago on Groklaw.

PJ compares SCO's worst case scenarios with those of RedHat, IBM & co.

It makes for much more interesting reading than many of the other legal filings I've read... Note how in that article, SCO describes quite a few ways in which its business could fold, compared to rather bland statements that something bad might happen in the off chance SCO ever actually prevailed with some bit of their case.

It's kind of fun to read all the various ways in which SCO might be liquidated, though. I wonder which of them will happen?

Maybe not related but d@m funny! SCO street photo at Groklaw

WRONG! If you read my bio, you'll see that I am a lawyer - and one who specializes in Intellectual Proprty issues relating to computer software. I have yet to see or even hear of a licensing case that didn't also include copyright claims. The license breach is always designated as a breach of contract action because that is exactly what it is.

Go to Cem Kaner's siteand you'll see that the newest proposals for additions to the Uniform Commercial Code are contained within UCITA. The Code deals with contractual provisions for software - what you can and cannot put in the license.

Those articles are just that - all ARTICLES - just people's legal opinions. They are not law. Law is made by statute or court decision. Groklaw has this posted as well: If the GPL is found invalid, then you revert to copyright law.

This means that copyright law and the GPL are SEPARATE REMEDIES. Like I have said all along - the claim for the violation of licensing terms is a BREACH OF CONTRACT ACTION.

Here's some copyright litigation 101:

• In the US, a copyright is created as soon as a work is fixed in a tangible medium (since the act was revised in 1976 anyway).
• In order to sue for copyright infringement, the copyright holder must have REGISTERED his copyright at the US Copyright Office.
• No copyright registration, no lawsuit. Simple as that.
• If a license is involved, the breach of the license is what would make CONTINUED (NOT PAST !) use of the work a copyright violation as of the date of the violation of the license. The nice thing is that you DO NOT NEED TO HAVE REGISTERED YOUR COPYRIGHT to bring an action based upon a license violation. Why? BECAUSE THE LEGAL ELEMENTS DO NOT REQUIRE IT.

Oversimplification, but here is a comparison of the elements for copyright infringement and breach of license claims:

1. Copyright - Existing copyright in a work, registration of the copyright, unauthorized use (e.g., wholly without permission or exceeding the limits put on permission granted).
2. Breach of License - Offer, acceptance, consideration (something of value passing between the parties), breach, damages.

Why people try to describe the GPL as "not a contract" is beyond me - you WANT the GPL to be a contract so you can ENFORCE IT IN COURT.

One last note - if you don't believe me, will you believe IBM's lawyers in the suit against SCO? HERE is IBM's Answer and Counterclaims. You'll see that IBM's Sixth Counterclaim is Breach of License and its Seventh Counterclaim is Promissory Estoppel. Promissory estoppel is a quasi-contract action.

See? I'm not making this stuff up off the top of my head.

WRONG! If you read my bio, you'll see that I am a lawyer - and one who specializes in Intellectual Proprty issues relating to computer software. I have yet to see or even hear of a licensing case that didn't also include copyright claims. The license breach is always designated as a breach of contract action because that is exactly what it is.

Go to Cem Kaner's siteand you'll see that the newest proposals for additions to the Uniform Commercial Code are contained within UCITA. The Code deals with contractual provisions for software - what you can and cannot put in the license.

Those articles are just that - all ARTICLES - just people's legal opinions. They are not law. Law is made by statute or court decision. Groklaw has this posted as well: If the GPL is found invalid, then you revert to copyright law.

This means that copyright law and the GPL are SEPARATE REMEDIES. Like I have said all along - the claim for the violation of licensing terms is a BREACH OF CONTRACT ACTION.

Here's some copyright litigation 101:

• In the US, a copyright is created as soon as a work is fixed in a tangible medium (since the act was revised in 1976 anyway).
• In order to sue for copyright infringement, the copyright holder must have REGISTERED his copyright at the US Copyright Office.
• No copyright registration, no lawsuit. Simple as that.
• If a license is involved, the breach of the license is what would make CONTINUED (NOT PAST !) use of the work a copyright violation as of the date of the violation of the license. The nice thing is that you DO NOT NEED TO HAVE REGISTERED YOUR COPYRIGHT to bring an action based upon a license violation. Why? BECAUSE THE LEGAL ELEMENTS DO NOT REQUIRE IT.

Oversimplification, but here is a comparison of the elements for copyright infringement and breach of license claims:

1. Copyright - Existing copyright in a work, registration of the copyright, unauthorized use (e.g., wholly without permission or exceeding the limits put on permission granted).
2. Breach of License - Offer, acceptance, consideration (something of value passing between the parties), breach, damages.

Why people try to describe the GPL as "not a contract" is beyond me - you WANT the GPL to be a contract so you can ENFORCE IT IN COURT.

One last note - if you don't believe me, will you believe IBM's lawyers in the suit against SCO? HERE is IBM's Answer and Counterclaims. You'll see that IBM's Sixth Counterclaim is Breach of License and its Seventh Counterclaim is Promissory Estoppel. Promissory estoppel is a quasi-contract action.

See? I'm not making this stuff up off the top of my head.

As the GPL is a copyright license it is enforced through copyright law and there wont be any case ever about a 'GPL violation'. Any such 'violation' is simply copyright infringement and any court case about it would be a civil or criminal copyright violation case, not a civil contract case.

But ok, I'll do some research for you.

License, not contract

Moglen.

Australian perspective

Wikipedia

Those are just a few starters from any number of articles you wish written by lawyers, legal experts, or laymen.

If you're interested in the concepts of open source licenses I'd also reccomend gmane OSS license mail list and debian-legal.

And, no, I'm not a lawyer. Altho I've been researching copyright law (US and various european versions) and the GPL and other OSS licenses for a decade by now out of interest. If you want a legal opinion I suggest you consult one of the many lawyers you'll find while researching these issues.

Mistaking the GPL for a contract is easy tho, and the reason for most misconceptions about it.

Sorry, but I am not confused. However, you may be. Licenses such as the GPL are indeed contracts.

I would be interested in your analysis of why this article is completely wrong, then. When it was discussed earlier on /., there were lots of people who were dubious, but no one with specific legal training in IP law came forward to dispute the concepts presented by Pamela Jones.

Don't be too sure - its now at;

Yes - 32%

Yikes! It seems that the Countdown ending has put the fear of God into the Pointy Haired Bosses!

It's currently 29% Yes; we'll see what the next instalment of the saga brings...

What clear statement of intent? The $echo article is no statement of intent: it is not a deposition; it is not presented over the signature of a corporate officer, nor on the letterhead of an attorney representing AT&T. It has exactly as much legal force as my trolling here does: none.

From the AT&T letter to IBM clarifying section 2.01:

" 2. Regarding Section 2.01, we agree that modifications and derivative works prepared by or for you are owned by you. However, ownership of any portion or portions of SOFTWARE PRODUCTS included in any such modification or derivative work remains with us."

There was no "last sentence" added to 2.01. The $echo newsletter was just a clarification that the licensee code remained the property of the licensee.

is ilelgal to send someone a bill for something they don't owe

It might be possible for one of the letter's recipients to press the case, but why would they? If they think it's bogus, they could either ignore it or forward it to their Linux vendor (as Lehman Brothers has done). Either option is free. Trying to take action against SCO for the letter is loaded with potential costs -- not the least of which is attracting the attention of the rabidly litigious SCO.

Not according to groklaw's article. Not only do they show that a) there is a difference between the generic letter and the Lehman brothers' letter, but b) that SCO lied to the judge in the IBM case by saying that only one version of that letter went out which is now disproven. As the Groklaw article says: you can only hide from so many eyeballs...

Fortunatly, Lehman brothers' decided to not come out and play and refered SCO back to Redhat as the supplier. Redhat then went, letter in hand, to the judge to cry foul and rightfully so!

Thanks for the information. However,

i) SCO has added a complaint of copyright infringement. See Groklaw.

ii) The case is being heard by Judge Dale Kimball in *Federal* court, not Utah state court. So, the court is perfectly entitled to rule on copyrights.

iii) As for the process being long or short, who knows. However, it seems unlikely to be very long if SCO fails to bring any evidence to discovery, as has been the case so far.

So, your cut-and-paste review is inaccurate in a couple of instances, but let's see what happens.

According to those busy beavers at groklaw the kernel version they are referring to is *not* a vanilla kernel. It's vanilla-2.4.1 with rclock-2.4.2-01.patch from http://lse.sourceforge.net/locking/rclock.html applied.
Looking at the patch, IBM is listed as the copyright holder. The code also acknowledges that it is based on the Dynix implementation.

here are only two questions: whether Sequent got an exception from the derivative work license terms from AT&T...

You must have missed AT&T's 8/85 clarification on that issue:

"Section 2.01 - The last sentence was added to assure licensees that AT&T will claim
no ownership in the software that they developed -- only the portion of the software
developed by AT&T."

Here's the relevant Groklaw link.

After looking over the article at Groklaw I'm slightly worried. IANALP (Linux Programmer) but they do look like they're presenting a lot of substantial evidence. Is anyone else here worried?

From Groklaw

I think there would be a large list of very negative outcomes for SCO and very
little positive if SCO were to file a lawsuit against an end user.

1. Getting involved in another lawsuit will cause attorney fees to drain their
limited cash even faster
2. The lawsuit will likely take years to even go to trial, much like the IBM
suit. Since SCO must win the Novell lawsuit first (itself years away from
beginning, much less ending) to secure undisputed System V copyrights, any end
user lawsuit would probably have to be put on hold until the end of any appeals
in the Novell suit.
3. Unless an end user is distributing the Linux kernel, they are not guilty of
copyright infringement. Copyright law governs copying and not use of code.
Section 117 of copyright law also specifically excludes installing and running
software from being infringement.
4. The money that they can get from one company for unintentional copyright
infringement is limited and likely less than their attorney fees in many if not
most cases. Lack of registered copyrights limits awards to actual damages, which
are likely to be minimal or negligible. Even with registered copyrights, damages
for unintentional copying are severly limited.
5. SCO's failure to mitigate damages since at least May 2003 limits or
eliminates any damages they can collect
6. SCO themselves distributing any infringing code in their own Linux products,
especially under the GPL, limits or eliminated any damages they can collect
7. In the event that there really is SCO-owned code in the Linux kernel, SCO
will be forced to document any infringing code and prove their ownership, which
will allow it to be removed or replaced
8. It will increase ill will toward SCO from a greater number of companies and
individuals, including their own customers, who will likely abandon SCO in
significant numbers
9. The act of filing a large number of frivolous lawsuits may be used against
SCO and its executives in a shareholder lawsuit at a later date

---

Darn, thought of some more after I submitted.

10. In the event that SCO proves there is non-GPL code in the Linux kernel, they
simultaneously prove themselves guilty of violating the GPL and willful
copyright infringement. SCO has been distributing the kernel on their FTP site
for years, even after they were aware of the allegedly infringing code.
11. SCO and/or their attorneys may be fined for filing frivolous lawsuits.
12. SCO potentially opens themselves to prosecution for fraud or extortion by
state attorneys general, the FTC or other state or federal anti-fraud or
consumer protection agencies.
13. Any portions of Linux that SCO alleges are illegal may be covered by
AT&T's failure to add copyright notices, or the code in BSD-Lite, or the
ancient Unix code that Caldera previously released under a BSD-like license.

At least that's somewhat implied in some speculation at Groklaw. According to that story, Lehman Brothers got a nasty-gram and promptly dispatched it to RedHat of servicing... RedHat attached it to some kind of motion or something (IANAL) suggesting that although SCO had promised the judged it was not threatening RedHat's business, threatening RedHat's customers was the same thing...

Hints and other juicyness can be found here

Apparently a Feb 11 S-3 Filing by SCO includes the following

"Additionally, we have begun notifying selected Linux end users in writing of violations we allege under the Digital Millennium Copyright Act related to our copyrights contained in Linux."

Perhaps this entry is relevant? (Red Hat News - Lehman Brothers Threatened by SCO)

This document describes SCO's case (or lack thereof) in more detail than any other piece of info so far. Lots of stuff for the Linux community to pick apart. Most especially a description of the "millions of lines of code" that they claim they own.

How precisely would MS (or any company) enter a market that is satisfied by GPL software by buying out or squeezing out?

Cough. Cough.

Yes, but we didn't have the internet then, at least not even close to the form today. Something that is not networked or on a small network is by nature more secure than something publically accessible world-wide. Plus you are just re-inforcing the argument -- Windows is 20 years behind the times in security.

Actually you can screw up your Unix/Linux machine faster as root... 'kill -9 -1'

Two problems with this: (1) it is a security discussion, not whether you can screw up your system, and (2) you can't easily accidently type 'kill -9 -1'. There's no 'kill -9 -1' button that you might accidently press. Windows is insecure because it does a lot of things automatically and without your knowledge. The most obvious security related one is running email attachments, which is the primary way that a virus spreads through Windows systems. You just can't do it like that in Linux.

No group is better/worse.

That's debatable, but not the point. It's a strawman argument. Nobody is questioning the quality or intention of programmers on either side. But Linux is clearly superior to Windows in terms of security using just about any metric or argument you can think of (that stands up to scutiny). Nobody is saying Microsoft is intentionally putting security holes in Windows. Nevertheless, they are there. And yes, there are security holes in Windows. But again, comparisons continually show that, overall, Linux is more secure.

...which is exactly synonymous with "if you use Linux insecurely" because Windows users use it insecurely. Not only does that meaning seem obvious, but both you and the original poster implicitely stated it. The statement "...like they do Windows..." means that people don't use Linux like they do Windows, and don't have the problems.

Have you seen the kernel exploit lists for the 2.4.xx series? I thought not.

Actually, I have seen a report on them, though I can't recall where, but so what? It's a comparison that is important, and when you do so, such as here or here, it is quite clear that Linux is more secure than Windows, independent of their popularity.

The open source movement eschews proprietary controls and its software is usually produced not by firms, but by networks of volunteers who look after different pieces of an application."

Groklaw is an example of this exact method, even though it is not involved in software development. It is a legal site that encourages anyone to join in, the results are not produced by law firms, but by networks of volunteers who look after different pieces of the legal brief. It started as one woman's personal blog and then took off when the FOSS community saw the usefulness of having a subject matter expert in law commenting on cases that mattered to the community. So the community joined in and now it's a distributed project on the exact model of an Open Source programming project.

So these principles work for more than just programming. It's a useful model for any community project. The power of the community made manifest. We're stronger when we work together.

• We have produced already significant lines of code from Dynix, and we are prepared to produce, and the reason we have not produced it, by the way, Your Honor, is because you ordered us not to.

Over on Groklaw there is an analysis of the implications on the MS code leak by Dennis S. Karjala, a law professor at Arizona State University. e basically says, among other things, that MS's trade secrets are now null and void.

The link to the Groklaw's article is here.

I think Novell just did: Novell Notifies SCO

I see bad things happening here... 1) Microsoft "accidently" leaks Win2k source. 2) Microsoft pays some guy to "contribute" to the linux kernel in a small way. 3) Microsoft then files an SCOish lawsuit against IBM (or whoever) claiming ip infringement in the linux kernel. Don't laugh. Stranger things have happened.

Groklaw headline - Novell waives all SCO rights to Sequent and its SVRX License

which means, that even IF IBM put SYS V in Linux - Its Novell's problem, not SCO's any more.

this is fun like watching a little kid kick a bully in the nuts fun!

Joseph A. LaSala, Jr.
Senior Vice President
General Counsel and Secretary

VIA FACSIMILE AND CERTIFIED MAIL
RETURN RECEIPT REQUESTED

February 11, 2004

Mr. Ryan Tibbitts
General Counsel
The SCO Group
[address]

Mr. Ronald A. Lauderdale
Vice-President, Assistant General Counsel
International Business Machines Corporation
[address]

Re: Sequent Computer Systems

Dear Counsel:

Reference is made to the following:

* Asset Purchase Agreement by and between The Santa Cruz Operation, Inc. and Novell, Inc. dated as of September 19, 1995, and more particularly to Section 4.16(b) of that agreement;
* Software Agreement No. SOFT-000321, et seq., between AT&T Information Systems Inc. and Sequent Computer Systems, Inc. ("Sequent's SVRX license);
* Letters dated May 29, 2003 and August 11, 2003 from The SCO Group to Sequent Computer Systems, Inc.;
* Letter dated August 14, 2003 from IBM to The SCO Group;
* Letter dated October 7, 2003 from Novell, Inc. to The SCO Group regarding IBM Code; and
* Letter dated February 6, 2004 from Novell, Inc. to The SCO Group regarding Sequent Computer Systems.

In its February 6 letter to The SCO Group, Novell directed "SCO to waive any purported right SCO may claim to require Sequent (or IBM as its successor) to treat Sequent Code as subject to the confidentiality obligations or use restrictions of Sequent's SVRX license." The letter defined Sequent Code as code developed by Sequent, or licensed by Sequent from a third party, which Sequent incorporated in its UNIX variant but which itself does not contain proprietary UNIX code supplied by AT&T under the license agreements between AT&T and Sequent. Novell directed SCO to take this action by noon, MST, February 11, 2004.

SCO has failed to take the actions directed by Novell.

Accordingly, pursuant to Section 4.16(b) of the Asset Purchase Agreement, Novell, on behalf of The SCO Group, hereby waives any purported right SCO may claim to require Sequent (or IBM as its successor) to treat Sequent Code as subject to the confidentiality obligations or use restrictions of Sequent's SVRX license.

Sincerely, /s/ Joseph A. LaSala, Jr.

cc: Mr. Darl McBride
President and CEO
________________

I would have paid him $20 to end the letter with "Thank you, drive thru".