Slashdot Mirror
The ssh vs. OpenSSH Trademark Battle, Next Round
My favorite tidbit from the article is this: "[OpenBSD and OpenSSH Developer Theo] de Raadt cites U.S. trademark law that requires owners of trademarks to notify violators immediately ... de Raadt argues that Ylönen would have to be living under a rock not to be aware of OpenSSH before now. OpenSSH, released in December 1999 and in use before that, was used by more than 17% of all SSH users earlier this month, according to a study published on the University of Alberta Web site." Besides that, the story does a great job of listing other people whose products including "SSH" in their names have been left blissfully alone, making it seem that OpenSSH is getting what can only be called special treatment.
Of interest: here is a link to a page at openssh.com showing the legal papers received and scanned by members of the OpenSSH project, including the trademark application in question, showing an entirely lowercased "ssh" as the applied-for mark.
..but the reality is that he's selectivly enforcing his invalid trademark (check the trademark db if you don't believe me). And he's doing this enforcement against the product that's **gasp** putting him out of business. If he really wanted to protect the (tm), he would need to go after:
O SSH
TTSSH
NiftySSH
MacSSH
Java-SSH
TGssh
sshCE
An OpenVSM project called just SSH
SSH-OS2
...
and, well, you get the point. He's just going after OpenSSH because they're beating him in the market. And not only does he have no legal leg to stand on, but he's being a real slime by only going after the successfull one. Theo would be right to tell hime where to stick his lawyers.
I think they should follow samba's example, and make a word out of it.... My vote is for SaSHay.
Think outside the... Hey, where'd the friggin' box go?
The statement that the mark wasn't enforced was the WRONG tack to take.
Good job. We have now taken the position to the outside world of being total assholes.
The guy made an effort NOT to bully an Open Source group. He didn't send threatening lawyer letters. He asked people to be reasonable. Quite frankly, you're going to lose BADLY in a court of law, because not only is there the possibility of confusion, but there is DOCUMENTED confusion.
Now, this is totally absurd.
He didn't bully, DON'T use that against him. The arguement that he didn't bring it up until confusion happened may be legally correct, but now sets the horrible precedent that Open Source groups will be as shady as possible, and if you give them an inch, they'll take a mile.
Notice something, the original license (if anything tells people not to be nice and release their source code, this is the example, that was hardly a license, more of a nice gesture) allowed you to call your application ssh.
That's irrelevant.
OpenSSH could be renamed, OpenSecSH, which would be an open implementation of the SecSH protocol, which is the name of the working group. The FILE could still be called ssh/sshd.
SAMBA couldn't call itself SMB, confusion reasons, but the applications use SMB (like, smbd).
However, you can be polite, compile as osecsh and osecshd and include a symlink (automatically, but prompted) for ssh and sshd, so if you have both implementations, you can decide which one you want.
However, if the Open Source community insists on fighting on the Trademark grounds, we're in the wrong.
You can dispute the merits of Software Patents.
You can dispute the merits of long copyright terms.
You can dispute the merits of copyrights in general.
You can't dispute the merits of Trademarks.
Trademarks are the only thing that prevents confusion in the marketplace. If people are confused and think that OpenSSH is from SSH, then there is a legitamate issue.
Also, I don't think you're going to win on the enforcement. One year or so is reasonable, given that OpenSSH has minimal press coverage, etc. I think that it would be EASY for SSH to show that they found out about it, saw a problem, and then asked them to fix it.
Theo, you're going to lose, and you're being a bastard. He hasn't demanded that you stop making a version of SSH, just that you not use his product name.
Theo, I'm an OpenBSD user. I love OpenBSD. I love OpenSSH. You're in the wrong here... VERY WRONG.
Alex
Now it's open sources' turn. The right thing to do is honor the wishes of the guy who created SSH, the guy who made SSH available to you (albeit with a license you didn't like), and the guy who still tries to make a living from his hard work.
Give up the conflicting name. Not because you have to. Because it's the right thing to do.
If he doesn't want it to escalate, then he'd best compromise. I think that there's a broad feeling of indignance in the OpenSSH developer and user community that there's a "submarine trademark" (if I may put it that way) on something which we consider to be the name of a protocol. I think there's going to be a great reluctance to go ahead with a name change, because it would let the nose of the camel into the tent. What next -- remove all mention of "SSH" from the documentation?
If Ylönen demands no less than the removal of "SSH" from the project name, and OpenSSH isn't willing to do this, then he has the choice of either backing down or going ahead and making himself really unpopular by suing a free software project. This whole direction does not strike me as being one that can result in a net win for Ylönen. If he wins his trademark rights he'll establish himself as an enemy of the OpenSSH community; if he loses his trademark he looks like a poor businessman.
Instead, he should cut his losses and suddenly realise that he can license the use of the trademark to the OpenSSH project for free, on condition that they clearly distinguish themselves from his product, and perhaps provide linkage to his web site as a clarifying measure. If the real problem is customer confusion, then let's deal with the confusion without all this ugly legal sabre-rattling nonsense.
Does Ylönen realise that he's setting himself up as an enemy of the Free Software Republic? This isn't sensible.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
Some dude in Finland is gonna sue another dude in Canada over a Trademark owned in the U.S.?
:-)
Puh-leaze!
Enough with the stupid intellectual propery lawsuits already.
I think Tatu's just pissed that OpenSSH is a better product than his commercial SSH, and that OpenSSH is becoming so widely used that it, and not Tatu's commercial ssh, is what people generally mean when they say, SSH. Shit! Now I've just supported his case.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
I think they should take Apple's lead and call it BHC.
:-)*
Butt-Head Cryptographer...
Besides, I can type bcp a smidgeon faster than scp.
This is nothing more than a company trying to rescind the actions of it's founder to protect a failing business strategy.
Why? Because people are being drawn to the open-source implementation rather than paying out good money for something they can get for free.
Tatu's also probably peeved that OpenSSH will receive wider distribution (through Linux, BSD, and possibly OS-X sales/downloads) than his company's probably capable of. And thus will be more likely to achieve ubiquity than his proprietary, commercial products.
Sorry, but it doesn't work that way Tatu. You can't fish something out there until it hits name-recognition status, then make them change their name so you can supplant them. The community is NOT your advertising tool.
Chas - The one, the only.
THANK GOD!!!
Chas - The one, the only.
THANK GOD!!!
No, your understanding is wrong. The standard is called "SSH". Look at the IETF SSH Protocol Description:
Abstract
SSH is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH Connection Protocol. It provides interactive login sessions, remote execution of commands, forwarded TCP/IP connections, and forwarded X11 connections. All of these channels are multiplexed into a single encrypted tunnel. The SSH Connection Protocol has been designed to run on top of the SSH transport layer and user authentication protocols.
-- Don't Tase me, bro!
I think we can all agree that secure shell is a descriptive name for this program (whether or not it actually is a shell is really a moot point, however), and the logical abbreviation - following standard shell style - is "ssh". Now, to avoid utter confusion, it is a good idea to make sure there aren't other programs called ssh. OpenSSH makes perfect descriptive sense for the program - it's open source, and it's a lot like ssh.
However, on the other side of the table is OpenGL and Mesa3D. Now, MesaGL would more accurately describe what Mesa3D emulates, but GL is a trademark of SGI, and they probably wouldn't like it if it was used without their permission. The best solution would be for the designers of OpenSSH to change their name and avoid any more disputes. This would also give open source developers a more moderate reputation, as opposed to the uncompromising one they seem to have nowadays.
"For success, it is essential you have Thunderball Fists." "I can have such a thing?" "That's right. Thunderball Fists."
I am a lawyer, but this is not legal advice. If you need legal advice, contact an attorney licensed in your jurisdiction.
:). However, given the Canadian base of OpenSSH, as well as the wide distribution of the original product into the English speaking world, I'll make some evaluations based on English Common Law.
I'm not certain which jurisdiction's law governs here (and am not going to do the hour or two of research unless someone pays
He said that software could be used and modified, and that *incompatible* programs must not use the ssh name. That doesn't *give* permission to call compatible programs ssh, but it certainly implies it. Similarly, finding someone with a smoking gun in his hand over the shot and still bleeding body doesn't *prove* he killed him, but there's a whole lot of 'splainin' to do . . .
I don't see where he can go with this without producing more info. With implied consent and five years of silence, it's a real hard row to hoe . . .
hawk, esq.
I agree with you on this point. But on the overall argument I disagree. Yes, Tatu is trying to be nice. And yes, Theo is being an asshole. But that being said, I don't see how Theo's going to lose this. With his current attitude, he's in danger of losing the PR battle, but that seems to be it.
Have you seen the license for ssh 1.2.12 (which is what OpenSSH is based off of)? Here is the most salient part (IMHO):
The only thing he says about the name is that if you're not compatible, then you can't use the name. Which leaves the only possible interpretation to be that if you are compatible, you can use the name.
I think that it would be a nice gesture on OpenSSH's part to give up the name. But I don't think it is, by any means, required. And if OpenSSH wishes to protect their identity, using a publically available name, that's entirely up to them. Theo could be more nice about it, but I don't think he'd be in the wrong to keep the name.
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
Asking the question that everyone else seems to be missing, was OpenSSH named after SSH-the-application or SSH-the-protocol?
For countless reasons, I'm sure it's the latter. But that begs the question of why SSH-the-company was so incredibly incompetent that they named SSH-the-protocol after SSH-the-application even though virtually all servers and clients try to incorporate their protocol into the name. TELNET, FTP, FINGER, PING, HTTP(D), etc. Sendmail and bind are two notable exceptions, and of course this can't apply to multiprotocol clients (e.g., Mosaic, Navigator/Commuicator).
OpenSSH, to me, says one thing and one thing only - that it's an "open" implementation of the "SSH" protocol. It has absolutely no connection to SSH-the-program or SSH-the-company other than the historical curiosity that the latter originated the protocol and is pushing it on the standards track. (Something which is undoubtably dead in the water until they (SSH, not ISO) pull their head out of their corporate assh.)
If SSH-the-company wants to keep the identity of SSH-the-program distinct from SSH-the-protocol, they should change the name of SSH-the-program.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Theo de Raadt, co-creator of OpenSSH, hopes the community, not the courts, will decide the trademark skirmish. He points to a licensing agreement that allowed independent versions of SSH before Ylönen received a trademark in 1996, and he wonders why Ylönen has taken five years to decide to enforce the trademark.
He adds: "There are two main clinchers going on here. One is the fact that this licence file predates the trademark, and it grants rights that cannot be removed. And the other is the history of non-enforcement... against anybody else in the entire field using this name, then suddenly enforcing us because we're getting big enough."
Looks like it is too little too late as far as trade mark enforcement goes. If nothing else, Ylönen may be trying to cash in on the name of OpenSSH.
Although there is a point that he (Ylönen) has to do something, I suppose, and better late than never. But it is likely too late.
Oh yeh, IANAL btw
"It is a greater offense to steal men's labor, than their clothes"
If I remember correctly, some guy [that's how good my memory is ;) ] took M$ to court over the name Internet Explorer. He proved he had used the name Internet Explorer before they did, but Microsoft won because their browser isn't Internet Explorer, it's MICROSOFT Internet Explorer. As long as they preface it with Microsoft, it's not the poor guy's word. Same with Excel, I believe. Likewise, this isn't SSH, it's Openssh. Anyway, I have to go, Matthew Broderick is suing me for having the same first name.