Slashdot Mirror
SCO Claims Kernel Contains UnixWare Code
ergo98 writes "SCO has increased the intensity of the lawsuit with IBM by claiming to hold indisputable proof that copyrighted UnixWare code found its way into Linux, violating the rules of both camps. Whether this is true or not remains to be seen: SCO refuses to divulge the code in question, however they promise to reveal it in court shortly."
As already stated on LKML here, it's far more likely that they saw something that had been stolen from Linux or other GNU code in SCO, and thought is was the other way around.
It also isn't clear if SCO is referring specifically to Redhat userland, redhat kernel patches or what. It's only clear that they don't mean specifically the Linux kernal as found on kernel.org.
-If you wish to make a complaint, press 1. If you wish to wish upon a star, makes no difference who you are, press -- what else? -- the star key.
Compared to war, all other forms of human endeavor shrink to insignificance. God, how I love it. - Gen. George Patton
If in case SCO clamis are true... would the linux kernel itself, as it stand become non-gpl'ed? After all if some GPL code makes its way its something else... its is GPLed... seems kinda fair to me.
Wouldn't it be interesting if someone managed to slip in copyrighted code intentionally, with the knowledge that it would eventually be found -- causing quite a bit of damage to the Linux movement...
Adjust your tinfoil hat, people.
In this article, they clearly refer to the kernel: "We're finding...cases where there is line-by-line code in the Linux kernel that is matching up to our UnixWare code," McBride said in an interview" How do they possibly expect to win a lawsuit when they can't even agree amongst themselves about where the UnixWare code appears in GNU/Linux? And what the hell is "the periphery of the Linux kernel"? Modutils? Fileutils? Util-linux?
The real "Libtards" are the Libertarians!
This seems quite reminiscent of the USL v. U.C. Regents case over the BSD release. USL maintained that the BSD code was tainted, but never cited any specific lines of code. USL decided to settle after the U.C. regents pointed out that USL was in violation of the license terms for the BSD code they were using in System V. At that point, USL probably realized that U.C. could force them to withdraw System V from the market and recall all existing copies in order to strip out the BSD code. Anyhow, as part of the settlement, CSRG did remove a few files that were said to be tainted, but since USL didn't indicate which files to remove, CSRG picked out a few of the files that were crufty and in need of replacement anyhow, and removed those.
Does anyone remember the letter that SCO sent out to customers back in the late 1990s, suggesting that customers would be better off with a professionally written and maintained operating system, rather than an amateur effort by a few hackers? It has a lot of other ridiculous comparisons like that. Someone (ESR?) wrote a parody letter refuting every one of their points.
I used to have the two letters posted outside my cube at a previous place of employment. I just tried to find them using Google, but I must not be using the right search terms.
I think RH, UnitedLinux(minus SCO, of course), any other commercialized distro, and Linus should sue SCO when they make claims that Linux source code is contaminated with their intellectual property.
This is a blatant attempt to scare potential customers of the distros, and/or impugns the reputations of the distros and Linus.
Even if SCO decides to settle with IBM (i.e. get bought out or bribed), they have opened themselves up to a case of libel, unless they can back it up with examples and proof. Their CEO alluded to exact code duplication and semi-obfuscted replicas of code.
Ok, np, show the code in question, and then we'll check some verifiable (repeat VERIFIABLE) code submittal logs of Linux and SCO. If by some miracle their logs, show an earlier submission...then the lkml community would probably yank the code immediately, and probably improve on it just to make a point.
Second of all, by not coughing up the examples, there might be a case for "failure to mitigate damages". Basic speak for "You cant say I did something to hurt you, wait forever, then tell me what I did wrong to wrack up increased "economic damages", when you could have told me sooner, and I would have cleaned up the issue and reduced your potential losses further.
(IANAL^2)
Let's assume for the moment that some IBM engineer took some code from SCO and added it to Linux. What is the consequence for the Linux kernel and other distros who did not intend to violate their copyright? I'm assuming that the GPL would cause all the legal liability to fall on the shoulders of the people who added the code, but then somebody still has to go and scour that code out of the kernel right?
This is messy, but then it gets even worse when you consider the notion of code forks, etc. What if Linus removes it, but for whatever reason a fork over at SUSE doesn't get removed? What if they don't bother, can SCO get a court order to force removal?
This sig has been temporarily disconnected or is no longer in service
Actually it is Muhammed Saeed al-Sahaf. Tariq Aziz was the deputy prime minister. Both were mouthpieces for Saddam's politcal machine, but Muhammed is much more fun to listen to. Check out all his quotes on the above website.
If I recall correctly, companies must make an effort to minimize their damages under all circumstances if they want to be able to collect compensation for damages. For instance, if I am IBM, and my supplier of screws never delivers me my shipment of screws for my mainframes, I am responsible to find another supplier. I can't wait a year and not ship any mainframes and then try to collect damages of Billions of dollars of lost revenue. Such a claim would be absurd since I didn't do anything to minimize my damages.
Isn't this true for SCO? They were supplying source code to companies like IBM. Apparently, according to their claim, they were also losing great amounts of revenue to Linux due to the unauthorized use of this code in Linux. It seems like they could have minimized the damage by doing a "diff" command between the Linux sourcecode (which was always available) and their own code and found out immediately that there was tainted code in there.
By being open source, it seems that Linux should be the most compliant OS out their because anyone with such claims as SCO should immediately be able to check the source. For them to wait this long to check (as they are losing over a BILLION dollars) seems to be a gross incompetence of SCO management. What else could contributors to Linux do to ensure the compliance of Linux wihout access to SCO's code? It seems that by being open source, the community has already done everything in its power to comply to IP law. SCO losses are a result of its failure to do its own part ($diff file1 file2).
Besides, the fall of SCO did not happen overnight, why must IBM take disproportionate responsbility (assuming they are at fault, which is unsubstantiated at this time) for what appears to be very poor efforts on the part SCO to protect their own IP (especially since they are also a Linux distr.!!!).
Also, if I were an investor I would be very upset. SCO has basically changed their business model without proper disclosure to the SEC. It is pretty well known that after they made their claim, it would be impossible for them to continue as a software company. Yet they seem to be continuing to waste money on new releases of Linux products that nobody will buy. What is the logic of releasing products for an OS that you are trying to slow the development of? What kind of business strategy is that?
Finally, the fact of SCO is a Linux distro is really ironic.
I mean, if even they are openly distributing their own IP through Linux under the GPL, what right to they have to sue other companies for doing the same!? If they couldn't even ensure that they were not dilluting their own IP themselves (with a simple "diff" command), how can they require other entities to do so?
I really believe that SCO has not put enough thought behind this and some of upper management is going to be directly liable to the stock holders for some blatant acts of poor judgement.
Sdelat' Ameriku velikoy Snova!
[Clarification: I am posting it at the danger of being attacked, but my puny brain cannot comprehend it as it is. Please help.]
If their code is secret, it means they could put whatever they want in there now and claim that it was there from the very beginning. Who knows when that particular piece of code was placed there. 20 years ago? Yesterday? Or just before they go to court to present the evidence?
I am not saying that they are lying, but how can one be sure. If there are ways to make sure that it is, please enlighten us.
Thank you.
GrimReality
2003-05-02 20:25:51 UTC (2003-05-02 16:25:51 EDT)
"The Linux community would have me publish it now, (so they can have it) laundered by the time we can get to a court hearing. That's not the way we're going to go."
Now, admitting that anything is possible, I must ask, is McBride insane? Here is how to "clean" the code out of the Linux kernel:
Step 1: Log into kernel.org.
Step 2: Remove or patch the offending code in every version of the kernel ever posted to that site.
Step 3: Run complete tests on every patched kernel to make sure it builds and runs on all supported architectures.
Step 4: Contact RedHat, SCO (Caldera), IBM, debian.org, Suse, Slackware, and anyone who has ever distributed a Linux kernel and have them do the same.
Step 5: Contact every Linux user in the world and have them patch their kernels.
Laundering, indeed. I predict that this evidence will turn out to be shit.
This allegation really underscores a primary issue of closed source software - it's not out for public review, and hence, it would be VERY difficult to validate these claims. For all we know, SCO's code is a rip-off of Linux or some prior open-source code that Linux was a beneficiary of. SCO never published their source and there's nothing outside of SCO (or maybe IBM, if there was some kind of agreement) to validate the claims. The trouble is, we can trust neither of those parties to present untainted copies of the relevant code as both could have altered timestamps or copied in code. There's also the fact that some processes in software can just really be done in one optimum way.
This is a good reason software should not be considered "published", hence copyrightable, unless the source code exists in some human-readable means in some organization outside of the "software publisher" (who truly publishes nothing), a place the courts could seriously look at as proof of the existance.
A way that might serve as a valid stopgap would be the generation of an MD5 hash of each source file and submitting that to some trusted agency (Library of congress?) for another digital signature and timestamp to be added, proving the date of creation to some legal standard so that these allegations could be backed with proof. We'd know the plaintext was validly signed by the LOC and that it existed at the time alleged to.
I find this statement has more merit than anything from SCO. Corporate driven programming is much different from Open Source. With OSS, there's really no pressure to get stuff done and out the door, or at least far less than in the corporate world. This idea is based on Linus's many comments about when such and such release will be shipped : "when it's done".
Now contrast that with UnixWare version whatever, with a crackpot like McBride at the helm whipping up the team to get the code out the door. You can imagine the chaos: see the Mythical Man Month about OS/360, and I believe there's a book about Dave Cutler's team at M$. This is not Extreme Programming, it's the death march.
To conclude, which programmer is more likely to grab some peice of code that just works?
Here's another point: From my experience, OSS code is revised and rewritten constantly. Look at Ingo's work with the scheduler, or the recent work by several folks on the VM. Or Apache Xerces (XML4J). I've been using that for a few years, since it had jp (originally written by some IBMers at one of IBM's Japan labs I think), and that has been rewritten from scratch at least once. One last example - Mozilla was rewritten entirely, sidelining it for several years. That was a questionable move, but I say they did a good job - Mozilla is awesome.
Again contrast that with corporate software - how often do you rewrite working code from scratch? You do if business rules change, but I'd argue that with corporate software (think COBOL) it's more if it ain't broke don't fix it. Case in point: at the organization I work at, we have a database (well, more of a filesystem) written in assembler that is basically 25 year old code. Why? It works, it is very fast, it runs mission-critical systems, and it's very hard to modify, let alone maintain it. (Yes it is being replaced, so they say).
So, Unix code in Linux, copied line by line? Doubtful, I side with Perens.
To conclude, Perens has a good point. But as can be seen by the Sun/Netscape vs. Microsoft lawsuit, anything can happen in the courts. They'll have fun figuring out the "obfuscated" code.
from a great article http://www.corante.com/openmind/20030501.shtml "Finally, there's another gotcha as far as this suit goes. SCO is claiming that IBM, Red Hat and SuSE are somehow violating SCO's IP with code that they're shipping with their Linux offerings. If this is true, is SCO shipping it as well? Under the terms of the GNU General Public License, even if IBM and the rest are shipping stuff wrongly (which, again, I very strongly doubt), once it makes it out the door in SCO's Linux offerings as GPL'ed code then the company as the legitimate copyright holder (if they are) has given carte blanche to the rest of the world to use that code. From the GPL, section 6: Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. It would seem to me that one quick way to debunk SCO's claims would be to examine the source from SCO Linux and the source from what IBM is shipping. If, in fact, there are no significant differences (and I suspect there are not) then SCO has no leg to stand on. "
chicken vs the egg argument.
internal documents alone wont win this case. the funny thing is that even if SCO has a winnable case they are not going to win against IBM. IBM can just drag this case out forever until SCO runs out of money. kinda scary that the RIAA's legal plan can be used for something good eh ?
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein