Slashdot Mirror
SCO Claims Kernel Contains UnixWare Code
ergo98 writes "SCO has increased the intensity of the lawsuit with IBM by claiming to hold indisputable proof that copyrighted UnixWare code found its way into Linux, violating the rules of both camps. Whether this is true or not remains to be seen: SCO refuses to divulge the code in question, however they promise to reveal it in court shortly."
As already stated on LKML here, it's far more likely that they saw something that had been stolen from Linux or other GNU code in SCO, and thought is was the other way around.
It also isn't clear if SCO is referring specifically to Redhat userland, redhat kernel patches or what. It's only clear that they don't mean specifically the Linux kernal as found on kernel.org.
-If you wish to make a complaint, press 1. If you wish to wish upon a star, makes no difference who you are, press -- what else? -- the star key.
Compared to war, all other forms of human endeavor shrink to insignificance. God, how I love it. - Gen. George Patton
Wouldn't it be interesting if someone managed to slip in copyrighted code intentionally, with the knowledge that it would eventually be found -- causing quite a bit of damage to the Linux movement...
Adjust your tinfoil hat, people.
In this article, they clearly refer to the kernel: "We're finding...cases where there is line-by-line code in the Linux kernel that is matching up to our UnixWare code," McBride said in an interview" How do they possibly expect to win a lawsuit when they can't even agree amongst themselves about where the UnixWare code appears in GNU/Linux? And what the hell is "the periphery of the Linux kernel"? Modutils? Fileutils? Util-linux?
The real "Libtards" are the Libertarians!
This seems quite reminiscent of the USL v. U.C. Regents case over the BSD release. USL maintained that the BSD code was tainted, but never cited any specific lines of code. USL decided to settle after the U.C. regents pointed out that USL was in violation of the license terms for the BSD code they were using in System V. At that point, USL probably realized that U.C. could force them to withdraw System V from the market and recall all existing copies in order to strip out the BSD code. Anyhow, as part of the settlement, CSRG did remove a few files that were said to be tainted, but since USL didn't indicate which files to remove, CSRG picked out a few of the files that were crufty and in need of replacement anyhow, and removed those.
Does anyone remember the letter that SCO sent out to customers back in the late 1990s, suggesting that customers would be better off with a professionally written and maintained operating system, rather than an amateur effort by a few hackers? It has a lot of other ridiculous comparisons like that. Someone (ESR?) wrote a parody letter refuting every one of their points.
I used to have the two letters posted outside my cube at a previous place of employment. I just tried to find them using Google, but I must not be using the right search terms.
Let's assume for the moment that some IBM engineer took some code from SCO and added it to Linux. What is the consequence for the Linux kernel and other distros who did not intend to violate their copyright? I'm assuming that the GPL would cause all the legal liability to fall on the shoulders of the people who added the code, but then somebody still has to go and scour that code out of the kernel right?
This is messy, but then it gets even worse when you consider the notion of code forks, etc. What if Linus removes it, but for whatever reason a fork over at SUSE doesn't get removed? What if they don't bother, can SCO get a court order to force removal?
This sig has been temporarily disconnected or is no longer in service
Actually it is Muhammed Saeed al-Sahaf. Tariq Aziz was the deputy prime minister. Both were mouthpieces for Saddam's politcal machine, but Muhammed is much more fun to listen to. Check out all his quotes on the above website.
If I recall correctly, companies must make an effort to minimize their damages under all circumstances if they want to be able to collect compensation for damages. For instance, if I am IBM, and my supplier of screws never delivers me my shipment of screws for my mainframes, I am responsible to find another supplier. I can't wait a year and not ship any mainframes and then try to collect damages of Billions of dollars of lost revenue. Such a claim would be absurd since I didn't do anything to minimize my damages.
Isn't this true for SCO? They were supplying source code to companies like IBM. Apparently, according to their claim, they were also losing great amounts of revenue to Linux due to the unauthorized use of this code in Linux. It seems like they could have minimized the damage by doing a "diff" command between the Linux sourcecode (which was always available) and their own code and found out immediately that there was tainted code in there.
By being open source, it seems that Linux should be the most compliant OS out their because anyone with such claims as SCO should immediately be able to check the source. For them to wait this long to check (as they are losing over a BILLION dollars) seems to be a gross incompetence of SCO management. What else could contributors to Linux do to ensure the compliance of Linux wihout access to SCO's code? It seems that by being open source, the community has already done everything in its power to comply to IP law. SCO losses are a result of its failure to do its own part ($diff file1 file2).
Besides, the fall of SCO did not happen overnight, why must IBM take disproportionate responsbility (assuming they are at fault, which is unsubstantiated at this time) for what appears to be very poor efforts on the part SCO to protect their own IP (especially since they are also a Linux distr.!!!).
Also, if I were an investor I would be very upset. SCO has basically changed their business model without proper disclosure to the SEC. It is pretty well known that after they made their claim, it would be impossible for them to continue as a software company. Yet they seem to be continuing to waste money on new releases of Linux products that nobody will buy. What is the logic of releasing products for an OS that you are trying to slow the development of? What kind of business strategy is that?
Finally, the fact of SCO is a Linux distro is really ironic.
I mean, if even they are openly distributing their own IP through Linux under the GPL, what right to they have to sue other companies for doing the same!? If they couldn't even ensure that they were not dilluting their own IP themselves (with a simple "diff" command), how can they require other entities to do so?
I really believe that SCO has not put enough thought behind this and some of upper management is going to be directly liable to the stock holders for some blatant acts of poor judgement.
Sdelat' Ameriku velikoy Snova!
"The Linux community would have me publish it now, (so they can have it) laundered by the time we can get to a court hearing. That's not the way we're going to go."
Now, admitting that anything is possible, I must ask, is McBride insane? Here is how to "clean" the code out of the Linux kernel:
Step 1: Log into kernel.org.
Step 2: Remove or patch the offending code in every version of the kernel ever posted to that site.
Step 3: Run complete tests on every patched kernel to make sure it builds and runs on all supported architectures.
Step 4: Contact RedHat, SCO (Caldera), IBM, debian.org, Suse, Slackware, and anyone who has ever distributed a Linux kernel and have them do the same.
Step 5: Contact every Linux user in the world and have them patch their kernels.
Laundering, indeed. I predict that this evidence will turn out to be shit.
This allegation really underscores a primary issue of closed source software - it's not out for public review, and hence, it would be VERY difficult to validate these claims. For all we know, SCO's code is a rip-off of Linux or some prior open-source code that Linux was a beneficiary of. SCO never published their source and there's nothing outside of SCO (or maybe IBM, if there was some kind of agreement) to validate the claims. The trouble is, we can trust neither of those parties to present untainted copies of the relevant code as both could have altered timestamps or copied in code. There's also the fact that some processes in software can just really be done in one optimum way.
This is a good reason software should not be considered "published", hence copyrightable, unless the source code exists in some human-readable means in some organization outside of the "software publisher" (who truly publishes nothing), a place the courts could seriously look at as proof of the existance.
A way that might serve as a valid stopgap would be the generation of an MD5 hash of each source file and submitting that to some trusted agency (Library of congress?) for another digital signature and timestamp to be added, proving the date of creation to some legal standard so that these allegations could be backed with proof. We'd know the plaintext was validly signed by the LOC and that it existed at the time alleged to.
I find this statement has more merit than anything from SCO. Corporate driven programming is much different from Open Source. With OSS, there's really no pressure to get stuff done and out the door, or at least far less than in the corporate world. This idea is based on Linus's many comments about when such and such release will be shipped : "when it's done".
Now contrast that with UnixWare version whatever, with a crackpot like McBride at the helm whipping up the team to get the code out the door. You can imagine the chaos: see the Mythical Man Month about OS/360, and I believe there's a book about Dave Cutler's team at M$. This is not Extreme Programming, it's the death march.
To conclude, which programmer is more likely to grab some peice of code that just works?
Here's another point: From my experience, OSS code is revised and rewritten constantly. Look at Ingo's work with the scheduler, or the recent work by several folks on the VM. Or Apache Xerces (XML4J). I've been using that for a few years, since it had jp (originally written by some IBMers at one of IBM's Japan labs I think), and that has been rewritten from scratch at least once. One last example - Mozilla was rewritten entirely, sidelining it for several years. That was a questionable move, but I say they did a good job - Mozilla is awesome.
Again contrast that with corporate software - how often do you rewrite working code from scratch? You do if business rules change, but I'd argue that with corporate software (think COBOL) it's more if it ain't broke don't fix it. Case in point: at the organization I work at, we have a database (well, more of a filesystem) written in assembler that is basically 25 year old code. Why? It works, it is very fast, it runs mission-critical systems, and it's very hard to modify, let alone maintain it. (Yes it is being replaced, so they say).
So, Unix code in Linux, copied line by line? Doubtful, I side with Perens.
To conclude, Perens has a good point. But as can be seen by the Sun/Netscape vs. Microsoft lawsuit, anything can happen in the courts. They'll have fun figuring out the "obfuscated" code.