SCO Berates Linus' Approach To Kernel Contributions

Matthias_305 writes "The New York Times has an article about a new court document in which SCO critizes Linus Torvalds touting the 'inability and/or unwillingness of the Linux process manager, Linus Torvalds, to identify the intellectual property origins of contributed source code.' They claim to have got evidence from a conversation on the kernel mailing list in which Torvalds advocates programmers shouldn't care about patents. According to the article he stands by his view which is at least 'candid'." On a related note, BobDowling points to a proposal at The Inquirer ("Shutting down SCO's FUD machine") regarding SCO's claims. "SCO won't let people see the contested source code without signing an outrageous NDA but the article gives a mechanism for publishing appropriate MD5 checksums which allow code trees to be compared without anyone else seeing the code. This is offered as a means to locate the source of SCO's contested code. ... This mechanism gives a concrete procedure that SCO can be challenged to follow as part of the community's "put up or shut up" response. There would be no threat to SCO's claimed IPR."

free link

free link

Not normally a Linus fan but..

[CountBrass]

GO LINUS, GO!

of course Linus is going to have little regard for software patents. He's a European and that's one bit of stupidity we have yet to import from the US (please God we never do).

I'm surprised SCO hasn't tried to persuade Linus to support them. "Join me my son!". ;-)

Re:Not normally a Linus fan but..

[streepje]

of course Linus is going to have little regard for software patents. He's a European and that's one bit of stupidity we have yet to import from the US (please God we never do).

Emphasis on the "yet".
Have a look at this European Commission proposal to make all useful ideas patentable

Re:Not normally a Linus fan but..

[arth1]

Of course, if US patents are to do what the founding fathers originally intended -- make it easier for the *inventors* to invent -- the patents should be non-transferable and with a relatively short patent period. A corporation and bunch of lawyers won't ever invent anything and shouldn't be allowed to own a patent, and unless the patent expires, there's no economic incentive for an inventor to invent anything new.

As for software patents, and patents on methods, they don't contribute to increased invention and development unless you restrict patents to what truly IS groundbreaking or a Columbi egg. If patents were more difficult to get, there would be an added incentive to try to come up with something more revolutionary than what people have been using, but not describing, for years.

Regards,
--
*Art

Re:Not normally a Linus fan but..

[laird]

Actually, I've been told exactly the same thing by a number of US patent lawyers. In the US you're liable for greater damages if you violate someone else's patent if you know about it than if you don't. So the last thing any engineer should ever do is admit publicly that they know anything about any patent, because they open their employer up to (IIRC) treble damages. Given how well known this is, I am surprised that it's "news".

Re:Not normally a Linus fan but..

[Simon+Garlick]

It's nice to see that Linus is getting a bit more riled up about SCO now that SCO has started taking personal potshots at him. In a recent interview:

"I care deeply about IP (intellectual property) rights. I've personally got more IP rights than the average bear, and as the owner of the copyright in the collective of the Linux kernel, I shepherd even more. It's what I do, every day. I personally manage more valuable IP rights than SCO has ever held, and I take it damn seriously," Torvalds said in an e-mail interview.

Re:Not normally a Linus fan but..

[Kismet]

This is the same sort of advice I got in my Technical Writing class.

As you know, plagiarism is a very serious offense in many types of writing. It can be serious enough to get a student disqulified or expelled.

The less you worry about what other people have said on the subject you are writing about, the less your chances are of plagiarism. Writers who constantly check their sources for exact phraseology to ensure they aren't "infringing" actually tend to use idioms and vocabulary from the sources they are trying to avoid copying.

Re:Not normally a Linus fan but..

[platypus]

No no no.

Linus doesn't have a shit to do with it if something is pushed into the kernel which happens to be someone else's IP, because everything contributed not from linus is someone elses IP.

He doesn't get assigned the rights from the contributors, and he doesn't distribute the kernel (i.e. he doesn't own kernel.org), insofar SCO again is really really far away from anything which matters.

Boy do they get on my nerves, they more and more fulfill the rolemodel of that guy in school which was sooo obnoxious that even the most pacifist people sooner or later had to follow the urge to beat him up.

Re:Not normally a Linus fan but..

[PMuse]

unless the patent expires, there's no economic incentive for an inventor to invent anything new.
Just to be clear, U.S. patents expire 20 years after filing. Patents, unlike copyrights, have been holding the line against term expansion pretty well over the years. Copyrights (though theoretically limited to life of the author + about 70 years) keep getting extended so as to be effectively perpetual. Trademarks are yours as long as you use and protect them.

Also, there is _always_ an economic incentive to invent something better. If I invent a better mouse trap, people will buy it over your old-but-still-patented mousetrap.

A corporation and bunch of lawyers won't ever invent anything and shouldn't be allowed to own a patent
Some fields of research require a $5M or a $50M laboratory and a team of twenty. There are some inventions that will not and cannot be made with a chemistry set in someone's basement. (Of course, software generally is not such a field.)

the patents should be non-transferable and with a relatively short patent period.

We already have a relatively short patent period: 20 years. Formerly patented material continues to pour into the public domain every single week, unlike copyright.

Patents already have periodic maintenance fees that must be paid every few years during the 20-year term.

These fees increase in size in the later years and they are higher for large companies than for small ones. (Both notions that might help with the copyright problem.)

Non-transferrability, now, there is an interesting idea. Let's talk about that.

Re:Not normally a Linus fan but..

[Chris+Burke]

I too have been explicitly told not to do patent searches when I come up with an idea, for exactly that reason.

I was also told explicitly that, partially because of the above, violating someone else's patents is essentially unavoidable. Therefore the purpose of patenting things is to have a bigger stick when you sit down to discuss any patent dispute.

So you have tons of engineers inventing things and deliberately remaining ignorant of whether anyone else has invented it, then trying to patent it for the sole purpose of ensuring that if it turns out to already be invented, that inventor will be violating some other patent that did get through.

Does that not sound completely fscked to anyone?

Bullying Linus...

'inability and/or unwillingness of the Linux process manager, Linus Torvalds, to identify the intellectual property origins of contributed source code.'

Seems they want to bully Linus to present the evidence for their cause they failed to present. This seems at least irrational to me.

Will someone berate SCO' spproach here??

[jkrise]

SCO's approach seems to scare everyone that Linux is illegal dynamite, waiting to blow a hole through their purses. If they're really concerned and ethical, should they not go upfront and declare the violations in the code and be done with it?

Secondly, what if someone had poisoned the code over a period and SCO's blowing the whistle now? Something like the tcpdump files getting infected with a trojan?

Re:Will someone berate SCO' spproach here??

I'll use what I used to explain it to the Board of directors last week....

I hold behind me a reason to sue you all.

I can show you what I am suing you about, but you have to sign this NDA that states that after you see it you cant talk about it and you can't be a part of the suit/ you must agree with me.

This is in essence what the whole thing is. SCO is trying to play the blackmail game, if they really were inteested or had anything it would be public and being poured over right now showing that it appeared on XX date and came from XX...

but they know that they have nothing, like a bad poker player trying to bluff the whole table.

IBM knows this and this is why they are ignoring them and certianly not lowering themselves to SCO's level, but acting in a professional manner.

Finally, I mentioned to the board that the Linux Kernel development team has the greatest amount of programmer talent on the planet... Greater than Microsoft,SCO,SUN,Apple,IBM and Silicon Graphics combined. AS well as a peer review system that is impossible to impliment in any corperate setting, therefore all of SCO's claims are unfounded and should be ignored until they reveal any proof, letalone proof that THEY did not steal the code in the first place.

One of the members mentioned that he did not think of that, that the code could have came from BSD to begin with.

It worked well, they understood.

Re:Will someone berate SCO' spproach here??

[dh003i]

Simply put, he's right. There are more talented individuals in the FOSS community than in every software company in the world. Let's see, one guy creates an OS kernel by himself -- without an entire development team -- that evolves to be better than anything MS or proprietary UNIX vendors crank out. Another guy creates what is arguably the best compiler in the world. Etc.

Then, of course, just consider the sheer amount of talent. There are probably more FOSS programmers than proprietary programmers...by a long shot. That means that there is a huge amount of total talent.

Companies should also not bother with the impossible burden of finding all patents that they may be infringing on. The legal bill to lawyers to interpret patents would be outrageous, and it is simply impossible -- period -- to do, due to the clear lack of organization in freely available patent databases and due to the sheer number of patents.

Re:Will someone berate SCO' spproach here??

[tomhudson]

And how many at microsoft are working on their kernels? Let's compare apples w. apples. Microsoft doesn't have thousands of people coding their next kernel. They may have a few hundred. So the numbers ARE comparable.

Now, as to talent ... that's something that we can only objectively measure by the results. It seems to me that the linux kernel surpasses the competitors, and that's why most of the "competition" have supported linux development. This includes SCO in times past.

So it may not be a lie to say that the Linux Kernel development team has the greatest amount of programmer talent on the planet, as far as OS kernel development is concerned.

Sure, IBM, Sun and Microsoft may have thousands of programmers working for them. This has nothing to do with OS kernel development. Most of Microsofts' programmers are NOT working on their kernels. Ditto Sun. Ditto IBM. Ditto Apple.

And we can't count those who do testing, unless we also count those who do testing of the linux kernel, in which case the linux kernel wins hands down over all the proprietary kernels combined.

Old...

[r6144]

I think this thing has been discussed here before.

Also, Linus was advising developers that they don't look at patents, for if the kernel is hit by one of them (some are pretty broad), it would be much more trouble if the alleged patent infringement were done knowingly.

I suppose this is a reasonable tactic used by everyone, yet one can criticize it if he like.

md5

[the+uNF+cola]

As all hashes go, and I know, it's mathimatically "very hard", two different byte segments CAN have the same md5 sum. Longer they get, harder it is... but then again, anything is possible.. just not probable.

Re:md5

[AftanGustur]

As all hashes go, and I know, it's mathimatically "very hard", two different byte segments CAN have the same md5 sum. Longer they get, harder it is...

Uhh, well, the probability that a given line of code has a certain MD5 checksum is 1 to 340282366920938463463374607431768211456.

That's way less probable than the probability of a false positive in a DNA test. (I.e. "Good enough" for a match)

So, unless I see a two headed guy with dark sunglasses, climb into his shiny spaceship and start it's engines, I belive SCO could very well use this technique to demonstrate what part of their code is in Linux.

Re:md5

[Simon+Brooke]

White space would obviously change the MD5 right? So all the infringer (or someone trying to hide the infringement, to take the argument SCO might use) would have to do is add some space here and there and the MD5 won't be at all the same. I don't think that's a valid method to determine if the code is stolen or not.

Changing space would change the MD5 sum, yes, but that is easily normalised out by feeding both code bases through either the same code pretty printer or through a simple sed filter which replaces any string of whitespace with a single space character prior to the chopping and checksumming process.

Re:SCO is criticizing Linus for What??!!

[CountBrass]

A common fallacy, but both Open Source and Free software *depend* on intellectual property rights.

Without it there would be no reason to agree to the OS or Free license terms (you could just ignore them and do what you like) and therefore no onus to put back into the pool any improvements etc you might make.

SCO Icon Needed

We need a special SCO icon; something that looks Darth Vaderish. Either that, or make it look like Lionel Hutz.

Re:SCO Icon Needed

[AgTiger]

Frankly, I think an icon of a monkey humping a football would pretty much sum up the caliber of executive decisions we're seeing out of SCO these days.

Re:SCO Icon Needed

[Eric+Damron]

I think you give the SCO too much credit. A football humping a monkey might be closer.

patents are for lawyers

[lovebyte]

I used to work in pharma research. The patent lawyers used to tell us not to worry about patents until close to the end of our research. And then let the lawyers look at patents.
The reason for this is that patents are complicated and claims are not easy to understand. For instance some chemical/protein/DNA/whatever could be patented for a very specific use (it normally is). You can still use it for a totally different reason.
So from my own experience I can see that Linus attitude is perfectly correct.

Re:patents are for lawyers

[arkanes]

Theoretically, a patent should have all the information you need to recreate the invention - that being the whole point, after all. Someone with reasonable skill in the field should be able to duplicate your invention with just the information in the patent.

Now, because the patent system has been horribly abused and twisted, and because capitalism is stupid about some things, the idea of the patent lawyer came into existence, and the MAIN PURPOSE of a patent lawyer is to write your patent in as obfuscated and broad a manner as possible. IE, to totally subvert the intent and goal of the patent system.

This is one of the reasons the patent system needs an overhaul.

Paradox?

[ptaff]

From the article:

"If source code is copied from protected Unix code," the SCO document adds, "there is no way for Linus Torvalds to identify that fact."

You'd want Linus to compare both codes and after that sue him for "inspiration"?

Look, Linux, you've seen all SCO code, now don't say you weren't influenced by it. As we said earlier, it is technologically impossible for anyone to produce great code without copying it from us.

They're shooting themselves in the foot, and remove their shoes beforehand!

Mispellings in the NY times

[Niksie3]

Mr. Torvalds developed the software engine, or kernal, blah blah blah

Maybe we should ask Mister Steve Lohr to become a slashdot editor :)

Whew

[twfry]

I was getting worried. It had been almost a whole 24 hours without an SCO update. If it reached a full day I don't know what I would have done.

The responsibility of copyright holders

[RyanFenton]

It is the responsibility of copyright holders to find violations and defend their own hold on ideas. It is not the responsibility of everyone else to police their claim. If someone, like the moderator of an open source software development community, is notified that they are directly or indirectly violating such claims, then they have they will have to remove the proveably unsanctioned content, but that is not a blank check to stop others from speaking or sharing ideas. Until a law is passed to actively restrict all communications on the basis of "defending" the rights of copyright holders, then I'd understand such accusations - but otherwise, I can't imagine how Linus could have done anything wrong here.

Perhaps it's the ones who complain about their rights the loudest/with the most money that may end up getting their way. But here, unlike many copyright cases, you can expect everyone present to stand up for their rights, loudly. Unfortunately for SCO, it appears that IBM and many other powerful companies are in favor of Linus' and other's rights.

Ryan Fenton

Black Hat Linux

After they defeat Linus, they can come out with their new "Black Hat" (or "Black Helmet") Linux.

Is this actually relevant??

[Goonie]

IANAL, but as far as I can tell SCO is suing IBM, not Linus, and the issue of whether Linus is cavalier about patents has precisely nothing to do with the actual lawsuit.

As I understand it, the lawsuit is about IBM contributing code to Linux that SCO claims it owned the rights to, and which they didn't have the right to distribute. There was no way Linus or anyone else who didn't have access to IBM's contracts with SCO, could determine that. In any event, the case certainly doesn't seem to have anything to do with patents.

One can only draw the conclusion that they're throwing mud in the hope that some will stick.

Re:Is this actually relevant??

[sjvn]

> IANAL, but as far as I can tell SCO is suing IBM, not Linus, and the issue of whether Linus is cavalier about patents has precisely nothing to do with the actual lawsuit.

That's right. So far.

SCO is 'trying' this case in the court of public opinion. More specifically, they're trying to convince CIOs and CTOs to drop Linux and AIX. If sucessful, so I believe their logic goes, that will pressure IBM, and then other companies, to either buy them out or pay them off.

The merits of the case don't matter. It's all about creating FUD and then trying to take advantage of it in business.

If they think that suing Linus will help them do that, they will. At this point, I'm sorry to say, that I expect they will eventually sue Linus.

Again, it's not that they'd think they win this point in court. As many of /. writers have already pointed out, there are many solid, good legal reasons why developers shouldn't pretend to be IP lawyers. But, if by suing Linus, they can make many more business buyers doubt that Linux is a safe bet, they'll do it. After all, it's not like they haven't completely burned their bridges with the Linux community already!

Steven

Seems fair enough

[The+Tyro]

Here's the relevant section:

*SNIP*
"I do not look up any patents on principle because (a) it's a horrible waste of time and (b) I don't want to know."

"The fact is technical people are better off not looking at patents. If you don't know what they cover and where they are, you won't be knowingly infringing on them," Mr. Torvalds wrote in the e-mail message last August.

In an e-mail interview earlier this month, Mr. Torvalds explained that his was a candid view in the murky, complex realm of software patents these days.

"Hey, one of the advantages of not personally being involved in any of the commercial Linux players is that I can be honest," Mr. Torvalds wrote. "In fact, openness pretty much requires it â" there is no corporate speak here. Ask any lawyer in a tech company (off the record, so that he can be honest too), and he'll tell you that engineers should absolutely not try to look up other people's patents. It's not their job, and you don't want them tainted."

What's so terrible about that? Why would you bias yourself (and waste a LOT of time) by poring over someone's code before writing your own? You may subconsciously emulate what they've done, and taint any originality you might have started with.

Same thing goes for other disciplines. In medicine, one should talk to the patient first, THEN read their medical records... you want an honest gestalt, unbiased by somebody else's interpretation of signs and symptoms. Isn't that what a second opinion is supposed to be?

This sounds to me like the old "better to beg forgiveness than ask permission" philosophy. Big whoop... give linus a break, SCO.

Normally a Linus fan. (-:

[leonbrooks]

He's extremely patient and reasonable, which about sums up SCO's most obvious deficiencies, and not at all greedy for either money or attention, which apparently sums up SCO's entire motivation (or more specifically, D'ohl's entire motivation). Is it any wonder that they're jealous of him?

How can SCO prove anteriority ?

[file-exists-p]

A point seems of major importance and I have not seen it addressed so far. In such a situation, how could SCO prove they did not steal a part of the linux kernel ? Is there an official organism in the US where companies can register source code for future legal problems ? If not, how is that supposed to work ? Experts would look around at SCO's and get convinced (or not) by the internal memos and CVS logs ? I know we are talking about the US legal system, but that's totally surrealistic to me ...

Law in the USA

[pubjames]

What I don't understand about the SCO/IBM case, is why IBM isn't taking action to immediately stop SCO from doing what they are doing. I am sure it must be affecting their AIX business, and I can't believe that there isn't a legal method they can use to take some kind of cease and desist out on SCO.

If such a law doesn't exist in the USA, does that mean Pepsi can say they have proof that Coke has dog poo in it, but they aren't going to show the proof? I doubt it somehow.

Furthermore, if SCO are doing these things just to manipulate their share price, and the allegations turn out to be baseless, surely that is fraud?

Re:Law in the USA

[whovian]

Just a guess...it could that IBM is just letting SCO dig its own grave. How can IBM defend itself if SCO isn't "freely" (I mean in the courtroom sense) showing its alleged proof? Thus, when it comes time IBM can silence SCO forever by suing it for damage to its reputation and business.

Re:Law in the USA

[Arker]

IANALS (I Am Not A Land Shark) but it's my understanding that

1. IBM could file a cease and desist, if they wanted to, but they probably don't because SCO is really digging themselves a very deep hole with their public statements, and this will be to IBMs advantage later on.

2. Pepsi could say Coke has dog poo in it, sure, and open themselves to a huge libel suit. Analogous to a degree, but where it breaks down is in that situation Coke would have nothing to gain by delaying counteraction - in this case IBM does have something to gain - a huge chain of public statements from SCO that can be used against them in court. When this finally gets to court IBMs lawyers can bring in a collection of all the contradictory nonsense SCO has been spouting in public and have a field day with it.

3. Yes, if SCO executives are indeed engaging in a pump and dump scheme, as seems most likely, that is fraud and would be a criminal offense. But on that one only time will tell for sure.

Re:Law in the USA

[Arker]

1. This isn't a pump and dump scheme. It is a contingency case. The Boies firm has obviously taken this case on a contingency basis (probably 1/3 or higher of total recovery). They are the generals here looking out for what they believe to be SCOs and their own best interests (wallets).

The contingency case stuff is interesting (speculation?) but completely irrelevant to whether it's a pump and dump scheme. If the executives of SCO unload a bunch of stock before the case is resolved, then their will be good reason to make that charge.

3. IBM's interests do not equate to Linux's interests. The Linux community (and Linus) should be represented in this case. Boies and company are very good lawyers as M$ found out.

Linux and the community should not be represented formally in this case, as they aren't formal parties to it, but it's certainly being watched closely. Calling Boies and co. good lawyers seems laughable though, look at their track record. Has Boies won a single case? He lost the IBM defense. He theoretically won against MS, yes, but it was a sucker deal, the only 'remedies' that have held are actually pro-MS measures, not even slaps on the wrist. For all intents and purposes that was a loss. He lost for Gore. For someone that commands such high fees he sure seems to lose a lot.

The MD5 stuff is quite clever

[DeadSea]

When I read the headline, I thought how could comparing MD5 sums of files work? I'm sure the files have been modified at both ends. Even if they were from the same source orginally, there is no way they would match now.

The scheme instead computes an MD5 sum for each line (actually each five lines together) and publishes the hashed versions of the files. Then anybody can do the line by line compare without ever seeing a readable version of the source code.

The theory is that SCO can't complain about somebody distributing these hashes because you can't get the source code from it.

The only problem I see is that the hashes are still derived from SCO's intellectual property and are therefore still covered by copyright. SCO could still put up a stink about it. Especially since they have stated that their goal is to sue IBM for money rather than to identify the peices and rectify the situation. SCO has said that they are afraid that if the lines are known, the problem will be fixed and they won't be able to sue any more. (Poor babies.)

Strange

[TheDredd]

SCO bought the source code and license rights to Unix in 1995

I thought they bought a license to the source code and license rights to the code, but not ownership of the source, and that Novell owns the code
So this article is not entirely accurate

Anyone from SCO here?

[IdleLay]

I have not seen any post from any SCO people standing up for or against anything lately. Can SCO management legally gag their employees during this litigation? Not trolling or stirring, just deafen by the silence.

Re:Anyone from SCO here?

[Tony+Hoyle]

They don't have to legally gag them, just strongly hint that anyone who speaks to the press will be first for the next round of downsizing.

Everyone Relax a little.

SCO seems to be trying to pull the strings of the Linux community, hoping for an irrational response. The more of an uproar, the more news coverage, the better the situation for SCO.
Everyone needs to take a deep breath. We all know what they are trying to do. We need to just turn the other cheek and let IBM deal with it. SCO is now threatening IBM's bread and butter. It will be over soon. I doubt IBM would drag this out in the courts, because this type of FUD would continue to be spouted off throughout that entire time. If IBM comes up with a solidified argument demonstrating that SCO was near perjury with this lawsuit, its all over.

Read this...NOW

http://www.theinquirer.net/?article=10061

See!

[leonbrooks]

I told you those Linux zealots would try to hide the SCO stuff if we identified it!

Re:Flaw in the 'shredding' mechanism?

[deepchasm]

Parent post contains:

if there is identical code in two files, but the positions of the code in the files is shifted by a line, they won't match.

Erm, no. If you had read the article carefully, you would know that the pieces overlap. The article says:

each source tree is "shredded" into 5 line pieces (1-5, 2-6, 3-7, etc.)

Re:SCO is criticizing Linus for What??!!

[benja]

A common fallacy, but both Open Source and Free software *depend* on intellectual property rights.

Without it there would be no reason to agree to the OS or Free license terms (you could just ignore them and do what you like) and therefore no onus to put back into the pool any improvements etc you might make.

If there were no IPR (and thus no copyright), all source code anybody publishes could be used approximately as if it was published under a BSD license today.

It would always be possible to publish only binaries, but it would not be possible to restrict distribution of these licenses. (It would also be allowed to re-engineer the binaries.)

So while we couldn't have the protection that the GPL offers today, we would have BSD-like Free Software (you don't deny that the BSDs are FS/OSS?) plus the right to re-distribute, change or disassemble any binaries anybody might publish.

If only

[TheConfusedOne]

They're shooting themselves in the foot, and remove their shoes beforehand!

Now, if we're really lucky we can get them to shove their foot in their mouth first too! :-D

Re:Flaw in the 'shredding' mechanism?

[TheConfusedOne]

The shredding was done in 5 line groups but on each line.

Thus while A B C D E wouldn't match Q A B C D the next hash value in file 2 would be A B C D E which WOULD match.

The idea was that the process would ONLY hit on 5 line matches to avoid all of the things like #include <stdio.h> hits.

How is SCO's lawsuit affecting sales of Linux?

[drgroove]

If I were a CIO or CTO debating the TCO of *nix vs. Win2K3 to a CEO, would IBM vs. SCO be the TKO that stops the CEO from approving A/P to pay my PO for RH's LGX?

FWIW, even if OSS is FAIB, if the DOJ considers *nix IP with a TM, then it basically become's SCO's LIC, meaning our OSS becomes a CSS OS, which would RSTBO.

AIBO going w/ an ASP that manages our OS? BTA, we might end up w/ a BOFH giving us ZA, which WWAD PMS.

AFAIK, INMP if SCO wants to be ITM by enforcing its supposed IPR - *nix IP should be PD or GNU, like BSD just on GP, IYKWIM. I keep asking myself in this situation - WWLD?

Oh, BTW - IITYWIMWYBMAD?

I for one can't wait for the court date

[Simon+Garlick]

Two words:

CHEWBACCA DEFENCE

Re:SCO is criticizing Linus for What??!!

Learn the difference between a patent and a copyright. Source code is copyrighted. Processes for doing things are patented. A copyright prevents a code copy. A patent prevents the implementation of an idea. I think you will find large percentages of open source advocates will agree that ideas should be freely exchanged. And many also believe code should be freely exchanged (see BSD style licenses).

Re:Flaw in the 'shredding' mechanism?

[nathanh]

Sounds like a PERL CHALLENGE!!!

use Digest::MD5 qw(md5_base64);
@lines = <STDIN>;
do {
print "Block beginning line " . ++$n . ": \t" . md5_base64(@lines[0..4]) . "\n";
} while (shift @lines)

Usage: ./script.pl < code.c

Sounds right...

[TFloore]

"If source code is copied from protected Unix code," the SCO document adds, "there is no way for Linus Torvalds to identify that fact."

Yep, I'd say that's an accurate statement, really.

If you are trying to identify closed source/proprietary origins of submitted linux code, there is just one thing you need.

God-like omniscience.

Linus is good, but he isn't that good.

Oh, if you wanted a horrible paperwork audit trail, you could make people include a signed document stating "I am the copyright holder for submitted code" or something like that. But part of the draw of working on OSS is to get away from all the icky lawyers and legal documents.

In this one specific instance, SCO is correct. It doesn't really affect their case at all, but they are still correct about this.

Patent Clearance

[overshoot]

Linus certainly has good company. I know that my employer, at least, tells us the same thing: don't sweat the patents. Our Corporate IP department (not a small one, either) doesn't even do patent clearances on request, because it's too expensive.

If SCO tries to make this case at trial, they're gonna get reamed when IBM inquires into their patent clearance process.

Nobody can afford to do prior patent clearance. All engineering work would stop dead if we did.

Re:Another one

[Quaryon]

Much as I'm also getting slightly bored by these stories, it really is the biggest thing going on for years in the Linux (and maybe the whole Open Source) community. If, somehow, SCO succeeds in winning any of these cases it does have significant repercussions for most people who read Slashdot, somewhere down the line. (I know we all think it can't happen, but someone at SCO obviously believes they stand at least some chance..)

I know, I know, if there's infringing code it can just be pulled out etc, etc, but the PR disaster that would follow could spell real trouble for open source in general - we have to be careful here and not dismiss this totally, just in case it really does happen.

The blanket coverage is justified I think, because the open source movement as a whole really depends on this case being thrown out, or at least won heavily by IBM.

Q.

then he's fine

[Fishstick]

SCO themselves said it..

"If source code is copied from protected Unix code," the SCO document adds, "there is no way for Linus Torvalds to identify that fact."

So, there's no way he could have known in advance if a contribution came from somewhere else? Sounds like they are pointing at the process as the problem, rather than setting Linus up to take the hit.

Different MD5 != Different Code

[godot42a]

Very nice trick :). However, I see two problems:

1. The procedure throws away all code pieces which occur more than once in the same version of the code. Okay, most of them will be trivial, but there might be some that aren't. These pieces aren't compared to the other version of the code. Might be an idea to use a frequency threshold instead.
2. During comparison of the two versions, all code pieces with the same checksum are disregarded. But different checksum does not mean different code! MD5 are computed on string level - let there be an additional comment, or a linebreak, and you won't get a match. Some simple operation to bring the code into a kind of canonical formatting can take care of that.

If you don't do that, you run the risk of losing some correspondences, I'm afraid.

Re:Dumb statment for linus to make

[budGibson]

Well no, his position is more subtle than that. Patent law is based on knowing infringement. By not looking at patents, one cannot knowlingly infringe on a patent. As he points out, this is why engineers should not look at patents.

Linus then goes on to state that the *open* publication process is the best defense. How could Linus or anyone else possibly be aware of all patents? By openly publishing the code and its source, Linus notes that it is possible to back trace to the true "offenders". Linus could have been named as a co-party to the suit. Note that he is not. In a recent interview with CNET, Darl McBride even seemed to agree with Linus' point by stating that having thousands of eyes, open source led to better quality. Well, those eyes might lead to better IP protection too.

SCO's statements just strike me as a tactic to impugn Linus and the whole OS process without going to the mat where they would not have a case. It casts further doubts on SCO's motives.

Patents? WHAT patents?

[ctid]

So it's patents now? SCO don't have any patents that are relevant. If they did, they would have included reference to them in their lawsuit. This is premium-quality BS. The "issue" that SCO has is that IBM and other UNIX licensees have been GPL-ing and submitting stuff that SCO claims is their intellectual property. If this is what has been happening, that cannot be Torvalds' fault. The fault (if any) lies with the submitters. It's not unreasonable for Torvalds to assume that if a patch comes from IBM that IBM has the right to submit it.

Essentially, what SCO is now saying is that if you license UNIX, any ideas that you (perfectly legally) incorporate into your version of Unix belong to SCO, because... well because of course, you couldn't have created it without SCO's huge contribution. I'm sorry, but I'm going to have to call "shenanigans" at this point.

Incidentally, I would point to this link, where the FSF argue that the term "intellectual property" is not useful - because it can be used by disreputable organizations (like SCO for example) to confuse matters relating to copyright, patents, trade secrets etc.

Copyright -- NOT

[OmniGeek]

The only problem I see is that the hashes are still derived from SCO's intellectual property and are therefore still covered by copyright.

Nope, not a problem at all. I'm not a copyright expert, but the hashes would certainly not be covered by SCO copyright for two reasons: 1) They are not an original work of authorship, but instead an application of a mathematical algorithm to "fingerprint" a file; they're just a list of numbers. That would be like copyrighting the output of "ls -l". 2) Even if a judge somehow finds 1) above to be inapplicable, the hashes would certainly fall under the "fair use" exception to the copyright on the SCO files, as they are a form of commentary on them.

Of course, SCO will never agree to such reasonable measures, since they are not fundamentally looking for something reasonable, so the whole thing is moot. A far more likely scenario is that SCO may *eventually* be forced to submit their code base and backups to a court-appointed special master tasked with analyzing the issue of code derivation (what, when, and in which direction), and will be required to fully disclose their development logs to the court. At which time,assuming it ever gets to trial, the case will finally, finally collapse for good and all, and we can get back to sniping at Microsoft.

Common contents

[deepchasm]

The following describes the common sections found by the Inquirer reader (although I have only looked at the linux source files).

• amd7930.c - the matching lines are just a table of constants (a gain curve or something), pretty much straight from the chipset manual, although the comment above the table is also identical - but the BSD contribution is not noted at the top of the file (assuming they mean the audio amd7930.c and not the isdn one).
• slhc.c - this is BSD ppp code, and is copyrighted as such at the top of the file.
• balloc.c - dunno about this, which balloc.c?
• bonding.c - hmmm, the lines seem to correspond to a random section of code in the middle. May be BSD code, but the comments at the top imply that this is all recent stuff.

Of course, this assumes that the line numbers the Inquirer published are for the linux files and not the BSD files (why did they only publish one set?!?)

Re:Common contents

[ratboy666]

amd7930.c

A couple of points. *If* this appears in SCO source, this would be very strange. The 7930 is ONLY used in some 4c and 4m Sparcs. That would be 32 bit SPARC, SBUS based machines. I don't even think these are SUPPORTED by recent Solaris releases.

Nobody uses this for Intel, and these machines are not current anymore.

If SCO has this in THEIR code base, they are really smoking some strange drugs... The only reason this is in Linux is because it was ported to old SUN boxen. Trust me, IBM wouldn't have ANY involvement with that.

Ratboy.

bullshitting...Re:Paradox?

[leuk_he]

"If source code is copied from protected Unix code," the SCO document adds, "there is no way for Linus Torvalds to identify that fact."

True. It is impossible to find out if someone else has a tradesecret.

But then there is a lawyer problem. Linus (or some other kernel hacker) puts a GPL tag on the source. Is he/she allowed to do that? Is the GPL legal? The point is, who GPLed it, and does that make the GPL viral? (And is the Sys V copyright viral?)

They could always sue linus for being a basterd that who not care . He called himself that multiple times in interviews.

Here's a buck.

[leonbrooks]

Go buy yourself some more vowels.

Re:The quotes could hurt quite a bit.

So many patents, so little time...

I've been instructed - more than once - NOT to look at ANY patent databases. "Legal handles that and engineers handles development."
And look at any patents for related material and you'd be tainted (barring yourself from working on related stuff).

Linus' view seems to be legally valid AND sensible. I thought it was silly at the time - and i still do - but its a sideeffect of the patent system; not knowingly walking in someone elses patents would still make your company pay licensing fees, but NOT pay any damages. At least, that seemed to be the reason....
/B

Re:MD5?

[AtariDatacenter]

I was about to say the same thing. Glad I seached first. If it identifies a piece of code with the same hash, then you've got the very piece of code that SCO is trying to keep secret. So, you're asking them to publish their code if there is an exact match.

Sounds like SCO is going to reject this one.

Re:Flaw in the 'shredding' mechanism?

[The+Fun+Guy]

I seems that some of the anaylsis software developed for genomics would come in handy here. The same gene, taken from two different organisms, can be pretty similar in terms of its coding DNA, but have frameshift mutations which make the actual overall sequence pretty different. To analogize DNA (which I know) and computer code (which I barely know), you can think of the protein-coding regions (the exon DNA) as the actual code, and the non-coding junk DNA that interrupts it (intron DNA) as comments, inserted witticisms, copyright statements and other crap that interrupts the code. When you string it all together, a program from two programmers might use the same functional code to do the same job, but the overall sequence of lines of code can be pretty different.

In the case of DNA the frame is three nucleotides; in the case of md5, it appears that the frame can be artibrarily set to 5, 10, 13, whatever. Can the comments and other non-functional lines of code be automatically stripped out before the checksum is run without calling it an examination of the code (which would violate the NDA)? That would help to eliminate a lot of the potential for misaligned comparisons. The genomics software can be told, "I have sequence ATTGCG...CTTACG. See if it or any of its derivative small pieces (of arbitrary length N) can be found in the big genome in the database, wether they appear concurrently or not." Can a similar procedure be used to comare the source code from different versions of the software?

Re:SCO totally evil?

[rutledjw]

I agree. Furthermore, this demonstrates the "Evil" of software patents. Those things will get out of control and will eventually kill innovation in the US. I really feel that US companies will be at a disadvantage b/c non-US companies will be able to use software not legal here.

I think SCO is starting a patent war that may expose SW patents for what they are and the destructive capability they have - while not possessing many (any?) redeeming features.

And what's their winner argument in this case?

Linus is not checking all contributions against potential patents. Are you kidding me? So for every contribution he has to go search the patent database?

SCO and Software Patents, man if we could only hit 2 birds with one stone...

SCO's motivation

[theolein]

Someone posted in the SCO article yesterday, that SCO was in a stock scam, and that their aim was to make money for the board for a while by keeping a high volume in the press before going under when the actual court case proves they do not have any real basis in their case.

I agree that SCO must be one or more of the following things:

1.SCO is indeed doing a stock scam as their actual products are close to worthless. An SEC investigation would be very apropriate here, but would only happen after the fact, sadly.

2.SCO is being funded by another party to persue this scheme, the most likely candidates being Microsoft or SUN, both of whom have a vested interest in seeing Linux and IBM suffer. I would go for Microsoft because while SUN has something to gain in seeing IBM suffer, they also have something to lose if Linux suffers. Microsoft is the only party that has something to gain if both Linux and IBM suffer. It would need a leaked email or something to start the ball rolling on an investigation into this side of the matter though. I also wonder at the same time why no leaked emails have as yet appeared from any SCO employees.

3.SCO's products are absolutely worthless and SCO is indeed trying to do a last ditch fight in order to legally force some kind of artificial marketshare for it's products. The fact that SCO has changed it's public statements on numerous occiasions and even changed the official claim recently (IBM bypassing export controls even though it is no business of SCO to enforce this and the RCU claim which is as patchy as well), means that SCO knows it is on shaky ground. The latest official claims show that SCO is indeed scraping the bottom of the barrel and are truly frightened by the fact that IBM hasn't taken them seriously. Their lawyers nerves must be blank. The accusation against Linux is simply something they are doing in order to try and strengthen their claim. It does however mean that they are actually pouring through every piece of available information in order to come up with some kind of evidence because they truly do not have any that would stand up in court.

The only thing that worries me is that Linus should perhaps learn when to shut the fuck up and think before he speaks. Courts are not democracies and crap like his statments on patents can and will be used against him.

Re:SCO's motivation

[clonebarkins]

The only thing that worries me is that Linus should perhaps learn when to shut the fuck up and think before he speaks. Courts are not democracies and crap like his statments on patents can and will be used against him.

No, he shouldn't check his opinions at all. As has been pointed out, his thoughts on engineers reviewing patents are completely in-line with many of the corporate IP/legal deparments out there. Secondly, Linus isn't being sued (okay, "yet" I suppose), but even if he was he has his behind covered. It can be proven which code came from where, and as long as he didn't provide the "offending" code [which, by the way, is semantically incorrect, since code itself cannot commit an offense] (if there is any) and didn't know that the code was taken from somebody else, then he's off the hook.

Furthermore, his statements about patents have no bearing on the lawsuit as SCO never claimed any patent infringement -- only stolen code (which is a copyright claim).

Re:SCO is criticizing Linus for What??!!

[Theatetus]

OK, I smell troll, but I'll bite anyways:

as I understand it, Linus created the GPL to get Linux out there

Richard Stallman created the GPL in the late 1980's after Gosling forked EMACS and made his version proprietary. Linus didn't start working on his Minix workalike until several years later.

However, by making the linux kernal open source, Linus does not really retain any rights either. Essentially the Linux Kernel is really not owned by anyone individual or group.

Mr. Torvalds retains ownership and copyright of the code he wrote (check the AUTHORS file; in addition, several files contain "copyright [whatever year] Linus Torvalds"). To my knowledge, the other Linux programmers all retained copyright to their code as well. The fact that they have adopted a particular distribution license scheme does not change this fact.

For example, you could not take part of the Linux kernel and publish it claiming you wrote it (for that matter, you can't even do that with BSD). And, if you decide to fork the kernel and start making your own changes, you can't call it Linux (which is a trademark of Linus Torvalds).

IHBT. IHL. HAND.

Yeah, what else will he say in a newsgroup?

[siskbc]

Actually, I've been told exactly the same thing by a number of US patent lawyers. In the US you're liable for greater damages if you violate someone else's patent if you know about it than if you don't. So the last thing any engineer should ever do is admit publicly that they know anything about any patent, because they open their employer up to (IIRC) treble damages. Given how well known this is, I am surprised that it's "news".

Right, so when some developer who is ignorant of US IP law asks Linus for his advice on a patent problem, Linus basically told him to STFU. And it was a good thing he did too - look at the riffraff who ends up pointing at things like that. What if the company owning the patent in question found that email? They wouldn't have to work at all to build a case - you've already proven that Linus and the other developers were aware of your IP at time they were developing a competing product. How smart would it be to document this freaking publicly?

Now, I expect Linus was expecting his flock to read bteween the lines there - it's not good necessarily to be ignorant of other patents - but it's a bad idea to let anyone, inside the company or out, to know about the knowledge. You can't exactly make this official corporate policy, but unofficial policy should be "do your own patent searches. Talk about them with no one."

Has anyone tried using CAP for comparing code?

[nick_urbanik]

An interesting scheme for comparing source code is here, and a paper about the system is here (PDF). Aiken has already processed some version of Linux code with the system; it looks as if this scheme could be helpful in this case. The plagiarism detection system based on this (MOSS) works extremely well, as many students will ruefully agree. Unfortunately, Aiken hasn't published the code, only the algorithm, but the algorithm looks like it could be implemented quite easily (I might have a go this summer).

It is based on something like this:

• Preprocess the code (replace all variables with the letter 'V', strip the comments, replace white space strings with a single character)
• Divide the result into fixed sized units of length k that overlap, each starting at a succeeding character. They call these k-grams
• Efficiently calculate a hash for each of these k-grams
• Divide the result into windows that contain a number of these k-grams
• Within each window, use a method of selecting a subset of these k-grams that does not depend on position, but rather on the k-gram itself, such as the minimum hash value within that window; if there are ties, select the right-most hash value within the window
• The result is the fingerprint of the code
• Any document with fingerprints in common has some code in common with the original source

Okay, that's a very rough idea of the process, but you might have some idea of it now. Check it out yourself if you're interested.

Fixing the MD5 idea

[hobsonchoice]

The MD5 idea is a good idea, but I think it needs some refining.
- You want to get EVERY example, for potential manual review
- You want to avoid any problems with white space leading to different MD5s for "identical" code
- Doing a 5 line compare seems flawed as what if you compare lines 1-5 in A and B, but lines 1-5 in A match lines 2-6 in B

I therefore propose that:

1. before calculating any check sums, both files should be massaged into some common "base" format.
- Remove all white space inc. tabs and spaces
- Concatenate on one long line, but line break immediately after any semi-colon (;) or end-comment (*/) or immediately before begin comment (/* or //) [obviously additional rules for script files, maybe #]
- With comments, line break at least every (say) 20 characters or if there was a line break in original file.
- Maintain some kind of map back from massaged file to Linux source (line 237 in massaged = line 40-42 in Linux source)
- In the massaged file, mark any line less than say 20 characters in a non-comment section as being potentially and probably too small to be copyrightable. This would eliminate stuff like i++; or #include . Matches for these should still show up in the overall results, but be considered as less important unless there are also lots of "more important" matches in the same source file as well.

2. Run both sets of sources thru this algorithm, and calculate two or more hashes for each line, say MD5 and some kind of CRC. If both sets of sources match for all the hashes, a match is found. This is to reduce number of false positives.

Linus hit the nail on the head

[bourne]

Linus wrote:

"...the transparency in the process also means that if dishonesty happens, you can go back and see what went on."

Right on. In other words, if SCO would release info on what was copied, then by going through the archives it will be possible to see who contributed it, and under what auspices. So we can see if IBM did it, if Caldera did it, if John Quackenschmoe did it, and if there is a violation hold the appropriate party responsible and stop the FUD.

Of course, the fact that SCO hasn't done this only shows that the pieces of paper they hold in their hands, probably don't have the names on it they say they do.

Insightful closing quote

[phiwum]

The NY Times article had a surprisingly insightful closing quote.

Indeed, because Linux code is published publicly, it is easier to track what I.B.M. contributed to the operating system. But the issue, of course, is whether SCO's Unix license covered any of the code I.B.M. put into Linux.

Should the SCO suit turn up any offending code, the open nature of Linux â" and the many programmers working on it â" will ensure a quick solution, according to open- source software experts.


Now, that should be old news for /. readers, but it's refreshing when a mainstream article makes this point explicit. Slowly, perhaps, the general (non-geek) public will understand open source software and the issues surrounding it.

FFS, I'll sign the NDA

[xA40D]

SCO won't let people see the contested source code without signing an outrageous NDA

This SCO thing is really starting to f**k me off. It's all just insubstantial FUD with sod-all solid facts. SCO's even looks like it's aiming it's guns at BSD - which is crazy as there has NEVER EVER been any System V code in any of the BSDs. I'm of the opinion that SCO's strategy is to declare total war on the entire Unix community in the hope that people fold. Criticize SCO and you'll be next....

So my message to SCO has to be put-up or shut-up.

I'm not a Linux user, I don't hack kernels. But I can find my way around source-code. So come on SCO I'll sign your fscking NDA to see what you're carping on about. I'll even check it against the BSD sources too....

Re:FFS, I'll sign the NDA

[!Squalus]

Don't do it. If you sign their onerous NDA, you may be "in the know", but you will be "held accountable" for anytjhing you say or write, and could be forced to testify on their behalf, and even muted in what you CAN say at that point.

That is what is wrong with their NDA. You cannot tell the truth if you do sign the NDA, or work on code anymore, or develop anymore without having given them control over you. Why on Earth would anybody want these people to gain control? They are complete loonies anyway. They probably have the support of the RIAA, Senator Orin "Booby" Hatch and others of that ilk. we know that Microsoft supports them, and at least one other "as yet unnamed" vendor.

We all know that they cannot stand freedom or innovation, because they don't own you anymore. That is what is wrong with their arguments.

Imagine a future where the public domain does not exist. Where no product is ever allowed to be "public", where owning a book is illegal until you pay for it every time you read its pages, where you can't own a pen and toilet paper because you *might* write something and you have a vision of what it is these people really are all about.

They hate humanity and our ability to think and reason and invent. They just want consumers of the garbage culture they purvey. Not me pal, I can think and write for myself, and every idea in Unix, Linux, and other Operating Systems did not descend down these stock-shysters precious "source-tree of invisibility".

Never, ever, sign an agreement with them unless you enjoy being in a lwasuit. They cannot be trusted, and you'll only pay for it in terms of your job, livelihood and reputation.

Think about it, honestly. I mean you no harm and only mean to advise you against signing this thing as a concerned human being who wants you not to be harmed.

Re:SCO totally evil?

[SillySlashdotName]

Linus is not checking all contributions against potential patents. Are you kidding me? So for every contribution he has to go search the patent database?

From the article:

"If source code is copied from protected Unix code," the SCO document adds, "there is no way for Linus Torvalds to identify that fact." (emphasis added)

So they are saying Linus is a bad boy because he is NOT doing something THEY ACKNOWLEDGE HE CAN'T DO, even if he wanted to - which he has said he does not want to, and for good, sound, and sufficient reasons.

SCO(Caldera), I don't care how many lawyers you bring into the case, you are not able to hold someone to a standard that you then point out is unattainable.

Go after SCO's management

[Aceticon]

I believe that our efforts should be aimed at identifying and exposing the top managers at SCO.

SCO is a company but it is also a group of people. SCO's current actions have to had been sanctioned by management at the highest level. Someone made a choice, someone said "let's go ahead with this".

So make it personal. By exposing each and every of SCO's top-level managers as being associated and willing participants in this mess their chances of ever again be employeed in a top-level management position (at least in this industry) are highly decreased.
This is especially true if they are tracked into any new job they go into and the company that employes them is exposed (thus being smeared along with SCO by their choice of managers) - any company that hires any one of those persons has a business ethics (or more precisely lack of it) that accepts this type of attitude.

Decisions are taken by someone (companies do not take decisions). Those that take the decisions (or are willing participiants in taking those decisions) should be made to assume their responsabilities instead of being allowed to hid behind a SCO-mask.

complaining about their own actions

[Stephen+Samuel]

"If source code is copied from protected Unix code," the SCO document adds, "there is no way for Linus Torvalds to identify that fact."

Yep. and that's because SCO refuses to identify the protected code.

They also complain that Torvalds refuses to go hunting patents.. That's also appropriate. One of the best ways to avoid violating patented methods is to not know about them. If the solution is an obvious one, then the fact that you came to the same solution without konwing about the patent is almost a sufficient defence. On the other hand, if the solution is not an obvious one, then chances ar that you'll come up with a solution different enough from the pattern that the difference is a sufficient defence.

The purpose of a patent is to document a method such that (once the patent expires) anybody else can use it. The patent monopoly is just to ensure that people have an incentive to register their patents so that they ultimately do go into the public domain.

An interesting feature about the OS process is that -- once something goes into an OS project, it is (or at least should be) essentially unpatentable -- this is because any open source project is effectively published.. Especially for large and well-distributed projects like Linus, it's almost trivial to prove when that idea was published.

If you take the time to hunt patents before you use an idea, you run the risk of delaying the publication of an idea long enough for someone else to patent it.

The long and short result is that it's easier (and even better) to implement an idea and then wait to see if someone complains about a patent infringement than to go wandering through the patent office looking for something that may be the same as what you are using.

Reading through a patent application well enough to understand whether or not it applies to an idea is a long, difficult and dirty job. I'd much rather leave that to someone who's paid to do it (like the patent owner's lawer). Once the issue is raised by somene who cares about it then I'll deal with that bridge when I come to it.

I think that Linus has the same idea, and it sounds like he got it from his business colleagues.

Start here

[utahjazz]

Here is a good old one-liner that produces a list of files with duplicate contents:

find . -type f -exec md5sum '{}' ';' | sort | uniq --all-repeated=prepend -w 33 | cut -c 35-

I'll bet you could do the 5-line splitting, and some whitespace ignoring and still keep it a one-liner.

Jayson Blair school of fact checking

[virtigex]

Anybody here see the irony of SCO's comments appearing in the New York Times, previous employer of Jayson Blair. Now we have two reality distortion fields to deal with.

I LOVE the head line!

[funwithBSD]

I.B.M.'s Opponent in Suit Criticizes Linux Advocate

SCO is so insignificant it is not mentioned the headline! Those guys at the Times are smarter than I thought, I may have to kick down for a subscription.

It is just so sad, I learned Unix on SCO, back in '92. Shame to see the old girl is on crack.

This "derivative" shit of SCO's is stupid.

[mark-t]

I have no other words for it. "shit", and "stupid" pretty much say it as well as I possibly can.

Even if every single line of code the SCO is objecting to happened to get removed by some massive kernel overhaul by someone who had never had the opportunity to see SCO's "evidence", SCO would still claims rights over the changes as a derivative work because they consider the fact that their code was merely inspiration to be a cause for the new code to be "derivative".

SCO would consider any code developed based merely on what one had learned from Unix code to be derivative. This would mean that at least 3/4 of the programs I wrote in Operating Systems class were probably infringing in some way on SCO's IP. The GPL does not consider code developed based on what one learned from GPL code to be derivative -- The GPL only considers a derivative if it is copied and modified, not if it is completely rewritten from scratch by the application of actually understanding what the code does.

Let's say, for example, I wrote a book that had all the same concepts and ideas as Lord of the Rings, but didn't use any of Tolkien's names or trademarks. Having already read LotR, my book would obviously be a "derivative". Indeed many people might say my book was just a knockoff of LotR. While many Tolkien fans would likely be outraged at my writing it, I wouldn't actually be breaking any copyright laws, however. The most anyone could do would be to personally boycott my work, but they couldn't stop me from publishing it or from it being distributed anywhere I chose.

Just as a quick recap, here are the four major IP's. I find it interesting that SCO has changed its story so many times, it's hard to actually tell which sort of IP they actually have that they are referring to. It seems like the premise of trade secret is closest to what they mean, but they keep talking about owning rights to derivative works, which has to fall back on the strength of copyright, not trade secrets.

Copyright only protects content, it cannot protect ideas. Copyright also has provisions for protecting works that can reasonably be considered derivatives, such as translation into another language, changing the media of distribution, and several others. Trade secret can protect ideas, but it cannot protect them once they are publically known (although it is entirely reasonable to make a claim for damages from the party that caused ones trade secret to become public in the first place). Further, trade secrets do not protect against reverse engineering or reinvention. Patents more completely protect inventions and methods, even to the point of stopping reverse engineering, but unlike trade secrets, *MUST* be public knowledge in order to retain patent protection. Trademarks protect terminology, must be publically known, must be defended in order to be retained, and only apply to the field in which the trademark itself is applied (for example, a person should be able to start a plumbing business called "Apple Plumbing", without violating Apple's trademark).

Missing the point

[tkrotchko]

When you buy SCO Unix (ha!) or AIX, or MS Windows, or anything, how do you know, as a customer, that its unemcumbered by patents?

As a developer, when you write a bubble sort, how do you know someone hasn't patented the idea?

As a company, given the vague nature of software patents ("A method to do ecommerce using a single button on a web page..."), and also given that developers don't necessary explicitly say what methods they're using. So a search is not reasonably possible.

Finally, even if you buy into the idea of software patents, how would you know if MS had infringed? Unless you have access to the source code, you have no idea. And last I check, MS doesn't readily hand out source code to make sure they're not violating any software patents.

In points out the fallacy of software patents, it highlights the stupidity of granting them, and it shows why all software patents are unenforceable, *except* against open source software.

Software patents must be eliminated: they serve no purpose except as litigation tools for large companies.

SCO's claims

[eric76]

One thing to keep in mind is that the code SCO claims is infringing on their rights did not already exist in SCO's copies of System V and their own derived code.

What SCO is claiming is that their rights include the modifications made by companies licensing the AT&T System V code.

Their contracts specify that any derived works created by the licensees is also covered by the license.

But their use of the phrase "derived works" does not seem at all reasonable or acceptable.

The question is what does the phrase mean? If you look at Title 17 of the U.S. Code (available from wwww.law.cornell.edu), you find the following definition:

A ''derivative work'' is a work based upon one or more preexisting works, such as a translation, musical arrangement, dramatization, fictionalization, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which a work may be recast, transformed, or adapted. A work consisting of editorial revisions, annotations, elaborations, or other modifications which, as a whole, represent an original work of authorship, is a ''derivative work''.

In other words, when you modify SCO's licensed code, the result is a derivative work and is consequently covered by the license.

However, they are claiming that the modifications themselves are also derivative works, apart from the object being modified.

But if you look at the definition, the derivative work is a transformation, adaptation, revision, ..., of the original work.

The code in question is largely or maybe entirely code that was done by others apart from AT&T/Novell/SCO and added to their licensed copy of the code to create something better. The code that you get when you add the additional code to the original code is clearly a derivative work and SCO clearly has interests in keeping you from distributing the resulting derivative work.

But SCO seems to be claiming that the code added to System V to create a derivative work of System V is itself a derivative work.

The only other possibility I can imagine is that they are claiming that you can't copy code directly from the derivative work into another product because of the licenses. (See Exhibit C of their lawsuit.)

But I haven't seen any evidence that IBM has done that. If someone at IBM excerpted the additions to the code so that none of the System V code was present and those excerpts were added to the Linux code, I don't think think there would be any violations at all.

If someone at IBM did copy the additions directly from the derived work and was careful to avoid copying any System V code over, I suppose that would be a technical violation of the contract. I think a technical violation of that sort would be so minor that they wouldn't warrant anything more than a letter from SCO to IBM demanding that they be more careful.

And there are no allegations that I've heard that IBM did a copy and paste of their own additions directly from the SCO code to their own code.

It would be nice to find out what some knowledgeable lawyers thought about the issue of whether or not adding Sequent or IBM's own code to System V makes their own code a "derived work" of System V. It could be that the legal system sees it some other way.

One other point. If SCO is interpreting the phrase "derived work" in an unobvious way, then the phrase should probably have been clarified in the agreement instead of leaving it ambiguous. In law, isn't an ambiguity in a contract generally interpreted against the side who wrote the contract? Since the basic contract was probably written by AT&T and then hammered out between both sides, I think that any ambiguity would likely be decided in IBM's favor.

Go after SCO's management - yer wish is my command

[GojiraDeMonstah]

http://www.caldera.com/company/execs/ tells us:

• Darl C. McBride - President and Chief Executive Officer
• Robert K. Bench - Chief Financial Officer
• Sean Wilson - Senior Vice President, Corporate Development
• Jeff Hunsaker - Senior Vice President, Worldwide Marketing
• Chris Sontag - Senior Vice President and General Manager, SCOsource Division
• Opinder Bawa - Senior Vice President, Engineering and Global Services
• Reg Broughton - Senior Vice President, Worldwide Operations
• Larry Gasparro - Senior Vice President, North America Sales

Each has a bio page, but no email address.

Re:SCO totally evil?

[john+bigbootay]

Research a little further into the personalities behind SCO, and you'll find a very committed group of opportunists that have run this scam before, and won. Read this backgrounder at Forbes.com: http://www.forbes.com/2003/06/18/cz_dl_0618linux.h tml

Not copyright; contract

[Tony]

Furthermore, his statements about patents have no bearing on the lawsuit as SCO never claimed any patent infringement -- only stolen code (which is a copyright claim).

It's a little more subtle than this. SCO isn't even calling it a copyright infringement; they are suing for breach of contract. Part of the breach of contract claims IBM used parts of System V (which SCO claims as their own) in beefing up Linux.

Now, which parts? Apperantly, SCO claims that one specific area of infringement is in the RCU code, which removes a major bottleneck for >4 CPU machines. Sequent "invented" the RCU algorithm; Sequent was later purchased by IBM.

So how does this constitute breach of contract? SCO claims that the Unix contract signed by IBM (and, in fact, by every Unix signee) includes provisions for SCO to claim all derivitive works.

This is the crux; SCO has stated (through its top administrators) that all modern operating systems are merely derived works; they have hinted this includes MS-Windows, and they also want to re-visit the BSD decision.

This is patently rediculous. (Excuse the pun. Couldn't resist.) But, if SCO succeeds in their assault on IBM, they will have a case against every other Unix provider, and against Linux. They will probably have no case against Microsoft (who would most likely pay SCO off anyway, rather than face more bad publicity) or BSD, but that wouldn't stop them from trying with their new-found booty.

This is shares some attributes of the British Telecom case against (Compuserve? Prodigy? Don't remember off the top of my head), based on the scope of the claims. BT wanted to own the Internet; SCO wants to own every OS. The greatness of their chutzpah is stunning.

These guys must have Epcot-sized testicles.

Re:talent

[tomhudson]

Well, let's see ...

It could be argued that way in the earlier days, when people went around Microsoft wearing buttons saying "B.O.G.U.S." (bend over, grease up, sucker) to remind those whose stocks hadn't yet been vested that their stock holdings were (also a not-so-subtle badge of seniority)

Let's face it - you've become a millionare, you want a home life, you leave. Lots of talent left - some temporarily (gone to pick lettuce, as one employee did, just to get a break), and others, well, they either retired, or created/joined start-ups.

Remember - no overtime/weekend pay, the expectation of 80-100 hour weeks as normal, etc. And fewer interesting challenges for top coders. Under those conditions, the ones who stay are the ones you would want to leave, so we're probably seeing a rush to the bottom in terms of code talent/quality at Microsoft.

This would explain why they had to take a couple of months to "refresh" people on the idea that buffer overflows are a "bad thing". And, when taht didn't work, appoint a group of code reviewers just to check for such inanities.

Only Takes One Dishonest Coder to Make SCO Right

[reallocate]

Not quite. SCO does seem intent on dancing on the thin edge, but their strategy appears to be placing Linux and IBM on the defensive, i.e., making the Linux community prove it didn't steal code. In this instance, SCO is positioning itself to assert that someone could easily slip proprietary code into Linux because no one is checking to make sure they don't. To bolster that assertion, they can produce Linus' statement counseling contributors to avoid reviewing patents. Can the Linux community show a court anything to the contrary?

Knowledge of the technical issues isn't required of the court. Knowledge of patent law is required. If SCO does, in fact, show a court proprietary code copied into Linux, IBM and the Linux community will need good lawyers, not more assertions that the openness of their development process keeps people honest.

It only takes one dishonest developer to make SCO right.

Re:SCO totally evil?

[jedidiah]

However, this standard is not attainable by SCO either. It may not even be attainable by IBM.

Their entire rant can be turned back on them and used to expose their own poor practices.

The development model has nothing to do with whether or not the problem is soluable.

Maybe we're getting somewhere now with this...

[ctid]

I think I'm beginning to get a handle on what has happened here. Suppose I license Unix from SCO and create my own version called AndyIX. Subsequently, I get my hands on some cool NUMA hardware and decide I'm going to port AndyIX to this new system. A little while later, I end up with something like this:

#ifdef NUMAMACHINE
blah blah blah
#else
yada yada yada
#endif

My customers are really happy with this, and I make a bit of cash out of it. A few years later, I decide to port Linux to run on this nice NUMA hardware; of course I'll GPL my changes (blah blah blah) but my plan is to sell services to customers who want to run Linux rather than AndyIX on this HW. So, I adapt blah blah blah to Linux's way of doing things (leaving most of the comments unchanged of course). Eventually, I submit the new version of blah blah blah to the appropriate member of the Kernel team and the code is incorporated into the Linus's official kernel tree.

So now SCO come along and say that they own blah blah blah, because I implemented it into AndyIX first. As far as I can see, this seems to be the basis of SCO's "case". If the GPL is "viral", then SCO's Unix licence must surely qualify as a WMD?!

Why would this change anything?

[Kjella]

SCO could already provide us with a list of files and line numbers they claim are infringed, since they have access to both sources.

They could already have stated "We claim line 13-37 of /foo/bar.c in Linux 2.4.18 violates our IP rights" and it would not violate their IP at all, since it simply a reference to a location in a public work.

To make a more concrete example, I could claim that Stephen King's latest novel has sentences identical to mine. But when asked to point them out, I would answer "No, that would reveal what my sentences are. See you in court." Does that make any kind of sense?

The fact that they won't show it except under an NDA, makes it very clear that they do not *want* to identify the infringing pieces, if there are any at all. They certainly don't want anyone to be able to find them or replace them.

The MD5 approach would be appropriate for two closed source companies disputing the same problem - it allows a comparison by a third party without compromising either codebase. But in this case SCO has already done what the program is meant to do - they just won't tell you the results. Period.

Kjella

Pump and dump? SCO insider trades

[wrestler]

SCO management has been selling stock lately (June 5 - June 11). Look here for details.

This comes after almost two months of no insider trades.

Linus' "anti-patent" message

[JWSmythe]

I found the thread that they're citing.
In the mlist.linux.kernel From 02-Aug-2002 to 12-Aug-2002

The conversation isn't about SCO at all. The conversation started about virtual memory, and some SGI patents.

Linus' comment was to the effect that it's a waste of time for programmers ("technical people"). It's very likely someone has patented any idea you can come up with. Even if we see the patent, we aren't qualified to judge if it effects us. That's the legal department(s) problem (or your lawyer, or whoever). IANAL. LINAL (Linus is not a lawyer), but a lawyer would be more than happy to tell you that they understand the law better than us technical people. :)

Think of the recent stories on here about tabbed browsing, hyperlinks, and the one-click purchase. Read the full thread to get it in context, rather than a couple lines thrown in a news story. I doubt that I've written anything that hasn't been patented before, even though I stick (c) on all my code. :)

BTW, the filters on here really suck. I've been trying to post this message, but have been hitting filters all over the place. The current one I'm hitting is "Your comment has too few characters per line (currently 33.3).", so I'm just filling in some space here to get it to post, without changing any of the quoted material. {sigh}

Now for the real messages (quoted directly from dejanews).

x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x- x- x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x

From: Linus Torvalds (torvalds@transmeta.com)
Subject: Re: large page patch (fwd) (fwd)
Date: 2002-08-11 16:42:30 PST

On Mon, 12 Aug 2002, Daniel Phillips wrote:
>
> It goes on in this vein. I suggest all vm hackers have a close look at
> this. Yes, it's stupid, but we can't just ignore it.

Actually, we can, and I will.

I do not look up any patents on _principle_, because (a) it's a horrible
waste of time and (b) I don't want to know.

The fact is, technical people are better off not looking at patents. If
you don't know what they cover and where they are, you won't be knowingly
infringing on them. If somebody sues you, you change the algorithm or you
just hire a hit-man to whack the stupid git.

Linus

x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x- x- x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x

From: Linus Torvalds (torvalds@transmeta.com)
Subject: Re: large page patch (fwd) (fwd)
Date: 2002-08-11 16:44:17 PST

On Sun, 11 Aug 2002, Linus Torvalds wrote:
>
> If somebody sues you, you change the algorithm or you just hire a
> hit-man to whack the stupid git.

Btw, I'm not a lawyer, and I suspect this may not be legally tenable
advice. Whatever. I refuse to bother with the crap.

Linus

x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x- x- x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x

From: Linus Torvalds (torvalds@transmeta.com)
Subject: Re: large page patch (fwd) (fwd)
Date: 2002-08-11 19:22:06 PST

On Sun, 11 Aug 2002, Larry McVoy wrote:
>
> This issue is more complicated than you might think.

No, it's not. You miss the point.

> Big companies with
> big pockets are very nervous about being too clo