Slashdot Mirror
SCO Berates Linus' Approach To Kernel Contributions
Matthias_305 writes "The New York Times has an article about a new court document in which SCO critizes Linus Torvalds touting the 'inability and/or unwillingness of the Linux process manager, Linus Torvalds, to identify the intellectual property origins of contributed source code.' They claim to have got evidence from a conversation on the kernel mailing list in which Torvalds advocates programmers shouldn't care about patents. According to the article he stands by his view which is at least 'candid'." On a related note, BobDowling points to a proposal at The Inquirer ("Shutting down SCO's FUD machine") regarding SCO's claims. "SCO won't let people see the contested source code without signing an outrageous NDA but the article gives a mechanism for publishing appropriate MD5 checksums which allow code trees to be compared without anyone else seeing the code. This is offered as a means to locate the source of SCO's contested code. ... This mechanism gives a concrete procedure that SCO can be challenged to follow as part of the community's "put up or shut up" response. There would be no threat to SCO's claimed IPR."
free link
GO LINUS, GO!
of course Linus is going to have little regard for software patents. He's a European and that's one bit of stupidity we have yet to import from the US (please God we never do).
I'm surprised SCO hasn't tried to persuade Linus to support them. "Join me my son!". ;-)
Bad analogies are like waxing a monkey with a rainbow.
'inability and/or unwillingness of the Linux process manager, Linus Torvalds, to identify the intellectual property origins of contributed source code.'
Seems they want to bully Linus to present the evidence for their cause they failed to present. This seems at least irrational to me.
SCO's approach seems to scare everyone that Linux is illegal dynamite, waiting to blow a hole through their purses. If they're really concerned and ethical, should they not go upfront and declare the violations in the code and be done with it?
Secondly, what if someone had poisoned the code over a period and SCO's blowing the whistle now? Something like the tcpdump files getting infected with a trojan?
If you keep throwing chairs, one day you'll break windows....
Also, Linus was advising developers that they don't look at patents, for if the kernel is hit by one of them (some are pretty broad), it would be much more trouble if the alleged patent infringement were done knowingly.
I suppose this is a reasonable tactic used by everyone, yet one can criticize it if he like.
A common fallacy, but both Open Source and Free software *depend* on intellectual property rights.
Without it there would be no reason to agree to the OS or Free license terms (you could just ignore them and do what you like) and therefore no onus to put back into the pool any improvements etc you might make.
Bad analogies are like waxing a monkey with a rainbow.
I used to work in pharma research. The patent lawyers used to tell us not to worry about patents until close to the end of our research. And then let the lawyers look at patents.
The reason for this is that patents are complicated and claims are not easy to understand. For instance some chemical/protein/DNA/whatever could be patented for a very specific use (it normally is). You can still use it for a totally different reason.
So from my own experience I can see that Linus attitude is perfectly correct.
I'll do it for cheesy poofs.
You'd want Linus to compare both codes and after that sue him for "inspiration"?
Look, Linux, you've seen all SCO code, now don't say you weren't influenced by it. As we said earlier, it is technologically impossible for anyone to produce great code without copying it from us.
They're shooting themselves in the foot, and remove their shoes beforehand!
I was getting worried. It had been almost a whole 24 hours without an SCO update. If it reached a full day I don't know what I would have done.
As I understand it, the lawsuit is about IBM contributing code to Linux that SCO claims it owned the rights to, and which they didn't have the right to distribute. There was no way Linus or anyone else who didn't have access to IBM's contracts with SCO, could determine that. In any event, the case certainly doesn't seem to have anything to do with patents.
One can only draw the conclusion that they're throwing mud in the hope that some will stick.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Here's the relevant section:
*SNIP*
"I do not look up any patents on principle because (a) it's a horrible waste of time and (b) I don't want to know."
"The fact is technical people are better off not looking at patents. If you don't know what they cover and where they are, you won't be knowingly infringing on them," Mr. Torvalds wrote in the e-mail message last August.
In an e-mail interview earlier this month, Mr. Torvalds explained that his was a candid view in the murky, complex realm of software patents these days.
"Hey, one of the advantages of not personally being involved in any of the commercial Linux players is that I can be honest," Mr. Torvalds wrote. "In fact, openness pretty much requires it â" there is no corporate speak here. Ask any lawyer in a tech company (off the record, so that he can be honest too), and he'll tell you that engineers should absolutely not try to look up other people's patents. It's not their job, and you don't want them tainted."
What's so terrible about that? Why would you bias yourself (and waste a LOT of time) by poring over someone's code before writing your own? You may subconsciously emulate what they've done, and taint any originality you might have started with.
Same thing goes for other disciplines. In medicine, one should talk to the patient first, THEN read their medical records... you want an honest gestalt, unbiased by somebody else's interpretation of signs and symptoms. Isn't that what a second opinion is supposed to be?
This sounds to me like the old "better to beg forgiveness than ask permission" philosophy. Big whoop... give linus a break, SCO.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
A point seems of major importance and I have not seen it addressed so far. In such a situation, how could SCO prove they did not steal a part of the linux kernel ? Is there an official organism in the US where companies can register source code for future legal problems ? If not, how is that supposed to work ? Experts would look around at SCO's and get convinced (or not) by the internal memos and CVS logs ? I know we are talking about the US legal system, but that's totally surrealistic to me ...
What I don't understand about the SCO/IBM case, is why IBM isn't taking action to immediately stop SCO from doing what they are doing. I am sure it must be affecting their AIX business, and I can't believe that there isn't a legal method they can use to take some kind of cease and desist out on SCO.
If such a law doesn't exist in the USA, does that mean Pepsi can say they have proof that Coke has dog poo in it, but they aren't going to show the proof? I doubt it somehow.
Furthermore, if SCO are doing these things just to manipulate their share price, and the allegations turn out to be baseless, surely that is fraud?
The scheme instead computes an MD5 sum for each line (actually each five lines together) and publishes the hashed versions of the files. Then anybody can do the line by line compare without ever seeing a readable version of the source code.
The theory is that SCO can't complain about somebody distributing these hashes because you can't get the source code from it.
The only problem I see is that the hashes are still derived from SCO's intellectual property and are therefore still covered by copyright. SCO could still put up a stink about it. Especially since they have stated that their goal is to sue IBM for money rather than to identify the peices and rectify the situation. SCO has said that they are afraid that if the lines are known, the problem will be fixed and they won't be able to sue any more. (Poor babies.)
I have not seen any post from any SCO people standing up for or against anything lately. Can SCO management legally gag their employees during this litigation? Not trolling or stirring, just deafen by the silence.
Learn the difference between a patent and a copyright. Source code is copyrighted. Processes for doing things are patented. A copyright prevents a code copy. A patent prevents the implementation of an idea. I think you will find large percentages of open source advocates will agree that ideas should be freely exchanged. And many also believe code should be freely exchanged (see BSD style licenses).
As all hashes go, and I know, it's mathimatically "very hard", two different byte segments CAN have the same md5 sum. Longer they get, harder it is...
Uhh, well, the probability that a given line of code has a certain MD5 checksum is 1 to 340282366920938463463374607431768211456.
That's way less probable than the probability of a false positive in a DNA test. (I.e. "Good enough" for a match)
So, unless I see a two headed guy with dark sunglasses, climb into his shiny spaceship and start it's engines, I belive SCO could very well use this technique to demonstrate what part of their code is in Linux.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Yep, I'd say that's an accurate statement, really.
If you are trying to identify closed source/proprietary origins of submitted linux code, there is just one thing you need.
God-like omniscience.
Linus is good, but he isn't that good.
Oh, if you wanted a horrible paperwork audit trail, you could make people include a signed document stating "I am the copyright holder for submitted code" or something like that. But part of the draw of working on OSS is to get away from all the icky lawyers and legal documents.
In this one specific instance, SCO is correct. It doesn't really affect their case at all, but they are still correct about this.
This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?
The only problem I see is that the hashes are still derived from SCO's intellectual property and are therefore still covered by copyright.
Nope, not a problem at all. I'm not a copyright expert, but the hashes would certainly not be covered by SCO copyright for two reasons: 1) They are not an original work of authorship, but instead an application of a mathematical algorithm to "fingerprint" a file; they're just a list of numbers. That would be like copyrighting the output of "ls -l". 2) Even if a judge somehow finds 1) above to be inapplicable, the hashes would certainly fall under the "fair use" exception to the copyright on the SCO files, as they are a form of commentary on them.
Of course, SCO will never agree to such reasonable measures, since they are not fundamentally looking for something reasonable, so the whole thing is moot. A far more likely scenario is that SCO may *eventually* be forced to submit their code base and backups to a court-appointed special master tasked with analyzing the issue of code derivation (what, when, and in which direction), and will be required to fully disclose their development logs to the court. At which time,assuming it ever gets to trial, the case will finally, finally collapse for good and all, and we can get back to sniping at Microsoft.
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
The following describes the common sections found by the Inquirer reader (although I have only looked at the linux source files).
Of course, this assumes that the line numbers the Inquirer published are for the linux files and not the BSD files (why did they only publish one set?!?)
Go buy yourself some more vowels.
Got time? Spend some of it coding or testing
Frankly, I think an icon of a monkey humping a football would pretty much sum up the caliber of executive decisions we're seeing out of SCO these days.
I think SCO is starting a patent war that may expose SW patents for what they are and the destructive capability they have - while not possessing many (any?) redeeming features.
And what's their winner argument in this case?
Linus is not checking all contributions against potential patents. Are you kidding me? So for every contribution he has to go search the patent database?
SCO and Software Patents, man if we could only hit 2 birds with one stone...
Computer Science is Applied Philosophy
It is based on something like this:
- Preprocess the code (replace all variables with the letter 'V', strip the comments, replace white space strings with a single character)
- Divide the result into fixed sized units of length k that overlap, each starting at a succeeding character. They call these k-grams
- Efficiently calculate a hash for each of these k-grams
- Divide the result into windows that contain a number of these k-grams
- Within each window, use a method of selecting a subset of these k-grams that does not depend on position, but rather on the k-gram itself, such as the minimum hash value within that window; if there are ties, select the right-most hash value within the window
- The result is the fingerprint of the code
- Any document with fingerprints in common has some code in common with the original source
Okay, that's a very rough idea of the process, but you might have some idea of it now. Check it out yourself if you're interested.The MD5 idea is a good idea, but I think it needs some refining.
//) [obviously additional rules for script files, maybe #]
- You want to get EVERY example, for potential manual review
- You want to avoid any problems with white space leading to different MD5s for "identical" code
- Doing a 5 line compare seems flawed as what if you compare lines 1-5 in A and B, but lines 1-5 in A match lines 2-6 in B
I therefore propose that:
1. before calculating any check sums, both files should be massaged into some common "base" format.
- Remove all white space inc. tabs and spaces
- Concatenate on one long line, but line break immediately after any semi-colon (;) or end-comment (*/) or immediately before begin comment (/* or
- With comments, line break at least every (say) 20 characters or if there was a line break in original file.
- Maintain some kind of map back from massaged file to Linux source (line 237 in massaged = line 40-42 in Linux source)
- In the massaged file, mark any line less than say 20 characters in a non-comment section as being potentially and probably too small to be copyrightable. This would eliminate stuff like i++; or #include . Matches for these should still show up in the overall results, but be considered as less important unless there are also lots of "more important" matches in the same source file as well.
2. Run both sets of sources thru this algorithm, and calculate two or more hashes for each line, say MD5 and some kind of CRC. If both sets of sources match for all the hashes, a match is found. This is to reduce number of false positives.
The NY Times article had a surprisingly insightful closing quote.
/. readers, but it's refreshing when a mainstream article makes this point explicit. Slowly, perhaps, the general (non-geek) public will understand open source software and the issues surrounding it.
Indeed, because Linux code is published publicly, it is easier to track what I.B.M. contributed to the operating system. But the issue, of course, is whether SCO's Unix license covered any of the code I.B.M. put into Linux.
Should the SCO suit turn up any offending code, the open nature of Linux â" and the many programmers working on it â" will ensure a quick solution, according to open- source software experts.
Now, that should be old news for
Phiwum's law: anyone that names an obvious law after himself and then puts it in his own sig is just pathetic.
Linus is not checking all contributions against potential patents. Are you kidding me? So for every contribution he has to go search the patent database?
From the article:
"If source code is copied from protected Unix code," the SCO document adds, "there is no way for Linus Torvalds to identify that fact." (emphasis added)
So they are saying Linus is a bad boy because he is NOT doing something THEY ACKNOWLEDGE HE CAN'T DO, even if he wanted to - which he has said he does not want to, and for good, sound, and sufficient reasons.
SCO(Caldera), I don't care how many lawyers you bring into the case, you are not able to hold someone to a standard that you then point out is unattainable.
Acts of massive stupidity are almost never covered by warranty. --me.
I believe that our efforts should be aimed at identifying and exposing the top managers at SCO.
SCO is a company but it is also a group of people. SCO's current actions have to had been sanctioned by management at the highest level. Someone made a choice, someone said "let's go ahead with this".
So make it personal. By exposing each and every of SCO's top-level managers as being associated and willing participants in this mess their chances of ever again be employeed in a top-level management position (at least in this industry) are highly decreased.
This is especially true if they are tracked into any new job they go into and the company that employes them is exposed (thus being smeared along with SCO by their choice of managers) - any company that hires any one of those persons has a business ethics (or more precisely lack of it) that accepts this type of attitude.
Decisions are taken by someone (companies do not take decisions). Those that take the decisions (or are willing participiants in taking those decisions) should be made to assume their responsabilities instead of being allowed to hid behind a SCO-mask.
I.B.M.'s Opponent in Suit Criticizes Linux Advocate
SCO is so insignificant it is not mentioned the headline! Those guys at the Times are smarter than I thought, I may have to kick down for a subscription.
It is just so sad, I learned Unix on SCO, back in '92. Shame to see the old girl is on crack.
Never answer an anonymous letter. - Yogi Berra
When you buy SCO Unix (ha!) or AIX, or MS Windows, or anything, how do you know, as a customer, that its unemcumbered by patents?
As a developer, when you write a bubble sort, how do you know someone hasn't patented the idea?
As a company, given the vague nature of software patents ("A method to do ecommerce using a single button on a web page..."), and also given that developers don't necessary explicitly say what methods they're using. So a search is not reasonably possible.
Finally, even if you buy into the idea of software patents, how would you know if MS had infringed? Unless you have access to the source code, you have no idea. And last I check, MS doesn't readily hand out source code to make sure they're not violating any software patents.
In points out the fallacy of software patents, it highlights the stupidity of granting them, and it shows why all software patents are unenforceable, *except* against open source software.
Software patents must be eliminated: they serve no purpose except as litigation tools for large companies.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
- Darl C. McBride - President and Chief Executive Officer
- Robert K. Bench - Chief Financial Officer
- Sean Wilson - Senior Vice President, Corporate Development
- Jeff Hunsaker - Senior Vice President, Worldwide Marketing
- Chris Sontag - Senior Vice President and General Manager, SCOsource Division
- Opinder Bawa - Senior Vice President, Engineering and Global Services
- Reg Broughton - Senior Vice President, Worldwide Operations
- Larry Gasparro - Senior Vice President, North America Sales
Each has a bio page, but no email address."Stop throwing the Constitution in my face, it's just a goddamned piece of paper!" - George W. Bush Nov. 2005
Research a little further into the personalities behind SCO, and you'll find a very committed group of opportunists that have run this scam before, and won. Read this backgrounder at Forbes.com: http://www.forbes.com/2003/06/18/cz_dl_0618linux.h tml
SCO management has been selling stock lately (June 5 - June 11). Look here for details.
This comes after almost two months of no insider trades.
I found the thread that they're citing.
:)
:)
In the mlist.linux.kernel From 02-Aug-2002 to 12-Aug-2002
The conversation isn't about SCO at all. The conversation started about virtual memory, and some SGI patents.
Linus' comment was to the effect that it's a waste of time for programmers ("technical people"). It's very likely someone has patented any idea you can come up with. Even if we see the patent, we aren't qualified to judge if it effects us. That's the legal department(s) problem (or your lawyer, or whoever). IANAL. LINAL (Linus is not a lawyer), but a lawyer would be more than happy to tell you that they understand the law better than us technical people.
Think of the recent stories on here about tabbed browsing, hyperlinks, and the one-click purchase. Read the full thread to get it in context, rather than a couple lines thrown in a news story. I doubt that I've written anything that hasn't been patented before, even though I stick (c) on all my code.
BTW, the filters on here really suck. I've been trying to post this message, but have been hitting filters all over the place. The current one I'm hitting is "Your comment has too few characters per line (currently 33.3).", so I'm just filling in some space here to get it to post, without changing any of the quoted material. {sigh}
Now for the real messages (quoted directly from dejanews).
x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x- x- x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x
From: Linus Torvalds (torvalds@transmeta.com)
Subject: Re: large page patch (fwd) (fwd)
Date: 2002-08-11 16:42:30 PST
On Mon, 12 Aug 2002, Daniel Phillips wrote:
>
> It goes on in this vein. I suggest all vm hackers have a close look at
> this. Yes, it's stupid, but we can't just ignore it.
Actually, we can, and I will.
I do not look up any patents on _principle_, because (a) it's a horrible
waste of time and (b) I don't want to know.
The fact is, technical people are better off not looking at patents. If
you don't know what they cover and where they are, you won't be knowingly
infringing on them. If somebody sues you, you change the algorithm or you
just hire a hit-man to whack the stupid git.
Linus
x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x- x- x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x
From: Linus Torvalds (torvalds@transmeta.com)
Subject: Re: large page patch (fwd) (fwd)
Date: 2002-08-11 16:44:17 PST
On Sun, 11 Aug 2002, Linus Torvalds wrote:
>
> If somebody sues you, you change the algorithm or you just hire a
> hit-man to whack the stupid git.
Btw, I'm not a lawyer, and I suspect this may not be legally tenable
advice. Whatever. I refuse to bother with the crap.
Linus
x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x- x- x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x
From: Linus Torvalds (torvalds@transmeta.com)
Subject: Re: large page patch (fwd) (fwd)
Date: 2002-08-11 19:22:06 PST
On Sun, 11 Aug 2002, Larry McVoy wrote:
>
> This issue is more complicated than you might think.
No, it's not. You miss the point.
> Big companies with
> big pockets are very nervous about being too clo
Serious? Seriousness is well above my pay grade.