Why SCO UNIX Is A Bad Idea

Ashcrow writes "SCO UNIX has long boasted its 'true UNIX' code base, but is that really the case? A story running at The Jem Report looks into SCO's claims and holds it up to other UNIX variants to try and find validity for SCO's claims." The author has a bit of a chip on his shoulder, but worth reading for the comparison of various *nix's.

What if SCO wins?

What if they're right? That's the key question over SCO's claims and it's also the one question the open-source community largely refuses to address. For all the pleadings and letters that will emerge from this maelstrom, SCO's claims are fairly simple: It owns the bulk of the intellectual property underlying Unix, and recently, some of its code has been spied in Linux. Actually, make that quite a bit of it, says SCO.

It's not just the code. Programmer comments embedded in Linux -- English-language descriptions -- are identical to those found in SCO's Unix code, according to SCO. There's even a typo in one of the commentaries in Unix System V that also appears in a Linux commentary. Extracting the controversial code is not really a feasible solution. Because of the way intellectual property (IP) laws work, derivative products that use the allegedly pilfered code are also subject to liability. Anyone who bundles suspect products, or uses them, is also conceivably on the hook.

My college roommate in my sophomore year, an electrical engineering student named Mike Foster, helped me coin that one. He had an answer for everything, and often it involved the death penalty, a flat tax or some other clean, simple solution that would have been absolutely insane to try in real life. Don't get me wrong. I stand in awe of people who can design transistors or even who can put up drywall. But there is arrogance inside the scientific mind, and it rarely knows when to stop.

Put the SCO argument another way: What if you found out something you had a hand in was now the basis of a multibillion-dollar empire? Would you want a slice, or denounce yourself as a fraud? SCO could also be really overplaying some minor copying. But we won't know until the evidence is in.

Re:What if SCO wins?

[Ian+Lance+Taylor]

SCO has two different claims.

One is the direct copying you discuss. However, that is a strict copyright claim applied to small bits of code. If the copied code is removed and replaced, the result will not be a derivative work (the replacement has to be done slightly carefully, but this is not hard). (I think that SCO does want to claim that direct replacement would still be a derivative work, but because we are talking about small pieces of code, this is unlikely to hold up in court.)

SCO's second claim is the basis for their lawsuit against IBM. There SCO claims that the contracts they signed with IBM and Sequent specifies that SCO owns all derivative works, and SCO claims that IBM took that derivative work and contributed it to Linux. This argument relies on an expanded notion of derivative work, basically claiming that any work built on top of Unix is owned by Unix, even if there is no actual code in common. If SCO's claims here are correct, then simply replacing the code won't help, because this is extensive portions of Linux and the new code, being functionally equivalent, would also be derivative of the original work. Or so SCO claims.

All of these claims rely on an expansive notion of derivative copyright which may not hold up in court. That is certainly a big part of the reason why SCO is not hurrying into court. They will do much better selling Unixware licenses to Linux users than they will suing Linux users.

What if you found out something you had a hand in was now the basis of a multibillion-dollar empire?

That's a weird question. SCO didn't have a hand in any of the code in question; they bought it. There is no multibillion-dollar empire anywhere in sight, unless you mean IBM, and Linux is certainly not the basis of IBM's money.

More to the point, even the code which SCO bought is not the basis for Linux in any meaningful fashion. The direct copying which they have alleged is, they admit, small chunks of code, and Linux is comparatively huge. The derivative copying which they allege that IBM has done is not their work at all--IBM and Sequent could have developed their code just as easily using *BSD or even Linux in the first place.

While SCO may possibly win in court--I doubt it, but it's possible--I don't think their claims have any moral standing whatsoever. They are exploiting the legal system in the name of pure greed, not in the name of justice.

Very simple reasons

[Crashmarik]

The reason sco is a very bad choice for current projects is it hasn't been alive for quite some time.

Most people complain about the lack of driver support in Linux and BSD but its positively nonexistent in SCO. USB, SATA, Firewire, Sound, Video, high end nic's, backup devices the support isn't there. VMware and Virtual PC both won't support SCO. BOCHS will but only with an incredible amount of effort. This situation is not going to improve especially after SCO's recent actions. If you develop drivers are you going to develop for a company likely to sue you for porting your code ???

There is the further "I am stupid take advantage of me" effect in dealing with 3rd party vendors. If you are implementing on SCO 3rd party vendors figure you are a mark and should be mercillessly taken advantage of. Their rational is that you are obviously trapped in a legacy system and have no ability to move. The licensing schemes for products on SCO open server can be so draconian as to destroy business.

So yes why would you go with SCO, its not a software company any more. Its a protection racket.

If they're right:

[mcc]

IF they're right, exactly the following sequence of events will happen.

1. SCO eventually releases/announces exactly what the copied code is, when forced to by a court.
2. The person who put the SCO code into linux is identified, and the code in question is positively identified as stolen SCO code.
3. The distribution licenses for all extant versions of linux since that stolen code was inserted promptly become invalid-- since the GPL only applies when you do in fact have the right to distribute the entire work, and unless the GPL applies, you have no right to distribute linux at all-- thus meaning distributing those kernels is no longer legal unless the offending code sections are removed.
4. Within a really really brief amount of time, probably less than 24 hours, stopgap patches are quickly released for the major contaminated kernel versions, that remove the SCO code and replace it with code that does the same thing, although probably not very well because it was rushed, so that Linux kernel distribution can resume.
5. Over time, probably not much time, people go back through and release complete patches that insert suitible, well-written, legal code in place of the illegal SCO code for each minor kernel version that people might concievably want to distribute.
6. The person who gave SCO code to the linux community and presented it as his own work is sued for fraud.
7. SCO is unable to collect any damages for the time that its code spent in Linux, since while it is easy to get an injunction stopping infringatory behavior, in order to collect *damages* for this sort of thing you must show that you made due dilligent effort to correct the problem. SCO made no effort whatsoever to correct the problem; in fact over a course of at least six or seven months (so far!) after SCO announced it had found the offending code, they refused to tell the linux developers what the infringing code was, *despite repeated requests they do so*. Moreover, since the code was relatively easily replaced once SCO revealed its identity, SCO can hardly claim either that they were damaged or that Linux significantly benefited from having the stolen code, since linux could have gotten by quite well with legally contributed code, and the linux community was totally unaware the code that was donated to them was illegally obtained.

Re:If they're right:

[stwrtpj]

They will claim that since it is a work-alike, then it is a derivative work.

... and will subsequently be laughed out of court.

You cannot claim derivative work simply because product A works like product B. Think about it. If this were true, then anyone who is the very first company to get a product to the market will automatically have all exclusive rights to it and lock out all competitors, since anyone making a competing product that does the same thing will be considered derivative. This is obviously not the case, as any trip to the supermarket will tell you.

What you CAN do is claim exclusive ownership of a specific means of implementation (generally by means of a patent). While SCO is not making a patent claim, it is claiming that Linux has something that belongs to it. Now this can indeed make any work based on the alleged SCO code a derivative work, but it is not retroactive to any code that is NOT SCO's, and the work ceases to be derivative if the code is removed.

For SCO to go further, and claim that the rewritten, original code is infringing, they would have to claim patent violation, and SCO does not have the patents to do this, they have only the copyright.

Laughable Research

[carsont]

As a comparison of different Unix platforms, this article is pretty much a joke. He seems to be comparing the vendors' marketing materials instead of their actual products.

For example, he concludes that Red Hat has poor security not because of its record of security holes and useless, vulnerable services enabled by default, but because he couldn't find a list of security features or a security policy on their website. Impressive.

All he has to say about OpenBSD is that it "takes a cryptographic approach to security" and "is rumored to be the most secure OS on the market". Even though he claims to be "looking at Unix operating systems sold as they are", he doesn't mention how OpenBSD has only a minimal number of services enabled by default, unlike Solaris and Linux where one's first task in securing a system is to disabled the many useless, possibly exploitable daemons the vendor has enabled in the default install. He also doesn't mention the many steps that have been taken of late to make OpenBSD more resistant to stack smashing attacks.

He concludes that "Solaris is one of the most secure choices you can make" apparently only because he was impressed by Sun's website. Although I'm a big fan of Sun and Solaris, I would certainly be inclined to disagree here. In my experience, Solaris is comparable to Linux in terms of security; it's not secure by default like OpenBSD, but it can be made fairly secure with a bit of work (turning off services, enabling the non-executable stack, possibly using roles or auditing, etc).

So, although I'm as eager to slam SCO as the next guy, I'm somewhat skeptical of this article's criticisms, seeing as they seem to be based entirely on SCO's website and product literature. Without any personal experience with any of their systems, I'm not going to take this guy's word for it.