Slashdot Mirror
SCO: Code Proof Analyzed, Linus Interviewed
Arker writes "Bruce Perens has now obtained a copy of the entire slide show from which the recently scrutinized SCO-related Linux code excerpts came, and has analyzed the remainder of the 'evidence' they presented there. Their other code exhibit turns out to have been the venerable Berkeley Packet Filter(!), and their revised line-counts are consistent with simply adding together all the lines of code that have been contributed by Unix licensees." Also, Iphtashu Fitz writes "A new interview with Linus Torvalds has been posted on eWeek.com. In it he slams SCO over the recently leaked source code. Among other things, he points out in the interview that some of the code in question has been removed from the 2.6 kernel ['because developers complained about how "ugly" it was'] before SCO even started complaining."
A programmer is a machine for converting coffee into code.
I copied/pasted.
.
:-)
Analysis of SCO's Las Vegas Slide Show
Bruce Perens, Perens LLC
With help from Linus Torvalds and the Open Source community.
You may re-publish this material. You may excerpt it, reformat it and translate it as necessary for your presentation. You may not edit it to deliberately misrepresent my opinion.
An SCO presentation shown in Las Vegas on August 18th alleged infringement by the Linux developers. The presentation, in Microsoft PowerPoint format is here, and an conversion of the presentation that can be viewed using a web browser is here
SCO released the presentation to Bob McMillan, a reporter for IDG News Service, without any non-disclosure terms. Bob asked me to comment upon it. here's his story.
I will start with SCO's demonstrations regarding "copied" software. It is likely that SCO would present the very best examples that they have of "copied" code in their slide show. But I was easily able to determine that of the two examples, one isn't SCO's property at all, and the other is used in Linux under a valid license. If this is the best SCO has to offer, they will lose.
Slide 15 shows purports to show "Obfuscated Copying" from Unix System V into Linux. SCO further obfuscated the code on this slide by switching it to a Greek font, but that was easily undone. It's entertaining that the SCO folks had no clue that the font-change could be so easily reversed. I'm glad they don't work on my computer security
The code shown in this slide implements the Berkeley Packet Filter, internet firewall software often abbreviated as "BPF". SCO doesn't own BPF. It was created at the Lawrence Berkeley Laboratory with funding from the U.S. Government, and is itself derived from an older version called "enet", developed by Stanford and Carnegie-Mellon Universities. BPF was first deployed on the 4.3 BSD system produced by the University of California at Berkeley. SCO later copied the software into Unix System V.
The BPF source code is here on the Lab's web site. A paper on its design, published in 1993, is here
BPF is under the BSD license. That license allowed SCO to legally copy the code into Unix System V in 1996, but since SCO doesn't own the code, they have no right to prevent others from using it.
So, in this case the SCO "pattern-recognition" team correctly deduced that the Linux and SCO implementations of BPF were similar. But I was able to determine the origin of BPF after a few minutes of web searches on google.com . Why couldn't a "pattern-recognition team" do the same? It's difficult to believe they simply didn't bother to check. It's also likely that SCO dropped attribution of the Lab's copyright from the System V copy of the BPF source code, or the team would have known.
The Linux version of BPF is not an obfuscation of the BPF code. It is a clean-room re-implementation of BPF by Jay Schulist of the Linux developers, sharing none of the original source code, but carefully following the documentation of the Lab's product. The System V and Linux BPF versions shown in slide 15 implement the same virtual machine instruction set, which is used to filter (allow, reject, change, or reroute) internet packets. And the documentation for that VM even specifies field names. Thus Schulist's and the Lab's implementations appear similar. Had Schulist chosen to directly use the Lab's code, it still would have been legal. But the version in Linux is entirely original to the Linux developers. There is no legal theory that would give SCO any claim upon it.
Slides 10 through 14 show memory allocation functions from Unix System V, and their correspondence to very similar material in Linux. Some of this material was deliberately obfuscated by SCO, by the use of a Greek font. I've switched that text back to a normal font.
These slides have several C syntax errors and would never compile. So, they don't quite represent any source code in Linux. But we've found the code they refer to
I'm sorry, I missed the third paragraph, where Bruce says he got it from a reporter who did not sign the NDA!
misinformation. For example,
"SCO's legal theory fails, because they ignore the fact that if a work doesn't contain some portion of SCO's copyrighted code, it is not a derived work. This is especially glaring on slide 20, in which SCO claims ownership of JFS, IBM's Journaling File System. The version of JFS used in Linux was originally developed for the OS/2 operating system"
JFS actually came from AIX to OS/2 and not the other way around. Do a google search on "JFS OS/2 AIX" and you can confirm this. e.g
http://freshmeat.net/projects/jfs/?topic_id=142
Tarek
Repeating this from the last SCO story, needs more exposure...
...
I just got off the phone with the FTC. If everyone calls and complains then the chances they will investigate SCO goes up. They look for patterns. In other words, if the majority of their calls are about SCO then they will investigate. It is time to take the Slashdot effect to the phones.
These are the key points to make:
-You did not purchase software from SCO
-The company that "produced" your software did not purchase it from SCO
-It was not marketed or packaged by SCO
-Despite this SCO is asking for $199 from home users (You) and $699 from business for 1 CPU
They will ask for your name, phone number, address etc. That is mostly to verify your identity and citizenship I think.
Here is the number:
1-877-382-4357 option 4
They are nice and listen well. The lady I talked to even took the time to get a better understanding of what Linux is. The best quote from her "You didn't purchase it from them and they want you to pay them? That sounds crazy."
--
Call FTC 1-877-382-4357 opt 4
-You didn't buy from SCO
-Vendor didn't either
-They want $199
Here's some information that may help. They actually asked for this info:
The SCO Group
355 South 520 West
Suite 100
Lindon, Utah 84042
801-765-4999 phone
The guy I spoke with was actually somewhat familiar with what Linux is. One of his first questions was how this company got involved with me, which my answer was "Well, that's the problem. They didn't."
He eventually asked if SCO has contacted me personally with regard to this situation, which they have not. Don't lie to them. Be completely truthful. At the end of the call I got a reference number, and he said that if SCO does contact me personally, I should call back and let them know.
It was very easy to do, and took about 5 minutes of my time. The recording while I wated for the counselor to pick up the phone did say that the FTC does track trends in complaints. If we get enough people to complain, something will happen. Please, take a few minutes and call!
I like it how the SCO lawyer is trying to plug the worst leaks:
Hilarious. Such a brave little hero.
Belief is the currency of delusion.
In Bruce's commentary, there was a link to an Infoworld article/interview with Bruce. It's pretty good. Bruce disputes SCO's claims, and the reporter didn't minimize/trivialize it. Coupled with the eWeek interview, I think we might stand a fighting chance in the court of public opinion.
My Greasemonkey scripts for Digg &
It goes after the "s"; you don't need to provide an extra "s". There shouldn't be an apostrophe in "comments", either.
Like this: Torvalds' comments
Such right to use includes the right to modify such SOFTWARE PRODUCT and to prepare derivative works based on such SOFTWARE PRODUCT, provided the resulting materials are treated hereunder as part of the original SOFTWARE PRODUCT.
Personally, I find this very subject to multiple interpretations. Nothing in the contract explicitly grants ownership of derivatives to ATT, so IBM could argue that even without the amendment that grants ownership of derivatives to IBM, nothing gives ownership of the derivatives to SCO. This might be important for code developed at Sequent.
The real "Libtards" are the Libertarians!
You still can't do this, haven't been able to for a long long time, no one will back it, no one will back it, no one will back it it's been brought in every sco article so far and you still can't do this
The full brief is online.
They have an extremely solid case. Even if those patents don't pass, a few thousand other infringment casses are possible.
I wouldn't worry about it.
I live in a giant bucket.
This is a common misunderstanding; thinking that there is something fundamentally wrong or illegal with reverse-engineering (be that examining source code or binaries). Like another poster pointed out, the only mechanism that could protect against "monkey see monkey do" would be trade secret registration.
For patents, it does not matter if you saw something and reimplemented it, or even created it yourself from the scratch. Copyright only protects against unauthorized copying, not against reimplementations.
The whole clean-room reimplementation idea was an overkill created by Compaq lawyers, when they were cloning IBM PC. They wanted to be 150% sure everything was legal, since they were dealing with a high-tech behemoth, with ample resources to use on lawyering. Doing clean-room development is plenty good for avoiding potential trouble, but it is not a requirement of any sort (more like a sterilized man using a condom).
I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
There are two BSD licenses. The original BSD license had a clause that said that if you mentioned features of the software in ads, you had to mention that the code came from UCB. The current BSD license does not have this clause.
The FSF says that the original BSD license is not compatible with the GPL, because of this clause. Here is where FSF says this.
The license that Caldera used when they released some of the code Parens is talking about is very similar to the original BSD license. Here is that license.
If the FSF is correct about the advertising clause making such a license incompatible with the GPL, then it means that Linux does have a problem. When you mix code under the GPL and code that is under an incompatible license, you have to get special permission from the copyright owners of the GPL'ed code. You can't just take GPL'ed code and use it in such a mixed environment.
Several world governments contract IBM to handle very important and sensitive data.
Yeah, like that guy... umm... Hitler, that's it, yeah. IBM helped him keep track of those other folk, the Jews. Dunno why.
It may be one heck of a long shot for them, but dumber rulings have been made before. Suddenly SCO not only owns Linux, but that could also qualify them as owning BSD as well as anything that even closely resembles UNIX in one way or another. They might even be able to lay claim to parts of every operating system out there so long as that OS borrowed concepts from UNIX (or BSD, Linux, etc.) Doesn't Windows have code copied from BSD too? Or maybe that is what Microsoft "lisenced" already..."
Thanks for the FUD.
A long shot SCO victory is possible, however, it is extremely unlikely. Considering the massive amounts of money attached to this suit, I highly doubt a random "stupid and/or tech ignorant judge" will be presiding.
In addition to the unlikelihood of a completely tech ignorant judge presiding, even if one did, that isn't much of a factor considering the suit is to be decided by a jury and not a judge. As far as one worrying about a stupid and/or tech ignorant jury, if the jurors are all too stupid to realize the outlandishness of SCO's claims, it will boil down to which companies lawyers can win at a pissing contest of courtroom showmanship. IBM is still highly favored in that respect.
Let's say the planets align, an ice skating rink opens in hell, and you see Miss Piggy fly by your window and SCO actually wins the suit. Well, I guess the world is screwed and belongs to SCO, unless I don't know, IBM decides to appeal the decision instead of handing McBride $3,000,000,000.
Beware blue cats moving at
The Tanenbaum-Torvalds Debate
This wasn't supposed to be leaked either. It was a 'rally the troops' presentation for their resellers to show them that their claims were legit. One supposedly had to have signed a NDA to get into one (expect the German photographer to be sued). And from the articles that I've read, it worked on the SCO kool-aid drinkers too. The best that Sontag can reply is "we still own this code"?!? Well, Ok, but guess what buddy...years ago it was released under a license that lets anyone copy it.
Where did these guys come from when Love & the rest moved over to United Linux? Digging through some stuff at work, I found a little white paper by Caldera about 'bringing Linux and Unix together'. Their predecessors must not have filled them in on anything that Caldera did.
the good ground has been paved over by suicidal maniacs
I managed to download the Power Point presentation before it was totally Slashdotted. Following are 2 links to the presentation on the edonkey/overnet file sharing network.
ed2k://|file|SCOsource_Briefing_II.2.zip|389072|fa f8f74f7afc98c21284cce152642424|c 2c6bfa65cd82f1d88300f8f2dbbeea|
ed2k://|file|SCOsource_Briefing_II.2.ppt|582144|4
Note: Slashdot doesn't seem to support linking to the ed2k protocol, so just do a search on the bolded text, or else copy and paste the entire link into edonkey/overnet client if you know how (note: remove the space in the hash portion that Slashdot inserted).
I would encourage everyone to share this presentation on other file sharing networks so everybody can have a chance to see the goods.
"SCO's legal theory, explained in slide 6, is that the AT&T Unix license compelled all of these companies to assign to AT&T, and later SCO, all derived works that they created incorporating the Unix source code. Here is the key clause on slide 6:
Such right to use includes the right to modify such SOFTWARE PRODUCT and to prepare derivative works based on such SOFTWARE PRODUCT, provided the resulting materials are treated hereunder as part of the original SOFTWARE PRODUCT. Under SCO's theory, if any code created by a Unix licensee ever touches Unix, SCO owns that code from then on, and can deny its creator the right to make use of it for any other purpose."
Wow! And M$ cribs about the GPL being a viral license.
It looks like stupid licenses like this are signed by major corporates all the time. Wonder why they crib about the GPL being a viral license then? At least the GPL keeps things free.
aye, just one thing missing, a link
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
They're saying that the jump from 2.2 to 2.6 an "Improbable Linux Development Path". For me, a non-kernel hacker, can someone explain why this particular point isn't true? Or do you have to pull from many examples in order to prove otherwise?
I agree it's improbable, but that doesn't change the fact that it happened, and we did it ourselves. The big lie is that it happened by incorporating SCO's code or ideas. I know that's ridiculous, because I was there for almost the whole period in question, working on my little parts of the kernel, but also watching others work on theirs, talking with them, seeing the ideas develop and patches take shape. In fact, this stuff is all in the public record, it's in the linux kernel mailing list archives, particularly the work on SMP and NUMA.
Have you got your LWN subscription yet?
In other comments here, it has been suggested that because GPL'ed code does not have a dollar value tagged with it, it has no value and thuis estimating damages is impossible. This is simply untrue.
In a breach of the GPL, a person/ company/ organisation is selling GPL'ed code for a dollar amount. It is thus charging for software that the user could obtain for free. THIS dollar amount is the figure which could be used as a basis for damages. Also, equivalent software to GPL'ed code has a development cost, a marketing cost and a general overhead cost.
It should be remembered that damages are often based on an ESTIMATE of the value; for example, the RIAA in charging $100,000 per song is simply making an estimate; there is no reason GPL'ed code should be any different.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
The idea is it only takes four patent to shut SCO down and IBM can find more if it has to.
That's exactly how the law is written, except that it's profits, not "gross proceeds":
17 USC 504(b)
Actual Damages and Profits. -
The copyright owner is entitled to recover the actual damages suffered by him or her as a result of the infringement, and any profits of the infringer that are attributable to the infringement and are not taken into account in computing the actual damages. In establishing the infringer's profits, the copyright owner is required to present proof only of the infringer's gross revenue, and the infringer is required to prove his or her deductible expenses and the elements of profit attributable to factors other than the copyrighted work.
If like me, your are getting a bit fuzzy on your UNIX history (dating back to '69) you could always check out this.
It shows where SCO/Unixware fit into the Unix derivative tree, (and also where Linux got its roots) quite interesting really..
(it claims V7->Minix->Linux).
Of course the actual code itself could be clean room reimplemented using documented variables and algorythms, possible those from The C Programming Language
Or maybe taken from the V5/6/7/32v code which was found to be no longer protected by copyright and effectively public domain.
Given that the code shown seems to have come from an adaptation designed to allow certain SGI boxen to run linux, and Irix is BSD based.
It's quite likely the code originated with them at some point, and it's entirely possible that SGI have some form of exemption from the Advertising clause negotiated in the dark ages of the early 1990s
Economic Left/Right: -0.62
Social Libertarian/Authoritarian: -3.69
502 Remedies for infringement: Injunctions
(a) Any court having jurisdiction of a civil action arising under this title may, subject to the provisions of section 1498 of title 28, grant temporary and final injunctions on such terms as it may deem reasonable to prevent or restrain infringement of a copyright.
(b) Any such injunction may be served anywhere in the United States on the person enjoined; it shall be operative throughout the United States and shall be enforceable, by proceedings in contempt or otherwise, by any United States court having jurisdiction of that person. The clerk of the court granting the injunction shall, when requested by any other court in which enforcement of the injunction is sought, transmit promptly to the other court a certied copy of all the papers in the case on file in such clerk's office.
So why haven't they done it? It would put IBM, HP, RedHat and a host of others out of the Linux business quickly and effectively. What is in Title 28, section 498? Just the 3-year time limit and a bunch of reasons when government employees can sue. And that you can't sue anyone for anything developed for the US Government after 1918 (there goes a lot of code developed under government contracts).
Could it be that they have to swear, under penalty of perjury, that the filing is true? Could it be that this entire slide show was just another marketing dog and pony show to prop up the stock price?
Without warranty or representation as to particular merit, I would like to offer the following suggestion and form:
Every linux end user should sue SCO asking for a declaratory judgment regarding their ability to use linux under the GPL vs. SCO's claims. Please review the form with an attorney of your choice to make sure that it is appropriate in your jurisdiction, of course.
SCO is likely to drop the ball somewhere, and one, just one, default judgment would ruin their day. Plus, being sued in thousands of jurisdictions would be just wonderful. Spend your "license" fee on filing and service costs instead:
ACTION FOR DECLARATORY JUDGMENT
COMPLAINT
AND NOW, TO WIT, this ____ day of August, 2003, comes the Plaintiff, ______________ ("Plaintiff"), who files this Complaint as follows:
1. The Plaintiff is an individual with a residence located at ______.
2. Defendant, The SCO Group, Inc. ("SCO") is a Delaware Corporation, with a primary place of business located at 355 South 520 West, Suite 100, Lindon, Utah 84042.
3. SCO is a major corporation, listed on the NASDAQ exchange under the symbol "SCOX", which sells operating systems and web services.
4. It is believed, and therefore averred, that Defendant has engaged in, and continues to engage in, a continuous and substantial course of business within _______(state and county).
5. SCO has threatened to sue individual users of software which SCO claims ownership or control over. The software in question is allegedly contained in Linux kernel 2.4.
6. Plaintiff uses personal computers that are capable of running Linux.
7. Linux is a UNIX-like computer operating system that enables computer users to run applications to perform standard computing tasks, such as word processing, accessing the internet, playing games, etc.
8. The centerpiece of Linux is the "kernel" which handles basic operating system functions, such as memory allocation, access to hardware resources, and other similar functions.
9. The current Linux kernel is version number 2.4 with a new version, number 2.6, in development.
10. Linux is commonly represented to the public as being a product that contains software code which is either entirely original or which is in the public domain or which is appropriately licensed.
11. Linux is developed by a group of volunteers.
12. Linux is distributed subject to the terms of the GNU Public License ("GPL") (See Exhibit A).
13. All distributors of Linux are required to distribute the source code that they are selling subject to the terms of the GPL.
14. The GPL terms require that any computer source code released under its terms be distributed freely and for free.
15. SCO has raised a number of allegations in a variety of judicial forums stating that it claims to own or otherwise control intellectual property which SCO alleges has been wrongfully incorporated into the Linux kernel since at least version 2.4 of Linux was distributed.
16. To wit, SCO has sued IBM in federal court over IBM's alleged participation in incorporating proprietary software into Linux kernel 2.4.
17. SCO has distributed Linux for years for free, including kernel 2.4.
18. Plaintiff believes, and therefore avers, that SCO was bound by the terms of the GNU Public License, which would therefore prevent SCO from claiming ownership or control of any software which SCO released under the GPL.
19. SCO knew, or should have known, what source code was in the software it distributed, especially since it distributed the source code as part of its a Linux product it sold and continues to distribute.
20. SCO refuses to publicly identify which elements of the source code of Linux kernel 2.4 it claims ownership and/or control of, thereby preventing parties from excising any "tainted" code from the Linux kernel 2.4.
21. Any intellectual property SCO may believe was improperly included in Linux kernel 2.4 was distributed by SCO in its own Linux 2.4 kernel and distribution.
22. SCO has distrib
Here is the email resposne SCO sent to newsforge ...
As the company that owns the UNIX System V source code, we think we're sufficiently qualified to identify this code.
karma : former act as leading to inevitable results
Umm actually it yields *actual damages* to SCO. Trouble for them is it's going to be real hard to show *any* actual damages at all, let alone enough to offset the legal fees involved.
Going after copyright violations is usually only wourthwhile when you have cases where you can ask for *treble* damages and *punitive* damages, and IANAL but it seems to me that this is clearly not one of those cases.
And, either way, the people they can sue for this are the people that contributed the code improperly. Everyone else that used it in good faith is immune to action, as long as it gets removed in a timely fashion once they reveal what code they're whining about.
Ummm huh? It's the people that hold the copyright to the BSD code that need to object, not those who have copyright on the properly GPLd code. In the cases revealed so far that doesn't appear to be SCO, although it's certainly possible that they can find a few cases where they do have standing. Am I misunderstanding you? This, and the last paragraph of your post as well, seem to indicate you have this all backwards.
GPL code in where? In Linux? As Caldera, they contributed quite a bit, ironically much of it in areas they are now suing IBM for contributing to. See this note for example.
Or if you mean in their Unix, there's every reason to believe their LKP, and possibly other modules they claim as proprietary, contain extensive copying of GPL code contrary to license, but the source code will have to be subpoenad to determine the full extent of this.
Umm wtf are you talking about? You've completely lost me here. AFAIK there is no issue whatsoever concerning GCC.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
They have been around for a very long time. The Sequent Symmetry used 386s running at something like 20MHz in the late 1980s.
:-)
That old?
Try the Burroughs B5000 (1961)