Slashdot Mirror
SCO: Code Proof Analyzed, Linus Interviewed
Arker writes "Bruce Perens has now obtained a copy of the entire slide show from which the recently scrutinized SCO-related Linux code excerpts came, and has analyzed the remainder of the 'evidence' they presented there. Their other code exhibit turns out to have been the venerable Berkeley Packet Filter(!), and their revised line-counts are consistent with simply adding together all the lines of code that have been contributed by Unix licensees." Also, Iphtashu Fitz writes "A new interview with Linus Torvalds has been posted on eWeek.com. In it he slams SCO over the recently leaked source code. Among other things, he points out in the interview that some of the code in question has been removed from the 2.6 kernel ['because developers complained about how "ugly" it was'] before SCO even started complaining."
A programmer is a machine for converting coffee into code.
I copied/pasted.
.
:-)
Analysis of SCO's Las Vegas Slide Show
Bruce Perens, Perens LLC
With help from Linus Torvalds and the Open Source community.
You may re-publish this material. You may excerpt it, reformat it and translate it as necessary for your presentation. You may not edit it to deliberately misrepresent my opinion.
An SCO presentation shown in Las Vegas on August 18th alleged infringement by the Linux developers. The presentation, in Microsoft PowerPoint format is here, and an conversion of the presentation that can be viewed using a web browser is here
SCO released the presentation to Bob McMillan, a reporter for IDG News Service, without any non-disclosure terms. Bob asked me to comment upon it. here's his story.
I will start with SCO's demonstrations regarding "copied" software. It is likely that SCO would present the very best examples that they have of "copied" code in their slide show. But I was easily able to determine that of the two examples, one isn't SCO's property at all, and the other is used in Linux under a valid license. If this is the best SCO has to offer, they will lose.
Slide 15 shows purports to show "Obfuscated Copying" from Unix System V into Linux. SCO further obfuscated the code on this slide by switching it to a Greek font, but that was easily undone. It's entertaining that the SCO folks had no clue that the font-change could be so easily reversed. I'm glad they don't work on my computer security
The code shown in this slide implements the Berkeley Packet Filter, internet firewall software often abbreviated as "BPF". SCO doesn't own BPF. It was created at the Lawrence Berkeley Laboratory with funding from the U.S. Government, and is itself derived from an older version called "enet", developed by Stanford and Carnegie-Mellon Universities. BPF was first deployed on the 4.3 BSD system produced by the University of California at Berkeley. SCO later copied the software into Unix System V.
The BPF source code is here on the Lab's web site. A paper on its design, published in 1993, is here
BPF is under the BSD license. That license allowed SCO to legally copy the code into Unix System V in 1996, but since SCO doesn't own the code, they have no right to prevent others from using it.
So, in this case the SCO "pattern-recognition" team correctly deduced that the Linux and SCO implementations of BPF were similar. But I was able to determine the origin of BPF after a few minutes of web searches on google.com . Why couldn't a "pattern-recognition team" do the same? It's difficult to believe they simply didn't bother to check. It's also likely that SCO dropped attribution of the Lab's copyright from the System V copy of the BPF source code, or the team would have known.
The Linux version of BPF is not an obfuscation of the BPF code. It is a clean-room re-implementation of BPF by Jay Schulist of the Linux developers, sharing none of the original source code, but carefully following the documentation of the Lab's product. The System V and Linux BPF versions shown in slide 15 implement the same virtual machine instruction set, which is used to filter (allow, reject, change, or reroute) internet packets. And the documentation for that VM even specifies field names. Thus Schulist's and the Lab's implementations appear similar. Had Schulist chosen to directly use the Lab's code, it still would have been legal. But the version in Linux is entirely original to the Linux developers. There is no legal theory that would give SCO any claim upon it.
Slides 10 through 14 show memory allocation functions from Unix System V, and their correspondence to very similar material in Linux. Some of this material was deliberately obfuscated by SCO, by the use of a Greek font. I've switched that text back to a normal font.
These slides have several C syntax errors and would never compile. So, they don't quite represent any source code in Linux. But we've found the code they refer to
misinformation. For example,
"SCO's legal theory fails, because they ignore the fact that if a work doesn't contain some portion of SCO's copyrighted code, it is not a derived work. This is especially glaring on slide 20, in which SCO claims ownership of JFS, IBM's Journaling File System. The version of JFS used in Linux was originally developed for the OS/2 operating system"
JFS actually came from AIX to OS/2 and not the other way around. Do a google search on "JFS OS/2 AIX" and you can confirm this. e.g
http://freshmeat.net/projects/jfs/?topic_id=142
Tarek
Repeating this from the last SCO story, needs more exposure...
...
I just got off the phone with the FTC. If everyone calls and complains then the chances they will investigate SCO goes up. They look for patterns. In other words, if the majority of their calls are about SCO then they will investigate. It is time to take the Slashdot effect to the phones.
These are the key points to make:
-You did not purchase software from SCO
-The company that "produced" your software did not purchase it from SCO
-It was not marketed or packaged by SCO
-Despite this SCO is asking for $199 from home users (You) and $699 from business for 1 CPU
They will ask for your name, phone number, address etc. That is mostly to verify your identity and citizenship I think.
Here is the number:
1-877-382-4357 option 4
They are nice and listen well. The lady I talked to even took the time to get a better understanding of what Linux is. The best quote from her "You didn't purchase it from them and they want you to pay them? That sounds crazy."
--
Call FTC 1-877-382-4357 opt 4
-You didn't buy from SCO
-Vendor didn't either
-They want $199
Here's some information that may help. They actually asked for this info:
The SCO Group
355 South 520 West
Suite 100
Lindon, Utah 84042
801-765-4999 phone
The guy I spoke with was actually somewhat familiar with what Linux is. One of his first questions was how this company got involved with me, which my answer was "Well, that's the problem. They didn't."
He eventually asked if SCO has contacted me personally with regard to this situation, which they have not. Don't lie to them. Be completely truthful. At the end of the call I got a reference number, and he said that if SCO does contact me personally, I should call back and let them know.
It was very easy to do, and took about 5 minutes of my time. The recording while I wated for the counselor to pick up the phone did say that the FTC does track trends in complaints. If we get enough people to complain, something will happen. Please, take a few minutes and call!
In Bruce's commentary, there was a link to an Infoworld article/interview with Bruce. It's pretty good. Bruce disputes SCO's claims, and the reporter didn't minimize/trivialize it. Coupled with the eWeek interview, I think we might stand a fighting chance in the court of public opinion.
My Greasemonkey scripts for Digg &
Such right to use includes the right to modify such SOFTWARE PRODUCT and to prepare derivative works based on such SOFTWARE PRODUCT, provided the resulting materials are treated hereunder as part of the original SOFTWARE PRODUCT.
Personally, I find this very subject to multiple interpretations. Nothing in the contract explicitly grants ownership of derivatives to ATT, so IBM could argue that even without the amendment that grants ownership of derivatives to IBM, nothing gives ownership of the derivatives to SCO. This might be important for code developed at Sequent.
The real "Libtards" are the Libertarians!
This is a common misunderstanding; thinking that there is something fundamentally wrong or illegal with reverse-engineering (be that examining source code or binaries). Like another poster pointed out, the only mechanism that could protect against "monkey see monkey do" would be trade secret registration.
For patents, it does not matter if you saw something and reimplemented it, or even created it yourself from the scratch. Copyright only protects against unauthorized copying, not against reimplementations.
The whole clean-room reimplementation idea was an overkill created by Compaq lawyers, when they were cloning IBM PC. They wanted to be 150% sure everything was legal, since they were dealing with a high-tech behemoth, with ample resources to use on lawyering. Doing clean-room development is plenty good for avoiding potential trouble, but it is not a requirement of any sort (more like a sterilized man using a condom).
I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
There are two BSD licenses. The original BSD license had a clause that said that if you mentioned features of the software in ads, you had to mention that the code came from UCB. The current BSD license does not have this clause.
The FSF says that the original BSD license is not compatible with the GPL, because of this clause. Here is where FSF says this.
The license that Caldera used when they released some of the code Parens is talking about is very similar to the original BSD license. Here is that license.
If the FSF is correct about the advertising clause making such a license incompatible with the GPL, then it means that Linux does have a problem. When you mix code under the GPL and code that is under an incompatible license, you have to get special permission from the copyright owners of the GPL'ed code. You can't just take GPL'ed code and use it in such a mixed environment.
The Tanenbaum-Torvalds Debate
They're saying that the jump from 2.2 to 2.6 an "Improbable Linux Development Path". For me, a non-kernel hacker, can someone explain why this particular point isn't true? Or do you have to pull from many examples in order to prove otherwise?
I agree it's improbable, but that doesn't change the fact that it happened, and we did it ourselves. The big lie is that it happened by incorporating SCO's code or ideas. I know that's ridiculous, because I was there for almost the whole period in question, working on my little parts of the kernel, but also watching others work on theirs, talking with them, seeing the ideas develop and patches take shape. In fact, this stuff is all in the public record, it's in the linux kernel mailing list archives, particularly the work on SMP and NUMA.
Have you got your LWN subscription yet?
In other comments here, it has been suggested that because GPL'ed code does not have a dollar value tagged with it, it has no value and thuis estimating damages is impossible. This is simply untrue.
In a breach of the GPL, a person/ company/ organisation is selling GPL'ed code for a dollar amount. It is thus charging for software that the user could obtain for free. THIS dollar amount is the figure which could be used as a basis for damages. Also, equivalent software to GPL'ed code has a development cost, a marketing cost and a general overhead cost.
It should be remembered that damages are often based on an ESTIMATE of the value; for example, the RIAA in charging $100,000 per song is simply making an estimate; there is no reason GPL'ed code should be any different.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
The idea is it only takes four patent to shut SCO down and IBM can find more if it has to.
Without warranty or representation as to particular merit, I would like to offer the following suggestion and form:
Every linux end user should sue SCO asking for a declaratory judgment regarding their ability to use linux under the GPL vs. SCO's claims. Please review the form with an attorney of your choice to make sure that it is appropriate in your jurisdiction, of course.
SCO is likely to drop the ball somewhere, and one, just one, default judgment would ruin their day. Plus, being sued in thousands of jurisdictions would be just wonderful. Spend your "license" fee on filing and service costs instead:
ACTION FOR DECLARATORY JUDGMENT
COMPLAINT
AND NOW, TO WIT, this ____ day of August, 2003, comes the Plaintiff, ______________ ("Plaintiff"), who files this Complaint as follows:
1. The Plaintiff is an individual with a residence located at ______.
2. Defendant, The SCO Group, Inc. ("SCO") is a Delaware Corporation, with a primary place of business located at 355 South 520 West, Suite 100, Lindon, Utah 84042.
3. SCO is a major corporation, listed on the NASDAQ exchange under the symbol "SCOX", which sells operating systems and web services.
4. It is believed, and therefore averred, that Defendant has engaged in, and continues to engage in, a continuous and substantial course of business within _______(state and county).
5. SCO has threatened to sue individual users of software which SCO claims ownership or control over. The software in question is allegedly contained in Linux kernel 2.4.
6. Plaintiff uses personal computers that are capable of running Linux.
7. Linux is a UNIX-like computer operating system that enables computer users to run applications to perform standard computing tasks, such as word processing, accessing the internet, playing games, etc.
8. The centerpiece of Linux is the "kernel" which handles basic operating system functions, such as memory allocation, access to hardware resources, and other similar functions.
9. The current Linux kernel is version number 2.4 with a new version, number 2.6, in development.
10. Linux is commonly represented to the public as being a product that contains software code which is either entirely original or which is in the public domain or which is appropriately licensed.
11. Linux is developed by a group of volunteers.
12. Linux is distributed subject to the terms of the GNU Public License ("GPL") (See Exhibit A).
13. All distributors of Linux are required to distribute the source code that they are selling subject to the terms of the GPL.
14. The GPL terms require that any computer source code released under its terms be distributed freely and for free.
15. SCO has raised a number of allegations in a variety of judicial forums stating that it claims to own or otherwise control intellectual property which SCO alleges has been wrongfully incorporated into the Linux kernel since at least version 2.4 of Linux was distributed.
16. To wit, SCO has sued IBM in federal court over IBM's alleged participation in incorporating proprietary software into Linux kernel 2.4.
17. SCO has distributed Linux for years for free, including kernel 2.4.
18. Plaintiff believes, and therefore avers, that SCO was bound by the terms of the GNU Public License, which would therefore prevent SCO from claiming ownership or control of any software which SCO released under the GPL.
19. SCO knew, or should have known, what source code was in the software it distributed, especially since it distributed the source code as part of its a Linux product it sold and continues to distribute.
20. SCO refuses to publicly identify which elements of the source code of Linux kernel 2.4 it claims ownership and/or control of, thereby preventing parties from excising any "tainted" code from the Linux kernel 2.4.
21. Any intellectual property SCO may believe was improperly included in Linux kernel 2.4 was distributed by SCO in its own Linux 2.4 kernel and distribution.
22. SCO has distrib
Here is the email resposne SCO sent to newsforge ...
As the company that owns the UNIX System V source code, we think we're sufficiently qualified to identify this code.
karma : former act as leading to inevitable results