SCO's Open Letter to Open Source Community

joefish_only_1 writes "SCO CEO has posted an open letter to the open source community. There's some things Mr McBride mentions that I hadn't heard of yet, like an admission by Bruce Perens that "UNIX System V code is, in fact, in Linux, and it shouldn't be there."" A slashdot reader posted a comment recently that breaks it down quite well.

Logical flaws, galore.

[rcs1000]

There is something rather disgusting about this letter from SCO, and the following passage highlights it rather well:

"There is no question about the affiliation of the attacker - Open Source leader Eric Raymond was quoted as saying that he was contacted by the perpetrator and that "he's one of us." To Mr Raymond's partial credit, he asked the attacker to stop. However, he has yet to disclose the identity of the perpetrator so that justice can be done.

No one can tolerate DDoS attacks and other kinds of attacks in this Information Age economy that relies so heavily on the Internet. Mr Raymond and the entire Open Source community need to aggressively help the industry police these types of crimes. If they fail to do so it casts a shadow over the entire Open Source movement."

Now, substitute the phrases "black people", "black person", and "black community" for "Open Source"...

That the DDoS attackers were "members of the open source community" is irrelevent. It is like saying they had red hair, and therefore ALL red-haired people should bear responsibility. No. No. No. No.

You cannot generalise from a person, or even several people, to an entire community. That is wrong. Indeed, the whole letter is full of generalisations from (often inaccurate) specifics.

Down with SCO!

Re:Logical flaws, galore.

[otisaardvark]

Please don't get me wrong; I agree with your point. But also note it is easier to generalise about the open source "community" than (eg) the black "community" because people choose to be open source developers. Unless you take the Michael Jackson route, skin colour isn't something you can alter with your actions - being an open source proponent is.

At the risk of falling into the correlation/causation trap, it is far more likely that open source devs share more community characteristics than black people.

Re:Logical flaws, galore.

[jeavis]

McBride speaks about things which he knows little about. He has no way of knowing that ESR hasn't informed the proper authorities. Rather, McBride is simply resorting to speculation because ESR didn't inform him.

I've worked at an ISP for seven years, and in that time have seen my fair share of abusive and illegal online activity. In cases where legal action is sought, the proper authorities often don't want you to say anything to anyone, including the victim(s). I've received subpoenas for evidence from various state and federal entities over the years, and most contained some provision for maintaining confidentiality of both the evidence and the subpoena itself. They do not want to tip off the alleged perpetrator and give them an opportunity to try to elude investigators or destroy evidence.

Re:Logical flaws, galore.

[ichimunki]

No, but when someone like ESR decides to make it sound as though the Open Source community both claims this person as a member and then takes no steps to bring this person to justice for an obvious criminal act, that reflects negatively on the Open Source community as a whole. But then I absolutely rejected ESR as a "leader" some time ago, myself.

Personally I'm waiting for Darl to write an open letter to those of us in the Free Software movement-- one where he recognizes the philosophical underpinnings behind the movement as valid desires and stays away from the distracting nonsense about business models.

And anyway... has SCO specifically accused any software of being infringing other than the Linux kernel itself? If only Linux is (allegedly) infringing that would make all this talk about development models (in addition to all the business model garbage) a lot of hot air (i.e. BS). Have they mentioned that any of the BSDs may be infringing? How about the HURD? How about the larger GNU system? Perl? Ruby? Apache? MySQL or PostgreSQL? KDE? Well, SCO? When are you going to stop with the unsupported vague assertions and give us actionable information?

'improper contribution'.

[Channard]

The article doesn't offer as much insight into SCO's thinking with this apparently suicidal (PR wise anyway) move, but one thing does stand out, the use of the words 'improper contribution'. Not 'improper use' or This for me shows just how empty SCO's talk is. How exactly does someone improperly contribute something? If you contribute something, you do so. If something is stolen or copied from you, it's stolen. SCO didn't even have the guts to accuse anyone of stealing, they just came up with this nonsensical phrase. Kind of telling.

Not just attacking GPL anymore?

[Bistronaut]

This quote sounds like he's trying to "take back" the BSDs:

"Fair use" applies to educational, public service and related applications and does not justify commercial misappropriation. Books and Internet sites intended and authorized for the purpose of teaching and other non-commercial use cannot be copied for commercial use. We believe that some of the SCO software code that has ended up in the Linux operating system got there through this route. This violates our intellectual property rights.

Feedback Comment

[Richardsonke1]

I like the feedback comment at the bottom. I was thinking the same thing before i noticed it was down there. It's so true that it was/is near impposible to check if code was taken out of Unix. Would SCO like to give us a copy of their code? No, so they should just complain whenever they see a problem, and then the Linux community will take it out. It's that simple. No liscensing deals necessary. Here's the quote:

Nathan Hand commented ... "Secondly, no-one seems to have answered the perfectly legitimate question about the open source development process - just how DO you ensure that code submitted by a developer HASN'T been ripped off, just because the developer claims that it hasn't? McBride IS right when he says that Open Source is still maturing and we DO need to look at, and answer these questions."

How do you ensure it in any project, open source or closed sourced? You ask the author. You assume they tell the truth. How else could you do it? There's no magic marker on code that says "this is owned by foo". There's no central code repository where you can check ownership of a fragment. If there's no attribution in the comments or the README then there's practically nothing you can do. It's not like the Linux developers have access to SCO's source code so they can check every submission, looking for violations. SCO keeps their code secret. The best that the Linux developers can do is assume the author is telling the truth.

But this is true for ALL projects. I've worked on commercial projects and I know full well that violations occur. I've seen BSD code dropped into proprietary products with the BSD attributions stripped out. SCO put a slide up at SCOForum... it was code stolen from BSD! SCO thinks it's theirs but the history of the code is well known and it most definitely has gone from BSD to SCO. A SCO developer stole it and assumed nobody would ever know. Why isn't SCO "respecting the IP" of BSD developers?

The reality is, Linux is far more "IP accountable" than any closed source product. If a company developing a closed source product copied code from SCO, would SCO ever know? Of course not. But any company can look at Linux source code to determine if violations occur. The Linux model encourages transparency and "no secrets". The result is that violations are infrequent (in fact, SCO is the first claimant ever and their case looks VERY weak).

It's the closed source model where the vast majority of IP violations occur but most of them go by unnoticed.

There is nothing "immature" about the Linux model. It is following best practises of the industry and then some. SCO is trying to paint a picture of "immaturity" because they want to win this case in the court of public opinion, but I have every confidence that they will never win this case in a court of law.

IP Violation on Darl's part?

[Smiling_Jack]

Didn't Bruce say the following in his SCO code rebuttal?:

• You may re-publish this material. You may excerpt it, reformat it and translate it as necessary for your presentation. You may not edit it to deliberately misrepresent my opinion.

Isn't Darl taking Bruce's words out of context and misrepresenting them? Copyright violation, anyone?....

Who has a "Best Current Practices" document?

[bizcoach]

I'm interested in "Best Current Practices" documents that gives advice on how to best preceed in a Free Software project in order to avoid becoming vulnerable to problems with copyright or other legal issues. Of course the GNU project has some pretty good policies, but asking people to so something just because it's a GNU policy will often just make them complain about "GNU fanatics" instead of them taking the matter serious.

Therefore, it would be very helpful to have insights and policy recommendations from other sources as well.

Greetings,
Norbert.

What Bruce said. Watch the qutation marks!!!!

[narrowhouse]

Bruce said:
"The other SCO code snippet Perens walks through had to do with memory allocation functions in Unix System V and Linux. He says there was, in fact, "an error in the Linux developer's process," specifically a programmer at SGI, and he says while the Linux community had the legal right to this code, it didn't belong in Linux and was therefore removed."

Was twisted by SCO into:
"an admission by Open Source leader Bruce Perens that UNIX System V code (owned by SCO) is, in fact, in Linux, and it shouldn't be there. Mr Perens stated that there is "an error in the Linux developer's process" which allowed Unix System V code that "didn't belong in Linux" to end up in the Linux kernel"

So by saying it was REMOVED (we will say it slow so you can follow along Darl), Bruce Perens admitted that it ended up in the Linux kernel? Can SCO tell the truth at all, or do they all just live on Bizarro world?

Re:An Open Response to Darl McBride's Open Letter

[Eunuchswear]

"Nothing can change the fact that a Linux developer on the payroll of Silicon Graphics stripped copyright attributions from copyrighted System V code..."

Nothing, except, inconveniently, that it is not a fact. The fact is that SGI did extensive due diligence before contributing any code to Linux, and the code in question long precedes the development of Unix System V.

If SGI did extensive due diligence then why did they strip the original copyright notice from this code?

Quotes from Perens:

The oldest version of this code we've found so far is in Donald Knuth's The Art of Computer Programming, published in 1968.

So the code can't have been legaly copied from there (it's copyright).

The implementation shown in the slides was written by Dennis M. Ritchie or Ken Thompson at AT&T, in 1973. You can see the 1973 version of the function in this file, originally called dmr/malloc.c. The code is from Unix version 3, the oldest known version of Unix that still exists in machine-readable form. The complete source for that system can be found here on the net. In 2002, Caldera released this code as Open Source, under this license.

But the license pointed to says:

Redistributions of source code and documentation must retain the above copyright notice, this list of conditions and the following disclaimer.

So the code can't have been legaly copied from there as the copyright notice has been removed.

And finaly Perens argues:

AT&T was actually found to have lost its copyright to the code in question during the lawsuit, because the code was published without a proper copyright notice.

Consequently, I find that Plaintiff has failed to demonstrate a likelihood that it can successfully defend its copyright in [Unix version] 32V.

The result is that between the judge's finding and 1996, when there were additional changes to the Berne copyright convention that would have made the AT&T code copyrightable, the code was essentially in the public domain.

But, so what? That's talking about Unix 32V, and Perens goes on to say:

the version that was included in Linux seems to be from System V.

Which has never been released under any kind of open source license or been put in the public domain.

So, yes, SGI could have copied the 32V code, but they didn't.

Or they could have copied the Unix Version 3 code, if they'd included the copyright and license notices, but they didn't.

But they had no right to copy the System V code at all.

Perens is right:

In this case, there was an error in the Linux developer's process (at SGI),

but this is just wrong:

It turns out that we have a legal right to use the code in question

as even Perens admits the code was copied from SysV.

SCO depend on BSD code

[ananiasanom]

'ancient unix' isn't valid for commercial purposes even though it was licensed under a BSD license.

Oops, SCO OpenUnix or whatever they call it this week just lost the X Window system, developed by MIT and released under a BSD-like license. Darn, the TCP/IP support written at Berkely and released under a BSD license isn't valid for commercial purposes either.

There seems to be more of this open source stuff around than SCO are aware of...

The Industry's Dirty Little Secret

[Greyfox]

Anyone can be "one of us." It's so easy to become an open source developer that tens of thousands of people have. As with anywhere else, that represents a wide spectrum of people.

From what I can see, SCO did no work on UNIX. Leastwise the goddamn thing hadn't changed noticably from the first time I used it in the late '80's and the last time I used it in the late '90's. Ok, none is an exaggeration but they (And the other commercial UNIX vendors, I might add) did such an embarassing job with their "Professional Developers" and their millions of dollars in R&D funds that a bunch of amaateurs working on cast off hardware blew by them and advanced the technology to about where it should be in 5 short years.

And now those companies want to steal that work via a quirk in the legal process? It's not just SCO either. IBM's acting like Linux is their baby. Sun's acting like Mad Hatter was entirely their idea. I bet when it comes out it looks exactly like Gnome. Just like Ximan's "product." What? Evolution? X-Emacs VM's a better mail client. And let's not forget that Microsoft has also benefitted from the original open source process; I've seen a lot of BSD copyrights in things like their TCP/IP stack in days gone by, and they claimed (afterwards) to have "invented" the Internet. Them and Al Gore...

And it seems to me that if any problems are arising in our process, it's from that "professional" sector. Developers from IBM and SGI stripping copyright notices and inserting the code in the code base? What, exactly, the fuck is up with that? And the UNIX family tree is already twistier than the ones you find in Podunk, Alabama. There's been so much inbreeding now that any judge trying to sort out the copyright issues is likely to have a stroke from the complexity of it all.

So that's the Industry's dirty little secret. All that shiny technology that they like to show everyone... was either directly stolen from or was built on top the work of a bunch of "amateurs" who were largely working on home made computers they built in their garages. All those millions in R&D funds, all those "professional" programmers with their "degrees" and their "certifications"... can do great things... once the amateurs have done their work for them.

I guarantee you that if SCO wins their case and the judge grants them rights to all the code developed to date by the open source community, that code would not change noticably ever again. It'd still be Gnome, 2 decades from now, while Microsoft is busy working on their spiffy neuro-synaptic user interfaces that they stole from the MIT Wearable Computers lab.

Yeah, maybe "stole" was too strong a word too, but they take the work and say "look over there!" (more or less) while the copyright notices show. It's not like they draw attention to them, or thank the original authors. A lot of people in the community do it for the recognition, and a lot of companies try to minimize the amount of recognition they award because that would expose the Industry's dirty little secret.

That's how it seems to me.

Re:an open leter

[digitalunity]

At least Steve Jobs has a *product*!

It's just rediculous. SCO stated in their latest SEC filing that if they don't receive any money from their lawsuits, they may end up laying people off because their revenue is down so much. Hmmphh. -snickers to himself- :)

Flawed Logic

[CrimsonTemplar]

I find it amusing (but not unexpected) that Darl uses such flawed logic and mudslinging to support his shakey arguments. He paints a picture that the OSS community as a whole has perpetrated the DDoS attacks on SCO's website. I'm surprised he didn't invoke the "T" word during his pleas for justice. He also makes a call for the OSS community to divert their attention to all the infringing code in Linux, yet SCO refuses to show the "million lines of infringing code" they claim is in Linux. Then he not so masterfully spins Bruce's words to mean something completely different thus creating the illusion [*rolls*...makes Will save to disbelieve] that Bruce actually admits to the veracity of their position.

How many points has SCO's stock gone up since that letter was posted and how many shares have SCO exec's divested themselves of?

A reply to the madness

[PierceLabs]

After reading through much of what is out there I have some interesting comments to make. In some respects, SCO boy is correct. The Linux community should do some due diligence to ensure that code committed to the kernel is IP free to avoid these issues in the future.

The mountains of code which SCO speaks of as being theres however are somewhat ambiguous so outside of anything that SCO can prove as being genuinely 'SCO IP', they should be countersued by both Linux vendors and users as is appropriate and allowable under the law. I do not doubt that SCO has some evidence which supports their case - and no Linux supporter should blanketly dismiss what they have said because they haven't seen any evidence. Whether or not that evidence is as compelling as the SCO Group thinks - well that's up to the judges and justices of the judicial system.

Unfortunately Mr. SCO, some of the other things you've said are slanderous and border on libel. Unless you can prove that the person who performed a DDoS on you was an Open Source supporter that was a representative of the Open Source community - then I suggest you offer an apology to the Linux community for accusing them of something you cannot prove. In addition, even if it was someone who supports open source - your gripe is with them, not the remaining hundreds of thousands who took no action against you. You cannot argue from the specific to the general - to even suggest that is a high level of ignorance on your part.

Finally it is insulting the way you want people to respect a contract with SCO yet you want to shrug off the GPL license which you used to distribute Caldera for many years. As an owner of several copies of Caldera Linux I have clearly seen that you have distributed software under this license. If your legal counsel was stupid enough to let you attach a contractual agreement to software which you sold and distributed with your express consent - then you need to find a new legal group as you have been misled. You agreed to the terms of the GPL by attaching your software into a codebase which you clearly knew was GPL, which you sold knowing it was GPL, and which removed a great many of the rights (though not all) that you had to the IP you associated with UNIX, Linux, whatever. This is just like chess, this is a move that you cannot take back and you will have to live with it.

While I certainly understand that you want to protect your IP, the Linux community and Open Source communities have a right to protect theirs. Anything you've comitted to theirs is now open and that is the nature of the contractual agreement you accepted when you started putting Linux on the shelf. Now you have several choices - to work with the Linux community to get this resolved or take this to court at which time you may find yourself sued through your own admission of contract violation with respect to the GPL and shipping copies of Caldera.

All you have done is awaken a powerful enemy - and fill it with terrible resolve. If Microsoft fears the Linux community and Open Source and its several thousand times your size - perhaps you should reevaluate who your friends and enemies are as without a doubt even if Linux has to be totally engineered to not use anything resembling any of your IP - no self respecting user, administrator, or evaluator will consider using anything associated with your brand as you have threatened them in the past and acted in bad faith. Your brand is now dead - and 'geeks' are reknown for having long memories and vendettas.

Re:perens

[mj01nir]

Darl sez: The second development was an admission by Open Source leader Bruce Perens that UNIX System V code (owned by SCO) is, in fact, in Linux, and it shouldn't be there. Mr Perens stated that there is "an error in the Linux developer's process" which allowed Unix System V code that "didn't belong in Linux" to end up in the Linux kernel (source: ComputerWire, August 25, 2003). Mr Perens continued with a string of arguments to justify the "error in the Linux developer's process."

But Bruce actually said: In this case, there was an error in the Linux developer's process (at SGI), and we lucked out that it wasn't worse. It turns out that we have a legal right to use the code in question, but it doesn't belong in Linux and has been removed.

And at the top of Bruce's slide show analysis: You may re-publish this material. You may excerpt it, reformat it and translate it as necessary for your presentation. You may not edit it to deliberately misrepresent my opinion.

Get 'em Bruce!

Re:perens

[Snags]

...the intellectual property of most companies is not visible enough to "protect". You can't avoid assimilating that which you by definition cannot recognize.

I wish I had mod points left. Very insightful. Of course, this problem isn't open-source specific. It's just easier to *catch* the open source violators because you can see what they have. It probably happens in proprietary software all the time without anyone being the wiser, as no one (who would expose it) has access to the current and potentially copied source codes.

billy

[golgotha007]

funny, Darl's letter sort of reminds me of this letter from Bill Gates:

AN OPEN LETTER TO HOBBYISTS

By William Henry Gates III

February 3, 1976

An Open Letter to Hobbyists

To me, the most critical thing in the hobby market right now is the lack of good software courses, books and software itself. Without good software and an owner who understands
programming, a hobby computer is wasted. Will quality software be written for the hobby market?

Almost a year ago, Paul Allen and myself, expecting the hobby market to expand, hired Monte Davidoff and developed Altair BASIC. Though the initial work took only two
months, the three of us have spent most of the last year documenting, improving and adding features to BASIC. Now we have 4K, 8K, EXTENDED, ROM and DISK BASIC.
The value of the computer time we have used exceeds $40,000.

The feedback we have gotten from the hundreds of people who say they are using BASIC has all been positive. Two surprising things are apparent, however, 1) Most of these
"users" never bought BASIC (less than 10% of all Altair owners have bought BASIC), and 2) The amount of royalties we have received from sales to hobbyists makes the time
spent on Altair BASIC worth less than $2 an hour.

Why is this? As the majority of hobbyists must be aware, most of you steal your software. Hardware must be paid for, but software is something to share. Who cares if the people
who worked on it get paid?

Is this fair? One thing you don't do by stealing software is get back at MITS for some problem you may have had. MITS doesn't make money selling software. The royalty paid to
us, the manual, the tape and the overhead make it a break-even operation. One thing you do do is prevent good software from being written. Who can afford to do professional
work for nothing? What hobbyist can put 3-man years into programming, finding all bugs, documenting his product and distribute for free? The fact is, no one besides us has
invested a lot of money in hobby software. We have written 6800 BASIC, and are writing 8080 APL and 6800 APL, but there is very little incentive to make this software
available to hobbyists. Most directly, the thing you do is theft.

What about the guys who re-sell Altair BASIC, aren't they making money on hobby software? Yes, but those who have been reported to us may lose in the end. They are the
ones who give hobbyists a bad name, and should be kicked out of any club meeting they show up at.

I would appreciate letters from any one who wants to pay up, or has a suggestion or comment. Just write to me at 1180 Alvarado SE, #114, Albuquerque, New Mexico, 87108.
Nothing would please me more than being able to hire ten programmers and deluge the hobby market with good software. Bill Gates General Partner, Micro-Soft