Slashdot Mirror

← Back to Stories (view on slashdot.org)

Insuring Linux, Thanks to SCO

Posted by michael on from the security-through-lawsuits dept.

jtheory writes "There's an interesting article on Salon.com (free daypass available, ads, etc.) about the counter-reaction to SCO's attacks on Linux, and how SCO may actually be one of the best things to happen to Linux lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the code contribution process. Includes some good detail on OSRM, a company offering insurance against lawsuits like SCO's, who notably hired Bruce Perens and PJ of Groklaw fame, and is doing their own extremely thorough analysis of the code and any possibility of improperly included code. The founder of OSRM also wrote a story called Why the Linux Community Needs Open Source Insurance on LinuxWorld." We've mentioned risk insurance before.

11 of 228 comments (clear)

  1. Google cache by gspr · · Score: 4, Informative

    Thanks, Google!.

    1. Re:Google cache by B'Trey · · Score: 5, Informative

      Thanks, now I can RTFA. In doing so, it appears that the author did not do his homework particularly well, as both he and his sources seem to be thoroughtly confused on the issues.

      Quote: "They sued AutoZone and DaimlerChrysler even though those companies didn't do anything wrong and acted in good faith," says Daniel Egger, a partner at the venture capital firm Eno River Capital. AutoZone and DaimlerChrysler simply purchased open-source software; they didn't write the code. But "because of a quirk in our legal system," Egger says, "you can be sued for using software when you did nothing wrong, just because some third party claims that they own part of that software or that the software infringes on their rights."

      This is woefully uninformed. SCO sued neither Autozone nor DC for using Linux.

      SCO's claim against Autozone arises from the fact that Autozone was using applications on SCO Unix and switched those applications from SCO to Linux in a very short time. The only way to do that, SCO claims, is by integrating the libraries from SCO Unix into Linux, which is a violation of the licensing terms for SCO Unix. SCO has no evidence that this happened other than the fact that Autozone switched over very rapidly, so they MUST have used SCO's libraries. Autozone and the consultant who did the switch both claim this is not the case, and it should be straightforward to demonstrate this in court.

      The DC lawsuit arises because DC failed to return a certification of compliance. SCO sent out forms to everyone who has a license for SCO Unix and demanded that they certify that they were not using SCO code with Linux. Part of the license for SCO Unix says that they may demand such a certification of compliance.

      So neither Autozone nor DC are being sued for "purchasing open source software." Both are being sued for violating the terms under which they licensed SCO software. Despite their many threats, SCO is suing their own customers, not Linux users. The case against Autozone seems extremely weak. The case against DC rests on a legal technicality that I'm not qualified to judge. If they do succeed in that case, however, it will have nothing to do with Linux.

      --

      "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.

  2. Best thing to happen? by goatan · · Score: 3, Informative
    about the counter-reaction to SCO's attacks on Linux, and how SCO may actually be one of the best things to happen to Linux lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the code contribution process.

    how is that actually good for Linux. Isn't take a bit like pointing out all the security holes in windows it doesn't improve the OS's reputation. and from most of what i remember about SCO's attacks on code contribution have been shown to be wide of the mark

    --
    Saying Apple is better than MS is like saying Botulism is better than rabies.

  3. Re:Webmonkey's Apostrophe! by BenjyD · · Score: 2, Informative

    The guy's name was Achilles (note the "S" at the end). It is common practice to put the apostrophe after the final "s" and omit that additional possessive "s" in words like that.

  4. Re:Why insure Linux? by dago · · Score: 5, Informative

    "no insurance company will stick by without going bankrupt."

    That's why you have reinsurance companies which insure the insurer. Such companies like MunichRe, SwissRe have even more assets than MS...

    --
    #include "coucou.h"
  5. Re:Out of bad things to say by Kardamon · · Score: 2, Informative

    That's already happening: Genetic Technologies, a company that patented the "junk DNA" is called the "SCO Group of biotech" in this article.

    --
    -- Qu'est-ce que la propriété intellectuelle? It is thought control.
  6. Re:Webmonkey's Apostrophe! by Anonymous Coward · · Score: 1, Informative

    Dude, if you're going to correct someone, do it right. Both forms are acceptable.

    Option: If a singular noun ends in -s, add 's or only the apostrophe.

    Keats's poetry or Keats' poetry
    a waitress's tips or a waitress' tips

    http://www.okc.cc.ok.us/echo/handouts/apostrophes. htm

  7. Re:Webmonkey's Apostrophe! by Nick+of+NSTime · · Score: 2, Informative

    "Keats' poetry" is incorrect according to MLA style, which governs writing here in the US. I think it's against AP style too.

  8. Re:Why insure Linux? by Kjella · · Score: 3, Informative

    After all, if I plagarize John Grisholm in my new novel, he can certainly sue me but he can't sue the people who buy my novel, even though they now have a copy of his work without paying him for it.

    IANAL either, but the difference is obvious. If you gave everyone that bought your novel the right to reproduce it, that right is also revoked. He can't sue for mere possession, but he can sue for copyright infringement, since that right is now null and void.

    And since that code is spread around lots of OSS mirrors around the world, incorporated into different projects, it is likely to be copied from one file to another faster than the retractions can be sent out.

    Witness the recent WASTE and Via SecurePL event. That one is major enough you might actually point your finger at. What project FOO found a file in project BAR on sourceforge and integrated it into their own? Noone knows.

    If the OSS community get enough of this type of "infection", it could seriously damage its credibility. Even if they acted in good faith. The legal issues, I'll leave to a lawyer.

    Kjella

    --
    Live today, because you never know what tomorrow brings
  9. Re:I gotta ask... by ShinmaWa · · Score: 2, Informative

    They didn't hire Groklaw, they hired the editor of Groklaw, PJ. She was doing Groklaw in her spare time anyways, so probably it will continue to be independent. Her expertise from Groklaw will certainly help, but you are making it seem like a company now controls Groklaw.

    Well.. I will say this. Ever since PJ was hired by this firm, Groklaw's focus has changed dramatically. Early on it was "just the facts" about the case. Lately it has become more and more of a GPL zealot site, that tends to attack anyone and anything that is not wild about the GPL, including non-GPL open source!

    PJ and Groklaw (and they are one and the same to me, since she maintains absolute control over the content there) have lost all credibility with me, since I can no longer trust her to be objective anymore -- even with SCO v. IBM.

    I don't know if these two things are truly "cause-and-effect", but I certainly think that there is at least SOME influence there.

    --
    The /. Effect: Thousands of users simultaneously accessing a site to not read its content.
  10. Re:Why insure Linux? by IBitOBear · · Score: 2, Informative

    Moreso, Linux doesn't accept "John Doe" contributions. If microsoft, or any of its agents, were to contribute code, or cause code to be contributed, to Linux it would be demonstrable that the inclusion of the code was proper.

    If someone did it on their own, then as soon as Microsoft did what SCO didn't, that being identify the code, it would removed and replaced.

    I Microsoft instead did what SCO did, and not identify the code, then they have failed to even attempt to mitigate their damages, and any copyright case falls apart.

    The act of distribution obviates any Trade Secret, so there would be nothing to sue about there, except legal action against "John Doe".

    And Patent issues exist or not independent of who provided what, which is why software patents are bad. It would be more valid for microsoft to take patents against things they know are going to be in Linux and then use that to club people over the head. Fortunately Linux has people like IBM who want to use it and have more patents. (But this is the one-paragraph proof that software patents are bad for everbody, so I'l let it go at that.)

    In essence, you must remember, that "you cannot cheat an honest man."

    --
    Innocent people shouldn't be forced to pay for inferior software development.
    --"Code Complete" Microsoft Press