Slashdot Mirror
Insuring Linux, Thanks to SCO
jtheory writes "There's an interesting article on Salon.com (free daypass available, ads, etc.) about the counter-reaction to SCO's attacks on Linux, and how SCO may actually be one of the best things to happen to Linux lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the code contribution process. Includes some good detail on OSRM, a company offering insurance against lawsuits like SCO's, who notably hired Bruce Perens and PJ of Groklaw fame, and is doing their own extremely thorough analysis of the code and any possibility of improperly included code. The founder of OSRM also wrote a story called Why the Linux Community Needs Open Source Insurance on LinuxWorld." We've mentioned risk insurance before.
Now we have insurance agents peddling their wares on Slashfdot?
I'll bite. Because MS can pay John Doe to contribute code from the leaked win2k source into linux and then sue every distributor of linux out of existance for copyright infringement. The problem here is that if something like this happens where MS gets turned loose, no insurance company will stick by without going bankrupt.
I can count to 1023 on my hands. Ask me about #132.
One more cost to be added into 'independent' TCO studies funded by microsoft.
Example: Mr. Jones' car (correct) vs. Mr. Jones's car (incorrect)
"Ask not what your country can do for you." --John F. Kennedy
- We have an Strong and Clear in terms license.
- We have the code available.
- We have Lawyers all arround de world willing to defend GNU.
- Most developers have allways taken care of not violating copyrigth, and including only their code on the work they do
We have an implicit honor system, and it works. If someone do something wrong, we could listen the complain, isolate the coders and code compromissed, replace it with GPLd code, and apologies to the company the code has been stolen from.
All this SCO thing is just flamebait; don't pay more atention to them, and don't let them change the way this has allways been.
their attacks have turned a lot of attention to the possible Achilles' heel...
With Windows, when someone points out a possible Achilles' heel, people exploit it (with viruses, etc). Is it good to point out potential problems? Yes if 1) They can be fixed or 2) They aren't problems. It will make the beast stronger. However, if the issue, in this case code contribution, which is THE blood of OSS, is actually a problem and can't be fixed, then this whole OSS thing might take a deathblow. If that is the case, I'd rather people not focus on it.
In the end we have to trust people that submit code. Short of checking it against a database of known code (which doesn't help if they stole code from a proprietary source), there isn't too much we can do.
While I tend to agree with "there is no such thing as bad press," if the press kills OSS or Linux (which, in this case, I bet it won't), I'd rather SCO not have started anything. And if other people start to try to exploit OSS because of the possible Achilles' heel (with law suits, bills passed to limit OSS), we'll end up with tons of irritating front page posts on slashdot. We might even have to have a sub-catagory for the it so we can have user filters.
... for my Windows servers. My last co. almost got burned by MS's code theft issues in SQL Server.
Of course, the premiums would be a stone bitch...
-----------
Love your country always, but respect your government only when it deserves it. -- Mark Twain
"SCO may actually be one of the best things to happen to Linux lately"
"company offering insurance against lawsuits like SCO's, who notably hired Bruce Perens and PJ of Groklaw fame"
Is it really "one of the best things" for Linux, or for lawyers? I didn't need to buy any "Linux insurance" before that SCO farce. Why should I be grateful?
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
In my head, insurance agents who are capitalizing on this FUD are on par with amublance chasers sitting in the ER waiting room. Maybe that's a little harsh though towards the ambulance chasers, because at least they are around potential clients.
Offering this kind of insurance only perpetuates the FUD that Linux/OSS/FS/etc are not safe. Maybe if they offered this as general purpose software insurance, rather than targetting open source, I'd be more understanding. But offering it only for open source software essentially sends the message that IP infringement is common in open source software, but never happens in proprietary.
-N
I've nothing to say here...
As long as you aren't stealing code for your open-source projects, you're fine. Someone like SCO can litigate till they're blue in the face, but as long as you didn't do anything wrong, you'll be fine. They can have all the billions of dollars they want, but money doesn't create evidence. If you need to get your court costs back, countersue.
..but I'm sure most people here are smart enough to realize this (I hope). The last thing we need is fucking "code insurance".
It's a shame that these people try to peddle their bullshit off other people's fears. You DON'T need this!!
how is that actually good for Linux. Isn't take a bit like pointing out all the security holes in windows it doesn't improve the OS's reputation.
Linux's reputation wasn't that good at all. Each and every Microsoft consultant, I have met, has always been ready to spread FUD and outright false claims about the competition.
What SCO's case is doing is taking all those claims and making a lawsuit out of them. The only way that would be bad for Linux is if SCO actually won. And judging from the story so far, there seems to be less and less possibility of that happening.
No, what looks like is going to happend is that the SCO lawsuit will "Free" Linux from all the FUD that has been build up over the years ...
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Just look what insurance has done to health care. The _last_ thing we need as a society is another aspect of our lives that is deemed neccesary to insure. On the whole, I beleive that insurance companies are some of the most exploitive organizations around, draining resources from society with very little positive return. At best, this is going to convince people to throw money away, at worst it is going to encourage frivolous lawsuits because the odds of payoff become higher, thereby making "OSS Insurance" a de facto requirement for running OSS and taking away one of its largest strengths.
Honestly, I'm amazed that more people don't view a company running around yelling, "Linux insurance! Protect yourself from the risks of Linux!" at least somewhat negatively.
What I'm listening to now on Pandora...
Obligatory IANAL disclaimer but it's difficult to see how this would work. Despite SCO's blustering threats to sue Linux users, it's extremely doubtful MS would have a case against anyone but John Doe in your scenario. After all, if I plagarize John Grisholm in my new novel, he can certainly sue me but he can't sue the people who buy my novel, even though they now have a copy of his work without paying him for it.
Once MS identifies their code in the Linux kernel, they might be able to demand that people stop using it, leading to the need for everyone running Linux to download a new kernel or patch.
It seems to me that the primary need for Linux indemnification is not that you may be succesfully sued for copyright infringement (even SCO has largely dropped the copyright infringment claim from their case against IBM) but to protect against RIAA-like tactics where one is extorted to settle out of court or face ruinous legal fees to defend oneself. IBM can afford to fight SCO and their ilk. Small business owners can't.
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
Uh... isnt this a little like somebody in a straw house thanking arsonist for burning other people's houses down just to prove they're flammable?
Uhmm, No, it's rather like when Microsoft paid for a benchmark that showed how Windows was faster in serving webpages and files on a network.
Linus and other developers went into overdrive, threw out the old memory system and inplemented the Direct-memory-copy functions (so data could go directly from hard-disk buffer to network-card buffer without having to go through conventional memory).
This helped Linux a lot, and if Microsoft has repeated the tests since then, they are keeping the results very, very secret.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
I dunno. In a perfect world, there shouldn't be a need for this kind of thing. But since we don't live in that world, this might have practical value.
My take on this is - it's a good thing if you are paranoid or a potential target. I don't understand why Linux end users are different from Windows end users in a liability sense - can someone point me to a good explanation of why my buying a Windows license suddenly frees me from potential legal trouble, whereas the GNU GPL somehow doesn't? Why isn't the author responsible in both cases? (Not a rhetorical question - I really would like an answer.)
Anyway, I'm not sure this lawsuit insurance is a bad idea no matter WHAT you do or what you use. Lawsuits are used like clubs against business opponents nowadays, and merit or justification isn't even of interest anymore. Perhaps an insurance setup where the insurance covers the costs of a defense up to $$$, but not the consequences of a guilty verdict, would be a good way for a lot of small companies to go. If they aren't doing anything wrong, and get their ass sued by $LARGE_COMPETITOR in order to put them out of business, the lawsuit coverage would let them put up enough of a fight to make trouble for $LARGE_COMPETITOR. If $LARGE_COMPETITOR had to do this for all the smaller competitive businesses they would go up against, it might start to be rather useless for them to try such methods.
Remember, lawsuit insurance in this scenario isn't about the merits of the case - it's about being able to resist bullying attempts by litigious bastards. If you have a good case, this would allow you to fight it, but wouldn't let scum insure their way out of the financial consequences of doing something illegal. In THAT capacity, I can see this being a good idea. And not just for open source software either.
"I object to doing things that computers can do." -- Olin Shivers, lispers.org
A very good question indeed.
To me it seems it targets distro's to insure "risks" not just plagiarism, but all sorts. patents, copyrights, whatever.
This enables those distro's to offer "indemnify" to their client eventually.
In a world, where layers rule, and coders drool, this is a good thing.
peace
"/Dread"
It eliminates the weak and forces the rest to get stronger.
SCO and Microsoft (and Sun) are predators as far as the OSS community is concerned, and although they will cause much suffering and trauma, the result will be stronger and more successful OSS firms.
Ceci n'est pas une signature
I'm assuming by _Linux_ you are referring specifically to the kernel. Where your scenario fails to hold water is the fact that Linus and crew actually do check the code that gets submitted for the kernel. I don't see a johnny-come-lately with miracle code that works flawlessly on the first try getting something past them. In real life, YMMV
If thou see a fair woman pay court to her, for thus thou wilt obtain love
Insuring Linux, Thanks to SCO
In other news...
Insuring Cars, Thanks to Thieves
"There's an interesting article about the counter-reaction to thieves' attacks on cars, and how thieves may actually be one of the best things to happen to cars lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the car locking process. Includes some good detail on a company offering insurance against thefts. This is a great news for every car owner."
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
It's building confidence in Linux. We look great, SCO looks like a bunch of jerks and bullies, possibly supported by Microsoft. It's showing that Linux is strong in the face of a full frontal assault, that it's not just a loose conglomerate of whimsical hackers, who'll just drop it when the going gets tough. It's commiting IBM and various other companies to the defense and support of Linux. It's providing a template and an example for future cases. After an initial wavering of faith in Linux, I'm sure we'll see a surge.
Hell, as long as the US Justice System doesn't drop the ball, the whole SCO issue is great for linux!
IANAL either, but the difference is obvious. If you gave everyone that bought your novel the right to reproduce it, that right is also revoked. He can't sue for mere possession, but he can sue for copyright infringement, since that right is now null and void.
While what you say is strictly true, it ignores a basic principle of tort law, which is that the reason for bringing a law suit is to recover one's damages.
So even if someone does copy a code fragment into something else, before the copyright owner can go around suing other people, they have to be able to show that that they've sufferered economic loss as a result of that person's actions.
Therefore, if I take a code fragment from your desktop publishing software, and incorporate it into my music sequencing software, how do you -- as a company -- suffer economic loss as a consequence of my using that software?
There's a quantifiable loss from the company who wrote the music sequencing software, because they should have licensed the code and would be paying royalties, so that one is easy. The end user issue just isn't that straightforward -- which is why SCO is suing companies that had a prior financial relationship with them. ie, they used to use SCO unix, now they use Linux, so by using Linux they deprive SCO of their sales.
But think back to the issue over the compression routines in gifs. Did anyone argue that end users should be sued because they were using software that made use of the patented compression routines? Of course not, because they weren't responsible for any financial loss to the company, therefore there wasn't any form of appropriate redress.
Ultimately, I believe that this point will emerge during the course of SCO's current lawsuits against end users but SCO are bringing the lawsuits in the hope of striking fear into the heart of other corporate end users in the hope of either persuading millions of linux users to stump up for a license, or as part of the information war in their pump and dump stock scheme.
IANAL, but I(love)ANAL.
Seriously though, it is important that alternatives such as the BSD family exist, it means that in the event of future legal action, people can switch fairly easily, if they have to in the short term. Even better, they should run a mixture now. Diversity is a good thing, it might even prevent everything being damaged by a single virus, or programming error in an update, for example. Thinking only about Linux is not much different from thinking only about Windoze. I have even kept Windoze 2000 (dumped XP, it was almost as useless as the vile bug-infested ME), although my serious work is mainly done in SuSE now.
I use SuSE and Xandros (latest versions of both), FreeBSD and OpenBSD, the differences to the average user, who does not look at kernel source or the mechanism of system calls, are not great, but each has its own particular strengths. The only thing I have against FreeBSD is that the ports collection is so vast, compared even to a typical Linux distro, that selecting everything that you might want to play with is a very long task......
If we have a choice, we should exercise it, otherwise developers may get fed up, and the choice will diminish, which would be a bad thing
I'm not saying it isn't doable, I'm saying that the cost of an insurance plan that could handle a full blown attack by Microsoft would be more expensive that most people would be willing to pay. It's also difficult to sell insurance on something you get for free. I'm skeptical about this business plan working. That's all I'm saying.
I can count to 1023 on my hands. Ask me about #132.
But they almost certainly can not sucessfully sue you for using/distributing the code before it was known to be tainted.
Read Title 17, Chapter 5, Sec. 504.
a) States that the copyright holder may choose between actual (b) and statutory (c) damages. I'll skip right to statutory:
"In a case where the infringer sustains the burden of proving, and the court finds, that such infringer was not aware and had no reason to believe that his or her acts constituted an infringement of copyright, the court in its discretion may reduce the award of statutory damages to a sum of not less than $200."
And if you read the legal notes there:
"The ''innocent infringer'' provision of section 504(c)(2) has been the subject of extensive discussion. The exception, which would allow reduction of minimum statutory damages to $100 where the infringer ''was not aware and had no reason to believe that his or her acts constituted an infringement of copyright,'' is sufficient to protect against unwarranted liability in cases of occasional or isolated innocent infringement, and it offers adequate insulation to users, such as broadcasters and newspaper publishers, who are particularly vulnerable to this type of infringement suit. On the other hand, by establishing a realistic floor for liability, the provision preserves its intended deterrent effect; and it would not allow an infringer to escape simply because the plaintiff failed to disprove the defendant's claim of innocence."
IANAL; but I'd say the distributions could get whacked around pretty good if they get slapped with $200 for each shrapnel of infringing code in an entire distribution.
Kjella
Live today, because you never know what tomorrow brings
microsoft doesn't need to get rid of every copy, they just want to build up FUD surrounding it.
Part of the license for SCO Unix says that they may demand such a certification of compliance.
No the contract states that they can request compliance to the license agreement.
Companies like DC do not know, and can not confirm that there is or is not SCO code in Linux, therefore they can not certify such a thing.
This is just as ridiculous as asking them to certify there is no SCO code in MS windows, they just can't confirm it either way.
Also, the Delaware court ruled, in putting the Red Hat vs. SCO suit on hold, that the Utah court was deciding the copyright issue. Based on that precedent, copyright-related suits can be expected to go on hold until IBM vs SCO is decided. So SCO is a long way from being able to enforce copyright claims against anybody. They'd have to beat IBM, then Novell, then Red Hat. Only then would Linux users have anything to worry about.
The market has picked up on this. SCO tried a stock buyback scheme to boost the the price of their stock. That worked for only a week, and bumped the price up from 9 to 11 or so. It's back to single digits today, at 9.09 today and dropping. It was 16 back in February, and 3 a year ago, before all the lawsuits.
After this my boss gets scared and thinks that there is legitimate risk involved with going to Linux. Then he thinks, "Why go with Linux and spend extra $$$ on insurance when I can just go with Windows or something else."
Well you should point out to him that if Microsoft includes code in Windows that violates someone's patent, and he runs that code on his computer, he could be liable for violating the patent, since he is performing a patented business process. If he's really concerned about IP liability, he should buy the liability insurance for Windows, too.
This issue isn't restricted to Open Source software, it's just that Software vendors haven't wanted to draw attention to it until they started losing sales to OSS.
We are the 198 proof..