Slashdot Mirror

← Back to Stories (view on slashdot.org)

Insuring Linux, Thanks to SCO

Posted by michael on from the security-through-lawsuits dept.

jtheory writes "There's an interesting article on Salon.com (free daypass available, ads, etc.) about the counter-reaction to SCO's attacks on Linux, and how SCO may actually be one of the best things to happen to Linux lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the code contribution process. Includes some good detail on OSRM, a company offering insurance against lawsuits like SCO's, who notably hired Bruce Perens and PJ of Groklaw fame, and is doing their own extremely thorough analysis of the code and any possibility of improperly included code. The founder of OSRM also wrote a story called Why the Linux Community Needs Open Source Insurance on LinuxWorld." We've mentioned risk insurance before.

40 of 228 comments (clear)

  1. Why insure Linux? by Anonymous Coward · · Score: 5, Funny

    You can replace it for free???

    1. Re:Why insure Linux? by jamonterrell · · Score: 4, Insightful

      I'll bite. Because MS can pay John Doe to contribute code from the leaked win2k source into linux and then sue every distributor of linux out of existance for copyright infringement. The problem here is that if something like this happens where MS gets turned loose, no insurance company will stick by without going bankrupt.

      --
      I can count to 1023 on my hands. Ask me about #132.
    2. Re:Why insure Linux? by dago · · Score: 5, Informative

      "no insurance company will stick by without going bankrupt."

      That's why you have reinsurance companies which insure the insurer. Such companies like MunichRe, SwissRe have even more assets than MS...

      --
      #include "coucou.h"
    3. Re:Why insure Linux? by B'Trey · · Score: 5, Insightful

      Obligatory IANAL disclaimer but it's difficult to see how this would work. Despite SCO's blustering threats to sue Linux users, it's extremely doubtful MS would have a case against anyone but John Doe in your scenario. After all, if I plagarize John Grisholm in my new novel, he can certainly sue me but he can't sue the people who buy my novel, even though they now have a copy of his work without paying him for it.

      Once MS identifies their code in the Linux kernel, they might be able to demand that people stop using it, leading to the need for everyone running Linux to download a new kernel or patch.

      It seems to me that the primary need for Linux indemnification is not that you may be succesfully sued for copyright infringement (even SCO has largely dropped the copyright infringment claim from their case against IBM) but to protect against RIAA-like tactics where one is extorted to settle out of court or face ruinous legal fees to defend oneself. IBM can afford to fight SCO and their ilk. Small business owners can't.

      --

      "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.

    4. Re:Why insure Linux? by Kjella · · Score: 3, Informative

      After all, if I plagarize John Grisholm in my new novel, he can certainly sue me but he can't sue the people who buy my novel, even though they now have a copy of his work without paying him for it.

      IANAL either, but the difference is obvious. If you gave everyone that bought your novel the right to reproduce it, that right is also revoked. He can't sue for mere possession, but he can sue for copyright infringement, since that right is now null and void.

      And since that code is spread around lots of OSS mirrors around the world, incorporated into different projects, it is likely to be copied from one file to another faster than the retractions can be sent out.

      Witness the recent WASTE and Via SecurePL event. That one is major enough you might actually point your finger at. What project FOO found a file in project BAR on sourceforge and integrated it into their own? Noone knows.

      If the OSS community get enough of this type of "infection", it could seriously damage its credibility. Even if they acted in good faith. The legal issues, I'll leave to a lawyer.

      Kjella

      --
      Live today, because you never know what tomorrow brings
    5. Re:Why insure Linux? by dipipanone · · Score: 3, Insightful

      IANAL either, but the difference is obvious. If you gave everyone that bought your novel the right to reproduce it, that right is also revoked. He can't sue for mere possession, but he can sue for copyright infringement, since that right is now null and void.

      While what you say is strictly true, it ignores a basic principle of tort law, which is that the reason for bringing a law suit is to recover one's damages.

      So even if someone does copy a code fragment into something else, before the copyright owner can go around suing other people, they have to be able to show that that they've sufferered economic loss as a result of that person's actions.

      Therefore, if I take a code fragment from your desktop publishing software, and incorporate it into my music sequencing software, how do you -- as a company -- suffer economic loss as a consequence of my using that software?

      There's a quantifiable loss from the company who wrote the music sequencing software, because they should have licensed the code and would be paying royalties, so that one is easy. The end user issue just isn't that straightforward -- which is why SCO is suing companies that had a prior financial relationship with them. ie, they used to use SCO unix, now they use Linux, so by using Linux they deprive SCO of their sales.

      But think back to the issue over the compression routines in gifs. Did anyone argue that end users should be sued because they were using software that made use of the patented compression routines? Of course not, because they weren't responsible for any financial loss to the company, therefore there wasn't any form of appropriate redress.

      Ultimately, I believe that this point will emerge during the course of SCO's current lawsuits against end users but SCO are bringing the lawsuits in the hope of striking fear into the heart of other corporate end users in the hope of either persuading millions of linux users to stump up for a license, or as part of the information war in their pump and dump stock scheme.

      IANAL, but I(love)ANAL.

    6. Re:Why insure Linux? by Kjella · · Score: 3, Insightful

      But they almost certainly can not sucessfully sue you for using/distributing the code before it was known to be tainted.

      Read Title 17, Chapter 5, Sec. 504.
      a) States that the copyright holder may choose between actual (b) and statutory (c) damages. I'll skip right to statutory:

      "In a case where the infringer sustains the burden of proving, and the court finds, that such infringer was not aware and had no reason to believe that his or her acts constituted an infringement of copyright, the court in its discretion may reduce the award of statutory damages to a sum of not less than $200."

      And if you read the legal notes there:

      "The ''innocent infringer'' provision of section 504(c)(2) has been the subject of extensive discussion. The exception, which would allow reduction of minimum statutory damages to $100 where the infringer ''was not aware and had no reason to believe that his or her acts constituted an infringement of copyright,'' is sufficient to protect against unwarranted liability in cases of occasional or isolated innocent infringement, and it offers adequate insulation to users, such as broadcasters and newspaper publishers, who are particularly vulnerable to this type of infringement suit. On the other hand, by establishing a realistic floor for liability, the provision preserves its intended deterrent effect; and it would not allow an infringer to escape simply because the plaintiff failed to disprove the defendant's claim of innocence."

      IANAL; but I'd say the distributions could get whacked around pretty good if they get slapped with $200 for each shrapnel of infringing code in an entire distribution.

      Kjella

      --
      Live today, because you never know what tomorrow brings
  2. OS Insurance by the+MaD+HuNGaRIaN · · Score: 5, Funny

    I thought Windows insurance was switching to Linux.

    What's Linux insurance--switching to Mac OS X?

  3. Google cache by gspr · · Score: 4, Informative

    Thanks, Google!.

    1. Re:Google cache by B'Trey · · Score: 5, Informative

      Thanks, now I can RTFA. In doing so, it appears that the author did not do his homework particularly well, as both he and his sources seem to be thoroughtly confused on the issues.

      Quote: "They sued AutoZone and DaimlerChrysler even though those companies didn't do anything wrong and acted in good faith," says Daniel Egger, a partner at the venture capital firm Eno River Capital. AutoZone and DaimlerChrysler simply purchased open-source software; they didn't write the code. But "because of a quirk in our legal system," Egger says, "you can be sued for using software when you did nothing wrong, just because some third party claims that they own part of that software or that the software infringes on their rights."

      This is woefully uninformed. SCO sued neither Autozone nor DC for using Linux.

      SCO's claim against Autozone arises from the fact that Autozone was using applications on SCO Unix and switched those applications from SCO to Linux in a very short time. The only way to do that, SCO claims, is by integrating the libraries from SCO Unix into Linux, which is a violation of the licensing terms for SCO Unix. SCO has no evidence that this happened other than the fact that Autozone switched over very rapidly, so they MUST have used SCO's libraries. Autozone and the consultant who did the switch both claim this is not the case, and it should be straightforward to demonstrate this in court.

      The DC lawsuit arises because DC failed to return a certification of compliance. SCO sent out forms to everyone who has a license for SCO Unix and demanded that they certify that they were not using SCO code with Linux. Part of the license for SCO Unix says that they may demand such a certification of compliance.

      So neither Autozone nor DC are being sued for "purchasing open source software." Both are being sued for violating the terms under which they licensed SCO software. Despite their many threats, SCO is suing their own customers, not Linux users. The case against Autozone seems extremely weak. The case against DC rests on a legal technicality that I'm not qualified to judge. If they do succeed in that case, however, it will have nothing to do with Linux.

      --

      "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.

  4. Can I get /. libel insurance? by Anonymous Coward · · Score: 5, Funny

    Seriously, folks.

  5. Geezus, please put me out of my misery. by Anonymous Coward · · Score: 3, Insightful

    Now we have insurance agents peddling their wares on Slashfdot?

  6. So this is basically what? by LOL+WTF+OMG!!!!!!!!! · · Score: 3, Interesting

    A sort of "malpractice" insurance, where instead of a doctor's malpractice, it's that of the code-plagiarizer?

    Or is it for protecting the Linux distributer that was unaware of said plagiarism.

    (By the way, I'm not saying Linux contains plagiarized code ;) )

    --
    That CSS file that blocks ads
  7. I, uh.... by Anonymous Coward · · Score: 4, Funny

    I for one welocme our new State Farm Overlords!

  8. Best thing to happen? by goatan · · Score: 3, Informative
    about the counter-reaction to SCO's attacks on Linux, and how SCO may actually be one of the best things to happen to Linux lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the code contribution process.

    how is that actually good for Linux. Isn't take a bit like pointing out all the security holes in windows it doesn't improve the OS's reputation. and from most of what i remember about SCO's attacks on code contribution have been shown to be wide of the mark

    --
    Saying Apple is better than MS is like saying Botulism is better than rabies.

    1. Re:Best thing to happen? by AftanGustur · · Score: 4, Insightful


      how is that actually good for Linux. Isn't take a bit like pointing out all the security holes in windows it doesn't improve the OS's reputation.

      Linux's reputation wasn't that good at all. Each and every Microsoft consultant, I have met, has always been ready to spread FUD and outright false claims about the competition.

      What SCO's case is doing is taking all those claims and making a lawsuit out of them. The only way that would be bad for Linux is if SCO actually won. And judging from the story so far, there seems to be less and less possibility of that happening.

      No, what looks like is going to happend is that the SCO lawsuit will "Free" Linux from all the FUD that has been build up over the years ...

      --
      echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
  9. Maybe I'm being dense but - by JosKarith · · Score: 4, Funny

    Uh... isnt this a little like somebody in a straw house thanking arsonist for burning other people's houses down just to prove they're flammable?

    --
    'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
  10. Out of bad things to say by superpulpsicle · · Score: 4, Funny

    Heh. I can't even flamebait SCO anymore. Every bad thing that you could say about the organization has already been said.

  11. TCO by Anonymous Coward · · Score: 4, Insightful

    One more cost to be added into 'independent' TCO studies funded by microsoft.

  12. Do we really need this? by Anonymous Coward · · Score: 5, Insightful

    - We have an Strong and Clear in terms license.
    - We have the code available.
    - We have Lawyers all arround de world willing to defend GNU.
    - Most developers have allways taken care of not violating copyrigth, and including only their code on the work they do

    We have an implicit honor system, and it works. If someone do something wrong, we could listen the complain, isolate the coders and code compromissed, replace it with GPLd code, and apologies to the company the code has been stolen from.

    All this SCO thing is just flamebait; don't pay more atention to them, and don't let them change the way this has allways been.

  13. Viruses by somethinghollow · · Score: 5, Insightful

    their attacks have turned a lot of attention to the possible Achilles' heel...

    With Windows, when someone points out a possible Achilles' heel, people exploit it (with viruses, etc). Is it good to point out potential problems? Yes if 1) They can be fixed or 2) They aren't problems. It will make the beast stronger. However, if the issue, in this case code contribution, which is THE blood of OSS, is actually a problem and can't be fixed, then this whole OSS thing might take a deathblow. If that is the case, I'd rather people not focus on it.

    In the end we have to trust people that submit code. Short of checking it against a database of known code (which doesn't help if they stole code from a proprietary source), there isn't too much we can do.

    While I tend to agree with "there is no such thing as bad press," if the press kills OSS or Linux (which, in this case, I bet it won't), I'd rather SCO not have started anything. And if other people start to try to exploit OSS because of the possible Achilles' heel (with law suits, bills passed to limit OSS), we'll end up with tons of irritating front page posts on slashdot. We might even have to have a sub-catagory for the it so we can have user filters.

  14. But... by rampant+mac · · Score: 3, Funny
    "[...] Open Source Insurance"

    What if someone forks it?

    FireBird Insurance?

    --
    I like big butts and I cannot lie.
    1. Re:But... by mopslik · · Score: 3, Funny

      FireBird Insurance?

      After reviewing current trademark holdings, the FireBird Insurance Project has decided to adopt a new name:

      InsuraFox

      Please refer to all further policies by this name.

  15. I want risk insurance... by WhiskerTheMad · · Score: 3, Insightful

    ... for my Windows servers. My last co. almost got burned by MS's code theft issues in SQL Server.

    Of course, the premiums would be a stone bitch...

    -----------

    --
    Love your country always, but respect your government only when it deserves it. -- Mark Twain
  16. Insuring Linux, *THANKS* to SCO?! by Pan+T.+Hose · · Score: 5, Insightful

    "SCO may actually be one of the best things to happen to Linux lately"
    "company offering insurance against lawsuits like SCO's, who notably hired Bruce Perens and PJ of Groklaw fame"

    Is it really "one of the best things" for Linux, or for lawyers? I didn't need to buy any "Linux insurance" before that SCO farce. Why should I be grateful?

    --
    Sincerely,
    Pan Tarhei Hosé, PhD.
    "Homo sum et cogito ergo odi profanum vulgus et libido."
  17. Why is this a good thing? by ThogScully · · Score: 3, Insightful

    In my head, insurance agents who are capitalizing on this FUD are on par with amublance chasers sitting in the ER waiting room. Maybe that's a little harsh though towards the ambulance chasers, because at least they are around potential clients.

    Offering this kind of insurance only perpetuates the FUD that Linux/OSS/FS/etc are not safe. Maybe if they offered this as general purpose software insurance, rather than targetting open source, I'd be more understanding. But offering it only for open source software essentially sends the message that IP infringement is common in open source software, but never happens in proprietary.
    -N

    --
    I've nothing to say here...
  18. Seriously, folks, you DON'T need this!! by Anonymous Coward · · Score: 4, Insightful

    As long as you aren't stealing code for your open-source projects, you're fine. Someone like SCO can litigate till they're blue in the face, but as long as you didn't do anything wrong, you'll be fine. They can have all the billions of dollars they want, but money doesn't create evidence. If you need to get your court costs back, countersue.

    It's a shame that these people try to peddle their bullshit off other people's fears. You DON'T need this!!

    ..but I'm sure most people here are smart enough to realize this (I hope). The last thing we need is fucking "code insurance".

  19. I hate insurance by Cobralisk · · Score: 4, Funny
    Next thing you know, OS insurace will be required in order to legally operate a computer system.
    From: <officer@localpolice.gov>
    Subject: Speeding

    Pull over,
    I clocked you going 100Mbps in a 10Mbps subnet back there. May I see your license and insurance card? Did you know that it is unlawful to operate a network vehicle in the state of New York without a valid insurance policy?

    Please step away from the terminal,
    Sgt. Smith
    --
    Waiting for ad.doubleclick.net...
  20. Karma Insurance by CharonX · · Score: 5, Funny

    Hmmm... so you can insure yourself against the perils of using Open Source (like getting sued by SCO).

    What I want is a Slashdot Karma Insurance.

    (In fact I could use one right away now, since this gonna end up (-1, Offtopic) ^^; )

    --
    +++ MELON MELON MELON +++ Out of Cheese Error +++ redo from start +++
  21. I hope this doesn't take off by deque_alpha · · Score: 5, Insightful

    Just look what insurance has done to health care. The _last_ thing we need as a society is another aspect of our lives that is deemed neccesary to insure. On the whole, I beleive that insurance companies are some of the most exploitive organizations around, draining resources from society with very little positive return. At best, this is going to convince people to throw money away, at worst it is going to encourage frivolous lawsuits because the odds of payoff become higher, thereby making "OSS Insurance" a de facto requirement for running OSS and taking away one of its largest strengths.

    1. Re:I hope this doesn't take off by bruce_the_moose · · Score: 4, Interesting
      I beleive that insurance companies are some of the most exploitive organizations around, draining resources from society with very little positive return

      While I can't claim to love insurance companies--institutions that plays with lots of money and produces little in the way of tangible products tend to spawn greedy bastards--you can point to some returns to society that they have made. Here's and example: Do you look for little tags or stickers that say "UL" on electrical devices you buy? You should. UL is Underwriters Laboratory, a lab sponsored by the industry (Underwriters) is in place to guarantee things like christmas lights won't burn your house down if you leave them on overnight. It's enlightened self-interest, of course, since if your house burns down the Insurance companies have to pay.

      Oh, and having someone pick up the tab if your house burns down is probably a positive return to at least yourself, if not society.

      I think OSS insurance is a good thing for this very reason: it means some institution actually thinks it's insurable. The way you make money selling insurance is covering things that are likely to NOT burst into flames.

      --
      To reduce crime, make fewer things against the law.
    2. Re:I hope this doesn't take off by NorthDude · · Score: 3, Insightful

      The problem is not with insurances being offered, but with the peoples and organizations abusing this fact when bringing up lawsuit. Insurance primes goes up when insurance companies loses to much money. Do not forget that an insurance is a product, just like any ohter product out there.

      --


      I'd rather be sailing...
  22. I gotta ask... by Otter · · Score: 4, Insightful
    If the people behind this insurance hadn't done some credentializing by hiring Perens and Groklaw, would it still be viewed as a helpful product? Or would it be an endorsement of SCO, a nefarious FUD tactic, probably a secret Microsoft conspiracy...?

    Honestly, I'm amazed that more people don't view a company running around yelling, "Linux insurance! Protect yourself from the risks of Linux!" at least somewhat negatively.

    --
    What I'm listening to now on Pandora...
  23. Mixed Reaction by starseeker · · Score: 4, Insightful

    I dunno. In a perfect world, there shouldn't be a need for this kind of thing. But since we don't live in that world, this might have practical value.

    My take on this is - it's a good thing if you are paranoid or a potential target. I don't understand why Linux end users are different from Windows end users in a liability sense - can someone point me to a good explanation of why my buying a Windows license suddenly frees me from potential legal trouble, whereas the GNU GPL somehow doesn't? Why isn't the author responsible in both cases? (Not a rhetorical question - I really would like an answer.)

    Anyway, I'm not sure this lawsuit insurance is a bad idea no matter WHAT you do or what you use. Lawsuits are used like clubs against business opponents nowadays, and merit or justification isn't even of interest anymore. Perhaps an insurance setup where the insurance covers the costs of a defense up to $$$, but not the consequences of a guilty verdict, would be a good way for a lot of small companies to go. If they aren't doing anything wrong, and get their ass sued by $LARGE_COMPETITOR in order to put them out of business, the lawsuit coverage would let them put up enough of a fight to make trouble for $LARGE_COMPETITOR. If $LARGE_COMPETITOR had to do this for all the smaller competitive businesses they would go up against, it might start to be rather useless for them to try such methods.

    Remember, lawsuit insurance in this scenario isn't about the merits of the case - it's about being able to resist bullying attempts by litigious bastards. If you have a good case, this would allow you to fight it, but wouldn't let scum insure their way out of the financial consequences of doing something illegal. In THAT capacity, I can see this being a good idea. And not just for open source software either.

    --
    "I object to doing things that computers can do." -- Olin Shivers, lispers.org
  24. OpenScam by MouseR · · Score: 4, Interesting

    OSRM, a company offering insurance against lawsuits like SCO

    Cool.

    Now, instead of paying juggernauts for their expensive software, you can pay expensive insurers to use free software!

    What would america be without lawyers?

  25. Why this is _BAD_ for Linux... by kuwan · · Score: 3, Interesting

    This "Linux Insurance" by OSRM is really bad for Linux. As noble as the creators may think it is, the fact that it exists at all shows that SCO has been (somewhat) successful in their campaign to cast uncertainty on the legitimacy of Linux and its code base.

    For example, let's say that I want to sell my boss on buying a bunch of Linux servers instead of Windows or Solaris servers. I tell him all the great advantages of Linux - stability, performance, low cost, etc. Then some Windows schmuck interrupts and says that Linux has legal problems. I say "no it doesn't" and explain how the SCO fiaSCO is just a bunch of mumbo-jumbo. Then I go to explain that their is insurance that you can buy in case anyone (SCO or anyone else) tries to sue you.

    After this my boss gets scared and thinks that there is legitimate risk involved with going to Linux. Then he thinks, "Why go with Linux and spend extra $$$ on insurance when I can just go with Windows or something else."

    This whole insurance thing is just bad. It helps SCO to prove their point (that there is a problem with the Linux development process), makes Linux cost more than it should, and introduces the idea that risk is involved when using Linux.

    --
    infested with jello like fishes no melotron wishes
  26. You forgot Linus by jaymzter · · Score: 4, Insightful

    I'm assuming by _Linux_ you are referring specifically to the kernel. Where your scenario fails to hold water is the fact that Linus and crew actually do check the code that gets submitted for the kernel. I don't see a johnny-come-lately with miracle code that works flawlessly on the first try getting something past them. In real life, YMMV

    --
    If thou see a fair woman pay court to her, for thus thou wilt obtain love
  27. In other news... by Pan+T.+Hose · · Score: 5, Insightful

    Insuring Linux, Thanks to SCO

    In other news...

    Insuring Cars, Thanks to Thieves

    "There's an interesting article about the counter-reaction to thieves' attacks on cars, and how thieves may actually be one of the best things to happen to cars lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the car locking process. Includes some good detail on a company offering insurance against thefts. This is a great news for every car owner."

    --
    Sincerely,
    Pan Tarhei Hosé, PhD.
    "Homo sum et cogito ergo odi profanum vulgus et libido."
  28. Yeah, SCO is good for linux by Anonymous Coward · · Score: 3, Insightful

    It's building confidence in Linux. We look great, SCO looks like a bunch of jerks and bullies, possibly supported by Microsoft. It's showing that Linux is strong in the face of a full frontal assault, that it's not just a loose conglomerate of whimsical hackers, who'll just drop it when the going gets tough. It's commiting IBM and various other companies to the defense and support of Linux. It's providing a template and an example for future cases. After an initial wavering of faith in Linux, I'm sure we'll see a surge.

    Hell, as long as the US Justice System doesn't drop the ball, the whole SCO issue is great for linux!

  29. Only SCO customers need insurance by Animats · · Score: 4, Insightful
    Everyone sued by SCO has had a previous contractual relationship with SCO. They've never made a straight copyright claim against an unaffiliated Linux user in court. So it's clear that the only people who might need insurance are SCO's customers.

    Also, the Delaware court ruled, in putting the Red Hat vs. SCO suit on hold, that the Utah court was deciding the copyright issue. Based on that precedent, copyright-related suits can be expected to go on hold until IBM vs SCO is decided. So SCO is a long way from being able to enforce copyright claims against anybody. They'd have to beat IBM, then Novell, then Red Hat. Only then would Linux users have anything to worry about.

    The market has picked up on this. SCO tried a stock buyback scheme to boost the the price of their stock. That worked for only a week, and bumped the price up from 9 to 11 or so. It's back to single digits today, at 9.09 today and dropping. It was 16 back in February, and 3 a year ago, before all the lawsuits.