Insuring Linux, Thanks to SCO

jtheory writes "There's an interesting article on Salon.com (free daypass available, ads, etc.) about the counter-reaction to SCO's attacks on Linux, and how SCO may actually be one of the best things to happen to Linux lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the code contribution process. Includes some good detail on OSRM, a company offering insurance against lawsuits like SCO's, who notably hired Bruce Perens and PJ of Groklaw fame, and is doing their own extremely thorough analysis of the code and any possibility of improperly included code. The founder of OSRM also wrote a story called Why the Linux Community Needs Open Source Insurance on LinuxWorld." We've mentioned risk insurance before.

Why insure Linux?

You can replace it for free???

Re:Why insure Linux?

[jamonterrell]

I'll bite. Because MS can pay John Doe to contribute code from the leaked win2k source into linux and then sue every distributor of linux out of existance for copyright infringement. The problem here is that if something like this happens where MS gets turned loose, no insurance company will stick by without going bankrupt.

Re:Why insure Linux?

[dago]

"no insurance company will stick by without going bankrupt."

That's why you have reinsurance companies which insure the insurer. Such companies like MunichRe, SwissRe have even more assets than MS...

Re:Why insure Linux?

[B'Trey]

Obligatory IANAL disclaimer but it's difficult to see how this would work. Despite SCO's blustering threats to sue Linux users, it's extremely doubtful MS would have a case against anyone but John Doe in your scenario. After all, if I plagarize John Grisholm in my new novel, he can certainly sue me but he can't sue the people who buy my novel, even though they now have a copy of his work without paying him for it.

Once MS identifies their code in the Linux kernel, they might be able to demand that people stop using it, leading to the need for everyone running Linux to download a new kernel or patch.

It seems to me that the primary need for Linux indemnification is not that you may be succesfully sued for copyright infringement (even SCO has largely dropped the copyright infringment claim from their case against IBM) but to protect against RIAA-like tactics where one is extorted to settle out of court or face ruinous legal fees to defend oneself. IBM can afford to fight SCO and their ilk. Small business owners can't.

OS Insurance

[the+MaD+HuNGaRIaN]

I thought Windows insurance was switching to Linux.

What's Linux insurance--switching to Mac OS X?

Google cache

[gspr]

Thanks, Google!.

Re:Google cache

[B'Trey]

Thanks, now I can RTFA. In doing so, it appears that the author did not do his homework particularly well, as both he and his sources seem to be thoroughtly confused on the issues.

Quote: "They sued AutoZone and DaimlerChrysler even though those companies didn't do anything wrong and acted in good faith," says Daniel Egger, a partner at the venture capital firm Eno River Capital. AutoZone and DaimlerChrysler simply purchased open-source software; they didn't write the code. But "because of a quirk in our legal system," Egger says, "you can be sued for using software when you did nothing wrong, just because some third party claims that they own part of that software or that the software infringes on their rights."

This is woefully uninformed. SCO sued neither Autozone nor DC for using Linux.

SCO's claim against Autozone arises from the fact that Autozone was using applications on SCO Unix and switched those applications from SCO to Linux in a very short time. The only way to do that, SCO claims, is by integrating the libraries from SCO Unix into Linux, which is a violation of the licensing terms for SCO Unix. SCO has no evidence that this happened other than the fact that Autozone switched over very rapidly, so they MUST have used SCO's libraries. Autozone and the consultant who did the switch both claim this is not the case, and it should be straightforward to demonstrate this in court.

The DC lawsuit arises because DC failed to return a certification of compliance. SCO sent out forms to everyone who has a license for SCO Unix and demanded that they certify that they were not using SCO code with Linux. Part of the license for SCO Unix says that they may demand such a certification of compliance.

So neither Autozone nor DC are being sued for "purchasing open source software." Both are being sued for violating the terms under which they licensed SCO software. Despite their many threats, SCO is suing their own customers, not Linux users. The case against Autozone seems extremely weak. The case against DC rests on a legal technicality that I'm not qualified to judge. If they do succeed in that case, however, it will have nothing to do with Linux.

Can I get /. libel insurance?

Seriously, folks.

I, uh....

I for one welocme our new State Farm Overlords!

Maybe I'm being dense but -

[JosKarith]

Uh... isnt this a little like somebody in a straw house thanking arsonist for burning other people's houses down just to prove they're flammable?

Out of bad things to say

[superpulpsicle]

Heh. I can't even flamebait SCO anymore. Every bad thing that you could say about the organization has already been said.

TCO

One more cost to be added into 'independent' TCO studies funded by microsoft.

Do we really need this?

- We have an Strong and Clear in terms license.
- We have the code available.
- We have Lawyers all arround de world willing to defend GNU.
- Most developers have allways taken care of not violating copyrigth, and including only their code on the work they do

We have an implicit honor system, and it works. If someone do something wrong, we could listen the complain, isolate the coders and code compromissed, replace it with GPLd code, and apologies to the company the code has been stolen from.

All this SCO thing is just flamebait; don't pay more atention to them, and don't let them change the way this has allways been.

Viruses

[somethinghollow]

their attacks have turned a lot of attention to the possible Achilles' heel...

With Windows, when someone points out a possible Achilles' heel, people exploit it (with viruses, etc). Is it good to point out potential problems? Yes if 1) They can be fixed or 2) They aren't problems. It will make the beast stronger. However, if the issue, in this case code contribution, which is THE blood of OSS, is actually a problem and can't be fixed, then this whole OSS thing might take a deathblow. If that is the case, I'd rather people not focus on it.

In the end we have to trust people that submit code. Short of checking it against a database of known code (which doesn't help if they stole code from a proprietary source), there isn't too much we can do.

While I tend to agree with "there is no such thing as bad press," if the press kills OSS or Linux (which, in this case, I bet it won't), I'd rather SCO not have started anything. And if other people start to try to exploit OSS because of the possible Achilles' heel (with law suits, bills passed to limit OSS), we'll end up with tons of irritating front page posts on slashdot. We might even have to have a sub-catagory for the it so we can have user filters.

Insuring Linux, *THANKS* to SCO?!

[Pan+T.+Hose]

"SCO may actually be one of the best things to happen to Linux lately"
"company offering insurance against lawsuits like SCO's, who notably hired Bruce Perens and PJ of Groklaw fame"

Is it really "one of the best things" for Linux, or for lawyers? I didn't need to buy any "Linux insurance" before that SCO farce. Why should I be grateful?

Seriously, folks, you DON'T need this!!

As long as you aren't stealing code for your open-source projects, you're fine. Someone like SCO can litigate till they're blue in the face, but as long as you didn't do anything wrong, you'll be fine. They can have all the billions of dollars they want, but money doesn't create evidence. If you need to get your court costs back, countersue.

It's a shame that these people try to peddle their bullshit off other people's fears. You DON'T need this!!

..but I'm sure most people here are smart enough to realize this (I hope). The last thing we need is fucking "code insurance".

I hate insurance

[Cobralisk]

Next thing you know, OS insurace will be required in order to legally operate a computer system.

From: <officer@localpolice.gov>
Subject: Speeding

Pull over,
I clocked you going 100Mbps in a 10Mbps subnet back there. May I see your license and insurance card? Did you know that it is unlawful to operate a network vehicle in the state of New York without a valid insurance policy?

Please step away from the terminal,
Sgt. Smith

Re:Best thing to happen?

[AftanGustur]

how is that actually good for Linux. Isn't take a bit like pointing out all the security holes in windows it doesn't improve the OS's reputation.

Linux's reputation wasn't that good at all. Each and every Microsoft consultant, I have met, has always been ready to spread FUD and outright false claims about the competition.

What SCO's case is doing is taking all those claims and making a lawsuit out of them. The only way that would be bad for Linux is if SCO actually won. And judging from the story so far, there seems to be less and less possibility of that happening.

No, what looks like is going to happend is that the SCO lawsuit will "Free" Linux from all the FUD that has been build up over the years ...

Karma Insurance

[CharonX]

Hmmm... so you can insure yourself against the perils of using Open Source (like getting sued by SCO).

What I want is a Slashdot Karma Insurance.

(In fact I could use one right away now, since this gonna end up (-1, Offtopic) ^^; )

I hope this doesn't take off

[deque_alpha]

Just look what insurance has done to health care. The _last_ thing we need as a society is another aspect of our lives that is deemed neccesary to insure. On the whole, I beleive that insurance companies are some of the most exploitive organizations around, draining resources from society with very little positive return. At best, this is going to convince people to throw money away, at worst it is going to encourage frivolous lawsuits because the odds of payoff become higher, thereby making "OSS Insurance" a de facto requirement for running OSS and taking away one of its largest strengths.

Re:I hope this doesn't take off

[bruce_the_moose]

I beleive that insurance companies are some of the most exploitive organizations around, draining resources from society with very little positive return

While I can't claim to love insurance companies--institutions that plays with lots of money and produces little in the way of tangible products tend to spawn greedy bastards--you can point to some returns to society that they have made. Here's and example: Do you look for little tags or stickers that say "UL" on electrical devices you buy? You should. UL is Underwriters Laboratory, a lab sponsored by the industry (Underwriters) is in place to guarantee things like christmas lights won't burn your house down if you leave them on overnight. It's enlightened self-interest, of course, since if your house burns down the Insurance companies have to pay.

Oh, and having someone pick up the tab if your house burns down is probably a positive return to at least yourself, if not society.

I think OSS insurance is a good thing for this very reason: it means some institution actually thinks it's insurable. The way you make money selling insurance is covering things that are likely to NOT burst into flames.

I gotta ask...

[Otter]

If the people behind this insurance hadn't done some credentializing by hiring Perens and Groklaw, would it still be viewed as a helpful product? Or would it be an endorsement of SCO, a nefarious FUD tactic, probably a secret Microsoft conspiracy...?

Honestly, I'm amazed that more people don't view a company running around yelling, "Linux insurance! Protect yourself from the risks of Linux!" at least somewhat negatively.

Mixed Reaction

[starseeker]

I dunno. In a perfect world, there shouldn't be a need for this kind of thing. But since we don't live in that world, this might have practical value.

My take on this is - it's a good thing if you are paranoid or a potential target. I don't understand why Linux end users are different from Windows end users in a liability sense - can someone point me to a good explanation of why my buying a Windows license suddenly frees me from potential legal trouble, whereas the GNU GPL somehow doesn't? Why isn't the author responsible in both cases? (Not a rhetorical question - I really would like an answer.)

Anyway, I'm not sure this lawsuit insurance is a bad idea no matter WHAT you do or what you use. Lawsuits are used like clubs against business opponents nowadays, and merit or justification isn't even of interest anymore. Perhaps an insurance setup where the insurance covers the costs of a defense up to $$$, but not the consequences of a guilty verdict, would be a good way for a lot of small companies to go. If they aren't doing anything wrong, and get their ass sued by $LARGE_COMPETITOR in order to put them out of business, the lawsuit coverage would let them put up enough of a fight to make trouble for $LARGE_COMPETITOR. If $LARGE_COMPETITOR had to do this for all the smaller competitive businesses they would go up against, it might start to be rather useless for them to try such methods.

Remember, lawsuit insurance in this scenario isn't about the merits of the case - it's about being able to resist bullying attempts by litigious bastards. If you have a good case, this would allow you to fight it, but wouldn't let scum insure their way out of the financial consequences of doing something illegal. In THAT capacity, I can see this being a good idea. And not just for open source software either.

OpenScam

[MouseR]

OSRM, a company offering insurance against lawsuits like SCO

Cool.

Now, instead of paying juggernauts for their expensive software, you can pay expensive insurers to use free software!

What would america be without lawyers?

You forgot Linus

[jaymzter]

I'm assuming by _Linux_ you are referring specifically to the kernel. Where your scenario fails to hold water is the fact that Linus and crew actually do check the code that gets submitted for the kernel. I don't see a johnny-come-lately with miracle code that works flawlessly on the first try getting something past them. In real life, YMMV

In other news...

[Pan+T.+Hose]

Insuring Linux, Thanks to SCO

In other news...

Insuring Cars, Thanks to Thieves

"There's an interesting article about the counter-reaction to thieves' attacks on cars, and how thieves may actually be one of the best things to happen to cars lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the car locking process. Includes some good detail on a company offering insurance against thefts. This is a great news for every car owner."

Only SCO customers need insurance

[Animats]

Everyone sued by SCO has had a previous contractual relationship with SCO. They've never made a straight copyright claim against an unaffiliated Linux user in court. So it's clear that the only people who might need insurance are SCO's customers.

Also, the Delaware court ruled, in putting the Red Hat vs. SCO suit on hold, that the Utah court was deciding the copyright issue. Based on that precedent, copyright-related suits can be expected to go on hold until IBM vs SCO is decided. So SCO is a long way from being able to enforce copyright claims against anybody. They'd have to beat IBM, then Novell, then Red Hat. Only then would Linux users have anything to worry about.

The market has picked up on this. SCO tried a stock buyback scheme to boost the the price of their stock. That worked for only a week, and bumped the price up from 9 to 11 or so. It's back to single digits today, at 9.09 today and dropping. It was 16 back in February, and 3 a year ago, before all the lawsuits.