Slashdot Mirror
OSRM Declares Linux Free of Copyright Violations
tmu writes "According to a recent press release, the Linux 2.4 and 2.6 kernels are free of any code that violate copyrights. OSRM, the new startup formed by Daniel Egger and including groklaw founder Pamela Jones, completed a 6-month review of all code in both kernels. They must be pretty confident of the results, because they're offering product liability insurance to both developers and users."
Insurance policies are always grouped into lots that allow the "law of large numbers" to come into play. That is to say, small numbers might go on a random walk, but within a large group the actual number of claims will always be reasonably close to the expected number of claims.
Sorry... an insurance company that's offering only one liability product that is either going to have claims from all customers or have no claims at all is not going to fly. Either they'll be pocketing all of the premiums, or the whole house of cards will colapse in more claims than they can ever handle. There's no middle case... either every user of Linux is going to end up owing big bucks to SCO, or none of them do.
$25,000 coverage for $250/year? Do we really need this? In three years time, we'd be paying more than the cost of SCO's unnecessary license for a minuscule amount of coverage that we don't need, because, as they themselves say, Linux is free of copyright infringements.
Peace and love, y'all
I'm not quite sure an insurance policy from these people is worth as much as a SCO license, in that they're either selling policies that won't pay if SCO owns nothing, and they'll be overextended if it does turn out SCO owns something.
However, if you've got a PHB who's seriously thinking about sending his $699 per server into SCO... this may just be a company that you can use to fool your fooled-by-SCO PHB into sending money to the anti-SCO lawyers instead of the pro-SCO lawyers.
I never saw this adequately answered on Groklaw. This is no different really than benchmarks or TCO studies. Show us your methodology, give us the name of an independant third party which conducted the review, and let us review the results. Coming from OSRM I consider this well meant but to be followed by a large grain of salt as they have a vested interest in the outcome. I believe Linux isn't tainted, but if you've combed through the code of Linux and several Unixen, I'd like to see it in black and white.
If thou see a fair woman pay court to her, for thus thou wilt obtain love
Depending on the outcome of this case IP law suits could become much more plentiful. I think that open source software could become especially vulnerable. I have to agree that with you on your stance in regards to the SCO case. But I don't think that this type of insurance is completely without potential.
I find it rather humorous that this outfit is probably going to make more money off what's SCO's doing than SCO's itself.
After all, they only need to break $20K, and now they're doing better than Darl & Co.
This is hillarious. Darl's been huffing and puffing for a year trying to squeeze water out of a rock; now here comes OSRM, and before long they made more money essentially by betting that Darl's got nuthin!
So, until now Pamela Jones was doing a terrific job reporting on the obsurdities of SCO claims. Now, she started a company in whose best interest is for SCO and others like it to keep going as long as possible so that her little company can offer insurance. Is it just me, or did we just loose an unbiased source of law information.
1. This is voluntary insurance. Don't want it? Don't get it.
2. This isn't targeted at users, who are not at risk in any case, so 95% of us can move on, nothing to see here.
3. This has nothing to do with the risks of Linux, for there is nothing wrong with Linux. Instead, it's about the fact that, as SCO showed, there are bad people who want to make trouble for FOSS and will use nuisance suits in order to do that. Sad but true, but let's at least look at the world realistically. We now have another tool to fight these losers.
4. If you are a kernel developer, or a big-pocketed Linux corporate user, and you think you could become a target of one of these nuisance suits, you now have a chance to get insurance against such. Voluntary. Don't want it? Don't get it.
5. Does this make you sad? Blame the bad people who want to cause trouble for FOSS, not the people who are stepping up to try to help.
I think you, like many people, are misreading the service being provided by this company. They aren't offering to have you pay into their banks so that if SCO comes a knockin' you can just roll over and pay them with money from OSRM. Rather, what they are providing is material aid to your company so that you can take SCO to court and fight the charges. Therefore, it is only likely to be providing this aid to a few companies at a time, and can likely get injunctions to slow down any other cases in which they are involved. So, it's relatively unlikely that they'll be asked to pay all the claims at the same time.
I think the more important point is that we shouldn't make the assumption that SCO will be the only SCO. Unless somehow magically all of its cases end in "There cannot possibly under any circumstances be any code in Linux that wasn't meant to be there," which is TERRIBLY unlikely not only because of the innate absurdity of the court ruling on the potential "ownership" of every line of code, including those not material to the case, but also because none of the cases actually deal with the IP except for the Novell and Red Hat ones, one of which says SCO doesn't really own the code to begin with. Simply put, no matter what happens, there is still a vulnerability with open source with so many contributors that someone will view it as an easy target for stock-pumping litigation.
In light of this, it's much more obvious why a company might be willing to shell out $100,000 a year to reduce their risk of having to shell out $Millions to pay for legal defense or $millions in settlement fees.
If I know PJ (and I don't), I don't think the purpose of this is to truly offer insurance. I think it's just to get the word out there that people in the know know this: SCO is full of shit. SCO has made a lot of waves by whining and litigating without showing a shred of proof, and they've even had companies like EV1 cave in and buy licenses just because they feat a lawsuit!
Since the government (SEC?), for whatever reason, is allowing this nonsense to continue, this company is fighting fire with fire and responding in tow: they are attacking SCO on the battleground they themselves defined: the media. They are standing up and saying "We've audited Linux cover to cover, and you, sirs, are full of it."
This is what we need. More news that gets the word out that SCO is an organization of extortionists who have learned to use the slow, inefficient, expensive legal system as a weapon.
To boil it down: SCO is metaphorically using the old "pretending the finger in your pocket is a gun" shtick, and OSRM is announcing "That's your finger, jackass."
Bruce
Bruce Perens.
I know that OSRM and you are both well meaning, though you might want to put a standard disclaimer in your replies that you are on the board. At any rate...
Is OSRM offering patent insurance? I didn't see that in the press release.
Peace and love, y'all
1 - It is very common for insurance companies to buy re-insurance from other insurance companies and spread the risk that way. I don't think it is a problem that these guys have only one line.
2 - We all know that this insurance is unnecessary. It isn't for us. It is for risk averse PHBs. It seems as much like a PR stunt as a viable business. The FUDmeisters dared the Linux community to indemnify the end users. A couple of companies rose to the challenge and here is yet another response. Having said that, if they can make a buck well, good for them.
As a thousand others have observed: check the Windows EULA.
"Who ya goin to call? FUD-busters!" (ok now I'm getting silly)
No, the correct analogy would be more like this:
"I guarantee there is no natural danger of flooding here, but there are rustlers out there going around causing floods and if you want to protect yourself, try this."
"OSRM Declares Linux Free of Copyright Violations"
Does OSRM have any more credibility in the court's eyes or SCO's eyes than the thousands of Linux users who have been saying the same thing for almost a year?
But even if so, the money isn't going to someone who will litigate your market, and potentially you again in the future. Let's say I was a famous person (I'm not.) I'd rather pay significant money for security if I needed it, rather than simply paying off those that threaten me. Think about it.
That's pretty much the long and short of it.
But imagine you're trying to convince your PHB that you need to deploy linux in your enterprise.
"But what about all this copyright that SCO is claiming?" he asks.
Now you can tell him "It's just FUD/BS." (which we know is true, but not all non-techs do).
Or you can tell him "It's just FUD/BS, but if you're worried we can purchase 3% liability a year in insurance."
Which one is he more likely to listen to?
If the $699 per seat is the liability they refer to, then that's $20/year per linux box.
So like most insurances, this is just offering peace of mind for those who worry about the highly unlikely event of a catastrophe (or should that be fiaSCO?).
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
PJ did not start this company, and the company is about more than SCO, and PJ will be as glad as the rest of us when SCO is no more. The sooner the better. But as SCO showed, there are nuisance suits coming, from more than SCO. What's wrong with another tool to fight what's coming, even after SCO is gone?
When did PJ claim to be unbiased? (Maybe my back was turned.)
Why is it necessary that Groklaw be unbiased? All that is necessary is that the information be accurate.
Hey dude - Pamela is on our side. I think I'll clink a couple of glasses together and drink a couple of toasts to her.
The same reasoning that makes insuring against this sort of thing difficult would also, it seems to me, make reinsurance difficult to get.
Reinsurance is appropriate when a risk is insurable, but more capital is needed. Here there's some question regarding whether the risk is sufficiently appealing to (re-)insurers as a business proposition, especially when part of that risk is made up of potential defense costs and SCO, as we all know, is rather litigious.
Look for sites about tort reform.
Thanks
Bruce
Bruce Perens.
I see this as a start to offsetting the corruptness that people can use the courts for. The courts will never be 100%, they can't be. It is a manmade entity. As such, man can always find a way to subvert it.
The efforts of OSRM are a way to open the examination of IP laws and defunct lawsuits to a distributed community effort. If they can make a little green on the way, I say good for them. They have the right idea about using the many eyes concept to keep people honest. The dishonest ones that persist, have to stand up to severe scrutiny.
This could even be the start of a wave of community efforts that serve the common good. I see nothing wrong with this.
The difference is who is taking the money from you, and what for.
From SCO you would be buying a license that protects you from being sued by them, and only them. From these other guys you would be paying a liability license that protects you from whoever it is that wants to sue you.
Now if that's not enough of a difference there is the moral implications of paying SCO. By doing so you are supporting their business model. You are asking for other companies to use it and ask you for a difference fee to protect you from them too. Like in most things, many people will prefer the short term advantage, even though it comes with the promise of long term disadvantages. But that doesn't make it right.
So putting the money SCO asks and the money that these guys ask on the same level is not fair. The service you are paying for is totally different (if SCO's license can be called a service...).
Diego Rey
diegoT
Yes, but SCO is not the only entity with potential IP issues with open source software in the Linux operating system.
My blog
Because BigInsurCo knows how to evaluate risk, but doesn't know anything about Linux?
Because, to BigInsurCo, it is too small an operation to bother dealing with the details by themselves?
Because OSRM seem to be offering more than just insurance (such as access to their IP lawyers)?
On the other hand, isn't accepting money to do this taking advantage of the FUD that people already have?
Another thing to consider is that the linux legal defense fund setup up by OSDL has already raised $3 million
As far as I can tell, the SCO license is only a license for the binaries-- not source. This insurance will indemnify development activities.
I thought the purpose of insurance was to turn random unpredictable costly expenses in your lifetime into small, fixed, periodic payments.
If the numbers are done properly, the amount of money you will pay in your lifetime to this cause is equal to the amount of money you will pay in premiums, but you can plan for paying premiums. In exchange for this convenience, the insurer collects slightly more money to cover operating expenses and so that they can turn a profit on their promise. Due to the economies of scale, it may actually be cheaper to go with an insurance company in spite of their overhead costs.
But anyway...
Insure Linux against intellectual property violations? Lets apply the formula:
Number of dollars that I plan to pay fighting off intellectual property claims on Linux: 0.
I guess I can pass on this kind of insurance.
If SCO wins a single case in court about copyright violations, what's the point of cashing in your insurance to fight a battle that's already lost? And if SCO loses a single case in court about copyright violations, how can they go after someone else for the same (now non-valid) copyright violation?
My guess is nobody will really buy this insurance except those, like OSRM itself, who just want to make a statement. The real announcement here is that an audit of the Linux kernel was completed and that somebody's willing to put some money where their mouth is.
Imposing Libertarian views on everyone online since 1992.
SCO's license doesn't grant you a blanket indemnity -- just a guarantee that *they* won't sue you.
:-)
PJ is selling insurance that covers *any* infractions.
If a company has a choice between purchasing real insurance from PJ or "insurance" from SCO, they're almost certain to do better with PJ.
'course, I think the whole set of concerns is a lot of baloney -- open source types tend to be pretty careful about licenses -- but it's not as if you can claim that PJ has falsely inflated her product's merits -- she's been saying the same thing for quite a long time.
May we never see th
"I think a ruling ... that all the code in Linux belongs in the public domain would not be unreasonable." ... to the same standards..."
Actually, this is highly UNreasonable.
Courts will NOT make any such statement, especially as a blanket "all the code...". Courts will only make statements specific to evidence, for example, proof that "these 2,337 lines right here were contributed to the public domain by Josy Programmer on such and such a date...".
Declaring a work to be public domain, if it is not certainly there already, would mean taking away someone's copyrights. If that person had money, or say, some kind of insurance, such a ruling would likely be appealed, and if evidence did not actually prove the code belonged in the public domain, the ruling would be overturned.
"courts do not hold
Copyrights are copyrights, no matter who owns them. That's how the courts sees it. Nonprofit or "public good" organizations DO operate by the same copyright laws, and the courts do NOT recognize privilege in this way.
When i first saw that story I always thought Coors should counter sue the mother for not properly teaching her son responsibilty as well as slander.
And yes, I actually believe Coor should sue her. It might teach parents everywhere to start taking responsibility for their own children.
Let's say they traced, in 6 months, every line of code that went thru the kernel's CVS back thru its committer, and back thru them to its submitter, supposedly its "programmer". How do they know of all those "programmers", none copied someone else's code? And that none submitted code written for hire by someone else, who therefore owns the copyright? While this is possible, 6 months is a long time to investigate every person from whom code came in the 10 year history of the kernel. It's a long time just to get feedback from every programmer, let alone audit their development processes feeding their commits. And if even one programmer didn't reply to their questions, which programmers are free to do, then that mystery programmer is a potential copyright breach.
I don't think there's code in the kernel with copyright that conflicts with the GPL. And it's incumbent on any competing copyright holder (*cough* SCO *cough*) to prove they have the controlling copyright. But OSRM seems to be placing an implausibly confident bet on that conjecture.
Meanwhile, their liability insurance is totally unrelated to their bet on Linux copyright unencumbrance. The liability insurance is merely betting that less than 3% of the insured value of the software they cover is malware. Charging 3% of that insured value, and paying less than 3% in claims, is the aggregate arbitrage of which all insurance is made. But nowhere in that calculus does any Linux copyright liability appear. There's a missing monkey in here somewhere.
--
make install -not war
well, there's always legal aid
...and if I can't get that, there's plenty of No Win, No Fee legal beagles out there.
Hmmm. YANAL, are Y? In fact, I think you'll find that legal aid in the UK doesn't cover civil litigation of this sort. The taxpayer quite rightly doesn't feel that he or she has any role in funding people's lawsuits. The sole exception here is medical negligence claims, which are still legally aided due to the huge cost of bringing an action.
You misunderstand how contingency fee arrangement cases are fought. If you're an individual and you want to sue an insurance company or whatever, you may well find a lawyer prepared to act on a contingency fee basis -- though many will expect you to take out insurance to fund the case should you happen to lose in court, and you'll have to cough up around a third if you win.
However, you can't get lawyers to act on a no win, no fee basis if you're *being* sued, because there aren't any damages for them to take their success fees out of.
Sorry.
This sounds like title insurance for the "intellectual property" (excuse the tired phrase) that is Linux. OSRM did the equivalent of a title search (I'd like to know more about how this was done) and are now offering (for a fee) to back anyone's entitlement to license Linux. This is a good thing.
It's a bit suspicious that Linux users might need to buy insurance but the users of the dominant (can we say "convicted monopolist's"?) operating system don't. (Say, what about selling insurance policies against litigation by the BSA????)
I mean, we *all* need fire and auto insurance - not just some of us. But when it is only the *competitors* of a convicted bully who need the insurance... well, draw your own conclusion.
Maybe it should just be called the Microsoft Threat insurance policy. And that means that Microsoft has already won: they have successfully made Linux dearer to own and run.
A more appropriate action is to hunt down the money trail to Microsoft, then BREAK IT APART. A company that is bent on KILLING its opposition needs more than a rap on the knuckles. Everyone would be better off without the abusive monopoly - even its shareholders would probably benefit.
I am anarch of all I survey.
She's not selling insurance, that's not her function
Did you R the F'ing A? Because if that isn't selling insurance, I don't know what is.
Now if she begins to put ads all over Groklaw, or shills insurance on a daily basis with no news connection, or somehow sells out, I'll be pointing it out too
So it's OK for her to use the site to shill insurance provided:
a.) She has a news hook to hang it on?
b.) She doesn't do it every day?
Like it or not, PJ now has a vested financial interest in seeing these threats against Linux continue. I believe that today's article is a perfect example of exactly how that vested interest will be shaping future coverage of this issue on Groklaw.
While I absolutely agree that you can't take anything away from PJ's efforts, this financial relationship changes things -- whether you like it or not -- and runs the risk of letting people characterise her and her website as a Linux equivalent of Laura DiDio or Rob Enderle.
And given that she's always said that Groklaw's strength is in how the community researches and unpacks these stories, I think she does that community a serious disservice by conflating her work for this insurance company, and their work on unpacking the SCO vs. IBM story.
YMMV.
OK, OK, I know that some of the board members of this company are people we most of us respect. And judging by what Bruce Perens, at least, has contributed to this discussion it seems they really believe in the idea.
But it smells of snake oil.
One cannot, in general, prove a negative. I've no doubt this company has diligently gone through every line of the kernel and reviewed it. But they have not, because they cannot have, diligently gone through every line of pre-existing proprietary computer code on the planet. The majority of computer programs are never released in source form, and it is not normally possible to reconstruct the original source by reverse engineering a stripped binary. So for the vast majority of legally copyright software out there, they did not have the source and could not compare Linux against it.
But that, actually, is beside the point.
By reading diligently through the code the company may potentially put something back into Linux; they may notice and report back to the relevent authors blunders, inelegancies and bugs.
They may.
But apart from that, they make no contribution back to the community. They are, in effect, another bunch of freeloading parasites on the community - the moral equivalent of head lice. They cannot have done what they say they've done, because it is a logical and practical impossibility. But they will profit - probably substantially - on the fears of ill-informed or risk averse corporate managements, and that profit is at least to some extent at the community's expense, because it siphons off money that those corporations were at least in principle prepared to spend on Linux.
I'm old enough to remember when discussions on Slashdot were well informed.
I share your supsicions BUT...
Although I'm not privy to the facts, I'm not sure why it *couldn't* be "black and white", consider that the following has to be true for the code to be infringing on copyrights.
If X's code *is* in the kernel AND X actually owns the copyright(!) AND If that code is not legally GPL'd/BSD'd AND the code passes $patent_tests*.
X's *claims* to own copyrights may be blatantly false,e.g. certain claims of SCO's have been vehemently debunked by Linus himself, because he wrote it.
If a company "accidentally" releases code under the GPL then, as far as I understand it, they have to STFU, accept their losses, go home and listen to Morissey.
If an employee of company X GPL'd code illegally, then that's another matter.
But doesn't some element of Good Faith(tm) enter into it? Perhaps some resident IAAL/IANALBIPOOTV could ellucidate.
*If the code is trivial or obvious, two developers may well come up with the same solution independently. They may eben^H^H^Hven use the same variable names if it's trivial and obvious, or, they are complying with some standard etc..