Slashdot Mirror
OSRM Declares Linux Free of Copyright Violations
tmu writes "According to a recent press release, the Linux 2.4 and 2.6 kernels are free of any code that violate copyrights. OSRM, the new startup formed by Daniel Egger and including groklaw founder Pamela Jones, completed a 6-month review of all code in both kernels. They must be pretty confident of the results, because they're offering product liability insurance to both developers and users."
So they're offering insurance to people just in case they are wrong? Don't they have any faith in themselves? :)
What about previous kernel releases i.e. 2.2. etc...
I'm assuming the liability insurance will cover more than SCO. With the enormous amount of code changing hands in the OSS community, it's not really a bad idea to have liability insurance.
I'm not sure how they can come to that conclusion without having access to the code which SCO is claiming that they have which was inapproprately added into the Linux kernels. Just what exactly did they do in their six-month process to prove that what SCO has behind door #3 isn't there?
Of course, SCO might turn out to have nothing but some farm animals behind door #3, and that outcome is more likely than not to be the one that comes out in the end... but really, what more is this group doing but just spreading counter-FUD about SCO's FUD?
Besides, if you take them at their word, then you don't need their insurance because you're exposed to no risk. They're basically offering a competive form of "SCO lawsuit insurance" that seems only about as strong as buying SCO's "license".
I have noticed that they have not FILED any copyright infringement actions, despite their numerous allegations that Linux infringes on their copyrighted code and mentions of the rights of copyright holders in their legal pleadings and press releases. No matter how loudly they proclaim infringement of copyright, they aren't willing to use the appropriate federal laws (USC-17) to protect this supposedly infringed upon "IP". I wonder why.
If SCO has copyright material that has been infringed upon, they have to go to the INFRINGER (whoever has access to their code and copied it, meaning the code and not just a work-alike clean-room code, into the kernel) for damages. End users and unwitting publishers of infringing materials are not listed in USC-17 as liable for infringement. You can't get damages from a publisher if one author of a short story collection lied about the authorship, nor can you collect from the bookstores and purchasers.
If they have proof that Red Hat is distributing infringing material, they first have to notify RH what the infringing material is. As the innocently infringing publisher, RH has the chance to double check the material, and either remove it or check its pedigree dispute the infringing nature of it.
The only time a publisher can be nailed for damages is if the plaitiff can prove they knew, or could reasonable have been expected to know, that a work was copyright. This covers sleazy anthology publishers who don't bother to get permissions and pay royalties, and anyone stupid enough to accept a well-known work of fiction from anyone but the real author.
I would view it as paying to support these people who, presumably of their own volition, went through the whole damn kernel just to make sure that its free of unpleasant copyright problems. on the other hand, there are probably businesses that would like some sort of liability insurance for peace of mind, but would prefer to avoid SCO ating like a bully trying to steal their lunch money.
Don't worry - its just stigmata. Pass me a napkin and don't you dare tell my mother.
"Do we really need this?"
Would you rather pay SCO?
"In three years time, we'd be paying more than the cost of SCO's unnecessary license for a minuscule amount of coverage that we don't need, because, as they themselves say, Linux is free of copyright infringements."
Do you believe that SCO will be around in 48 months? I don't. If they are not then you save money and are spared hassle. If SCO survives for 3 years well then see response to question one.
Bruce
Bruce Perens.
If the kernel is free of copyright violations, why do we need insurance?
That's like saying "I guarantee there is no danger of flooding here. But I would be happy to sell you flood insurance."
Please help metamoderate.
Basically the entire SCO vs. Linux affair is Microsoft using a front organisation to attempt to destroy their strongest competitor. Because this competitor is not a single company, but a loose collection of individuals connected by a large network, Microsoft can destroy Linux only by either destroying the network itself or by using a custom-crafted law to prevent any company from using Linux openly. The internet is too big to destroy now so they are threatening to destroy any company that switches from MS to Linux by endlessly expanding legal fees.
Let's not forget that Bill Gates was a master poker player. He's using the threat of an endless series of raises (Microsoft's lawyers disguised as SCO vs. the lawyer's of the target company).
No one in their right mind would play poker like this against the richest man in the world. It is impossible to win because he will always out raise you.
Linux must develop a different strategy against Microsoft/SCO.
I guess that's what M$'s 50 million bought them. Another phantom 'cost' which they can use as an allegation against Free Software.
I reckon the 'public' won't see past the M$ spin, to appeciate that by its nature Free/Open Software is continually being checked for copyright infringements.
It depends on how you factor the cost.
If you pay SCO you've lost rights to the code.
If you pay the insrance costs you haven't, unless SCO wins a copyright violation suit, in which case you would have to pay more than the license fee and lose the rights to the code.
You'r buying a get out of jail a bit cheeper card.
Let's start a fund to buy SCO's "intellectual property" when all this litigation eventually drives them into bancruptcy.
The OS community playing IP vulture doesn't seem like too bad an idea. SCO does have some code that could be bought and GPL'ed, and the company isn't gonna be worth much a year from now. Let's pool.
Email the money to me for now;)
HHOS
There cannot possibly under any circumstances be any code in Linux that wasn't meant to be there," which is TERRIBLY unlikely not only because of the innate absurdity of the court ruling on the potential "ownership" of every line of code.
I think a ruling stating that there is no difinitive evidence that there is offending code in linux and that all the code in Linux belongs in the public domain would not be unreasonable.
Linus wrote the kernel, everything else is subsidary and fluid. Linux as a whole can not be held responsible for other aspects as they were checked as well as posible.
The courts DO NOT hold organizations specializing in the public good to the same standard as companies which specialize in profit.
A. PJ is a good person, who has done a lot of work in her spare time, for free, to benefit the community at large.
:)
B. Before SCO was SCO, AT&T was SCO - see the BSD debacle to know what I mean.
In effect, we know SCO is full shit - but what about future companies? What would you do, if right now, SCO marched up to your business and demanded 20k in license fees?
Most would cave in. This insurance will help you fight.
If this insurance becomes available to individuals, I will get it - just because I really like groklaw, and think PJ's a cool person. Okay, so the backing up against pointless lawsuits bit helps, but..
Your press release states that you "will charge $250 to individual Linux developers". So you admit that you are charging hundreds of dollars for something unnecessary? If I wanted to waste money, I could pay $699 to SCO instead.
Are you actually offering this insurance yet? It sounds like you have not even found a reinsurer after spending months trying. Even if I wanted this insurance, I would be a fool to pay premiums before you have any sort of financial backing.
I have great respect for Bruce and Pamela, but frankly this reeks of opportunism and greed. OSRM will only be able to sell this product by scaring companies into thinking it is necessary. How will that possibly help Open Source? The venture capitalist who started this organization (Daniel Egger) has already begin spreading FUD. Just a few days ago he completely mischaracterized the DaimlerChristler suit. The OSRM web site has been cleaned up after intense criticism, but still says things like "organizations gaging the risks of Open Source software face a vacuum of clear information." On the contrary, I know of hundreds of highly convincing paper from lawyers like Eben Moglen dismissing the SCO claims.
Because your business is to scare people into buying insurance, you neglect to mention the millions of dollars in defense money already available free from the OSDN. There is also the million dollar Redhat Open Source Now fund. And don't forget vendor indemnification freely available for customers of Redhat, HP, Novell, etc. You do mention vendor indemnification on the OSRM site, but only to attack it as inferior to your insurance.
The OSRM page states that "OSRM has generated the widespread support of Open Source leaders," but the only ones I have seen supporting it are on the OSRM payroll. Without the credibility of PJ and BP, this project would be universally ridiculed. Egger made a good decision in paying you off (I'm sorry that sounds harsh, but we all know he hired you two for your credibility in the open source world).
You are a smart guy and have studied this more than I have. So perhaps you can enlighten me as to why I should consider this a good thing. Or maybe you are just trying to cash out on the current Linux FUD. That isn't illegal, but please don't cast it as doing us a favor.
I know its not like slashdotters to follow a developing story by reading anything more than the usual snippets of any given article, but SCO has offered a shred of evidence. They've pointed at a few heavy server techniques that they just might have a point on. I have a feeling this case is going to help define for all software engineers just how much knowledge an employee can gain and apply elsewhere without violating copyright. How any company can go along and say "We looked at the source code and guarentee that all the software was owned by the submitter," given the implicit copyright on all code created.
For what its worth, Linux will go on, and I think SCO's tactics of suing users is in poor taste. The offending code, if any, can be removed or possibly changed and the majority of enterprise users will remain unaffected.
I Browse at +4 Flamebait
Open Source Sysadmin
This is what I worry about. Some turkey sues an Open Source developer with intent to restrain. Not to recover funds. Said developer says "Uh-oh, I don't have the funds to support a single day in court. I'd better sign my copyright over to that turkey, sign whatever documents he has saying that I will never, ever write Open Source again, and find some other way to entertain myself."
$25,000 is not necessarily enough to defend every case, but it's enough to tide you over until you can get a publicly-funded defense up and running.
Regarding OSDL (not OSDN!) I don't know if there will be anything left for you when they are done with Autozone and Damiler, etc. Same with the Red Hat funds. I hope there is and that they are available to you. And also, I am worried about what happens if one of OSDL's corporate members is the plaintiff in a patent case against Open Source software. So, having a party that is not tied to HP and IBM is probably a good thing. And having a party that concentrates the funds for defending Open Source software into an entity that can actually do something is a good thing, too.
I think the most important point for the individual Open Source developer is "if you don't think you need this - you probably don't". Those who do need it know who they are.
Bruce
Bruce Perens.
You're pretty close on this one. Although "regular" insurance companies aren't backed by big bucks, the HAVE big bucks. I work for one of the largest. A few years ago, when they posted a multi-BILLION dollar loss, the solution was "hmmm.... Don't throw away your paperclips next year." And they continued rolling out brand new workstations to every employee, and replacing all the servers.
I would very much like to know what methods they used to review the code. Interpreting the results of any comparison to remove false positives is a very subjective process. Do they have a method that doesn't generate false positives? If so, did their method find the code that SGI admitted to contributing by mistake?
To be honest, anyone claiming there is absoloutely no questionable code sounds as suspect as SCO claiming it's all questionable code. Reality is never black and white like that.
Of course, at this point it's obvious that any SCO code in Linux is trivial and unintentional. If there were millions of lines of SCO code in Linux it would be impossible to overlook. It remains to be seen how much GPL code has made its way into SCO's UNIX offerings.
And you won't. You won't find the reinsurance coverage for it and you're balance sheet can't support it.
You're insane. You can't make money in patent insurance. The defense costs are too high, and the losses to large if you lose. That's why no one writes it.
Swiss Re has been known to write the occasional policy. Of course, it's with a $5m retention and indemnity only, and you're generally paying about 40% rate on-line.
I posted something similar over at groklaw --
There is now financial interests within the Linux Community in publicizing the risks associated with Linux. Which may have the effect of amplifying Fear, Uncertainty and Doubt rather than dismissing it.
There's also the matter that some legal information or opinions may be reserved for those who are paying in rather than given to everyone.
I'm not trying to ascribe bad motives to the people behind this -- I just don't think they've thought out this enterprise to it's capitalist conclusions and what (unintended) effects it might have. "Trust Us" doesn't go very far in a for-profit world.
Business. Numbers. Money. People. Computer World.
"You can't make money in patent insurance."
Sounds somewhat similar to :
"You can't make money on something you give away for free"
I don't think the goal is to turn into the allstate or geico of the software world, I think it is more along the lines of getting the PHB's of the world to listen, and have some actual backing. (even if it isn't a lot) Its all paper to the higher ups of the world, and this sure as hell isn't aimed at your average perl hack.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
The best thing is that they have killed any chances of anyone buying SCO products again.
Sadly not true, I'm working for a company that is in the process of setting up a new SCO installation on behalf of a customer.
Sure SCO Unixware isn't cutting edge, or something that I think is very popular, but we use it and it's the platform a few products run on.
Course in my server room it our SCO boxes sit next to our Debian boxes .. but that's another story.
Right now there's been little inside talk of the SCO case, but I'm guessing a migration to Linux might not be out of the question..
The file drivers/usb/emi26_fw.h carry the license below:
* This firmware is for the Emagic EMI 2|6 Audio Interface
*
* The firmware contained herein is Copyright (c) 1999-2002 Emagic
* as an unpublished work. This notice does not imply unrestricted
* or public access to this firmware which is a trade secret of Emagic,
* and which may not be reproduced, used, sold or transferred to
* any third party without Emagic's written consent. All Rights Reserved.
*
* This firmware may not be modified and may only be used with the
* Emagic EMI 2|6 Audio Interface. Distribution and/or Modification of
* any driver which includes this firmware, in whole or in part,
* requires the inclusion of this statement.
*/
AFAIK there is no written statement from Emagic that it allows such code to be included in GPL kernel.
See for details bug 242895 at
http://bugs.debian.org/cgi-bin/bugreport.cgi
because they're offering product liability insurance to both developers and users."
Now this is a weird situation.
And before anything else let me say that I am a strong advocate for free software and think Pamela Jones and groklaw have done a wonderful service to the community by applying intense legal play-by-play to the SCO case.
But.
If they're in the business of selling insurance against copyright attacks on Linux, does that not represent a conflict of interest?
If they were after the money, I would have expected their assessments to have at least a small note of ominious nature so that potential clients would be inclined to buy that insurance.
In an era when every other day you hear about yet another lapse in corporate ethics, with the problems that Arthur Anderson got into by offering consulting services to the same clients to whom they offered auditing services, people have to be a lot more careful.
"Provided by the management for your protection."