Slashdot Mirror
OSRM Declares Linux Free of Copyright Violations
tmu writes "According to a recent press release, the Linux 2.4 and 2.6 kernels are free of any code that violate copyrights. OSRM, the new startup formed by Daniel Egger and including groklaw founder Pamela Jones, completed a 6-month review of all code in both kernels. They must be pretty confident of the results, because they're offering product liability insurance to both developers and users."
Insurance policies are always grouped into lots that allow the "law of large numbers" to come into play. That is to say, small numbers might go on a random walk, but within a large group the actual number of claims will always be reasonably close to the expected number of claims.
Sorry... an insurance company that's offering only one liability product that is either going to have claims from all customers or have no claims at all is not going to fly. Either they'll be pocketing all of the premiums, or the whole house of cards will colapse in more claims than they can ever handle. There's no middle case... either every user of Linux is going to end up owing big bucks to SCO, or none of them do.
$25,000 coverage for $250/year? Do we really need this? In three years time, we'd be paying more than the cost of SCO's unnecessary license for a minuscule amount of coverage that we don't need, because, as they themselves say, Linux is free of copyright infringements.
Peace and love, y'all
In other news today, Darl McBride received a strange packet marked "code review", with a post-it note attached that simply read "PWNED"
Slashdot sucks
I'm not quite sure an insurance policy from these people is worth as much as a SCO license, in that they're either selling policies that won't pay if SCO owns nothing, and they'll be overextended if it does turn out SCO owns something.
However, if you've got a PHB who's seriously thinking about sending his $699 per server into SCO... this may just be a company that you can use to fool your fooled-by-SCO PHB into sending money to the anti-SCO lawyers instead of the pro-SCO lawyers.
I never saw this adequately answered on Groklaw. This is no different really than benchmarks or TCO studies. Show us your methodology, give us the name of an independant third party which conducted the review, and let us review the results. Coming from OSRM I consider this well meant but to be followed by a large grain of salt as they have a vested interest in the outcome. I believe Linux isn't tainted, but if you've combed through the code of Linux and several Unixen, I'd like to see it in black and white.
If thou see a fair woman pay court to her, for thus thou wilt obtain love
Groklaw's running a more detailed piece that gives more information than in the press release. This basically ammounts to a reporter reporting about herself, but that also makes it information straight from the source.
I'm not sure how they can come to that conclusion without having access to the code which SCO is claiming that they have which was inapproprately added into the Linux kernels. Just what exactly did they do in their six-month process to prove that what SCO has behind door #3 isn't there?
Of course, SCO might turn out to have nothing but some farm animals behind door #3, and that outcome is more likely than not to be the one that comes out in the end... but really, what more is this group doing but just spreading counter-FUD about SCO's FUD?
Besides, if you take them at their word, then you don't need their insurance because you're exposed to no risk. They're basically offering a competive form of "SCO lawsuit insurance" that seems only about as strong as buying SCO's "license".
I find it rather humorous that this outfit is probably going to make more money off what's SCO's doing than SCO's itself.
After all, they only need to break $20K, and now they're doing better than Darl & Co.
This is hillarious. Darl's been huffing and puffing for a year trying to squeeze water out of a rock; now here comes OSRM, and before long they made more money essentially by betting that Darl's got nuthin!
So, until now Pamela Jones was doing a terrific job reporting on the obsurdities of SCO claims. Now, she started a company in whose best interest is for SCO and others like it to keep going as long as possible so that her little company can offer insurance. Is it just me, or did we just loose an unbiased source of law information.
Bruce
Bruce Perens.
You have it backwards: They're offering insurance because they're that sure they're right. If they were worried they were wrong, then they'd be worried about having to actually pay claims and wouldn't be so willing to offer the insurance.
Essentially they're trying to call SCO's bluff.
1. This is voluntary insurance. Don't want it? Don't get it.
2. This isn't targeted at users, who are not at risk in any case, so 95% of us can move on, nothing to see here.
3. This has nothing to do with the risks of Linux, for there is nothing wrong with Linux. Instead, it's about the fact that, as SCO showed, there are bad people who want to make trouble for FOSS and will use nuisance suits in order to do that. Sad but true, but let's at least look at the world realistically. We now have another tool to fight these losers.
4. If you are a kernel developer, or a big-pocketed Linux corporate user, and you think you could become a target of one of these nuisance suits, you now have a chance to get insurance against such. Voluntary. Don't want it? Don't get it.
5. Does this make you sad? Blame the bad people who want to cause trouble for FOSS, not the people who are stepping up to try to help.
If the kernel is free of copyright violations, why do we need insurance?
That's like saying "I guarantee there is no danger of flooding here. But I would be happy to sell you flood insurance."
Please help metamoderate.
I think you, like many people, are misreading the service being provided by this company. They aren't offering to have you pay into their banks so that if SCO comes a knockin' you can just roll over and pay them with money from OSRM. Rather, what they are providing is material aid to your company so that you can take SCO to court and fight the charges. Therefore, it is only likely to be providing this aid to a few companies at a time, and can likely get injunctions to slow down any other cases in which they are involved. So, it's relatively unlikely that they'll be asked to pay all the claims at the same time.
I think the more important point is that we shouldn't make the assumption that SCO will be the only SCO. Unless somehow magically all of its cases end in "There cannot possibly under any circumstances be any code in Linux that wasn't meant to be there," which is TERRIBLY unlikely not only because of the innate absurdity of the court ruling on the potential "ownership" of every line of code, including those not material to the case, but also because none of the cases actually deal with the IP except for the Novell and Red Hat ones, one of which says SCO doesn't really own the code to begin with. Simply put, no matter what happens, there is still a vulnerability with open source with so many contributors that someone will view it as an easy target for stock-pumping litigation.
In light of this, it's much more obvious why a company might be willing to shell out $100,000 a year to reduce their risk of having to shell out $Millions to pay for legal defense or $millions in settlement fees.
If I know PJ (and I don't), I don't think the purpose of this is to truly offer insurance. I think it's just to get the word out there that people in the know know this: SCO is full of shit. SCO has made a lot of waves by whining and litigating without showing a shred of proof, and they've even had companies like EV1 cave in and buy licenses just because they feat a lawsuit!
Since the government (SEC?), for whatever reason, is allowing this nonsense to continue, this company is fighting fire with fire and responding in tow: they are attacking SCO on the battleground they themselves defined: the media. They are standing up and saying "We've audited Linux cover to cover, and you, sirs, are full of it."
This is what we need. More news that gets the word out that SCO is an organization of extortionists who have learned to use the slow, inefficient, expensive legal system as a weapon.
To boil it down: SCO is metaphorically using the old "pretending the finger in your pocket is a gun" shtick, and OSRM is announcing "That's your finger, jackass."
Bruce
Bruce Perens.
1 - It is very common for insurance companies to buy re-insurance from other insurance companies and spread the risk that way. I don't think it is a problem that these guys have only one line.
2 - We all know that this insurance is unnecessary. It isn't for us. It is for risk averse PHBs. It seems as much like a PR stunt as a viable business. The FUDmeisters dared the Linux community to indemnify the end users. A couple of companies rose to the challenge and here is yet another response. Having said that, if they can make a buck well, good for them.
As a thousand others have observed: check the Windows EULA.
"Who ya goin to call? FUD-busters!" (ok now I'm getting silly)
Lisa: By your logic I could claim that this rock keeps tigers away.
...
Homer: Oh, how does it work?
Lisa: It doesn't work.
Homer: Uh-huh.
Lisa: It's just a stupid rock.
Homer: Uh-huh.
Lisa: But I don't see any tigers around, do you?
Homer: Lisa, I would like to buy your rock.
Basically the entire SCO vs. Linux affair is Microsoft using a front organisation to attempt to destroy their strongest competitor. Because this competitor is not a single company, but a loose collection of individuals connected by a large network, Microsoft can destroy Linux only by either destroying the network itself or by using a custom-crafted law to prevent any company from using Linux openly. The internet is too big to destroy now so they are threatening to destroy any company that switches from MS to Linux by endlessly expanding legal fees.
Let's not forget that Bill Gates was a master poker player. He's using the threat of an endless series of raises (Microsoft's lawyers disguised as SCO vs. the lawyer's of the target company).
No one in their right mind would play poker like this against the richest man in the world. It is impossible to win because he will always out raise you.
Linux must develop a different strategy against Microsoft/SCO.
No, the correct analogy would be more like this:
"I guarantee there is no natural danger of flooding here, but there are rustlers out there going around causing floods and if you want to protect yourself, try this."
If I read the article correctly this is not a per cpu protection license. SCO wants to lighten your pocket book by $699/per CPU. This coverage is a lump sum with protection up to the amount x you feel comfortable. Big difference.
I guess that's what M$'s 50 million bought them. Another phantom 'cost' which they can use as an allegation against Free Software.
I reckon the 'public' won't see past the M$ spin, to appeciate that by its nature Free/Open Software is continually being checked for copyright infringements.
"OSRM Declares Linux Free of Copyright Violations"
Does OSRM have any more credibility in the court's eyes or SCO's eyes than the thousands of Linux users who have been saying the same thing for almost a year?
What should I do with my $699? Should I:
A - Give it to SCO
B - Buy Linux Insurance
C - Spend it on beer and porn
But even if so, the money isn't going to someone who will litigate your market, and potentially you again in the future. Let's say I was a famous person (I'm not.) I'd rather pay significant money for security if I needed it, rather than simply paying off those that threaten me. Think about it.
RTFA, oh nevermind, this is Slashdot. Anyhow, $250/year is just for developers to insure themselves against legal defense expenses. Companies are expected to pony up $30,000/year for $1,000,000 coverage. That's not a one-time payment, either.
Peace and love, y'all
Let's start a fund to buy SCO's "intellectual property" when all this litigation eventually drives them into bancruptcy.
The OS community playing IP vulture doesn't seem like too bad an idea. SCO does have some code that could be bought and GPL'ed, and the company isn't gonna be worth much a year from now. Let's pool.
Email the money to me for now;)
HHOS
There cannot possibly under any circumstances be any code in Linux that wasn't meant to be there," which is TERRIBLY unlikely not only because of the innate absurdity of the court ruling on the potential "ownership" of every line of code.
I think a ruling stating that there is no difinitive evidence that there is offending code in linux and that all the code in Linux belongs in the public domain would not be unreasonable.
Linus wrote the kernel, everything else is subsidary and fluid. Linux as a whole can not be held responsible for other aspects as they were checked as well as posible.
The courts DO NOT hold organizations specializing in the public good to the same standard as companies which specialize in profit.
Others have stated this already, but just to clarify: all insurance companies reinsure their policies, and it goes especially for areas that tend to be all-or-nothing.
Take a southern California or Tokyo-region real estate insurance company - they're in the same kind of boat. One big earthquake and they are up a very narrow creek with nary a paddle in sight. So what they do is insure their claims in turn in other companies; preferably companies that have little or no other exposure to the same risks. And of course, thiscompany would be a reinsurer for other comapnies as well.
For the risk-taking company, it is a way to dilute risk; rather than, as you say, have either a huge windfall or a total disaster every year, you try to arrange for a reasonable profit every year, rather than just on average.
For the reinsurer, this is another way to dilute risk, and get in on an area in which you have no expertise of your own; from this perspective, the spread between what the company pays you and what they take in from the original insurees is the payment they get for being the expert in the area so you don't have to. A northern European insurance company does not have much in-house expertise on north American earthquakes or their precise effect on real estate holdings, and they would not attract enough business to make it worthwhile, but by reinsuring a California company they get into that business, while relying on that company to do a far better risk assessment than they could do themselves.
The problems occur, of course, if enough things (like natural disasters) happen in a short enough time frame; that can bring _every_ insurance company into trouble, even companies that at first glance have nothing to do with it. You may see your car insurance rise 20% because of flooding in south China, a hurricane off the coast of Florida and a medium-scale earthquake in Hokkaido in the same year.
Trust the Computer. The Computer is your friend.
A. PJ is a good person, who has done a lot of work in her spare time, for free, to benefit the community at large.
:)
B. Before SCO was SCO, AT&T was SCO - see the BSD debacle to know what I mean.
In effect, we know SCO is full shit - but what about future companies? What would you do, if right now, SCO marched up to your business and demanded 20k in license fees?
Most would cave in. This insurance will help you fight.
If this insurance becomes available to individuals, I will get it - just because I really like groklaw, and think PJ's a cool person. Okay, so the backing up against pointless lawsuits bit helps, but..
Look for sites about tort reform.
Thanks
Bruce
Bruce Perens.
Depends if you mean sued as in 'successfully sued', or just the initiation of the process, and if you believe your nation's legal system is just and fair.
Even "unsuccessfully sued" can cost someone a hell of a lot of money. Have you seen how long some of these cases can drag out? It costs money just to defend yourself. And if you successfully defend yourself, you still have to launch your own counter-suit if you want to reclaim any of those losses.
While insurance seems of little use to most people, I can see some companies thinking it's a worthwhile investment.
Bruce
Bruce Perens.
Bruce
Bruce Perens.
Linux is not public domain, Linux is licenced under the GNU GPL, but all contributors to Linux keep their copyrights. So Linux being placed in the public domain would NOT be a win. now saying that the code in Linux apears to be properly contributed would be.
That which is done from love exists beyond good and evil
Because BigInsurCo knows how to evaluate risk, but doesn't know anything about Linux?
Because, to BigInsurCo, it is too small an operation to bother dealing with the details by themselves?
Because OSRM seem to be offering more than just insurance (such as access to their IP lawyers)?
I think Ingvar Kamprad looks like a nice enough guy to play poker with...??
Oh, did you mean the second richest guy? That Bill dude?
Important info:
http://www.lifeaftertheoilcrash.net
http://dieoff.org/synopsis.htm
http://www.peakoil.net
OSRM Declares Linux Free of Copyright Violations
Whoa, they can do that?? Well, hell...
I, DeadVulcan, declare that Iraq is free of weapons of mass destruction.
Accountability on the heads of the powerful.
Power in the hands of the accountable.
If SCO wins a single case in court about copyright violations, what's the point of cashing in your insurance to fight a battle that's already lost? And if SCO loses a single case in court about copyright violations, how can they go after someone else for the same (now non-valid) copyright violation?
My guess is nobody will really buy this insurance except those, like OSRM itself, who just want to make a statement. The real announcement here is that an audit of the Linux kernel was completed and that somebody's willing to put some money where their mouth is.
Imposing Libertarian views on everyone online since 1992.
SCO's license doesn't grant you a blanket indemnity -- just a guarantee that *they* won't sue you.
:-)
PJ is selling insurance that covers *any* infractions.
If a company has a choice between purchasing real insurance from PJ or "insurance" from SCO, they're almost certain to do better with PJ.
'course, I think the whole set of concerns is a lot of baloney -- open source types tend to be pretty careful about licenses -- but it's not as if you can claim that PJ has falsely inflated her product's merits -- she's been saying the same thing for quite a long time.
May we never see th
Let's say they traced, in 6 months, every line of code that went thru the kernel's CVS back thru its committer, and back thru them to its submitter, supposedly its "programmer". How do they know of all those "programmers", none copied someone else's code? And that none submitted code written for hire by someone else, who therefore owns the copyright? While this is possible, 6 months is a long time to investigate every person from whom code came in the 10 year history of the kernel. It's a long time just to get feedback from every programmer, let alone audit their development processes feeding their commits. And if even one programmer didn't reply to their questions, which programmers are free to do, then that mystery programmer is a potential copyright breach.
I don't think there's code in the kernel with copyright that conflicts with the GPL. And it's incumbent on any competing copyright holder (*cough* SCO *cough*) to prove they have the controlling copyright. But OSRM seems to be placing an implausibly confident bet on that conjecture.
Meanwhile, their liability insurance is totally unrelated to their bet on Linux copyright unencumbrance. The liability insurance is merely betting that less than 3% of the insured value of the software they cover is malware. Charging 3% of that insured value, and paying less than 3% in claims, is the aggregate arbitrage of which all insurance is made. But nowhere in that calculus does any Linux copyright liability appear. There's a missing monkey in here somewhere.
--
make install -not war
What about the fact that the coverage they are offering is already available from most of the largest E&O providers in the market (AIG, ACE, Hiscox, Chubb, Zurich, CNA, etc.) 1. cheaper 2. with higher limits 3. with more experienced claims handling staff 4. not tied to specific best practices and techniques (without which coverage does not attach) and 5. as part of a larger E&O program that will provide more coverage for the more likely problems - bugs.
Seriously, this is really just a lot of fluff at this point. $100k in defense costs and $1m in limits is nothing for large companies that buy $50m - $100m liability towers, and a small company looking for coverage can buy $1m in limits (including software copyright) for a lot less than $30k.
And for the record, Bruce, reinsurance is not a great answer. Just look at the problems the London markets are having getting Swiss Re to pay their claims. For a small, poorly capitalized company like OSRM, more than 3 or 4 losses (which their adverse selection will guarantee) will leave them cash flow negative, unable to continue functioning while they wait for the reinsurers to cut a check.
And you won't. You won't find the reinsurance coverage for it and you're balance sheet can't support it.
You're insane. You can't make money in patent insurance. The defense costs are too high, and the losses to large if you lose. That's why no one writes it.
Swiss Re has been known to write the occasional policy. Of course, it's with a $5m retention and indemnity only, and you're generally paying about 40% rate on-line.
Bruce
Bruce Perens.
-
Their stock is in a screaming dive. Closed at $7.77 today, down from $22 at peak.
-
Their VCs want their money back.
-
Before they can sue Linux users over copyright violations, they have to beat IBM and Novell and Red Hat and Damlier-Chrysler or AutoZone.
-
They're losing against IBM, and the other suits aren't going anywhere yet.
-
IBM's law firm is Cravath, the big hammer of corporate litigation. Cravath puts huge teams of lawyers on the job and has an organized process for not missing anything and not making mistakes.
Nobody wins a weak suit against Cravath.
-
SCO has never sued a Linux user that didn't have a previous contract with SCO. If they try, any such suit can be stalled until the big lawsuits are settled, for the same reason the Red Hat lawsuit is on hold.
-
Because SCO has been sueing their own customers, it's dangerous to become an SCO customer. SCO sales have thus tanked.
So there.OK, OK, I know that some of the board members of this company are people we most of us respect. And judging by what Bruce Perens, at least, has contributed to this discussion it seems they really believe in the idea.
But it smells of snake oil.
One cannot, in general, prove a negative. I've no doubt this company has diligently gone through every line of the kernel and reviewed it. But they have not, because they cannot have, diligently gone through every line of pre-existing proprietary computer code on the planet. The majority of computer programs are never released in source form, and it is not normally possible to reconstruct the original source by reverse engineering a stripped binary. So for the vast majority of legally copyright software out there, they did not have the source and could not compare Linux against it.
But that, actually, is beside the point.
By reading diligently through the code the company may potentially put something back into Linux; they may notice and report back to the relevent authors blunders, inelegancies and bugs.
They may.
But apart from that, they make no contribution back to the community. They are, in effect, another bunch of freeloading parasites on the community - the moral equivalent of head lice. They cannot have done what they say they've done, because it is a logical and practical impossibility. But they will profit - probably substantially - on the fears of ill-informed or risk averse corporate managements, and that profit is at least to some extent at the community's expense, because it siphons off money that those corporations were at least in principle prepared to spend on Linux.
I'm old enough to remember when discussions on Slashdot were well informed.
The file drivers/usb/emi26_fw.h carry the license below:
* This firmware is for the Emagic EMI 2|6 Audio Interface
*
* The firmware contained herein is Copyright (c) 1999-2002 Emagic
* as an unpublished work. This notice does not imply unrestricted
* or public access to this firmware which is a trade secret of Emagic,
* and which may not be reproduced, used, sold or transferred to
* any third party without Emagic's written consent. All Rights Reserved.
*
* This firmware may not be modified and may only be used with the
* Emagic EMI 2|6 Audio Interface. Distribution and/or Modification of
* any driver which includes this firmware, in whole or in part,
* requires the inclusion of this statement.
*/
AFAIK there is no written statement from Emagic that it allows such code to be included in GPL kernel.
See for details bug 242895 at
http://bugs.debian.org/cgi-bin/bugreport.cgi