Perens Talks About Open Source Risk Management

Big Sav writes "Here is a quick but good interview with Bruce Perens. It also raises the topic of indemnification vis a vis the SCO court case " Interesting interview - talks about Peren's new Open Source Risk Management company.

Surprised

[andy666]

I am surprised that he didn't discuss the work of Jonathan Smith at U of Penn.

Self-promotion

[lukewarmfusion]

Not that I can really blame him, but this interview is simply a promotion of his new OSRM company. Like posting an interview with your favorite movie star (who spend the entire time plugging his or her new film). It just doesn't seem like "news" as much as it is a commercial.

Re:Self-promotion

[Kegster]

Yeah, Its a bit of a standard plug tour. Though he didn't say anything particularly contraversial in this article, unlike in the one he did for computerworld, with its "if linux gets too commercial the developpers will throw their toys out of the pram and do a Cartman"

Re:Self-promotion

1) That quote isn't in the article you linked.

2) (And this may relate to #1 somehow.) No American would ever use the word "pram" in that context.

Re:Self-promotion

[lukewarmfusion]

Note that I started my post with "I can't blame him" - Perens is doing what I would do in his place... but is it news for Slashdot?

Re:Self-promotion

[Kegster]

Ok, I paraphrased slightly, so sue me ;)

What he says does basically amount to a Damocles Sword hanging over businesses selling Linux based solutions, make money, but not too much, else we'll walk away and find a new toy to play with. And Bruce, with ESR, are the business friendly Open Source activists.

At least with RMS you know where you stand.

Re:Self-promotion

[Banner]

I worked with Bruce once, years and years ago.
Can't stand the guy, don't like him very much either. He's not a nice person, and sorta the co-worker from hell.

Re:Self-promotion

That isn't how these 'interviews' work. 9 times out of ten the subject of the 'interview' contacts the 'reporter' to 'setup' the 'interview'.

I know, I have seen it done a lot.

erm...

[mirko]

About the legal problems small users might face due to the SCO hype :

With small users, I don't think there's a problem. I don't think they're visible enough.

What if SCO choose to attack them like the ??AA went to war against p2p users ?
Small users cannot afford lawyers, after all...

Re:erm...

[baudilus]

Unless they go after users who register their software for support reasons (RedHat, Mandrake), I don't see this being a real possibility. Also, the RIAA sues people under the premise that they are "costing" them money by providing a way to get music for free, for which they would otherwise pay (a ridiculous as we all know this is). I don't think SCO could even find out who is using it, let alone be able to prove monetary damages of any amount. Even if a suit is successful, how could they prove how much money they "lost"? The legal process would cost more than it's worth.

Re:erm...

[Artifakt]

First, I am not a lawyer. If you're being sued by SCO, I reccomend you consult a professional. If you can't afford one, your area may have some organization , usually called Rural Legal Services (even if you are urban, it's often called this, go figure), which will provide legal aid.
Optionally, find a lawyer you think you can't afford, tell him "These Idiots want to sue me. They're already convinced they can beat Chrysler, Auto-zone, and IBM first. Taking my case on contingency is the same as betting they are wrong about that. Interested? (Some lawyers will figure out that there won't be anything left to grab on the countersuit after IBM, let alone the others, get through piling on. You want the lawyer who won't quite think the whole thing out.).
If it were me, I would first petition to have the venue changed to my state if it wasn't already done there. (Then I might want to petition to have the case moved to small claims.). Simultaneously, I would file a counterclaim for my litigation costs (I'll never see a dime, but the ciourt expects me to follow the legal fiction of treating SCO as a solvent company). The big one, though, would be the 4th document, a request that the trial be delayed pending the outcome of SCO's other litigation.
From there, a poor guy, with nothing but his own resources could still write a nice set of interrogatives for SCO to answer, file motion after motion designed to tie up SCOs legal staff, and end up costing them a small fortune that they couldn't possibly recover from him.
Oh, and contacting the press to pretry the whole matter in the courts of public opinion is a nice touch.

Is this a good thing?

[gregarican]

To me it sounds as if the group Bruce is on the board of is trying to exploit or otherwise captalize on the FUD of SCO actually winning a lawsuit. Which probably won't happen. Kind of reminds me of start-up companies which were around for all of the Y2K madness back in 1999. The FUD helped fuel interest, which really exaggerated the real deal.

Maybe Bruce should start selling underwear to Iraqi prisoners...

Re:Is this a good thing?

[pointbeing]

To me it sounds as if the group Bruce is on the board of is trying to exploit or otherwise captalize on the FUD of SCO actually winning a lawsuit.

Agreed.

They're not really offering a lot for the money anyway - on the kernel developer side they offer $25k of protection. IMO if someone was to actually *win* a lawsuit $25,000 would be just a drop in the bucket.

Also, why would I give $100k to someone who doesn't know that at least in this context 'panel' isn't a proper noun? ;-)

Re:Is this a good thing?

[m00nun1t]

Likely or not, it is a risk and could happen. Many companies are risk averse, and look for ways to mitigate risk. This company is providing a way for them to mitigate risk. Pretty much a straight insurance job, although the downside is that their business is really all around one issue, rather than the normal diversified portfolio insurance companies have (betting that not all 100,000 clients will crash their cars in the same year, but all will pay their premiums).

Re:Is this a good thing?

[ichimunki]

I think it's funny, because if the write-up had pointed out that this is the same company Pamela Jones from Groklaw is working at, everyone would have been drooling to praise it as cool and necessary, but since it's Perens everyone wants to rip on it.

Personally I think in the world of risk, the risks from patent, copyright, and other "intellectual property" infringements are pretty low-- users can't really infringe copyright very easily and patents are just as easy to infringe with proprietary software as with free software. I'd be much more concerned about security, license compliance, and other risk factors that affect companies using or developing Free Software.

Re:Is this a good thing?

I would agree with you except:

1) Software patents are becoming increasingly accepted, hence the risk is growing.
2) Proprietary software developers often have lawyers available to consult, to prevent infringement.

Necessary

[Plaeroma]

For our less read posters http://dictionary.reference.com/search?q=indemnifi cation In a perfect world, this service wouldn't be necessary. But, you really can't expect companies to take even imagined risks. If this helps people get involved in OSS despite all the SCO FUD, then job well done.

Re:Necessary

This will also be interesting.

Re:Necessary

Right,

And if it is overpriced in the real world, competition will tend to force the price down to acceptable levels given time. Eventually the price will reflect the actual risk involved, which I suspect will be a small factor in terms of TCO.

The only real problem is if it makes TCO higher in the short run. But this is unlikely since proprietary development solutions face similar risks.

Bottom line is...

[Otter]

...the claimed TCO of Linux has just gone up by however much Getting Sued Over Linux insurance you decide you need. Perens claims he isn't taking advantage of FUD, and he may well not be -- but at least acknowledge that this represents a 180 degree change from "No one could possibly believe there's any legal risk associated with Linux use and anyone who says otherwise is a Microsoft spy!"

RTFM?

[JCMay]

Quoting Perens from the article:

I want to be very careful about that, because OSRM is not capitalizing on FUD (fear, uncertainty, and doubt), OSRM is going around and talking about what the real risks and benefits are.

Re:RTFM?

Right, right, he misspoke, when he said:
I want to be very careful about that, because OSRM is not capitalizing on FUD

What he meant to say was:
I want to be very careful about that, because OSRM is not capitalizing on FUD, we're revenuizing on it - the Microsoft Way (TM)(SM)(C)(R)

why bother RTFA?

bruce posts here on /. often enough, why not just talk to him directly.

Re:why bother RTFA?

[Bruce+Perens]

And I'd answer, if anyone actually asked a question.

Re:why bother RTFA?

[IntlHarvester]

OK. In my understanding you aren't really selling "indemnification" or "insurance", but instead some legal assistance in the case there is an IP problem with open source software. Is this correct? If so, why go that route? It seems to offer little tangible benefit other than the "FUD Protection" angle.

Why not just pro-actively sell the legal assistance -- for example if a company wants to use OSS Project X, you would perform research and certify that the IP in Project X is "clean" and the project is freely redistributable.

(My IP fears aren't with Linux-Kernel or the big name projects -- its that I would use some guy's random open source PHP app only to find that he ripped the code off from a former employer or another project.)

Also you say: "Let me see the insurance policy that covers you if you have to pay out this indemnification, because I want to know that you can pay a claim, or multiple claims, that are as large as the damages I might have to bring to you."

OK, where's your insurance? Why would anyone believe that you have the ability to pay out any claims?

Re:why bother RTFA?

[Bruce+Perens]

but instead some legal assistance in the case there is an IP problem with open source software. Is this correct? If so, why go that route? It seems to offer little tangible benefit other than the "FUD Protection" angle.

It lets us establish a permanent legal team who work on a number of similar claims against Open Source. They'll be up to date on their research, etc. That sort of efficiency will save everyone money.

Why not just pro-actively sell the legal assistance -- for example if a company wants to use OSS Project X, you would perform research and certify that the IP in Project X is "clean" and the project is freely redistributable.

We're doing that too, but if you didn't know: you can never finish a patent search definitively. Regarding the copyright issue you point out, that is easier to deal with.

Currently we have to work with insurance companies. We can't offer it ourselves yet.

Bruce

Re:why bother RTFA?

[nathanh]

And I'd answer, if anyone actually asked a question.

Ok, Bruce, I've got two.

Why am I liable for the misdeeds of another person? A programmer infringes copyright, or breaches a contract, and the user is the one who gets in trouble and owes money. That's OSRM's claim and it seems like an extraordinary claim, but nobody seems very keen to explain why. I want extraordinary evidence, not just the vague hand-waving OSRM has made about patents.

Why OSRM (Open Source Risk Management) instead of SRM (Software Risk Management)? It would have been possible to vette proprietary software under NDA, then offer the same levels of indemnity to users of proprietary software. There's a huge shareware market out there. Indemnifying only OSS users really does reek; it seems to many of us that it's an attempt to capitalise on the FUD surrounding SCO's claims re: Linux.

Re:why bother RTFA?

[Bruce+Perens]

Why am I liable for the misdeeds of another person?

Well, you aren't. But proving that could be expensive. The problem is that the patent statute says that you can be prosecuted for various forms of infringement, including use. If you got to court, your first action would probably be to attempt to sever yourself from the case, for just the reasons you state. And it might work. But we need clearer law here, or at least good case law.

I know that there are some cases I could win as a defendant, but I'd have to spend all I have to get there, and wouldn't get it back. Is that really winning?

I have been thinking about non-Open-Source risk management as you suggest. But there are many entities that can claim expertise on "Software". We can offer a specialized expertise. Also, having focus is a very good thing for a start-up company. If you try to do everything, you fail at doing anything.

To capitalize on SCO's claims, someone would have to believe them. If you look at any survey of the IT industry, you know that's not the case. And you should also know that I have worked very hard to knock down SCO and continue to do so. But it is the nature of Free Software that we do gain something from our enemies. If Microsoft hadn't been saying all of those bad things about us ("unamerican", forsooth), people in business wouldn't have been curious about what was scaring Microsoft, and would not have looked as closely at what we had to offer as they did.

The best thing you can do when thinking about OSRM is to assume that SCO is gone (soon enough that'll be true) and consider what our role is when facing patent claims. There will be enough of them.

Bruce

Re:why bother RTFA?

[nathanh]

Why am I liable for the misdeeds of another person?

Well, you aren't. But proving that could be expensive.

You could alleviate most of the complaints about OSRM if your press releases just said that in plain English. "You aren't required to pay money to SCO if Linux contains SCO code, because that's not your fault, but you might need to pay money to your lawyers to prove that because SCO is suing everybody". If you just said that then it wouldn't be FUD. But instead the OSRM partyline is "Open Source is legally risky and you need to pay money to our crack team of lawyers to mitigate the risk". That's the FUD. Right there.

The best thing you can do when thinking about OSRM is to assume that SCO is gone (soon enough that'll be true) and consider what our role is when facing patent claims. There will be enough of them.

Let's not ignore SCO, because face facts, SCO is the only reason OSRM exists. The OSRM website is plastered with SCO news and SCO stories. It's the only example people care about because it's the ONLY example of a company suing end-users. I think it's silly for you to keep pretending we should ignore SCO. They're the only reason OSRM gets any press at all.

The thing about patents is that there doesn't even need to be copyright or contract problems. I could be using a $20 piece of shareware, binary only, written in total isolation by the Finnish author, and still get sued by Random Company XYZ for patent infringement. So this most certainly isn't a problem with Open Source. It's a problem with software patents in general. But once again you only mention this patent problem in relation to OSS.

But we need clearer law here, or at least good case law.

And if OSRM actively went out and tried to clarify the law, then I'd be cheering you on. But that's not what OSRM is doing. OSRM is agreeing there's a problem and is exploiting the problem to make money. You should be proactively working to have the laws made clear, so that end users are clearly not liable, rather than using the flaw in the legal system to charge end-users for problems which YOU AGREE they are not liable.

I know that there are some cases I could win as a defendant, but I'd have to spend all I have to get there, and wouldn't get it back. Is that really winning?

And this is really my biggest concern. SCO is an abnormality. They are the first and only well known company ever suing end-users (eg, Autozone) because of the alleged contract breaches between SCO and IBM. Let's repeat that; Autozone is being sued because of a contract breach between SCO and IBM.

That's pretty abnormal. I can't think of any other non-SCO case even remotely similar and people have fruitlessly asked another well-noted OSRM member for similar case history. This is unique. This is ABNORMAL. But here's OSRM telling us that this is normal and commonplace and we should pay OSRM for "insurance" against companies like SCO, but not SCO in particular, because we all know SCO doesn't have a leg to stand on. It's absurd. On the one hand you're telling us that it's a real danger, but on the other hand you're saying SCO isn't dangerous even though they're your only example!

It's like OSRM is selling Tiger Insurance. Nobody has tiger insurance because, heck, there aren't a lot of tigers around. Suddenly one tiger escapes from the zoo and mauls 5 innocent victims. Almost immediately this Tiger Risk Management mob springs into existence, selling tiger insurance. TRM tells us that tiger mauling is commonplace and points to the zoo-incident as proof. They never justify how realistic the danger is, but they are all too willing to sell the insurance. TRM is capitalising on the fear generated by a single and abnormal incident. TRM even goes on to suggest that future changes in zoo policy migh

Re:why bother RTFA?

[Bruce+Perens]

I think you aren't giving credit for a number of things that are out there for you to see.

First, go to the OSRM news page and read all of those SCO articles. You will notice the common theme is that we say that SCO doesn't have a case. If we wanted to capitalize on FUD, we would say "maybe", not "no way" about their case.

Second, you really should give me some credit for the years that I have spent attempting to reform just the laws you are talking about, an effort that I continue with OSRM's support. And notice that OSRM is funding work by PJ of Groklaw as well, who certainly is carrying on the fight you are calling for as well.

In my CNET editorial, which will run sometime this week, I hope, I call it "Meteor insurance" rather than "Tiger Insurance", but I make the same point as you, and then explain who really is at risk and why.

Frivolous and unfounded lawsuits are not ABNORMAL, unfortunately. Any large business has learned that, and now it's our turn. SCO will not be the last we face.

Don't you think it's a good idea for us to be prepared? I think a permanent legal team to help defend us, and a revneue stream to support it, are no small thing.

Bruce

Re:why bother RTFA?

[nathanh]

First, go to the OSRM news page and read all of those SCO articles. You will notice the common theme is that we say that SCO doesn't have a case. If we wanted to capitalize on FUD, we would say "maybe", not "no way" about their case.

I'm not accusing you of misrepresenting the facts. I'm saying that you should stop claiming that SCO isn't important, because looking at the OSRM website makes it very clear that SCO is the primary reason for OSRM's existence.

Second, you really should give me some credit for the years that I have spent attempting to reform just the laws you are talking about, an effort that I continue with OSRM's support. And notice that OSRM is funding work by PJ of Groklaw as well, who certainly is carrying on the fight you are calling for as well.

I'm not accusing you of deception, and I give you every credit for what you've done in the past. I also have no doubt that you believe what you're doing right now is appropriate. Just like PJ thinks it's the right thing to do when she writes "M$" in her opinion pages and writes foul remarks about Gosling. But reasonable people can disagree that you're doing the right thing.

Frivolous and unfounded lawsuits are not ABNORMAL, unfortunately. Any large business has learned that, and now it's our turn. SCO will not be the last we face.

Repeat with me... WE ARE NOT A LARGE BUSINESS. This is the Linux community. We are end-users and user groups. We don't have the deep pockets of the large businesses. So $250/year for OSRM's imdemnity is often a deal breaker. I can't "sell" Linux services to anybody who has heard of OSRM because you've scared them all witless. These people are convinced there's a problem because they hear SCO saying "Linux has issues" and OSRM saying "Linux doesn't have issues with SCO, but it might have issues with other companies, so you'll have to buy insurance to use Linux from now on". They're saying "even your OSS 'leaders' are admitting there are legal problems with Linux, so there's no way are we entering murky legal waters by using Linux".

Don't you think it's a good idea for us to be prepared? I think a permanent legal team to help defend us, and a revneue stream to support it, are no small thing.

Damn right I think it's a good idea to be prepared. That's why I donate money to the FSF. But I'm unconvinced that OSRM is anything other than a professional scam. If OSRM was a non-profit organistation like the FSF, or if OSRM actively worked to have the American courts rule that end-users can not be held liable for the misdeeds of companies, then OSRM would have more credibility. However OSRM is trying to profit from the uncertainty surrounding SCO and patents, and I think that is exploitive opportunism.

Think of it from our perspective, Bruce. SCO announces they'll start suing end-users of Linux. An incredulous and truly sick idea. OSRM springs into existence almost overnight, crowing about the legal murky waters surrounding Linux, and _conveniently_ selling insurance. OSRM suddenly hires not one, but two prominent names in the OSS world to give them credibility (because they wouldn't have had any without you). Both of those prominent names suddenly go into overdrive, using their existing forums to tell everybody how important it is to pay for indemnity. If that sequence of events doesn't ring alarm bells, then what does?

Re:why bother RTFA?

[Bruce+Perens]

If you read my recent press (use news.google.com) you'll notice that I am doing anything but sell indemnity. The Robert Macmillan article especially makes that point.

Regarding the FUD messages, we have gone very far out of our way not to amplify FUD and I seriously doubt that hearing of OSRM is turning any customer away.

But there is something you can tell your customers. If we don't do more about software patents, especially patents in standards, a few years from now Linux won't be Free Software any longer. You'll have to buy a patent-licensed version at a steep mark-up from one of the commercial distributions. And the commercial distributions have been doing hardly anything to help is with the patent fight.

Unfortunately, donating to FSF doesn't do much about legal defense. FSF has one legal counsel, who works pro-bono and happens to be off writing a book and other stuff this year so his availability to FSF is extremely limited. They have never built a legal team. And they have been entirely innefective regarding software patents for years, They called their anti-patent effort LPF - League for Programming Freedom, and it has been unstaffed for most of a decade.

And unfortunately, the software companies that we compete with do view us as a consortium of large businesses out to kill them. They and their legal teams will treat us that way.

Bruce

Wikipedia link!

There is more about Open Source Risk Management on the wikipedia!

Extortion

[NineNine]

Reading about his "company" struck me as being extortionist. To me (a business owner), it sounds like "There are many problems with Open Source Software. Pay us, and we'll protect you from all of them. If you don't, well, you're fucked."

Gee, whiz. I want nothing more than to start using wonderful OSS, now!!

Either I need indemnification, or I don't. Which is it? If there's any question whatsoever, I'm gonna err on the side of caution and stick with proprietary code.

For a blow-hard, do-nothing media whore, Perens sure can fuck things up.

Re:Extortion

MS has had these problems as well. At least one patent holder has threatened to sue end users over database technology in Access. I hate to break this to you the Wet Blanket of Proprietary Wisdom but this is a universal problem for business. It isn't unique to OSS.

It seems that running proprietary software isn't a safe option either. I'd recommend going back to abacuses but someone probably has a patent on those as well.

Re:Extortion

For a blow-hard, do-nothing media whore, Perens sure can fuck things up.

Half of our problems would go away if people like Perens and ESR would just sit the fuck down and shut the fuck up.

Re:Extortion

[alex_tibbles]

Either I need indemnification, or I don't
I think you misunderstand insurance. Either I am going to crash my car, or I am not going to crash my car. If I won't crash my car, then I don't need insurance. You know that's not how it works. I just don't _know_ if I are going to crash my car or not. If we knew who was going to crash their cars, we would prevent it!
The point of insurance is that it spreads the cost of Bad Things (tm) over the whole population of people (and corporations) that are at risk of Bad Things, proportionately to the level of their risk.

Re:Extortion

[Shimbo]

I think you misunderstand insurance. Either I am going to crash my car, or I am not going to crash my car. If I won't crash my car, then I don't need insurance.

If someone else crashes into your car, then claims it was your fault and tries to sue you for damages, you'll be glad that your insurance company will handle the case. In the same way, I think most of the "SCO has no case, so why insure?" arguments don't get it. We can't all afford IBM's legal team.

Re:Extortion

[alex_tibbles]

"I think you misunderstand insurance. Either I am going to crash my car, or I am not going to crash my car. If I won't crash my car, then I don't need insurance."

my argument was that the above is fallacious not least because _we don't know_ who will and won't crash their cars. I admit I didn't make that clear.
my point was that we can't rule out the need for insurance because we don't know what the outcome of court cases will be.

What is risk?

Most people think that risk is "probability of bad outcome weighted by cost of bad outcome", or somthing like that. It's not, because in a market, "price" reflects all probabilities and weightings, i.e. price is the "expected value".

Risk is properly measured by the variance in possible outcomes, the amount of "spread" around the expected value, and probability does not enter into that.

Risk has a value because every extra dollar you add to your wealth is worth less to you than the one that came before. So, upward "wins" in the variance are worth less than downward "losses", i.e. you should be willing to pay to eliminate risk, to shrink your variance.

So, the economic "risk" of the SCO lawsuit exists with regard to the spread in possible outcomes, and has nothing to do with their probabilities. The value of insurance to you is based on your economic activity and your risk aversion.

Insurance will increase the spread of Linux, not decrease it.

Perens is capitalizing on his name, not on the FUD, since the article doesn't reflect that he understands risk in detail.

Re:What is risk?

Clarification: risk can be used in two different contexts. When referring to an risk-adjusted expected value, you are referring to a probability *point*. When referring to the risk *profile*, you are referring to a probability distribution.

Probability does play into it, it's just watered down a bit.

However, the article is more about averting risks of using open source software and not about risk management software (which I initially thought it might be about given the title).

Re:What is risk?

Risk is properly measured by the variance in possible outcomes, the amount of "spread" around the expected value, and probability does not enter into that.

You must have fallen asleep in probability class. Expected value and variance are both defined in terms of probabilities.

Agreed, reducing risk is beneficial, but not because more money is worth less, it is because deviation from the expected value is worth less.

How ridiculous is their case, anyways?

[192939495969798999]

It is actually pretty ridiculous of SCO to even have this court case. As an example, I cite my dad's run-in with the US-PTO upon trying to patent a piece of software many years ago: they rejected his claim, stating that "there will NEVER be patents on computer software." Maybe they meant there SHOULD never be patents on computer software... who knows. Once again, it would be nice to see what SCO actually claims they "own", and how they can prove that "fact".

Re:How ridiculous is their case, anyways?

Once again, SCO are not suing over patents - they don't have any relevant ones. They are suing over contract breaches and putative copyright infringements (which look highly unlikely to succeed, I hasten to add). IBM's countersuit alleges SCO infringed IBM's patents.

I did RTFA you insensitive clod!

[gregarican]

That's a PR line. Lawspeak. It indeed is capitalizing on the FUD since any educated person in the technology industry knows that the SCO case doesn't have a leg to stand on. The only potential clients I can see are those who blindly fall for the FUD that SCO has perpetuated.

Just like those consulting companies that were around in 1999 to ensure that no Y2K disaster was going to hit clients. I know some companies would go into people's homes and ensure they were Y2K-compliant. What a freakin' joke! Remember folks stockpiling food and readying themselves for living in bomb shelters? Of course it's an extreme comparison, but the basis is the same. Capitalizing on more ignorant folks' fears.

Re:I did RTFA you insensitive clod!

The whole point is that it's not just the SCO case. What if somebody who DID have a case turned up? What if somebody successfully sued a Linux distributor for patent infringement? Just because SCO's case has more holes than a colander doesn't mean that no case in the future can ever succeed.

Plus even if there is no case, it can still cost a lot in legal fees before resolution: how much have IBM already spent, with the case still ongoing?

Re:I did RTFA you insensitive clod!

[Short+Circuit]

Just because it's valid PR doesn't mean the person speaking it doesn't believe it.

And Bruce Perens is a pretty smart guy, and not, IMO, greedy. If he speaks, you should at least hear him out.

Re:I did RTFA you insensitive clod!

[gregarican]

The last statement I personally am making about this story is that from a business standpoint they are putting all of their eggs in one basket. Clients will purchase insurance to alleviate legal fees of being taken to court over Open Source Software usage. If Bruce and the gang on the board of this company thought that SCO would take smaller companies to court en masse then they would be losing their shirts in selling this insurance and therefore it would be a bad business move.

If Bruce "is a pretty smart guy" then I can't see him risking losing his shirt. It would be like a large hurricane like Andrew back in the early 1990's. If it was forecasted to strike South Florida in short order and a start-up company started selling homeowners insurance for just the specific coverage of storm damage and that's it I would think that it would be a losing proposition from a business point of view. Make sense??

Re:I did RTFA you insensitive clod!

[Short+Circuit]

I suspect he see's it as a legitimate risk, but not something that's going to happen every day. At the very least, it won't happen to all of the subscribers.

And I'm certain he doesn't think there's going to be a storm of litigation. Especially with SCO getting more ridicule than sympathy these days.

Re:I did RTFA you insensitive clod!

[Bruce+Perens]

SCO is going down quickly and there is no risk that they will win in a way that would cause OSRM to have to pay someone. But SCO's not really OSRM's business, anyway. Think about software patents and the future.

Bruce

Comment removed

[account_deleted]

Comment removed based on user account deletion

What do we..

..as a community do to manage the risk of advocates becoming poster boys for financial services and legal companies who want to profit from our work?

Does he?

Does he every do anything for the Linux community that doesn't directly make him money?

I am serious, and 2-3 year old SW doesn't count.

insurance? Perens, answer this.

[an_mo]

Their contracts look very much like insurance, as stated by many in their responses, however what I don't get is this: insurance companies can profit (and their customers benefit) whenever the probability of the negative events happening is not correlated across customers. I get injured, the insurance refunds me with the premia paid by all.

However, in the linux/sco case, if sco wins, ALL companies using linux will sooner or later have to pay. How can insurance work in this environment?

Peren's Outlook

[Inhibit]

Having heard Bruce Peren's give a speech before and had a chance to hear some of his outlook on Linux and IP, he seems to have a fair handle on how it all works.

From the interview it seems that it's an effort to provide some indemnity while making people aware of the possible IP/Copyright issues inherent in coding software in the USA (and probably Europe soon). They're offering a service to assess risk of malicious lawsuits and possible IP violation. Doesn't sound like spreading Fear, Uncertainty, *or* Doubt to me.

Re:Peren's Outlook

Most /.'s don't live in the world of corporate lawsuits. Lawsuits happen all the time, and what's good and decent has nothing to do with it.

Legal action can take time and during that time you can be spending lots of money not just on lawyers, but on software/systems which your investors may feel is tied all sorts of IP claims intrinsic to pending court decision. FUD hits the ignorant - not just your PHB but your companies' public perception. That can make or break some companies profits for several quarters in a row. That to a PHB is scary.

Then so are you.

[DAldredge]

Since you wish to have internet based companies subsidize your business by forcing them to pay local and state sales taxes in areas where they are not based (therefor not using their local services) doesn't that make you an extortionist also?

Re:WinXP is driving me nuts

Amusing. One correction, s/notebook.exe/notepad.exe/

Good thing SCO's Open Source 'attack' is useless

Not because the case has or lacks merit, but because I run FreeBSD and they settled YEARS ago.

Opportunists All

[WryCoder]

"Individual contributors to the Linux kernel gain access to the full resources of the Open Source Legal Defense Fund including guidance on how to best protect and defend their own intellectual property rights. They also receive $25,000 in legal protection from OSRM if they are named in future lawsuits involving their contributions to the Linux kernel. Membership for individuals is $250 annually."

First, it seems to me that the Linux kernel developers should be getting this protection gratis from OSRM and the companies which are actually making a profit from the developer's efforts, and which would not exist except for the efforts of the developers. No, let's charge the kernel developers each $250 annually!!

Second, $25,000 isn't going to go very far if you get sued.

Third, the coverage cost seeems exorbidant. 1% per year for a risk that everyone has been saying all these months is non-existant! I have a $1 million liability umbrella which costs me not 1%, not 0.1%, but about 1/3 of 0.1%.

And if you're a company you pay only 3%! Then there's the Seminars, offered nationally, that you get to attend (at additional cost, no doubt). They don't say whether the coverage includes anything beyond the SCO issues.

Bruce and PJ have gone to the dark side.

This is right up there with the Linux Mark Institute, which is extracting a "low" $500 from everyone who wants to put out a distro which includes "Linux" in its name (even if free beer).

Ladies and gents, the good old days are gone.

And you too

[Bruce+Perens]

Who are you, anyway? I probably didn't like you either.

Re:And you too

[Banner]

Just some guy who watched a poor schlock cover your butt when you showed up late several times and then not at all once. And you still got him fired because you didn't like him either.

Re:And you too

[Bruce+Perens]

The only people I have caused to be fired were at Known Safe and Linux Capital Group. Known Safe's CEO had a severe anger-management problem and poisoned his own company. Linux Capital Group was a bubble casualty, and the ex-employees and cash stockholders have just recently gotten a nice present from the founders.

Anyone else, do not assume I got them fired.

Bruce

Perens is the Michael Moore of Open Software

- IOW, a self-promoting idiot with an aimed interest at polluting the idea of free software...

SCO

[Bruce+Perens]

Folks,

This is not about SCO.

Just pretend that SCO doesn't exist, because there isn't a chance that they will prevail. Then consider what can happen with software patents.

Self-promotion? This interview was arranged by the company's PR firm, so sure. Macmillan calls me every week for something else, and this is the first time he's had a PR firm ask me to call him since publicity for my books at LinuxWorld NY. But I'd not get on the phone if I didn't think I had something interesting to say.

Bruce

it's because of patents...

[zogger]

..and because it's so easy to get yourself sued. It is SO easy to find yourself in court over something just totally lame, BUT, it will cost your beaucoup to deal with it, no matter what. And our legal system is EXPENSIVE to dork around in, expensive, overly complicated, nuts in other words.

Joe free software developer writes a prog, some companies use it. Then along comes someone with this vague patent they got back in 1986 and sues them all, running the odds that enough will cave that they will make money. Having indemnification helps mitigate risk, it's a simple concept that most business and industry runs under now, and it's not going away anytime soon, and eventually, there will be dozens of companies offering this sort of financial package. And the larger companies are grabbing patents on every two lines of code they can think of now, it's nuts, but until that is changed,until patenting "thoughts" is not allowed, eventually the legal system will bog down development. It already IS if you look around.

We COULD slow it down with a "loser pays" law system on civil infringements,that is automatic and not reqiring of a separate suit, and make it apply *equally* to the lawyers involved, as well as the principals. That would help slow down predatory lawyers, who really don't care what case they take,or what the merits are or are not, as long as they get paid.

Re:it's because of patents...

[Otter]

Well, first, Bruce Perens has been swearing up and down that this coverage has nothing to do with SCO, and is all about software patents -- but the OSRM site prominently features SCO-related concerns. (And, of course, there's no way this company would exist if it weren't for SCO.)

But my point is more about perception than reality, anyway. I can't think of any piece of technology I've ever even considered using where it was suggested that specific insurance would be necessary to protect against patent infringement -- as a user! In the absence of any particular patent issue! (Maybe the corporate lawyers deal with such things but if so, it's too low-key for me to have heard about it.) Only Linux (or open-source software or however this works) apparently needs such a thing. And it's not considered a long-shot risk, if you judge by the 3% annual premium.

I don't overmuch care since I'm not buying this coverage and I don't have a huge emotional investment (let alone a financial one) in the success of Linux. But I do know that people here would be screaming their heads off if Perens and Pamela Jones hadn't lent their names to this project.

Re:I'm a Bush Republican! (A poem)

I love it!!! makes me proud to be a Republican.

please bring more of this great material to honor the greatest party every formed in the United States Of America. also..

fuck iraq
fuck afghanistan
fuck anyone who is not an American

Thanks :)

Do Windows users need insurance???

[ignavus]

Windows users don't seem to need insurance - or, at least, no one seems to be selling insurance against BSA raids.

But Linux users (at least big corporations using Linux) DO need insurance against meritless lawsuits??? Meritless lawsuits supported by whom???

Hmmm. Sounds like protection money to me.

Microsoft wanted to make running Linux more expensive than it was, relative to Windows. By threatening Linux through their proxy, SCO, they have succeeded in increasing the cost of Linux: Linux users need to take out insurance that Windows users don't need to buy.

This SHOULD be considered a criminal act - a form of racketeering. Where is the Anti-Trust Act when it is really needed? Why charge someone with a criminal act for stealing some minor item worth one or two dollars out of a shop, and then let a billionaire attempt to steal an entire market - with all the billions of dollars of consumer money and industry inefficiency it costs?

Hello, planet earth???

Re:Do Windows users need insurance???

[nathanh]

Microsoft wanted to make running Linux more expensive than it was, relative to Windows. By threatening Linux through their proxy, SCO, they have succeeded in increasing the cost of Linux: Linux users need to take out insurance that Windows users don't need to buy.

OSRM is selling the idea that I, as a user, could be sued by a company like SCO because of some software that I use written by some guy I've never met. Huh? It makes no sense at all, that I can be punished because of the misdeeds of somebody else, but for the sake of argument and because of my cynical opinion of American law I will assume that it's the ugly reality.

Now why can't I, as a user, be sued by a company like SCO because of something that some proprietary software vendor wrote? Why not? Why is OSRM only talking about *Open Source* insurance. The name, Open Source Risk Management, implies this is a risk only with Open Source software. Doesn't the same risk exist with any software.

OSRM might justify their focus on OSS because they can't vette proprietary software, and fair enough, but as an end-user I just see that Open Source has risk and proprietary software does not. Even with all the best intentions, and with the honorable goal of "defending" OSS users from the evil clutches of lawyers, it still reeks of FUD.

My real concern is that 18 months ago it was ludicrous to even suggest that I should owe money to a company like SCO. Why should I be liable if some nasty programmer rips off code from SCO? But now we have OSRM loudly telling us "yes it's true you might owe money to random companies, just by the mere act of using software" and, lo and behold they conveniently will indemnify us for just a little bit of our money. So now Linux isn't "free" anymore. It's a little bit more expensive than it was 18 months ago. Oh sure, it's "optional", but it still reeks of FUD. First they spread the FUD and then they sell the indemnity that'll assuage your fear.

It looks, walks and quacks like a fricking scam. If it didn't have Perens behind it then everybody would be calling OSRM a con job. But OSRM was smart. They tricked (bribed?) some big Linux names to get in on the action. Maybe Perens even believes what he's saying. Hey, maybe it's even true, maybe you do need to be indemnified to use software, as foul as that idea might be. BUT IT STILL REEKS OF FUD.

I agree with your comments. This smells just like an attempt by proprietary companies to increase the TCO of Linux. I think Perens is the stooge: the best stooges are the people who believe what they're saying.