Slashdot Mirror
Perens Talks About Open Source Risk Management
Big Sav writes "Here is a quick but good interview with Bruce Perens. It also raises the topic of indemnification vis a vis the SCO court case
" Interesting interview - talks about Peren's new Open Source Risk Management company.
I am surprised that he didn't discuss the work of Jonathan Smith at U of Penn.
Not that I can really blame him, but this interview is simply a promotion of his new OSRM company. Like posting an interview with your favorite movie star (who spend the entire time plugging his or her new film). It just doesn't seem like "news" as much as it is a commercial.
What if SCO choose to attack them like the ??AA went to war against p2p users ?
Small users cannot afford lawyers, after all...
Trolling using another account since 2005.
To me it sounds as if the group Bruce is on the board of is trying to exploit or otherwise captalize on the FUD of SCO actually winning a lawsuit. Which probably won't happen. Kind of reminds me of start-up companies which were around for all of the Y2K madness back in 1999. The FUD helped fuel interest, which really exaggerated the real deal.
Maybe Bruce should start selling underwear to Iraqi prisoners...
For our less read posters http://dictionary.reference.com/search?q=indemnifi cation
In a perfect world, this service wouldn't be necessary. But, you really can't expect companies to take even imagined risks. If this helps people get involved in OSS despite all the SCO FUD, then job well done.
...the claimed TCO of Linux has just gone up by however much Getting Sued Over Linux insurance you decide you need. Perens claims he isn't taking advantage of FUD, and he may well not be -- but at least acknowledge that this represents a 180 degree change from "No one could possibly believe there's any legal risk associated with Linux use and anyone who says otherwise is a Microsoft spy!"
What I'm listening to now on Pandora...
Risk is properly measured by the variance in possible outcomes, the amount of "spread" around the expected value, and probability does not enter into that.
Risk has a value because every extra dollar you add to your wealth is worth less to you than the one that came before. So, upward "wins" in the variance are worth less than downward "losses", i.e. you should be willing to pay to eliminate risk, to shrink your variance.
So, the economic "risk" of the SCO lawsuit exists with regard to the spread in possible outcomes, and has nothing to do with their probabilities. The value of insurance to you is based on your economic activity and your risk aversion.
Insurance will increase the spread of Linux, not decrease it.
Perens is capitalizing on his name, not on the FUD, since the article doesn't reflect that he understands risk in detail.
It is actually pretty ridiculous of SCO to even have this court case. As an example, I cite my dad's run-in with the US-PTO upon trying to patent a piece of software many years ago: they rejected his claim, stating that "there will NEVER be patents on computer software." Maybe they meant there SHOULD never be patents on computer software... who knows. Once again, it would be nice to see what SCO actually claims they "own", and how they can prove that "fact".
stuff |
That's a PR line. Lawspeak. It indeed is capitalizing on the FUD since any educated person in the technology industry knows that the SCO case doesn't have a leg to stand on. The only potential clients I can see are those who blindly fall for the FUD that SCO has perpetuated.
Just like those consulting companies that were around in 1999 to ensure that no Y2K disaster was going to hit clients. I know some companies would go into people's homes and ensure they were Y2K-compliant. What a freakin' joke! Remember folks stockpiling food and readying themselves for living in bomb shelters? Of course it's an extreme comparison, but the basis is the same. Capitalizing on more ignorant folks' fears.
Comment removed based on user account deletion
MS has had these problems as well. At least one patent holder has threatened to sue end users over database technology in Access. I hate to break this to you the Wet Blanket of Proprietary Wisdom but this is a universal problem for business. It isn't unique to OSS.
It seems that running proprietary software isn't a safe option either. I'd recommend going back to abacuses but someone probably has a patent on those as well.
Either I need indemnification, or I don't
I think you misunderstand insurance. Either I am going to crash my car, or I am not going to crash my car. If I won't crash my car, then I don't need insurance. You know that's not how it works. I just don't _know_ if I are going to crash my car or not. If we knew who was going to crash their cars, we would prevent it!
The point of insurance is that it spreads the cost of Bad Things (tm) over the whole population of people (and corporations) that are at risk of Bad Things, proportionately to the level of their risk.
Posters recognized by their sig,
Their contracts look very much like insurance, as stated by many in their responses, however what I don't get is this: insurance companies can profit (and their customers benefit) whenever the probability of the negative events happening is not correlated across customers. I get injured, the insurance refunds me with the premia paid by all.
However, in the linux/sco case, if sco wins, ALL companies using linux will sooner or later have to pay. How can insurance work in this environment?
Having heard Bruce Peren's give a speech before and had a chance to hear some of his outlook on Linux and IP, he seems to have a fair handle on how it all works.
From the interview it seems that it's an effort to provide some indemnity while making people aware of the possible IP/Copyright issues inherent in coding software in the USA (and probably Europe soon). They're offering a service to assess risk of malicious lawsuits and possible IP violation. Doesn't sound like spreading Fear, Uncertainty, *or* Doubt to me.
You're reading Slashdot. Of course you like Linux and pc hardware
Since you wish to have internet based companies subsidize your business by forcing them to pay local and state sales taxes in areas where they are not based (therefor not using their local services) doesn't that make you an extortionist also?
I think you misunderstand insurance. Either I am going to crash my car, or I am not going to crash my car. If I won't crash my car, then I don't need insurance.
If someone else crashes into your car, then claims it was your fault and tries to sue you for damages, you'll be glad that your insurance company will handle the case. In the same way, I think most of the "SCO has no case, so why insure?" arguments don't get it. We can't all afford IBM's legal team.
"I think you misunderstand insurance. Either I am going to crash my car, or I am not going to crash my car. If I won't crash my car, then I don't need insurance."
my argument was that the above is fallacious not least because _we don't know_ who will and won't crash their cars. I admit I didn't make that clear.
my point was that we can't rule out the need for insurance because we don't know what the outcome of court cases will be.
Posters recognized by their sig,
First, it seems to me that the Linux kernel developers should be getting this protection gratis from OSRM and the companies which are actually making a profit from the developer's efforts, and which would not exist except for the efforts of the developers. No, let's charge the kernel developers each $250 annually!!
Second, $25,000 isn't going to go very far if you get sued.
Third, the coverage cost seeems exorbidant. 1% per year for a risk that everyone has been saying all these months is non-existant! I have a $1 million liability umbrella which costs me not 1%, not 0.1%, but about 1/3 of 0.1%.
And if you're a company you pay only 3%! Then there's the Seminars, offered nationally, that you get to attend (at additional cost, no doubt). They don't say whether the coverage includes anything beyond the SCO issues.
Bruce and PJ have gone to the dark side.
This is right up there with the Linux Mark Institute, which is extracting a "low" $500 from everyone who wants to put out a distro which includes "Linux" in its name (even if free beer).
Ladies and gents, the good old days are gone.
Who are you, anyway? I probably didn't like you either.
Bruce Perens.
And I'd answer, if anyone actually asked a question.
Bruce Perens.
This is not about SCO.
Just pretend that SCO doesn't exist, because there isn't a chance that they will prevail. Then consider what can happen with software patents.
Self-promotion? This interview was arranged by the company's PR firm, so sure. Macmillan calls me every week for something else, and this is the first time he's had a PR firm ask me to call him since publicity for my books at LinuxWorld NY. But I'd not get on the phone if I didn't think I had something interesting to say.
Bruce
Bruce Perens.
OK. In my understanding you aren't really selling "indemnification" or "insurance", but instead some legal assistance in the case there is an IP problem with open source software. Is this correct? If so, why go that route? It seems to offer little tangible benefit other than the "FUD Protection" angle.
Why not just pro-actively sell the legal assistance -- for example if a company wants to use OSS Project X, you would perform research and certify that the IP in Project X is "clean" and the project is freely redistributable.
(My IP fears aren't with Linux-Kernel or the big name projects -- its that I would use some guy's random open source PHP app only to find that he ripped the code off from a former employer or another project.)
Also you say: "Let me see the insurance policy that covers you if you have to pay out this indemnification, because I want to know that you can pay a claim, or multiple claims, that are as large as the damages I might have to bring to you."
OK, where's your insurance? Why would anyone believe that you have the ability to pay out any claims?
Business. Numbers. Money. People. Computer World.
..and because it's so easy to get yourself sued. It is SO easy to find yourself in court over something just totally lame, BUT, it will cost your beaucoup to deal with it, no matter what. And our legal system is EXPENSIVE to dork around in, expensive, overly complicated, nuts in other words.
Joe free software developer writes a prog, some companies use it. Then along comes someone with this vague patent they got back in 1986 and sues them all, running the odds that enough will cave that they will make money. Having indemnification helps mitigate risk, it's a simple concept that most business and industry runs under now, and it's not going away anytime soon, and eventually, there will be dozens of companies offering this sort of financial package. And the larger companies are grabbing patents on every two lines of code they can think of now, it's nuts, but until that is changed,until patenting "thoughts" is not allowed, eventually the legal system will bog down development. It already IS if you look around.
We COULD slow it down with a "loser pays" law system on civil infringements,that is automatic and not reqiring of a separate suit, and make it apply *equally* to the lawyers involved, as well as the principals. That would help slow down predatory lawyers, who really don't care what case they take,or what the merits are or are not, as long as they get paid.
Windows users don't seem to need insurance - or, at least, no one seems to be selling insurance against BSA raids.
But Linux users (at least big corporations using Linux) DO need insurance against meritless lawsuits??? Meritless lawsuits supported by whom???
Hmmm. Sounds like protection money to me.
Microsoft wanted to make running Linux more expensive than it was, relative to Windows. By threatening Linux through their proxy, SCO, they have succeeded in increasing the cost of Linux: Linux users need to take out insurance that Windows users don't need to buy.
This SHOULD be considered a criminal act - a form of racketeering. Where is the Anti-Trust Act when it is really needed? Why charge someone with a criminal act for stealing some minor item worth one or two dollars out of a shop, and then let a billionaire attempt to steal an entire market - with all the billions of dollars of consumer money and industry inefficiency it costs?
Hello, planet earth???
I am anarch of all I survey.
It lets us establish a permanent legal team who work on a number of similar claims against Open Source. They'll be up to date on their research, etc. That sort of efficiency will save everyone money.
Why not just pro-actively sell the legal assistance -- for example if a company wants to use OSS Project X, you would perform research and certify that the IP in Project X is "clean" and the project is freely redistributable.
We're doing that too, but if you didn't know: you can never finish a patent search definitively. Regarding the copyright issue you point out, that is easier to deal with.
Currently we have to work with insurance companies. We can't offer it ourselves yet.
Bruce
Bruce Perens.
Ok, Bruce, I've got two.
Why am I liable for the misdeeds of another person? A programmer infringes copyright, or breaches a contract, and the user is the one who gets in trouble and owes money. That's OSRM's claim and it seems like an extraordinary claim, but nobody seems very keen to explain why. I want extraordinary evidence, not just the vague hand-waving OSRM has made about patents.
Why OSRM (Open Source Risk Management) instead of SRM (Software Risk Management)? It would have been possible to vette proprietary software under NDA, then offer the same levels of indemnity to users of proprietary software. There's a huge shareware market out there. Indemnifying only OSS users really does reek; it seems to many of us that it's an attempt to capitalise on the FUD surrounding SCO's claims re: Linux.
Well, you aren't. But proving that could be expensive. The problem is that the patent statute says that you can be prosecuted for various forms of infringement, including use. If you got to court, your first action would probably be to attempt to sever yourself from the case, for just the reasons you state. And it might work. But we need clearer law here, or at least good case law.
I know that there are some cases I could win as a defendant, but I'd have to spend all I have to get there, and wouldn't get it back. Is that really winning?
I have been thinking about non-Open-Source risk management as you suggest. But there are many entities that can claim expertise on "Software". We can offer a specialized expertise. Also, having focus is a very good thing for a start-up company. If you try to do everything, you fail at doing anything.
To capitalize on SCO's claims, someone would have to believe them. If you look at any survey of the IT industry, you know that's not the case. And you should also know that I have worked very hard to knock down SCO and continue to do so. But it is the nature of Free Software that we do gain something from our enemies. If Microsoft hadn't been saying all of those bad things about us ("unamerican", forsooth), people in business wouldn't have been curious about what was scaring Microsoft, and would not have looked as closely at what we had to offer as they did.
The best thing you can do when thinking about OSRM is to assume that SCO is gone (soon enough that'll be true) and consider what our role is when facing patent claims. There will be enough of them.
Bruce
Bruce Perens.
You could alleviate most of the complaints about OSRM if your press releases just said that in plain English. "You aren't required to pay money to SCO if Linux contains SCO code, because that's not your fault, but you might need to pay money to your lawyers to prove that because SCO is suing everybody". If you just said that then it wouldn't be FUD. But instead the OSRM partyline is "Open Source is legally risky and you need to pay money to our crack team of lawyers to mitigate the risk". That's the FUD. Right there.
Let's not ignore SCO, because face facts, SCO is the only reason OSRM exists. The OSRM website is plastered with SCO news and SCO stories. It's the only example people care about because it's the ONLY example of a company suing end-users. I think it's silly for you to keep pretending we should ignore SCO. They're the only reason OSRM gets any press at all.
The thing about patents is that there doesn't even need to be copyright or contract problems. I could be using a $20 piece of shareware, binary only, written in total isolation by the Finnish author, and still get sued by Random Company XYZ for patent infringement. So this most certainly isn't a problem with Open Source. It's a problem with software patents in general. But once again you only mention this patent problem in relation to OSS.
And if OSRM actively went out and tried to clarify the law, then I'd be cheering you on. But that's not what OSRM is doing. OSRM is agreeing there's a problem and is exploiting the problem to make money. You should be proactively working to have the laws made clear, so that end users are clearly not liable, rather than using the flaw in the legal system to charge end-users for problems which YOU AGREE they are not liable.
And this is really my biggest concern. SCO is an abnormality. They are the first and only well known company ever suing end-users (eg, Autozone) because of the alleged contract breaches between SCO and IBM. Let's repeat that; Autozone is being sued because of a contract breach between SCO and IBM.
That's pretty abnormal. I can't think of any other non-SCO case even remotely similar and people have fruitlessly asked another well-noted OSRM member for similar case history. This is unique. This is ABNORMAL. But here's OSRM telling us that this is normal and commonplace and we should pay OSRM for "insurance" against companies like SCO, but not SCO in particular, because we all know SCO doesn't have a leg to stand on. It's absurd. On the one hand you're telling us that it's a real danger, but on the other hand you're saying SCO isn't dangerous even though they're your only example!
It's like OSRM is selling Tiger Insurance. Nobody has tiger insurance because, heck, there aren't a lot of tigers around. Suddenly one tiger escapes from the zoo and mauls 5 innocent victims. Almost immediately this Tiger Risk Management mob springs into existence, selling tiger insurance. TRM tells us that tiger mauling is commonplace and points to the zoo-incident as proof. They never justify how realistic the danger is, but they are all too willing to sell the insurance. TRM is capitalising on the fear generated by a single and abnormal incident. TRM even goes on to suggest that future changes in zoo policy migh
First, go to the OSRM news page and read all of those SCO articles. You will notice the common theme is that we say that SCO doesn't have a case. If we wanted to capitalize on FUD, we would say "maybe", not "no way" about their case.
Second, you really should give me some credit for the years that I have spent attempting to reform just the laws you are talking about, an effort that I continue with OSRM's support. And notice that OSRM is funding work by PJ of Groklaw as well, who certainly is carrying on the fight you are calling for as well.
In my CNET editorial, which will run sometime this week, I hope, I call it "Meteor insurance" rather than "Tiger Insurance", but I make the same point as you, and then explain who really is at risk and why.
Frivolous and unfounded lawsuits are not ABNORMAL, unfortunately. Any large business has learned that, and now it's our turn. SCO will not be the last we face.
Don't you think it's a good idea for us to be prepared? I think a permanent legal team to help defend us, and a revneue stream to support it, are no small thing.
Bruce
Bruce Perens.
I'm not accusing you of misrepresenting the facts. I'm saying that you should stop claiming that SCO isn't important, because looking at the OSRM website makes it very clear that SCO is the primary reason for OSRM's existence.
I'm not accusing you of deception, and I give you every credit for what you've done in the past. I also have no doubt that you believe what you're doing right now is appropriate. Just like PJ thinks it's the right thing to do when she writes "M$" in her opinion pages and writes foul remarks about Gosling. But reasonable people can disagree that you're doing the right thing.
Repeat with me... WE ARE NOT A LARGE BUSINESS. This is the Linux community. We are end-users and user groups. We don't have the deep pockets of the large businesses. So $250/year for OSRM's imdemnity is often a deal breaker. I can't "sell" Linux services to anybody who has heard of OSRM because you've scared them all witless. These people are convinced there's a problem because they hear SCO saying "Linux has issues" and OSRM saying "Linux doesn't have issues with SCO, but it might have issues with other companies, so you'll have to buy insurance to use Linux from now on". They're saying "even your OSS 'leaders' are admitting there are legal problems with Linux, so there's no way are we entering murky legal waters by using Linux".
Damn right I think it's a good idea to be prepared. That's why I donate money to the FSF. But I'm unconvinced that OSRM is anything other than a professional scam. If OSRM was a non-profit organistation like the FSF, or if OSRM actively worked to have the American courts rule that end-users can not be held liable for the misdeeds of companies, then OSRM would have more credibility. However OSRM is trying to profit from the uncertainty surrounding SCO and patents, and I think that is exploitive opportunism.
Think of it from our perspective, Bruce. SCO announces they'll start suing end-users of Linux. An incredulous and truly sick idea. OSRM springs into existence almost overnight, crowing about the legal murky waters surrounding Linux, and _conveniently_ selling insurance. OSRM suddenly hires not one, but two prominent names in the OSS world to give them credibility (because they wouldn't have had any without you). Both of those prominent names suddenly go into overdrive, using their existing forums to tell everybody how important it is to pay for indemnity. If that sequence of events doesn't ring alarm bells, then what does?
Regarding the FUD messages, we have gone very far out of our way not to amplify FUD and I seriously doubt that hearing of OSRM is turning any customer away.
But there is something you can tell your customers. If we don't do more about software patents, especially patents in standards, a few years from now Linux won't be Free Software any longer. You'll have to buy a patent-licensed version at a steep mark-up from one of the commercial distributions. And the commercial distributions have been doing hardly anything to help is with the patent fight.
Unfortunately, donating to FSF doesn't do much about legal defense. FSF has one legal counsel, who works pro-bono and happens to be off writing a book and other stuff this year so his availability to FSF is extremely limited. They have never built a legal team. And they have been entirely innefective regarding software patents for years, They called their anti-patent effort LPF - League for Programming Freedom, and it has been unstaffed for most of a decade.
And unfortunately, the software companies that we compete with do view us as a consortium of large businesses out to kill them. They and their legal teams will treat us that way.
Bruce
Bruce Perens.