SAP Admits to 'Inappropriate' Downloading of Oracle Code

netbuzz writes "SAP's CEO Henning Kagermann uses the undoubtedly lawyered term 'inappropriate download' to describe the company's questionable actions. Henning blames a rogue business unit, but there can be no mistaking the fact that Oracle caught SAP with its hand in the IP jar on this one. The legal proceedings that will follow should prove interesting. 'The admission hurts SAP's reputation in the battle with Larry Ellison's Oracle in the $56 billion market for software that manages tasks such as payroll. The rivalry between SAP and Oracle escalated when Oracle filed its March 22 lawsuit claiming SAP workers hacked into a Web site and stole software codes on a grand scale.'"

Sound familiar?

[EveryNickIsTaken]

I did not have inappropriate downloads with that source code!

Re:Sound familiar?

[antdude]

Is that you, Bill Clinton? :)

Re:Sound familiar?

[Torvaun]

Now can you show me on the doll where that bad man compiled you?

Re:Sound familiar?

I may have downloaded inappropriatly from time to time, but I didn't unarchive.

Re:Sound familiar?

[c0d3h4x0r]

I did not have inappropriate downloads with that source code!

The logfile in my server closet says otherwise -- your grep is all over it.

Re:Sound familiar?

[Torvaun]

Ok, I'm worried about the perverted mod who thought the doll thing was interesting instead of funny.

Who would have guessed

[Timesprout]

Oracle has pr0n embedded in it's downloads.

Codes plural?

[Random+BedHead+Ed]

and stole software codes on a grand scale

They stoles codes? Oh noes!

Re:Codes plural?

[L7_]

they have stolen the codes!

one of my pet peeves is pluralizing codes. its like broadcasting to the world "i do not know what i am talking about!". unless you are talking abuot the interwebnet codes.

Re:Codes plural?

[$RANDOMLUSER]

...software codes...

<blink> <blink>
(checks again)
developers.slashdot.org
(pounds head on desk)

Re:Codes plural?

[Dachannien]

Yep, they downloaded one code over each internet.

Re:Codes plural?

most people do not use the term in this light, but "codes" is actually common jargon in high-end supercomuting. It does in fact refer to "code", but as it is being run distributed across thousands of processors. I suspect that the term is derived from the pluralisation actually. It's usage has been falling out of favor though due to confusion with poor english.

Re:Codes plural?

[Yvanhoe]

What makes me raise eyebrows is the verb "steal" more than the pluralization of "code". No doubt that this action is illegal but the use of "steal" is just inaccurate. Why can't we stick to "illegal download" ?

Re:Codes plural?

[utopianfiat]

They had to get the internet first: so their other office emailed it to them and it took nearly a day- damn tubes...

Re:Codes plural?

[Khashishi]

Of course. They downloaded the codes over the internets.

Re:Codes plural?

[arodland]

Wouldn't it be nice if Slashdot editors actually lived up to the name? If a summary is mostly good but contains one glaringly stupid bit, edit it. Or, if that's just too much work, reject it and wait for a better one to come around. There are way too many dupe submissions to justify accepting the first one that looks like it might have been written by an english-speaker.

Re:Codes plural?

[IWannaBeAnAC]

It depends on the subculture. In scientific computing and high-performance computing, it is common to refer to programs as 'codes'. This language originates from one of the original supercomputer applications, hydrocodes.

If you went to the system administrator of a large computing cluster and asked "what codes are you running now?", he would immediately grok that you know what you're talking about. I wouldn't be at all surprised if big iron Oracle people used the same terminology.

Re:Codes plural?

[IWannaBeAnAC]

Yes, it is common teminology in high-end computing, but no it does not have anything to do with distributed computing. It predates multi-processing by a long time. See this comment. As far as I know, the usage shows no sign of falling out of favor.

Re:Codes plural?

[GooberToo]

Because there is legal jargon and laymen terms. In laymen terms, they took/copied/downloaded something to which they have no right to take/copy/download. Thusly, most people consider that stealing or theft. It's a concept everyone understands. Common sense says that's stealing or theft. Legally, it can fall into different categories. If you want to be legally pedantic...fine, but a thief is a thief is a thief. If it makes you feel better to argue semantics, fine no one cares, but it buys you nothing unless you're in the courtroom.

If we go by your rules, OJ is not a murderer and can not be called one because he was acquitted. Common sense and the evidence say otherwise. You going to correct people everytime you hear him referred to as a murderer? Technically he is, legally he is not.

Re:Codes plural?

one of my pet peeves is pluralizing codes. its like broadcasting ... And one of my pet peeves is when someone doesn't know the difference between "its" and "it's".

Re:Codes plural?

[Yvanhoe]

Precise wording make for more elaborate and less ambiguous thinking. As soon as you have labelled someone "thief", you can easily say that he his victim has lost money, it requires attention to not see the fallacy of this conclusion. Equally, when you label someone a "pirate" because he has broken into a system it sounds as if his actions were unequivocally illegal, but we all know that the "black hat" vs "white hat" crackers was a hot debate.

I am not American, I don't know about OJ case and the Wikipedia is not very clear about it. Looks like he was recognize responsible for the murder but escaped jail by (legally ?) paying huge amounts of money ? According to what you say, this is an interesting case where you should choose how you call him depending on what is your opinion about the whole process. I may sound pedant but in fact this is not about futility, wording is important.

Re:Codes plural?

[zeptic]

Shut up, Jar Jar!

Re:Codes plural?

[GooberToo]

Precise wording make for more elaborate and less ambiguous thinking.

But usually makes for confussion when things where completely clear and unambiguous until "precise wording" is used. In this case, saying it was stolen clearly and unambiguously conveys what happened. Conceptually, the depiction is completely accurate so describing a legal technicality makes absolutely no sense what so ever. The meat or spirit of the crime has been effectively communicated. And since effective communication is the intent of communication, the task is complete.

I am not American, I don't know about OJ case and the Wikipedia is not very clear about it.

Sorry, I picked OJ because I knew it had received international attention. I had hoped most people would know the details. For legal reasons it can't be very clear else civil litigation may result.

Looks like he was recognize responsible for the murder but escaped jail by (legally ?) paying huge amounts of money?

The vast majority of the evidence, including DNA evidence, makes him out to be the murderer. He paid $2m in legal fees to his attourneys. OJ Simpson is black and was widely regarded as a black culture hero. The jury was mostly black. Despite the abundance of evidence that indicated OJ murdered two people, the mostly black jury voted not-guilty as a protest vote; which they have more or less admitted. This means even the jury believes he is a murderer but set him free simply because he was black; hoping to speak out to previous social and legal injustices against black people in America. This means legally, he can not be referred to as a murderer.

According to what you say, this is an interesting case where you should choose how you call him depending on what is your opinion about the whole process.

In America, you won't find many people that believe he is not a murderer, even in the black community. Just last month he made news because he was refused service at a restaurant. The owner told OJ to leave because he "does not serve murderers." OJ then started a civil suite but dropped it shortly after. In other words, regardless of what you believe the process to be, the facts of the case prove he is guilty. Since he was acquitted, you can not legally refer to him as a murderer.

I may sound pedant but in fact this is not about futility, wording is important.

Wording is important only when it serves to more effectively communicate. In this case, you are trumping laymen wording and comprehension which easily and accurately conveys the action with legal definition, which is often counter intuitive, often needlessly verbose, and sometimes even illogical. In otherwords, unless you are speaking with your attourney, splitting hairs here doesn't really benefit anyone.

Re:Codes plural?

[edittard]

If we go by your rules, OJ is not a murderer and can not be called one because he was acquitted.

I suspect that's more to with concepts like "burden of proof" and "presumption of innocence" than his rules, whatever you think they are. But IANAL.

Bah

[Richard+McBeef]

Just a little harmless copyright infringement. There shouldn't be a problem here.

Re:Bah

Actually, if Oracle is smart this becomes trade secrets and that is a big deal.

Can I get a consensus opinion?

[shark72]

I believe that the Slashdot zeitgeist is that the word "stole" is used incorrectly here -- many Slashdotters believe that the term "to steal" should only be applied to an instance where a physical item is moved from one place to another, and should not be applied to instances of copyright infringement or unauthorized duplication -- although I presume that exceptions can be made for "theft of service," "identity theft," "you stole my thunder," "stolen kisses" and the like.

So -- was the code really stolen?

Re:Can I get a consensus opinion?

[johnw]

It's not a question of belief - the term "theft" has a very precise definition, and it doesn't include making unauthorised copies of someone else's software or films, despite what F.A.C.T. and F.A.S.T. would want you to believe.

That doesn't mean that copyright infringement isn't wrong or illegal - it just isn't theft.

Re:Can I get a consensus opinion?

> Was the code stolen?

No. Theft is the removal of property with the intent to deprive the rightful owner of it. This is not removal of property, it is the illegal copying of IP. Therefore, illegal, but not theft. "Stole", "Stealing", etc. seem to have a less theft-y connotation than "theft", in general use, and tend to pass in these cases without much argument, but that needs to stop. Theft is theft, and infringement is not.

Re:Can I get a consensus opinion?

[dattaway]

So -- was the code really stolen?

They should have used Bill Gates' precident: removing code from a dumpster. That went unchallenged for years and now that method is not enforceable.

Re:Can I get a consensus opinion?

[Brian+Gordon]

But it is illegal- we'll have to see whether SAP shields its hacker team behind the veil of corporate responsibility or exposes them to be criminally prosecuted individually.

Re:Can I get a consensus opinion?

[javilon]

Well, you can even get the consensus opinion from SAP lawyers. They said "innapropiate download" as opposed to "stealing of code" so there you go.

Re:Can I get a consensus opinion?

[bobcat7677]

Oh for pete's sake! The article writer obviously had no clue what they were talking about. No "Code" or "codes" were "stolen" or otherwise questionably acquired by SAP. Some guys in a support center used logins that weren't theirs (but they were given permission to use) to gain access to software patches and support documents that Oracle was too stingy to give them access to in the first place. They were just trying to do their job and help out customers. At worst it could be considered trespassing...but "stealing code"??? Thats really stretching the definitions of both the term "code" and the term "stealing".

Re:Can I get a consensus opinion?

[abigor]

So what you're saying is, if I break into your house and write down the combination for your safe, I haven't stolen the combination? I think the popular use of the word "theft" would cover such a case. I've stolen the secrecy, which is the value in a secret combination.

Re:Can I get a consensus opinion?

[rolfwind]

"identity theft,"

Well, as dictionary.com defines it:
1. the act of stealing; the wrongful taking and carrying away of the personal goods or property of another

With identity theft, you are taking someone else's reputation/credit and depriving them of it (by ruining it)

Re:Can I get a consensus opinion?

[kebes]

Yes, you're quite right. This is not "theft" in any useful sense. Certainly in regards to the law, "theft" has a specific meaning. The present actions, if true, are probably illegal, but are not theft.

Similarly, the other examples you gave: "theft of service," "identity theft," "you stole my thunder," "stolen kisses". None of those are "theft" in the legal sense (in fact half are not even illegal). Moreover, if you were trying to have a refined argument about any one of those topics, I believe most rational debaters would agree that none of them are "theft" in the strict sense of the word. The word "theft" is being applied in those cases to make the term catchy and easy to remember.

In regards to copyright infringement being inappropriately called "theft" (which is what you were indirectly referring to), similar arguments apply. It is not "theft" in the legal sense of the word, and I believe in a critical argument of the subject, using the term "theft" is imprecise and essentially an appeal to emotion rather than logic. The reason why many people in the copyright debate request that the terms "theft" and "piracy" be expunged from the debate is that, while they are catchy and easy-to-use terms, they muddy the debate by injecting moral preconceptions into the debate. (Thus, by using the terms one is implicitly already supporting a certain moral position, making impartial debate more difficult.)

Similarly, I think if there was a serious debate about the morality of giving one's lover a quick kiss, it would be a weak argument from the anti-kiss debaters if they said "stealing a kiss is, like all forms of stealing, immoral since theft is wrong." The pro-kiss debaters would be well within their debating rights to request that the term "stealing kisses" not be used, and the more neutral term "quick kiss" be used instead.

Re:Can I get a consensus opinion?

[KeepQuiet]

Sure it is stealing. Check dictionary "Steal: To take (the property of another) without right or permission." It doesn't have to be physical. Besides if they print the code on a paper, there you go, it is physical now :)

Re:Can I get a consensus opinion?

[The-Ixian]

However, you have not deprived the owner of the combination and he/she is able to change it.

Re:Can I get a consensus opinion?

[hardburn]

The US has different laws to cover ideas that are publicly known (copyright) and held privately (trade secrets). One can steal a trade secret (by making it un-secret), but not a copyrighted work.

Re:Can I get a consensus opinion?

[MBGMorden]

No, you HAVEN'T stolen anything. You're guilty of breaking and entering. If you use that code to his safe to take anything out of it THEN you'll be guilty of theft.

Just knowing his safe code is not a crime; obtaining it through illegal means (the aforementioned breaking and entering) is the part that is against the law.

Re:Can I get a consensus opinion?

[misleb]

It doesn't sound like it was "code" at all. The TFA mentioned "fixes and support documents." Perhaps Oracle was not providing good enough support so SAP took it upon themselves to get the information they needed? Who knows.

Re:Can I get a consensus opinion?

> So what you're saying is, if I break into your house and write down the combination for your safe, I haven't stolen the combination?

YES, I AM SAYING EXACTLY THAT!

Pretend now that my safe is on display at the end of my driveway, and you, passing by, happen to see the combination written on the front of it. Have you stolen it? No. The only thing you've done illegally in your example is Break and Enter.

Pretend I leave my wallet open on a table, and you read my credit card number. Have you 'stolen' the 'secrecy' of my number? No. You haven't 'stolen' ANYTHING! However, should you choose to use my credit card number, you'd be charged with Identity Fraud and theft (since at that point, you would be stealing my money).

Re:Can I get a consensus opinion?

[misleb]

I'm pretty sure "secrecy" is not something that can be stolen. I can't sue (or press charges against) someone just because they found out something about me that I didn't want them to know. Breaking and entering is the only crime in this particular hypothetical case.

-matthew

Re:Can I get a consensus opinion?

[kevin_conaway]

So what you're saying is, if I break into your house and write down the combination for your safe, I haven't stolen the combination? I think the popular use of the word "theft" would cover such a case. I've stolen the secrecy, which is the value in a secret combination.

I don't follow you. Can you try again with a car analogy?

Re:Can I get a consensus opinion?

[Red+Flayer]

SAP & Oracle both provide support for Oracle systems. So, it goes a little deeper than you would suggest, since the patches etc were then further distributed. Furthermore, the code in question went beyond the scope of the support being provided to the client.

The issue here is that SAP used underhanded (and illegal, likely) tactics to derive an advantage over a direct competitor in the support space -- they "stole" trade secrets.

Sure, it doesn't seem like a big deal, but remember that Oracle paid developers to write and test that code -- and SAP got an easy hand up in building similar patches / support mechanisms for what they address.

Re:Can I get a consensus opinion?

Smooth trolling.

Re:Can I get a consensus opinion?

[Opportunist]

Huh? Of course it's not. And now we got even the seal of approval from the industry. Taking content that doesn't belong to you is not stealing. It's "inappropriate downloading".

Re:Can I get a consensus opinion?

[Opportunist]

Does that mean I can point my "hacking tools" at Redmond now to finally get something resembling a sensible documentation for functions like LdrGetDllHandle?

Re:Can I get a consensus opinion?

[HomelessInLaJolla]

Some guys in a support center used logins that weren't theirs (but they were given permission to use) to gain access to software patches and support documents I don't know if I should be thankful that someone finally put all that into perspective or disgusted that so many other people run with the spin ("they stole code" as if they made off with an entire codebase repository and turned it into a multi-billion dollar OS after chaning the --version string) and try to make it stick as hard as possible.

Parent needs to be +5 and reindexed to the top of the page.

Re:Can I get a consensus opinion?

[Znork]

Intellectual 'property' is an intentionally applied misnomer, with the exact purpose of confusing people to think exactly as you appear to do. Copyright and other such legal constructs arent 'property' as such, but government granted temporary monopolies.

As it isnt property, that dictionary definition obviously does not apply.

Perhaps you could come up with some other word to define 'to violate someones government granted monopoly without right or permission'. Stealing, however, just isnt it.

Re:Can I get a consensus opinion?

[Kjella]

Note: This isn't about law, but about what's natural to say. In general, making copies is copyright infringement either if it's your own or your buddy's CD you're copying. But I think there's a rather long-standing history for using the word "steal" when you break into someone else's property to find that first copy. E.g. "stealing the manuscript to the latest Harry Potter movie", "stealing trade secrets" or "stealing customer databases", "stealing social security numbers" etc. Note that this isn't the same as infringing on copyright of unpublished works. To take Harry Potter since that is the easiest, only the first person "stole" it, in my opinion. Then the rest were infringing on the copyright of that unpublished work until it is published. I'm not sure if that one person is singled out in a separate crime, but he's certainly going to be punished for being the "origin" of all the copies.

Re:Can I get a consensus opinion?

[bobcat7677]

I don't know about you, but I would feel really betrayed and cheated if I found out my software vendor was purposely withholding patches and support documents for their own gain. Especially patches. If the software is broken then the maker should have a responsibility to make any existing fixes freely available to all clients/users (implied warranty). You shouldn't have to pay a company to release a patch to you that they are holding for ransom. Oracle's anti-competitive practices are hurting their customers and I hope they rot for it.

Re:Can I get a consensus opinion?

[UncleTogie]

I'm pretty sure "secrecy" is not something that can be stolen.
Tell that to the Rosenbergs...

Re:Can I get a consensus opinion?

[Red+Flayer]

You shouldn't have to pay a company to release a patch to you that they are holding for ransom.

Well, there are differences between essential patches and non-essential ones. Security holes, operating flaws, sure -- I agree with you. But a lot of other patches are to introduce more functionality or to improve efficiency, and if you choose to buy software as-is, and then go elsewhere for support -- well, then, why should you have access to those patches? You certainly aren't contributing financially to the development of them.

This is not abnormal for software companies -- if you want access to upgrades & non-essential patches, you pay for support of that software from the developer, or from authorized resellers. Pretty much an industry standard from my experience.

Re:Can I get a consensus opinion?

[kryten_nl]

I'd try www.winehq.org first :)

Re:Can I get a consensus opinion?

[KeepQuiet]

Nope I am not confused, I know what I am saying. If some guys spent hours to create a software (or any intellectual property), of course it should be protected and using it without their permission is indeed stealing. No need to play with words. After all, we are not talking about patenting 'one click shopping' or such silly things. A full system of code must be protected if the author wants so.

Re:Can I get a consensus opinion?

[KarmaMB84]

Well, it would be akin to breaking into your house and taking high detail photos of your car keys.

Re:Can I get a consensus opinion?

Why not be both?

Re:Can I get a consensus opinion?

[228e2]

why didnt u just RTFA like everyone else did?

Re:Can I get a consensus opinion?

[ChaosDiscord]

So what you're saying is, if I break into your house and write down the combination for your safe, I haven't stolen the combination? I think the popular use of the word "theft" would cover such a case. I've stolen the secrecy, which is the value in a secret combination.

To use popular terminology, sure, you've "stolen" the combination. But legally you haven't. You've engaged in breaking and entering and trespass. But writing down something you've seen isn't a crime and you can't be charged for it. Heck, you could have learned the conversation by drugging someone who knew it and not bothered to write it down, just memorizing it. While you've committed a crime (Poisoning?), it's certainly not theft. It would be more accurate so say that you've compromised the secrecy of the combination in both cases.

Sometimes it's important to be accurate to minimize confusion and ambiguity. In this case, there are groups like the RIAA and MPAA who are intentionally trying to confuse the very different crimes of "theft" and "copyright infringement." By doing so, they can make illogical statements like making shoplifting of a CD equivalent to making an infringing copy of a song, despite the different levels of damage, different victims, and different penalties. So it should be understandable that some of us now strive to be more careful about our use of the term.

Re:Can I get a consensus opinion?

The submitter should have been more careful with the terms. As you say, this alleged action is either copyright infringement or some other related action (possibly some sort of contract issue, depending on all the facts of how they downloaded whatever it is that was downloaded). Using the words "stole" was sloppy and should have be considered more carefully.

"Theft of service" is usually larceny (maybe trespass), but may possibly be prosecuted as fraud. "Identity theft" is fraud. "Stealing thunder" is neither a crime nor a tort, AFAIK. "Stealing kisses" may be assault, battery or sexual assault of some kind, depending on the circumstances. Just because lay people use terms in other contexts doesn't change the correct legal terms that should apply. People who write articles about an alleged action should use the correct legal terms.

BTW: No matter how many time people on TV (or presidents of the US) say "new-Q- lar", it's still correct to say "nuclear". Just because a lot of people say thing incorrectly doesn't mean it's right.

Re:Can I get a consensus opinion?

[i_love_unix]

The problem is, SAP was essentially hosting Oracle Metalink documents on how to resolve Oracle database issues in SAP and claiming them to be SAP's own work. I can see where Oracle might be just a bit miffed about a rival company claiming the authorship of their own IP. Especially since Metalink is a subsciption-based service. Why subscribe to both Metalink and SAP's own OSS (Online Support System), when you could get all of your solutions from OSS? Large enterprises pay big money for these services. In this case, I think Oracle has a valid claim.

Re:Can I get a consensus opinion?

[homer_s]

I don't follow you. Can you try again with a car analogy?

Stop this already. Car analogies do not work when applied to software or copyright issues.

Using a car analogy to explain copyright issues is like adding a Pontiac engine to a Honda.

Re:Can I get a consensus opinion?

[Odin's+Raven]

I don't follow you. Can you try again with a car analogy?

Okay, so, like, imagine you take your car. And you leave the key in the ignition with the doors unlocked and the windows down.

But that's like totally okay, because you're actually in the car, driving it.

So, like, then imagine you drive your car to a library. You know, like the kind with books. And, like, with photocopiers. I'm sure you see where this is going, right? So you take a book down off the shelf - say, an illustrated guide to Disney movies, so it's all still protected by copyright. And you bring it over to the photocopier.

And you, like, just leave the book there, sitting right next to the photocopier. And you've left it open to a picture from a movie, like one from...ummm...from Chitty Chitty Bang Bang. (Because this is a car analogy, right?) And you just leave it sitting there, right where everyone can see it. And you also leave a quarter sitting there on the book. I'm assuming that the photocopier takes quarters - maybe it takes dimes or something. In any case, you leave enough money that anyone passing by could not only see the picture, but could also - through funds that you yourself provided, make a copy of that picture. I mean, you see where I'm going with this, right?

And then you get back in your car, because you're hungry. And you take your car over to the drive-thru at McDonalds. It's actually right next door to the library, but you take your car because this is a car analogy. But when you go to place your order - here's where things really come together - you order a Whopper. And they tell you that they don't serve Whoppers, but ask if a Big Mac would be okay. And you say yes, and pull around to the pickup window. And you try to pay with Monopoly money, because, like, you wanted a Whopper, and they made you accept a substitute for what you wanted, so you ought to be able to pay with, like a substitute for what they want, right?

And they won't give you the Big Mac. So you drive back home.

So, is it all clear now?

Re:Can I get a consensus opinion?

[Kalriath]

DIEBOLD?!?

Re:Can I get a consensus opinion?

Theft is defined in terms of Steal, which has at least 16 completely different precise definitions.

If only there existed a word for "Obtain Illegally".

If you want to argue legal definitions, that's fine - but I suspect you'll find that Oracle are not suing SAP for "Theft", which would make doing so rather pointless.

Re:Can I get a consensus opinion?

[aguenter]

You must be new here.

Re:Can I get a consensus opinion?

[aguenter]

Theft & copyright infringement do not have to exist on the same plane. If code was transferred over a network and then used in the company's own proprietary software, that is theft and copyright infringement.

As another poster pointed out: if code is printed to paper, it is then stored via physical media, making a fraudulent transfer of its ownership "theft". Whether another copy is available, is not relevant.

IASFFALINEF

Re:Can I get a consensus opinion?

[LinuxDon]

Quote: "So -- was the code really stolen?"
No, the code wasn't stolen: the code was potentially unlawfully duplicated (Since they haven't been convicted for the fact yet)

But I doubt it would make an exciting headline.

Re:Can I get a consensus opinion?

[McWilde]

I think you could do away with the quotes around stole in the case of trade secrets. While the original information is still available to Oracle, it is no longer a secret. So the secrets where actually stolen in the slashdot zeitgeist meaning of the word.

Re:Can I get a consensus opinion?

[Hognoxious]

Furthermore, the code in question went beyond the scope of the support being provided to the client.

If that's the case, why were the SAP guys able to access it using the (end) clients logons?

Honeypot?

[CastrTroy]

How likely is it that Oracle left a honeypot for SAP, MS, MySQL, or any other competitor to walk into, so that they could get rid of that competitor, or at least ruin their reputation and get some money? The fact that their was code on a website accessible to the outside world seems a little suspicious to me. Who leaves code on a publicly accessible server? I think that Oracle would at least be security savvy enough not to let their code be stolen. Anyway, not to start any conspiracy theories or anything, but I just find it a little odd.

Re:Honeypot?

[Vancorps]

This is pretty common practice with Oracle, this is why people pay good money for Metalink access. It's a very valuable tool if you have to work with Oracle products. We used it extensively to get our in-house application working flawlessly with Oracle 10g. There is tons of sample code up there. I doubt they found any actual DBMS code.

Re:Honeypot?

[MightyMartian]

I think it's the more likely explanation. What company with a major product like Oracle would allow code to be available for a website hacker? I can tell you that all my developmental stuff is not on a machine that one could just hack into via the web server to grab the code.

Re:Honeypot?

[CastrTroy]

If it's pretty common practice for them to give out this code to their users, then why was SAP in the wrong with downloading it. Are they complaining that SAP downloaded some code off of Oracle's website that was right out in the open for their customers to download? The article seems to be a little light on the details, so what did SAP actually download, and how hard was it for them to "hack" in to the Oracle website containing the code?

Re:Honeypot?

[OG]

From a quick perusal of news stories, that doesn't seem be the case. It looks like some TomorrowNow employees used credentials from their clients to access information from Oracle's website that they would not otherwise have access to. As to what the did with it...the only concrete thing I've seen so far is republishing Oracle info for some fix with the TomorrowNow logo and representing it as their own work.

Re:Honeypot?

[Fox_1]

Both Companies, SAP and Oracle make money supporting each others products for their customers, kind of a 1 Support solution even though there is more then 1 Vendor involved. SAP was able to download product patches and updates that allowed them to provide support for Oracle products, but they were downloading files meant for Oracle customers who had paid Oracle for Support. SAP was able to use those files to support customers who had not paid Oracle for support, but had chosen SAP for Support. It's just dirty, SAP agreed to provide support but they are just stealing the solutions from Oracle.

Re:Honeypot?

[mhwelsh]

Read the article please. They didn't download source code to Oracle Products. Its sample code that is available to their customers. Most large software packages have similar websites. Oracle's happens to be the best I've used. However, the code and examples give a lot of insight into the nitty gritty workings of the Oracle products. This is a trade secret, that is useful to both customers and competitors, and they have a reasonable expectation that SAP will stay out. Most large companies with any sort of Business Conduct rules would fire these employees immediately. Its unethical even if its easy.

Re:Honeypot?

[evilviper]

As to what the did with it...

Since the evidence that they stole the code is overwhelming, they've admitted to that. But, of course, after going through the trouble of stealing their biggest competitor's code, they didn't actually do anything with it that could be illegal... No.

In other words, they didn't inhale.

Re:Honeypot?

Posting as AC for obvious reasons.

There is no source code to any Oracle product on MetaLink, nor is it possible to access source code from the outside without special software and internal access granted to certain servers etc.

What you can find on MetaLink are patches (bug fixes), notes on how to solve various issues, SQL scripts for many tasks and sample code used to demonstrate certain features, access to bugs and the bugtext if published etc.

Re:Honeypot?

We had somebody who couldn't use a cig running our country? Now thats interesting.

Re:Honeypot?

[ClamIAm]

Who leaves code on a publicly accessible server?

Richard Stallman, Linus Torvalds, etc.

Confused

[Reason58]

SAP workers hacked into a Web site and stole software codes Am I the only one confused as to why Oracle would be keeping source code on a production web server?

Re:Confused

Probably. Makes perfect sense to me. As a Windows Vista developer in Redmond I always post the full OS source code to developer.microsoft.com. I like it better than the local store because the password is "msrulez" and I find that easier to remember than the long passwords they make us use on the internal systems. (Mine currently is "Dev0944438766****" - annoying, isn't it? I had to throw my social security number in there to get it to the length the admins required.)

Re:Confused

Am I the only one confused as to why Oracle would be keeping source code on a production web server?

That is how Oracle sends out updates to it's ERP software. The customer uses a user ID and password to log into a secure site and then the customer is free to download any patch necessary.

Re:Confused

[OG]

As someone else stated, the code that was downloaded probably wasn't Oracle DBMS code. Rather, it was coding examples like people would usually find on a developer network site, such as MSDN.

Re:Confused

SAP workers hacked into a Web site and stole software codes Am I the only one confused as to why Oracle would be keeping source code on a production web server? It's not product source code. It is support documents and patches. Full details are here.

Most inappropriate use of the word "inappropriate"

[Trails]

Inappropriate? Inappropriate is when my boss caught me photoshopping my buddy's head onto a screen cap of the Pamela and Tommy video (It was for his bachelor party, I swear it).

This is illegal and perhaps fradulent (ie they claimed they were customers seeking service). But what gets me the most about this is how blisteringly stupid it is. "There's no way they could know it's us! Well, there's no way, apart from the webserver logs, that they could know it's us!".

From the article:

Oracle said TomorrowNet used identities of Oracle customers and phony users to gain access to its systems. Customers for whom SAP allegedly conducted illegal downloads include Merck & Co. and Bear Stearns & Co., according to the March 22 lawsuit.

So not only are they picking a legal fight with Oracle, pissing of the DOJ, and destroying their reputation, but they've basically shown they're not above pretending to be their customers. I bet the SAP CEO is turfed before the end of the next quarter.

Too bad...

[rootology]

Just think how many problems like this could be solved if someone went and invented some sort of free software licensing system, and everyone adopted it...

Re:Too bad...

[heinousjay]

Yes! Yes! The best way to ensure that people's rights aren't violated is to take those rights away!

Re:Too bad...

[rootology]

Yes, because releasing code under something like the GFDL is obviously a release of your own rights to profit off your code.

Re:Too bad...

[kinglink]

As long as the license creator didn't throw a fit when someone tried to make money off of the license in a way he didn't think of, and feels the need to write a new license that locks out those people. Oh yeah and basically acts like a spoiled baby.

I'm all for free software licensing. I just don't think the people at the forefront of the free software licensing are the people who should have any control over it at all.

what if it was a setup

[b17bmbr]

not that I'm a tin foil hat guy, but what if oracle paid someone in SAP to hack the site, opened up the hole for the purpose, and then let the whole thing go down? what's a few mil when then there's billions to grab.

Re:what if it was a setup

[Trails]

Then, if that ever came out, the reputational and legal implications for Oracle would be disastrous.

While it's feasible someone with "pull" at Oracle is dumb enough to try something like that, it's not within the realm of reasonable probability. Courtesy of Sorbannes-Oxley, companies have checks and balances built in to prevent just these types of things (audits and reviews), meaning that the collusive elements required to pull this off would be fairly distributed, and difficult to contain.

Re:what if it was a setup

[Aladrin]

I think you qualify for a tinfoil hat license now.

Seriously, though. If they HAD paid someone to do that... Would that person not be sitting on a ton of blackmail? Oracle could never get away with it.

When you take something that doesn't belong to you

[geoffrobinson]

...that's stealing. People may try to justify stealing because the laws are bad (and the laws may need to be changed) but that doesn't change the fact that we steal things that don't belong to us.

We are stone-cold thieves. That's the human condition.

stole software codes on a grand scale

[Threni]

I wonder how many codes they stole? For a Slashdot story, this is pretty poor.

Not Source Code

There was no source code on the website!
It was Technical Support documents and patches that SAP was downloading. The only "theft" here is that SAP did not have support contracts to download the patches and documents.

Re:Not Source Code

[OG]

And, according to one news article I saw, republished one of the support documents with their own logo, passing it off as their own work.

Re: SAP Admits to 'Inappropriate' Downloading

[zakeria]

but they uploaded better code in return!

Alternate answer...

[StressGuy]

Q. What do you do after raping a deaf, blind and dumb girl?
A. Go to prison

And the follow up (this is really funny)

Q. What do you do when your fellow inmates discover you assaulted a Handicapped woman?
A. They all make you their "deaf, blind, and dumb girl".

Not funny? oh well, I guess you had to have been there.

Re:Alternate answer...

That's even funnier, well done

Heh

[glwtta]

"Unbreakable", my ass.

Re:Heh

[Fex303]

"Unbreakable", my ass.

That's what she said.

Sorry. Had to be done.

Re:Heh

[Shuntros]

Greetings! American unit who didn't bother to RTFA, or the comments. Them, up there ^^^

How exactly is entering a valid username/password (albeit that weren't theirs) breaking the unbreakable? It's not, is it. So you're not funny. STFU.

Re:Heh

[glwtta]

"It's not, is it. So you're not funny. STFU."

Ignoratio elenchi - I don't see why the former implies the latter.

When you think something isn't funny, feel free to ignore it, or we end up wasting even more internet ink (the conservation of which, I am assuming, is your goal here).

Oh, and I am not American.

Re:Most inappropriate use of the word "inappropria

[Red+Flayer]

None of that matters in the long run.

FTA (emphasis mine):

``Although many will see the legal teams as the cavalry in this battle, the troops that really matter are the PR special forces contingent,'' Ovum Plc analyst David Mitchell said. ``PR is where this battle will be won or lost.''

That is most certainly the case.

And now for the snark. Wtf? PR special forces? What kind of training does that require? Going seven days without using buzzspeak or powerpoint? Writing press releases and giving presentations under hostile fire?

And, most importantly, what color are their berets?

Identity theft

[HalAtWork]

You can't have your identity stolen, because according to the government, your identity is not within you, it's some intangible record. It can be misappropriated though, in the sense that someone other than you can use it. It's a flaw that criminals take advantage of to view private information, take your stuff, or take actions on behalf of you, and THAT is the actual problem.

As for stealing code, I think the problem is not actually that the code is stolen but that the copyright and license have been violated, and in addition they have made money from someone else's work without them knowing. If SAP is getting Oracle's customers when they would have otherwise gone to Oracle if SAP had not used Oracle's code, then SAP is altering the course of revenue that Oracle would otherwise have, and that is a crime.

Re:Most inappropriate use of the word "inappropria

[Dogtanian]

Inappropriate? Inappropriate is when my boss caught me photoshopping my buddy's head onto a screen cap of the Pamela and Tommy video (It was for his bachelor party, I swear it). Would have less inappropriate if it hadn't been *Pamela's* body you chose to paste his head onto...

Re:Most inappropriate use of the word "inappropria

[Qrlx]

And, most importantly, what color are their berets?

Blackberry.

Stolen Code

[nurb432]

Well, did they "remove" the code from all of oracles servers and backups or in anyway harm the original code? If so, it wasn't stolen.

If they merely copied, then no, nothing was stolen.

Why does the press refer to IP infringement as theft? It gets the common folk riled up. Remember the press is tied directly to the 'media' which desperately needs this to move their agenda along.

Obligatory

I'm in your serverz stealing your codez!!

Summary is slanted - no "hacking" involved...

[Marcika]

The article summary by "netbuzz" is plain flamebait. As TFA says, SAP was authorized to download materials from Oracle's Web site on behalf of customers. The SAP support people made "inappropriate downloads" of fixes and support documents without direct customer need, but they don't state anywhere that there was any hacking or any "stolen" code or "intellectual property" beyond what Oracle specifically made available for support purposes!

Re:Most inappropriate use of the word "inappropria

[Opportunist]

When you now refer to their work as RIMjobs, I'm SO out of here...

Who cares?

[mi]

Information wants to be free. Does not it?

Copyright != Trade Secret

[SydShamino]

should not be applied to instances of copyright infringement or unauthorized duplication

While the term "intellectual property" has little collective meaning, there are four types of government protection that is generally classified as "IP":

Copyright
Patent
Trademark
Trade Secret

Slashdot seems unable to grasp the existence of the fourth one. When a copyright is infringed on, it is ... copyright infringement. However, when a trade secret is stolen it is ... theft. The two different types of protection have completely different laws. Copyright infringement would only apply if Oracle was distributing the code already (to people not covered by an NDA contract!), and SAP acquired its copy through participatory infringement. This is a clear-cut case of theft of trade secret.

Other recent examples of trade secret cases:
  - The early release of the final episode of 24. (I would readily argue that unreleased creative works can be classified as trade secrets, since a publisher doesn't want his novel/unique ending recreated in a soap opera before his publication.)
  - The Coca-Cola theft case. The secretary and others that stole the formulas and tried to sell them to Pepsi weren't convicted of copyright infringement; they were convicted of theft of trade secret, as the law applies.

(Yo! IANAL and probably used a few terms slightly wrong.)

Re:Most inappropriate use of the word "inappropria

[Asic+Eng]

It's not terribly clear to me why that should be inappropriate at all. It seems their services company (TomorrowNet) would download patches from Oracle servers for Oracle customers. So if I understand this correctly, the customer (e.g. Merck) would call TomorrowNet (who they have a support contract with) and ask them to help them with some problem on their Oracle installation (which they bought and have the right to receive patches for). So now the TomorrowNet employee using Merck's login downloads the patch for them and (using the documentation which comes with the patch) explain to the Merck employee what they have to do to get the patch installed.

I presume somewhere in the contract between Oracle and Merck there is something which says "only your employess may use this account", and there is probably a notice on the website which states that you can only access the account with your own login. The whole setup would be used to prevent other companies from supporting Oracle installations, I guess.

It's all about preventing competition and replacing innovation with lawsuits, in my opinion.

Definitely not "stolen"

Because they didn't delete what they downloaded from Oracle's servers, it was not "stolen." Improperly downloaded, sure. I'm not quite even convinced it was copyright infringement (these were support documents they make available to anyone with a support account, after all). So at worst, they misused support accounts they shouldn't have. Unless that deprived other people of the use of the support accounts (in which case the accounts could've been "stolen") I can't see how anything was stolen here. Just someone making a lot of fuss over nothing.

And to the other fellow below saying that you can "steal" a combination to a safe, unless taking it deprived you of the use of it, I wouldn't say that the combination had been "stolen." That's just not what the word means, however loosely it's used. That's not to say that it's right or good to do that, but still, I don't see "secrecy" as something that can be stolen. Now, you can steal credit (plagiarism) for something, but secrecy is a lack of information, not a positive entity, like credit for a work, or say light (when you compare it to its negative entity, shadow).

So it might still be wrong, especially if you used it to steal things from the safe. I just don't see it as properly being called "theft" because nothing has been removed except an absence of information. I also have some question as to whether that example would be universally wrong. What if you overheard it, or stumbled across the combination by accident? I have a hard time believing that would be wrong, let alone illegal. Conversely, installing a key logger or hidden camera or something to copy down passwords or combinations is very wrong, so it depends on context. Not theft in either case, but quite possibly both wrong and illegal for other reasons.

There are lots and lots of crimes that aren't theft, after all.

Re:When you take something that doesn't belong to

[kryten_nl]

I'm just glad that we (the human race) invented the wheel _before_ we invented copyright.

Embarrassing

[jmors]

It seems to me that this is as much an embarrassment for Oracle as it is for SAP. Don't they have that "unbreakable" os and software there? :) I guess no matter how secure your software is, if your human personel place your intellectual property on a web server or connect it into your network to the same subnet as the web server you still have huge security holes!

EULA vololation, NDA volation or infringement?

So, I can't tell what they are talking about. Oracle has tons of "free-ish"
developer licensed stuff that is not usable IIRC when downloaded on
behalf of client as opposed to _by a client_ ... So, is that what they
are talking about (EULA volation) ... or did they disclose confidental
info given as a result of a partnership agreement? (NDA / Contract volation)
Or make illegal copies of stuff not avialable w/ developer terms and distribute to
cleint (infringement)? .. Or did the actually _hack_ and copy ... I don't believe that they would. I
mean that would be crazy ..

Garick

Re: SAP Admits to 'Inappropriate' Downloading

[Is0m0rph]

Umm this is SAP we're talking about. If you've ever used SAP you'd know there's no possible way they improved anybody else's code ;)

But who does this help?

[pseudorand]

So, Oracle managed to have their systems (presumably running Oracle software) hacked while SAP is programmed by hackers capable of breaking in to a major corporate sites... Maybe it's just me, but I think I might be more inclined to trust my business's data to SAP (assuming they're on my side, of course).

Re: SAP Admits to 'Inappropriate' Downloading

You got that right. SAP is generally a confusing, unintuitive mess.

Re:Most inappropriate use of the word "inappropria

[Qrlx]

Was that a tongue-in-cheek comment?

Keep in mind that this wasn't a customer...

All of the download activity in question was performed by TomorrowNow... a competitor to Oracle, who sells support services to Oracle application customers.

In essence, this was a competitor, stealing a company's information (IP) in order to resell it back to Oracle customers as their own brand of support, and at a lower rate. Regardless of your stance on Oracle, it's just a dirty practice, and something that SAP deserves to get hell over.

If you haven't done it yet, check out the legal filing.. it's pretty decent read.

It's the spawn of something...

After actually using SAP for the last three months, I am designing a bumper sticker to send anonymously to their head office.

"SAP eats babies [insert cute graphic of partial baby]"

Re:It's the spawn of something...

Mebbe you should learn to use it properly, hindu boy.

Had to happen sometime

I used to work for SAP's IT dept. TomorrowNow is a third party support provider for Oracle products, including PeopleSoft and JD Edwards. SAP purchased them to provide a support bridge for products Oracle would be sunsetting, and hopefully bring those customers to SAP's product line as they eventually migrated away from the legacy products.

Clever idea, but this sort of situation was always a concern. How do you provide support for your competitors' products without getting dangerously close to (actual or apparent) IP theft when you need to look something up or do research on those products?

SAP always took that concern very seriously and had very, very strict security policy and access restrictions in place between TN and the rest of the SAP world to try to isolate any exposure. Even still, it always felt (to me, at least) like it was just a matter of time before this happened.

Re:Had to happen sometime

And that is the real point of all this - the battle between SAP and Oracle over maintaining their "old-and-busted" versions of their products. Both companies are trying to persuade their respective customers (as well as customers who own the old versions of their competitor's products) to move to the "new hotness" of either Oracle Fusion (if you use Oracle-owned PeopleSoft or JDE, or SAP's old R/3 product) or SAP's Business Suite (now with Enterprise SOA!) / for the same set of apps. So the real question here is to find out if the customer in question is still paying Oracle for software maintenance.

It's my understanding of things that SAP and Oracle both bought third-party companies in order to support the competitor's old, obsolete products while getting customers to convert to their new products. Sometimes, in a big company the process of migrating from one product to another may take several years - what do they do about the legacy ERP software they still need to run for some geographies or business units until the entire migration has been completed?

From what I remember Oracle bought up one of these competitive support companies first, and SAP bought the company discussed above as a reaction. As the parent indicated, this must have been seen a something of a risk inside SAP, because unless an Oracle customer continues to pay maintenance fees to Oracle, using patches on the old version while in the process of migrating to SAP is obviously not permitted. Even so, SAP could not let Oracle take this step without taking the exact same one in retaliation.

What we need here is some clarity - what did the SAP support subsidiary actually do?
  1. Specifically, did they download support and/or maintenance patches/packages for an Oracle customer who was using an Oracle-owned application for which they had stopped paying maintenance fees?
  2. Alternatively, did the SAP affiliate download patches legally for one customer using their access information, but then use the same patches for a different customer without the knowledge of Oracle? (say one without the legal right to do so)

I expect this issue to just grow more acute as we march towards 2010, as both SAP and Oracle release maturing versions of their next-generation application suites. Many customers are currently upgrading to PeopleSoft 8.9 and SAP ERP6; but what about those that don't want to do anything? SAP will end maintenance on R/3 4.6C in March 2009, now less than 2 years away. Oracle is doing the same thing to older versions of Oracle, PeopleSoft, and JDE software. But all of these applications came originally with source code; so technically they could be run forever, if someone could provide the patches needed to keep the application current (taxes & legal changes, OS and DBMS stack alignment, SOX reporting, and all the rest).

Not saying here that I know all the details; but I do work in one of these spaces, and know that both companies are looking at how to prevent their old generation of applications from living on past their set "expiration date". Having a competitor actively trying to encourage that happening has to be galling. A 3rd-party belonging to the competition actively working to extend life on applications you want to sunset has two negative impacts: (1) it prevents upgrades to the new generation of its software (and associated revenue streams), while (2) the former client (instead of paying for that new software) pays the competition for the license right to permanently migrate away from your application.

All in all, there's enough ego in both organizations to keep this kind of legal discussion going quite some time. Perhaps we should encourage the development of a "Technical Court TV" for these kinds of cases?

ERP Veteran

Re:Had to happen sometime

[Hognoxious]

so technically they could be run forever, if someone could provide the patches needed to keep the application current (taxes & legal changes, OS and DBMS stack alignment, SOX reporting, and all the rest).

Since SAP provide the application source that's possible. Not easy, but certainly possible.

omfgponies

hmm, this reminds me of having to hack into Toshiba & AMD/ATI's sites to access the technical docs and patches for my legitimately purchased hardware that weren't made accessible due to their lousy coding & broken links!

is that "theft" or just "inappropriate downloading"?

Re:Most inappropriate use of the word "inappropria

[soulsteal]

And, most importantly, what color are their berets?

Why, any color you want them to be!

No Biggie

I think it's perfectly natural for a company that makes brittle and hacky garbage to want to know how another company makes brittle and hacky garbage.

Pants Down Henning

[BillGatesLoveChild]

> Henning blames a rogue business unit

Uhhh yeah. That would be your "Industrial Espionage Division."

Re: SAP Admits to 'Inappropriate' Downloading

SAP haiku:

Double my workforce
to do the transactions now
workarounds not allowed

No

[TheLink]

If the usual theft laws don't apply and the Courts etc would need to use a Copyright/Patent/"Anti-Hacking" Law to make it illegal, then it isn't theft (by legal definition). Similarly for plagiarism and fraud.

Of course if people keep having a muddled thinking about stuff then the definition of words could change and then the lawyers and judges could then interpret the laws differently.

The *AA naturally would be happy if their preferred meaning of theft is spread.

In fact, retroactive extensions of copyright terms is far closer to theft than illegal copying, because with the former, people involuntarily lose their rightful access to something (they can no longer freely use the stuff). In contrast the *AA do not automatically have access to your money (yet?), so even if copying may deprive them of your money, it's still your money in the first place.