It's not that you're forgetting a few things, is that you're forgetting one major thing. He discovered this exploit while he worked at the company. It doesn't matter that he felt the need to alert the world to this exploit after he left, he gained this knowledge while employed there.
In the same way that you can't work at a company, learn it's trade secrets, and then jump ship to another company, and disclose all of their trade secrets (similiar to an NDA except this pretty much applies anywhere you work) you also can't gain knowledge of security exploits while you're under their employment, leave, and then tell the entire world about it.
THe feds were completely right in going after this guy. Some of you are being blinded by the security aspects of this, and I would argue differently if he had never worked at the company in question and discovered this exploit as an outsider, but that is not the case.
He got what he deserved. I've worked at tons of companys where to this day I could tell you any number of ways to get back into their networks. Am I going to do that? Hell no. My best course of action is to alert the company of the exploit, and walk away.
That's exactly what he should have done. He didn't, and he paid the price.
Wait wait wait, "officially"? Isn't the.la TLD still officially assigned to Laos, and they've just cut a deal with some company to promote it as a Los Angeles TLD, just like the TLDs of Western Samoa, Tuvalu and Belize are promoted as "Web Site", "Television" and "Business" respectively? Does the City of Los Angeles even know about this?
Not only is this old news, but it's years old. This company has been registering.la TLDs with the Los Angeles spin for *years*.
I think here on/., we are all denying it like crazy and ludicrously thinking that SCO is suing for *no* reason. Why would a company sue unless it has at least something to base its case on? I mean, i think it is more likely than not, that SCO did find some code which infringes on its contract/copyright/whatever.
Ya know, I couldn't understand this either. In an early thread re SCO, I tried pointing out how this was similiar to the AT&T vs. BSD suit of the early 90's, how at the root of all this was the basic question of "did or didn't someone copy code from one to the other" and how easy it was for this to all actually be true.
Instead of getting some well thought out replies (actually I did get a few) I instead got caused a Microsoft Lover, Linux hater, flamed, and all manner of other stupid kiddie-like responses.
In this thread, I see it again. This couldn't be true because this lady doesn't know how to look at kernel sources, i.e. a comment of "open a file" is probably what she was looking at. Come on now - have the people actually writing these posts ever seen the kernel source before? There are no comments even close to anything like that. You don't have to be a technical person to find copy+pasted code bits, and chances are whoever found this stuff wasn't looking manually, they used a program (grep like) to search for the offending code bits.
Again, I say instead of coming up with reasons as to why this couldn't be true, we should also be looking at why it could be true and trying to fix it (if possible, but SCO does have to release the offending code bits or we gotta find them first). Denying all of this up to the last minute is only going to hurt us more in the long run - especially if it all turns out to be true.
Actually, anybody with a licensed copy of SCO's source can diff it against Linux and report the similarities. That's a rather big vulnerability in SCO's little game, don't you think? Especially if the copying turns out to be in the other direction?
Then why hasn't anyone done this yet? I just don't believe it's as easy as you think it may be.
And SCO may have used code from Linux, I'm not arguing that. All I'm saying is that this could end up getting Linux tied up in courts for years.
None of this is new. Alot of this same stuff happened to BSD in the AT&T suit, and while BSD ended up coming out on top, it still cost 'em 2 years in the courts.
This is not a matter of right vs. wrong, but rather SCO may be able to successfully tie up Linux and IBM in the courts for who knows how long. I'd hate to see it happen, but everyone seems to believe that this is a cut and dry case, and the more time that passes, the more that this seems to not be the case (will the real owner of Unix please stand up?)
Please note that there are many of us Linux users that are literate and rational--I hope this particular thread doesn't reflect poorly on the whole lot of us.
This is where the irony comes in - I've been using Linux for much longer than I've been using BSD. I just remember following all this BS back in the day (the AT&T court cases).
I totally don't understand or get all this Linux vs. BSD bullshit that's been going on for years. I use both, developed for both, and have for a very long time. It's all very idiotic to me. I don't see it as us vs. them, I just see it as us Unix users.
However it seems like anytime someone posts or writes a comment that isn't 100 percent "I love Linux" then they're the enemy? What the fuck??? Just because I point out other sides to an argument (that I don't even agree with but want others to recognize valid points) or may point out flaws in my favorite OSes (for improvement) suddenly I'm not a team player anymore?
I know, I know, most of those comments come from 12 year old loosers, but it's still frustrating.
You forget an important lesson of the AT&T vs BSD case. It was found that AT&T itself was engaging in serious copyright violation (removing all the University of California copyrights from their code). They had to settle.
Actually I'm not forgetting this lesson - this is the point I'm trying to make. The case was still eventually won and found in BSD's favor (sort of, 3 files had to be removed from the source and BSD did admit it had done wrong in having them included) but the 2 years this case spent in the courts is a large part why it was not adopted as quickly as Linux was back in the day (there were other reasons but this had a huge effect).
It's not even a matter of right vs. wrong, everyone is missing that fact. If SCO is successful in tying Linux/IBM up in the courts for years, then that is what will end up being the most damaging, regardless of who wins or looses (wanna know why Microsoft paid millions in licenses fees - this will help SCO fight a long battle).
If SCO decides to sue Linus as well, he could get caught up in legal battles (very expensive) for years, even if he is in the right.
This country has a screwed up court system, half the time it's not even a matter of who is right or wrong, but rather who has the most money and can afford to fight for the longest. Judges have a history of not being very technical and not understanding at all the issues at hand.
Wrong. No matter how much you would love Linux to be screwed, only the person who messed up and maybe the organization he works for is. If there really is infringing code (which is doubtful) and if for some special reason the GPL doesn't apply to SCO, it has to be rewritten, that's all.
Why is it so doubtful for code to have been copied? Have you ever done any coding or kernel development before? Why is it so hard to imagine that out of potentially thousands of developers and tens of millions of lines of code, that a few hundred or thousand could have been copied from another project?
It happens all the time. Granted, most of the time it happens involves GPL'd projects, MIT licensed projects, or BSD licensed projects - but that doesn't stop it from happening.
How many stories have we read today about commercial companies stealing GPL'd code and using it in their projects? Is it really so hard to imagine the reverse happening, even if only by one person?
And yeah, the code would have to be re-written if this did happen, but if it is proven, SCO can seek damages and ask that anyone who is using an OS that uses the code now pay them license fee's (or otherwise upgrade, but how fast do you think that'll happen across the board).
Also - just because I'm pointing this out doesn't mean I support SCO. I don't, and think they have a weak case, but that doesn't mean I'm gonna automatically jump on the Linux is right bandwagon and be blinded by the facts (when/if) they come out.
So what do you "avise" me to do? Wet my pants? Stop using Linux? (Yeah, you would really like that, would be good for your MSFT-stock, right?) Start crying?
Ahh, because I point out a bit of history as to how this has happened before in the courts and because I have a little knowledge of the court system an IP now I'm an MS lover? Sit down little Linux script kiddie and take a deep breath before you hurt yourself. You're very misinformed and typical of why I said people shouldn't take this lightly.
There is no evidence, there isn't even the sligtest hint of evidence and SCO voided anything by releasing Linux under the GPL themselves anyway.
How do you know this? SCO doesn't have to show you anything - all the offending code has to be shown to IBM right now. And because of NDA's and the like (whatever is stipulated in their contract) they may never have to show you any of it.
If you really think that anybody should start being aFraid, Uncertain and Doubtful, you are either pretty dumb or part of the FUD machinery yourself.
Ok - when did I say this? When does - "don't take this lightly because it's happened in the past before" translate to be afraid, uncertain, doubtful, etc?
Wrong. No matter how much you would love Linux to be screwed, only the person who messed up and maybe the organization he works for is. If there really is infringing code (which is doubtful) and if for some special reason the GPL doesn't apply to SCO, it has to be rewritten, that's all.
Riiiiight. Now I want to see the fall of Linux, especially since it (along with Solaris, BSD, etc) have been paying my bills for longer than you've probably been walking.
To sum up, yes I will take that threat lightly.
Go ahead. The BSD camp took this very seriously, won the case, and still got fucked in the process while it was being straigtened out in the courts. Know your history little kiddie - else you're gonna be bound repeating it.
1) SCO is suing IBM. IBM already invested billions of dollars in Linux and isn't about to let this one go.
Right, but if it goes to court, it might be possible to issue a temporary injunction baring Linux distribution until the issue is settled. This is (sort of) what happened to BSD.
2) Precisely because of the history of the BSD case. If there is offending code all we have to do is take it out. SCO can't ban Linux entirely, just Linux that contains copyrighted code, if that is the case.
You're right, all BSD did was take out the offending code, but the suit caused distribution of BSD to be help up for a while. That hurt us- we're still paying for it to this day.
I've been an avid FreeBSD user for years, and I remember when this same exact thing happened with AT&T vs. BSD years ago. I would seriously avise the Linux camp not to take this threat lightly (as everyone seems to be doing) because even if you are in the right, this could screw up Linux distribution for years.
All SCO has to prove is that portions of code that it licensed for AIX to IBM ended up being used in Linux. This is alot easier than you think. All it takes is ONE PROGRAMMER out of the thousands that contribute code to have done this, for the Linux camp to be screwed. Since no one is out there auditing Linux code looking for stuff like this - how hard do you think it is for one person out of thousands of developers to have done this?
Look at how much code already is shared between the various BSD and Linux flavours already. Kernel drivers often have huge chunks of code that are just copy and pasted from one flavour to the next.
BSD had the jump on Linux way back in the day but has less marketshare now because of the same BS that happened with the AT&T suit oh so long ago - and we ended up winning that suit!
Be wary. This issue is not as cut and dry as all you may seem to believe. If SCO can prove that one person messed up, Linux is screwed. All it takes is 1.
Slashdot Mirror
It's not that you're forgetting a few things, is that you're forgetting one major thing. He discovered this exploit while he worked at the company. It doesn't matter that he felt the need to alert the world to this exploit after he left, he gained this knowledge while employed there.
In the same way that you can't work at a company, learn it's trade secrets, and then jump ship to another company, and disclose all of their trade secrets (similiar to an NDA except this pretty much applies anywhere you work) you also can't gain knowledge of security exploits while you're under their employment, leave, and then tell the entire world about it.
THe feds were completely right in going after this guy. Some of you are being blinded by the security aspects of this, and I would argue differently if he had never worked at the company in question and discovered this exploit as an outsider, but that is not the case.
He got what he deserved. I've worked at tons of companys where to this day I could tell you any number of ways to get back into their networks. Am I going to do that? Hell no. My best course of action is to alert the company of the exploit, and walk away.
That's exactly what he should have done. He didn't, and he paid the price.
man where do you live? I am so impressed that you knew about the shithole where I live :)
In South Los Angeles, born and raised
on the playground is where I spent most of my days
Wait wait wait, "officially"? Isn't the .la TLD still officially assigned to Laos, and they've just cut a deal with some company to promote it as a Los Angeles TLD, just like the TLDs of Western Samoa, Tuvalu and Belize are promoted as "Web Site", "Television" and "Business" respectively? Does the City of Los Angeles even know about this?
Not only is this old news, but it's years old. This company has been registering .la TLDs with the Los Angeles spin for *years*.
I think here on /., we are all denying it like crazy and ludicrously thinking that SCO is suing for *no* reason. Why would a company sue unless it has at least something to base its case on? I mean, i think it is more likely than not, that SCO did find some code which infringes on its contract/copyright/whatever.
Ya know, I couldn't understand this either. In an early thread re SCO, I tried pointing out how this was similiar to the AT&T vs. BSD suit of the early 90's, how at the root of all this was the basic question of "did or didn't someone copy code from one to the other" and how easy it was for this to all actually be true.
Instead of getting some well thought out replies (actually I did get a few) I instead got caused a Microsoft Lover, Linux hater, flamed, and all manner of other stupid kiddie-like responses.
In this thread, I see it again. This couldn't be true because this lady doesn't know how to look at kernel sources, i.e. a comment of "open a file" is probably what she was looking at. Come on now - have the people actually writing these posts ever seen the kernel source before? There are no comments even close to anything like that. You don't have to be a technical person to find copy+pasted code bits, and chances are whoever found this stuff wasn't looking manually, they used a program (grep like) to search for the offending code bits.
Again, I say instead of coming up with reasons as to why this couldn't be true, we should also be looking at why it could be true and trying to fix it (if possible, but SCO does have to release the offending code bits or we gotta find them first). Denying all of this up to the last minute is only going to hurt us more in the long run - especially if it all turns out to be true.
Actually, anybody with a licensed copy of SCO's source can diff it against Linux and report the similarities. That's a rather big vulnerability in SCO's little game, don't you think? Especially if the copying turns out to be in the other direction?
Then why hasn't anyone done this yet? I just don't believe it's as easy as you think it may be.
And SCO may have used code from Linux, I'm not arguing that. All I'm saying is that this could end up getting Linux tied up in courts for years.
None of this is new. Alot of this same stuff happened to BSD in the AT&T suit, and while BSD ended up coming out on top, it still cost 'em 2 years in the courts.
This is not a matter of right vs. wrong, but rather SCO may be able to successfully tie up Linux and IBM in the courts for who knows how long. I'd hate to see it happen, but everyone seems to believe that this is a cut and dry case, and the more time that passes, the more that this seems to not be the case (will the real owner of Unix please stand up?)
Please note that there are many of us Linux users that are literate and rational--I hope this particular thread doesn't reflect poorly on the whole lot of us.
This is where the irony comes in - I've been using Linux for much longer than I've been using BSD. I just remember following all this BS back in the day (the AT&T court cases).
I totally don't understand or get all this Linux vs. BSD bullshit that's been going on for years. I use both, developed for both, and have for a very long time. It's all very idiotic to me. I don't see it as us vs. them, I just see it as us Unix users.
However it seems like anytime someone posts or writes a comment that isn't 100 percent "I love Linux" then they're the enemy? What the fuck??? Just because I point out other sides to an argument (that I don't even agree with but want others to recognize valid points) or may point out flaws in my favorite OSes (for improvement) suddenly I'm not a team player anymore?
I know, I know, most of those comments come from 12 year old loosers, but it's still frustrating.
You forget an important lesson of the AT&T vs BSD case. It was found that AT&T itself was engaging in serious copyright violation (removing all the University of California copyrights from their code). They had to settle.
Actually I'm not forgetting this lesson - this is the point I'm trying to make. The case was still eventually won and found in BSD's favor (sort of, 3 files had to be removed from the source and BSD did admit it had done wrong in having them included) but the 2 years this case spent in the courts is a large part why it was not adopted as quickly as Linux was back in the day (there were other reasons but this had a huge effect).
It's not even a matter of right vs. wrong, everyone is missing that fact. If SCO is successful in tying Linux/IBM up in the courts for years, then that is what will end up being the most damaging, regardless of who wins or looses (wanna know why Microsoft paid millions in licenses fees - this will help SCO fight a long battle).
If SCO decides to sue Linus as well, he could get caught up in legal battles (very expensive) for years, even if he is in the right.
This country has a screwed up court system, half the time it's not even a matter of who is right or wrong, but rather who has the most money and can afford to fight for the longest. Judges have a history of not being very technical and not understanding at all the issues at hand.
Come talk to me again in about 10 years when you understand some history, learn to read, and stop cheerleading for your favorite OS just because.
Spreading information and history is not equivalent to preaching doomsday messages, you need to seriously learn the difference between the two.
Wrong. No matter how much you would love Linux to be screwed, only the person who messed up and maybe the organization he works for is. If there really is infringing code (which is doubtful) and if for some special reason the GPL doesn't apply to SCO, it has to be rewritten, that's all.
Why is it so doubtful for code to have been copied? Have you ever done any coding or kernel development before? Why is it so hard to imagine that out of potentially thousands of developers and tens of millions of lines of code, that a few hundred or thousand could have been copied from another project?
It happens all the time. Granted, most of the time it happens involves GPL'd projects, MIT licensed projects, or BSD licensed projects - but that doesn't stop it from happening.
How many stories have we read today about commercial companies stealing GPL'd code and using it in their projects? Is it really so hard to imagine the reverse happening, even if only by one person?
And yeah, the code would have to be re-written if this did happen, but if it is proven, SCO can seek damages and ask that anyone who is using an OS that uses the code now pay them license fee's (or otherwise upgrade, but how fast do you think that'll happen across the board).
Also - just because I'm pointing this out doesn't mean I support SCO. I don't, and think they have a weak case, but that doesn't mean I'm gonna automatically jump on the Linux is right bandwagon and be blinded by the facts (when/if) they come out.
Wet my pants?
Stop using Linux? (Yeah, you would really like that, would be good for your MSFT-stock, right?)
Start crying?
Ahh, because I point out a bit of history as to how this has happened before in the courts and because I have a little knowledge of the court system an IP now I'm an MS lover? Sit down little Linux script kiddie and take a deep breath before you hurt yourself. You're very misinformed and typical of why I said people shouldn't take this lightly.
There is no evidence, there isn't even the sligtest hint of evidence and SCO voided anything by releasing Linux under the GPL themselves anyway.
How do you know this? SCO doesn't have to show you anything - all the offending code has to be shown to IBM right now. And because of NDA's and the like (whatever is stipulated in their contract) they may never have to show you any of it.
If you really think that anybody should start being aFraid, Uncertain and Doubtful, you are either pretty dumb or part of the FUD machinery yourself.
Ok - when did I say this? When does - "don't take this lightly because it's happened in the past before" translate to be afraid, uncertain, doubtful, etc?
Wrong. No matter how much you would love Linux to be screwed, only the person who messed up and maybe the organization he works for is. If there really is infringing code (which is doubtful) and if for some special reason the GPL doesn't apply to SCO, it has to be rewritten, that's all.
Riiiiight. Now I want to see the fall of Linux, especially since it (along with Solaris, BSD, etc) have been paying my bills for longer than you've probably been walking.
To sum up, yes I will take that threat lightly.
Go ahead. The BSD camp took this very seriously, won the case, and still got fucked in the process while it was being straigtened out in the courts. Know your history little kiddie - else you're gonna be bound repeating it.
All SCO has to prove is that portions of code that it licensed for AIX to IBM ended up being used in Linux. This is alot easier than you think. All it takes is ONE PROGRAMMER out of the thousands that contribute code to have done this, for the Linux camp to be screwed. Since no one is out there auditing Linux code looking for stuff like this - how hard do you think it is for one person out of thousands of developers to have done this?
Look at how much code already is shared between the various BSD and Linux flavours already. Kernel drivers often have huge chunks of code that are just copy and pasted from one flavour to the next.
BSD had the jump on Linux way back in the day but has less marketshare now because of the same BS that happened with the AT&T suit oh so long ago - and we ended up winning that suit!
Be wary. This issue is not as cut and dry as all you may seem to believe. If SCO can prove that one person messed up, Linux is screwed. All it takes is 1.