Wednesday, June 18, 2003
And They Call Linus Careless
SCO's Amended Complaint attacks Linus for allegedly being careless, allowing code in without checking for IP problems first. This is worse than laughable. There is no company in the world, no matter how large or how rich, that can give you a guarantee their code doesn't violate someone's trademark, copyright or patent rights, not that I have ever heard of.
I'd be most interested to hear what procedures Caldera had in place regarding code they incorporated into their distribution of Linux. Did they certify to their users that there was no possibility that there were any violations of anyone's patents, copyrights, or trademarks?
That is more than unlikely, because it'd be unreasonably Herculean to do the kind of investigation that would be required to find out, and even then, how could any company really be sure? Aside from the magnitude of the task, there is the fact that everyone who files tries to make it as hard as possible for others to find out what they have. Even when filing for copyright, when it comes to software, companies don't deposit the entire program on paper, but rather they may print out one page on paper and the rest is deposited on disks, for that very reason.
How about UNIX? Do they make such guarantees, so as to demonstrate to us the superiority of proprietary, comporate ownership? Let's take a look at SCO's Exhibit A. Literally.
When IBM licensed its rights to UNIX from AT&T, back in 1985, Clause 7.03 of the contract, which is attached to SCO's Complaint as Exhibit A, reads like this:
"AT&T warrants that it is empowered to grant the rights granted hereunder. AT&T makes no other representations or warranties, expressly or impliedly. By way of example but not of limitation, AT&T makes no representations or warranties of merchantability or fitness for any particular purpose, or that the use of any SOFTWARE PRODUCT will not infringe any patent, copyright or trademark. AT&T shall not be held to any liability with respect to any claim by LICENSEE, or a third party on account of, or arising from, the use of any SOFTWARE PRODUCT." [emphasis added]
Did AT&T put that in there because they knew they were careless about IP? Hardly. The inserted it because everyone knows there is no reasonable way to make a guarantee regarding IP cleanness in software. To try to imply that Linus is somehow unique in this is ludicrous. Here we see that proprietary UNIX, then owned by the huge entity AT&T, with all the lawyers they wanted to have available to them, made no such guarantee either.
That isn't to say that there is no effort, no process to screen out patented or other proprietary code. A message on Yahoo! Messageboard for SCOx points this out and provides a real-life example:
"SCO is mouthing off about how Linux can't police IP issues. They are also claiming they own trade secret rights to Read, Copy, Update (RCU) technology, and that IBM misappropriated these rights by passing RCU to Linux.
"The following kernel mailing list archives ought to refute all of those claims:
"The first email finds kernel maintainer Andrea Arcangeli from SuSE REJECTING IBM's submission of RCU to linux because the technology is covered by US Patent #05442758, as pointed out by Alan Cox or Red Hat.
"The second is IBM employee Dipankar Sarma stating that IBM owns this patent, having purchased the inventor Sequent, and that IBM legal has reviewed it and approved its release under GPL.
"The third is confirmation from Andrea Arcangeli that an IBM patent grant letter has been sent to both Linus and him.
"OK, SCO dweebs. How do you have a trade secret on something that is patented by someone else? First of all, patenting requires disclosure. Second, a patent grants exclusive rights that means your use of the technology must be authorized by them. Third, it's very clear that the kernel maintainers are exercising proper controls to assure IP is properly licenced."
The poster even provides the url to the patent.
And speaking of careless, SCO is still allowing downloads of OpenLinux 3.1.1, despite their public claims to have stopped, back on May 12. They were told, in an
article in Linux Journal at the end of May that it was still available; the German kernel coder who sent them a notice of copyright infringement last week told them it was still available. And today, I am publicly telling them that it is still available right here. I'm not suggesting you get it, by the way, just telling you where you can verify it. There is quite a bit available besides that, as you can see going down this list . I see scolinux, and clicking on that I see ia64. Hmm. Isn't Unixware what they call System V nowadays? Isn't that the super secret code? Updates and patches for it are available to the public on that page. I don't believe you can patch a trade secret. It's a Humpty Dumpty kind of thing. Someone with more tech skills than I would have to evaluate all this, but the point is, SCO, by continuing to make the Linux kernel available, remains in violation of the terms of the GPL, and after all the notices, is it willful or careless or what? That puts them in a sticky situation.
You are not allowed to distribute the kernel under any other license than the GPL. If you do not accept the GPL, you lose all rights under the GPL to distribute the kernel at all. If you continue, you are in violation of copyright laws. That's what the coder was letting them know. As of today, June 18, 2003, the violation continues. I am a witness.
I wonder if any of the hundreds of kernel contributors has yet talked to a lawyer about sending a DMCA notice and take down letter. It's a logical next step. Copyright infringement is against the law. Talk about anti-FUD.
Cringely: AT&T May Have Reserved Rights in UNIX
Robert X. Cringely says AT&T still has reserved rights on UNIX and may step in legally soon:
"Within the halls at AT&T, folks were chattering just last week that AT&T still has reserved rights on Unix. Naturally, the company is paying close attention to the various legal claims that SCO is making and may join the battle soon. My spy said the word around AT&T is that this will all be resolved shortly. But one has to wonder how long SCO could survive if it had opponents in multiple courtrooms [~] those being, of course, IBM and AT&T."
In case that doesn't prove true, or until it does, I will keep digging. Some on the Yahoo SCOx message board have been debating who the mystery second licensee is, and some have wondered if it could be Sun, because it began an ad campaign today in essence saying we aren't under a legal cloud. It started me thinking.
Here's a list of who SCO says went to their annual shindig last April, to discuss the future of UNIX and Linux:
"PARK CITY, Utah, April 7 /PRNewswire-FirstCall/ -- The SCO® Group (SCO) (Nasdaq: SCOX -News ), a leading provider of Linux and UNIX business software solutions, gathered industry leading IT companies, vertical solution providers, and hardware manufacturers at the company's annual Retail Summit today to discuss future trends and technologies in the retail market, with a special focus on UNIX and Linux based retail solutions. Attendees at the SCO Retail Summit include Datavantage, DELL, GERS, HP, ICM, Oracle, Radiant Systems, Retek, TOMAX, Triversity, Vigilant and Wincor Nixdorf."
I'm thinking our mystery company is likely in that list. If I recall, they identified the mystery corporation as a major hardware manufacturer.
Hold Your Nose and Then Read Forbes on SCO's Brilliance
Forbes' Daniel Lyons just put up an article, "What SCO Wants, SCO Gets", in which he sneeringly warns "the crunchies in the Linux community" to pay more attention to SCO's lawsuit. The article explains how the same players, Canopy principally, have successfully sued other large corporations in the past. It also lays out their financials, so you can see clearly what they stand to gain from this caper, and particularly who stands to gain the most:
"SCO is basically owned and run by The Canopy Group, a Utah firm with investments in dozens of companies. Canopy's chief executive, Ralph J. Yarro III , is chairman of SCO's board of directors and engineered the suit against Microsoft in 1996. ...The IBM lawsuit could bring a windfall to Canopy, which owns 46% of SCO. Another beneficiary could be John Wall, chief executive of Vista.com , a Redmond, Wash., company that last August struck a licensing arrangement with SCO. Wall got 800,000 shares of SCO stock in the deal and still holds 600,000, making him SCO's biggest individual shareholder after Canopy. Those shares, which were worth about $1 each when Wall made the deal, now trade above $10."
He obviously admires SCO.
However, I hope and trust that IBM's attorneys read Forbes. Or my blog. I think this article can end up Exhibit A buttressing their claim (in the opening words of their Amended Answer) that SCO is only doing this to make a killing by destroying Linux:
"In answer to the allegations of the complaint of Caldera Systems, Inc. d/b/a The SCO Group ("Caldera"), defendant International Business Machines Corporation ("IBM") by and through its attorneys, states that, contrary to Caldera's allegations, by its lawsuit, Caldera seeks to hold up the open source community (and development of Linux in particular) by improperly seeking to assert proprietary rights over important, widely used technology and impeding the use of that technology by the open source community."
One of IBM's affirmative defenses is "unclean hands". It's kind of like saying, "These plaintiffs don't deserve relief, because because they are bad themselves." Read the linked definition for more precision.
Obviously, Mr. Lyons didn't think about ending up an exhibit in a court of law, and on the wrong side, from his perspective. At a minimum, he has provided IBM with a very handy map, showing them a big X where they ought to start digging. He who laughs last, Mr. Lyons.
The Laughing Penguin by kind permission of Tiki.
The SCO Show: In Tonight's Episode...
The Open Source Development Lab, or OSDL, where Linus is going, was formed in 2000, and has financial backing from IBM and others according to Reuters:
"The group has financial backing from Computer Associates International Inc. CA.N , Fujitsu 6702.T , Hitachi 6501.T , HP, IBM, Intel Corp. INTC.O , NEC 6701.T and others, and is pushing industry efforts to make Linux ready for use in corporate data centers and in telecommunications networks, OSDL said in its statement."
SCO's accusations got this reaction from Linus:
"Torvalds took issue with SCO's position. 'I care deeply about IP (intellectual property) rights. I've personally got more IP rights than the average bear, and as the owner of the copyright in the collective of the Linux kernel, I shepherd even more. It's what I do, every day. I personally manage more valuable IP rights than SCO has ever held, and I take it damn seriously,' Torvalds said in an e-mail interview."
It's all very ironic. He believes in IP, where Stallman doesn't even think the term "IP" is a correct term to use, and yet it's Linus holding the bag. The FSF was so careful to keep out proprietary code, and most particularly UNIX code, that I guess SCO couldn't touch him, although I'm sure they would have if they could have. Evidently he gave them no opening. Linus, who has always been so much more relaxed about proprietary code, ends up on the hot seat. I can't help but wonder what all the folks who criticized Stallman's stand for being too extreme, including Linus, are saying now? One thing is for sure: they can't say he didn't try to warn them.
John Chen, the CEO of Sybase says this lawsuit is about the big boys trying to slow down the innovative process:
"I and my customers are going to watch and see how the thing unfolds. As an industry person, I think it's rather a shame. The Linux platform serves a segment of the market, and I hate to see this being challenged by a very established player. Ultimately, it hurts our industry and innovation. If you stop the open-systems movement because of something like this, it limits innovation and it only favors the big boys. You want an open environment that players can add value to and thereby expand IT budgets -- not shrink them. I think it's very unfortunate that this garbage is being thrown around. A small group of players just wants to protect the status quo."
I hope he is wrong, because if he's right, and this is just a battle, not between open source and proprietary but between which proprietary player can own Linux in the business space, I just lost interest. He also mentions that Merrill Lynch was thinking of going to GNU/Linux, but now they've decided to stay with UNIX. Another client too has decided to wait and see. That goes into the damages column for anyone suing SCO, by the way.
eWeek has a quote from McBride that is hilarious. "We're not going to play softball at this point, we are simply going to go in and enforce our rights by seeking a permanent injunction." He says they are asking for IBM's entire revenue stream from AIX from June 13 onward, in addition to the other relief they are asking for.
MozillaQuest Magazine has taken their stand on the SCO code shown to the analysts so far, and they say:
"Our conclusions about SCO's code-review side-show, based upon Bill Claybrook's report, our discussions with Bill Claybrook, and previous interviews with other people, is that so far SCO-Caldera has failed to produce any probative evidence that Linux was derived from Unix. Likewise, so far SCO-Caldera has failed to produce any probative evidence that there is SCO-owned Unix code in either the kernel.org Linux kernel or the GNU/Linux operating system (OS)."
They then go on to discuss the controlling issue in this case -- How do you define "derivative work"?
"There are provisos to our conclusion, however. One proviso centers on how one defines a derivative work. The way SCO-Caldera wants to define derivative work, the Journaling File System (JFS) code, the Nonuniform Memory Access (NUMA) code and the Read, Copy, and Update (RCU) code would be Unix derivative works included in the Linux kernel.
"That basis appears to be a matter of the structure of SCO's Unix licensing agreements, rather than the definition of derivative work pertaining to copyrights. (17 U.S.C. 501, et seq.) In other words even if the donation of JFS, NUMA, and RCU code to the Linux kernel developers by IBM is contrary to its Unix license from SCO, it might not constitute a copyright infringement under the U.S. Copyright ACT. (17 U.S.C. 101, et. seq.) Copyright infringement is not part of SCO's Caldera v IBM lawsuit."
That final point, however, is the problem here. If the contract defines derivative code as expansively as SCO now is, then that definition should trump any other definition. You are allowed to contract away some rights. That's why EULAs can be as restrictive as they are. The law of the land doesn't give Microsoft et al those expansive rights (unless UCITA passed in your state or passes everywhere. You do, when you accept the EULA . Similarly, if the contract IBM signed defined derivative code as broadly as SCO does in its Amended Complaint, the court will hold IBM to what it signed, no matter what copyright law says. Until we see their evidence at trial, and particularly the contract terms, it's impossible to know what they think they are standing on as their foundation, but I'm sure Boies isn't standing on thin air completely. He has a theory he thinks he has at least a shot at persuading this judge. But if it was any other attorney, I'd be mocking. When I started this blog on May 16, it wasn't intended to be just about SCO. I began with the Grokster decision, (http://127.0.0.1:5335/?d=2003/05/16) with an article called "Ode to Thomas Jefferson and David Boies", and in it I expressed admiration for his skills. I know he still has those skills. If you want to read, or reread, Wired's 2000 interview with Boies, it is here. And yes, I am puzzled he is representing SCO. And I hope it's because he isn't a geek and "knows not what he does", so to speak. I also hope, in this case, he doesn't know what he is doing.
MozillaQuest also interviewed Bill Claybrook, one of the analysts who examined the code and he details exactly what he saw. Here is just one snip:
"MozillaQuest Magazine: Is the SCO-owned Unix code that allegedly was copied into 'Linux' copied into the kernel.org Linux kernel, some other hacked or patched kernel, the GNU/Linux operating system, a Linux distribution, or elsewhere?
"Bill Claybrook: The code that I was shown was reputed to be from Unix System V source and from Linux source that had been modified by a large IHV. I did not have the source code for the 2.2, 2.4, and 2.5 (development) Linux kernels with me to compare, nor do I recall more than a few thousand lines by memory (my limit), but SCO said that the Linux code is in those three kernels which may tell you something about how long ago this alleged copying took place."
On Sequent's NUMA, Claybrook did some "additional research into the history of the development of DYNIX/ptx at Sequent where the NUMA code was developed, with this result:
"DYNIX developed at Sequent years ago was derived from BSD 4.1 with patches from 4.2 and new code by Sequent. DYNIX/ptx, also developed at Sequent was really BSD code with System V wrappers. So the code was really still BSD code, the kernel code that is. It appears then that the NUMA kernel code was developed on the BSD code. I was told that the NUMA code was given to Linux by IBM. Now the question is was the old Sequent NUMA code actually ported over to AIX and then given to Linux or was the NUMA code that was given to Linux actually based on the old Sequent BSD stuff? .... Based on the research that I have done over the past few days, companies that bought source licenses to System V and created extensions to it for their own use, gave some of this code back to System V and so apparently some of this code may still be in System V. Sequent apparently gave a lot of code back to System V as well as other companies.
"MozillaQuest Magazine: Is this code that was given back to System V, something that copyright-wise, the licensee would own or that the Unix-code owner would own?
"Bill Claybrook: I don't know."
MozillaQuest Magazine also interviewed DiDio, and they conclude that she isn't qualified to evaluate the code she saw. Nevertheless, what she writes in their email interview is telling in its wishy washiness:
"I saw Unix System V, version 4.1 and it appeared as though chunks of this code were cut and pasted into Linux, complete with developer comments. To reiterate, I realize that this represents only a small portion of the Unix and Linux code and we were shown the snippets that SCO wants us to see. My qualifying statement is this: If there are more examples of code infringement beyond the approximate 200 lines of code that I viewed (as SCO claims) and if things are as they appear -- namely that licensees, including IBM, did put the Unix code into Linux, SCO has a credible case. Ultimately, SCO bears the burden of proof and the courts will decide."
They sent her followup questions, but she didn't answer:
"Was this kernel.org Linux kernel or some hacked or patched Linux kernel.
"Was the "Linux" code that you viewed taken from the official kernel.org Linux kernel, a Linux distribution (If so, which Linux distribution?), some sort of OEM (original equipment manufacturer) or IHV (independent hardware vendor) Linux-based system (If so, which OEM or IHV?), or what? [If you are not up on these distinctions, please see
I found this, posted as a comment that "Remember SCO Group's bank loan comes due in October($3 nillion) with a promised line of credit from the Founder to keep SCO Group afloat unitl end of Nov 2003. Also remember the org bank loan was secured with the Founder's line of credit not SCO Group." It struck me odd, because the restricted stock that the SCO management come off restrictions around the same time, in October.
Finally, LinuxWorld interviewed some AIX customers, who say they aren't worrying. One IP attorney they interviewed says SCO's claims are questionable:
"Another user was similarly unconcerned. 'At the end of the day, I'm not sure if people really consider what SCO says to have any merit,' said Dan Raju, an AIX user with a large Pennsylvania-based retailer. The lawsuit has had no impact on his company's AIX purchasing plans, Raju said. "I don't think anybody is making any technical decision based on that," he said. Raju's and Katz's reactions make sense, according to a technology lawyer following the case.
"'I don't think there's any reason for them to be panicking,' said Jeffrey Neuburger, a partner with Brown Raysman Millstein Felder & Steiner LLP. 'The strength of SCO's claims are questionable in the first place. Even in the unlikely event that the claims were successful, I don't think that the users would ultimately have any liability,' he said."
And that's your Linux show for tonight.