Saturday, July 26, 2003
The Tide Turns
When Gartner put out its cautionary message, telling companies to hold off on Linux for now and consider going with MS or UNIX instead, I didn't post it, because I was waiting for more analysts to react. Besides, this is an anti-FUD site. Aside from Gartner and the lovely and tireless Ms. DiDio, I can't find anyone taking SCO's licensing plan seriously.
Oh, wait. I forgot Bill Gates. This SCO wannabe now says that Microsoft code is in Linux and that Linux will suffer in the commercial market because of the lawsuit and the GPL. Here's his "reasoning":
"However, Gates said the controversy has exposed a fundamental weakness of Linux--that the General Public License (GPL) makes it difficult for companies to engage in the cross-licensing deals that have become standard in the software industry.
"That's a big Achilles heel, Gates said. Under the GPL, all tweaks and applications developed for the operating system must be released to the community. That restriction does not hold true on commercial versions. Gates predicted that the intellectual property and GPL issues will eventually create enough inertia to hurt Linux's acceptance in commercial settings. . . .
"However, Gates said intellectual property from SCO and other companies--including Microsoft--has found its way into the code.
"'There's no question that in cloning activities, IP from many, many companies, including Microsoft, is being used in open-source software,' Gates said. 'When people clone things, that often becomes unavoidable.'
"'Linux is a form of Unix, like FreeBSD was...'"
um...no, it isn't, Bill. BSD is, but Linux isn't. Summer school for you. It's no headline he doesn't like the GPL, but did you catch his reason? It's different than what he is used to in the proprietary world. That's like saying cars are no good because they don't have horses to pull them. It's not a bug, Bill. It's a feature.
This is part of the problem, and it's also why the tide is turning: SCO and its cronies do not get the GPL. This is their Achilles heel. A lot of reporters don't get it yet either, although I am sure with time they will, particularly if they follow Stephen Shankland's example and actually start asking lawyers about it. I would suggest that he start talking to some GPL legal experts, but at least he's trying.
He could ask IBM's lawyers. They went to law school, and they believe the GPL trumps SCO. IBM has leaked a memo, to reassure its customers. Or at least I believe they must have, because IBM employees don't speak out when they are told not to, do they IBM tech guys? Whoever leaked it, it's helpful, because IBM says the GPL stands squarely against SCO's claims:
"'SCO itself has distributed Linux under the GNU General Public License (GPL), which grants a free copyright license and requires that users be granted the right to freely redistribute the code free of claims,' Bob Samson, vice president of IBM's systems sales, said in the message, which was seen by CNET News.com. IBM confirmed the authenticity of the memo. 'SCO has not explained how it can now make a claim in the face of its distribution of Linux under these terms,' Samson said."
Do you think IBM's attorneys understand both copyright law and the GPL?
Forced against the wall, SCO has finally given their explanation, but it makes no GPL sense:
"On Friday, SCO spokesman Blake Stowell reiterated the company's earlier position that the GPL provisions don't apply because SCO is the Unix copyright holder and it never placed the copyrighted code under the GPL.
"'Distributing a product is not the same as contributing to a product,' Stowell said Friday. In other words, the mere act of distributing GPL-covered code isn't sufficient; the copyright holder also has to deliberately release the code as open-source, he said. 'The copyright holder has to knowingly contribute this code.'"
Um... off to GPL summer school for Blake. You can join Bill's class. At least Bill sort of gets that part, as he explained in the aforementioned article, "The way the GPL works, if you license any Linux, you have to license all Linux." Why, yes, Bill, almost. Under the GPL, distribution under the GPL means you've chosen the GPL, irrevocably. Those are its terms. It's a license on top of copyright. Homework assignment: reread the GPL. Extra credit if you read Eben Moglen's statement about SCO and the GPL.
If you never bothered to look and see what you were distributing, well, you coulda, woulda, shoulda. Not that I, for one, believe for a minute that this is what happened. Cf. here and here and here and here and here.
There's more to the IBM memo:
"'This appears to be another desperate, unfair and unsupported attack on Linux in an attempt to wring money from customers without providing any factual basis as to why they should pay,' Samson said. 'SCO's statements consist of bare allegations without supporting facts. SCO has yet to identify the code which it claims is infringing in Linux, nor has it offered to openly disclose the code to the Linux community.'"
Here's who is not on Gartner and DiDio's side of the fence:
Illuminata's Gordon Huff --"That SCO's claims are not laughable, but merely enormously suspect, is no reason for corporations to start a Chicken Little routine at significant cost."
RFG -- "RFG believes corporate users of Linux should not discontinue their deployments, because the merits of SCO's case appear to be extremely thin," said RFG analyst Chad Robinson. "SCO appears to be attempting to extort funds from the Linux market without substantiating its claims in ways that allow users to respond."
Forrester Research --"Stacey Quandt said companies must proceed according to their tolerance for risk, but that so far SCO hasn't shown enough information to convince companies they need to sign up for a Unix license. 'Signing a license based on allegations and not facts just doesn't make sense,' she said."
IDC --"'This is more of a PR move in an attempt to put pressure on end-user organization to put pressure on IBM to settle quickly,' said Dan Kuznetsky, an analyst at Framingham, Mass.-based IDC. Like other observers, he questioned the wisdom of buying an SCO license sight unseen. 'What happens if they lose? Are they going to issue refunds? The cart and the horse are in reverse order here.'"
Jeffrey Neuberger, an IP lawyer at the New York firm Brown Raysman Millstein Felder & Steiner --"I think everybody who is involved should be monitoring the situation, but I don't think there is any cause for sudden alarm or hasty actions. . . .History shows that these things have a way of working out. This is a very high-profile case, but it's very likely that it will be resolved in a way that leaves the user base untouched."
Bill Claybrook, the first analyst to honestly tell the world that there was no way to know in which direction identical code travelled (see second article down ), after he saw the SCO lines of code, calls the license scheme "nonsense" and says customers are just going to wait and see. --"'They're just waiting and seeing,' he said, adding that the SCO-IBM legal fight might not be resolved for two years or longer. 'They believe IBM will come out of this and they won't be hurt in the meantime.' Calling SCO's attempts to sell licenses to Linux users 'nonsense,' Claybrook questioned why any company should buy such a license before even determining whether it is really required."
Datamonitor expects a legal backlash against SCO -- "By targeting end users in its legal fight against Linux, SCO is making some very powerful enemies, and should expect a legal backlash, according to analyst firm Datamonitor."
Commentwire says the licensing scheme is designed to avoid a court fight, but SCO has made big pocket enemies now, like IBM, Dell, Oracle, and HP -- "It is in the interests of Linux vendors and users to challenge SCO's claims of copyright infringement and to seek to force it to prove its claims in a court of law. While SCO's licensing scheme is designed to keep the alleged Linux copyright infringements out of court, it may well be that Linux supporters will prefer to argue their case in front of a judge."
Meanwhile, Netcraft reports IT companies are not paying attention to SCO:
"Recent figures from British researcher Netcraft indicate that SCO's licensing scheme, taking shape in a new business division at the Unix software seller, has not deterred continued deployment of Linux in the enterprise IT shop.
"'It may well be that although SCO has generated an enormous amount of attention from the media and the Linux evangelists, it does not presently have the attention of IT practitioners in large companies,' Netcraft said in a statement.
"Netcraft credited three elements for the Linux operating system's penetration into the IT departments of more than 100 major corporations in the past two months: A successful conclusion to SCO's lawsuit is extremely unlikely; the costs of migrating from Linux to FreeBSD at a later date are small; and companies are committed to migration strategies and do not intend to change course."
Here is the kicker. While Gartner's George Weiss was suggesting MS and UNIX, the research director at Gartner says something different: "'SCO is being opportunistic ahead of the lawsuit with IBM by exploiting nervousness and trying to create as much fear, uncertainty and doubt as possible,' said Andy Butler, research director at Gartner.
"He explained that Gartner is not authorised to give legal advice but has advised clients that 'they should not be blasé and should follow events carefully if they have significant Linux exposure.'
"'Users should not start waving their cheque books as there is no legal precedent for what SCO is demanding and it is not clear what laws have been broken,' he added."
Maybe George didn't get the memo. Good for you, Andy. He says he believes this is an attempt to "hobble the open source movement by depressing the market for evolving the source code. Agreeing to using Linux in run-only, binary format would mean that Linux code would become like proprietary Windows or Solaris code. Users would have no right to change or distribute the source code. The source code would remain locked away. SCO is trying to derail the Linux train." Somebody at Gartner's has a clue.
Linux users are also sticking with Linux. Here's a sample:
Reliance Mutual, an insurance firm -- "We will ignore SCO's demands and wait and see what happens. We purchased Red Hat in good faith and are up and running and have contractual agreements with them. We would be daft to set a precedent. I don't see that SCO's claims will make a huge impact on the freeware market as it is so well established."
Repton, a reseller --"Nobody is saying they need to be careful because of SCO. We do a lot of work with software vendors in the finance and banking industry and they are all migrating to Linux because that's what the customers say they want. Customers are not saying that they'll stop using Linux. None have come to us expressing concern."
Netcraft also says Linux is actually gaining in the marketplace, reporting that in the last two months, Linux has made a net gain of over 100 enterprise sites, including the following major U.S. companies: Charles Schwab and European corporations such as Deutsche Bank.
ZDNET adds this:
"Schwab in particular is notable, Netcraft spokesman Mike Prettejohn said, because its site has been one of the heaviest users of Secure Sockets Layer (SSL) encryption, a demanding technology for which Linux faces more competition from commercial products.
"Schwab and T-Online had been using Sun Microsystems' Solaris operating system. SunGard, Deutsche Bank and Royal Sun Alliance switched from various versions of Windows.
"Linux lost some places, though. Colt switched from Linux to Windows Server 2003, while National Service Industries and Valero switched to Windows 2000, Netcraft said."
Before you switch to Microsoft as Gartner suggests, you might want to look before you leap and consider your security issues mentioned this year by Cert here and here and here and here and here. Just today, there's this warning about Windows Server 2003:
"It is probably the most serious vulnerability that we have seen from Microsoft in the past 12 to 18 months," said Chris Rouland, director of Internet Security Systems Inc. in Atlanta.
Then there's that pesky they-can-break-any-Windows-password in 14 seconds story, from a few days ago. Others here and here and here. Or read the security report on voting machine software on Windows CE, which found horrible security issues, which drew this reaction from Avi Rubin, an associate professor of computer science at Johns Hopkins University:
"Windows has a long history of new releases of patch just about every week," he said. "You can't run voting machines on Windows."
If you can't run voting machine software, which is fairly simple in functionality, after all -- if you leave off deliberate back doors -- what can you safely run on Windows?
Or just go to Google and search for "Windows security" and see what you find.
In fact, Robert X. Cringely said today that he's training his dog to be a seeing-eye dog: "I thought I'd rent him out to programmers who've gone blind trying to patch all the security holes in Windows Server 2003."
Oh, Homeland Security is warning us that hackers are about to exploit one of the above Windows vulnerabilities.
And before you choose UNIX or any other proprietary software, maybe you should read this study, just out and reported on in Nature and Ars Technica, that shows that open source beats proprietary at finding and fixing bugs. I found out about the study from this blog. The blogger left a comment on Groklaw I only tonight noticed. He reports that SCO's site still has information about LinuxIA64 up here,speaking of what really happened. Note the url.
Do you like Ragu? Hellman's mayonnaise? Bertolli olive oil? I sure do now. The company that makes them, Unilever, just joined OSDL, the first non-IT company to do so. The company plans to adopt Linux for its IT systems in all 80 countries where it operates.
Ladies and gentlemen of the jury, I rest my case. When Hellman's mayonnaise goes GNU/Linux, the tide has turned.