New Site

law.com Dictionary

Friday, October 24, 2003

SCO: It's IBM's Fault We're So Slow with Discovery Here you are. Plaintiff's Substitute Motion for Enlargement of Time to Respond to Defendant IBM's Motion to Compel Discovery. In it, SCO explains to Judge Kimball why it should get more time to answer IBM's Motion to Compel. It's here as a pdf and below is a text version. Everything they say is to buttress their claim that they need more time. They say it isn't just about lines of code; it's about methods, ways of doing things, and from their standpoint it's about IBM violating a license agreement. They need time to properly frame their response. It's not that they are stalling. It's just that IBM has phrased things so contentiously, they need to answer in detail. Oh, if only it were as simple as just turning over some documents! The trade secrets issue is not the main thrust of their case, despite IBM trying to mischaracterize it that way, they add. And they admit they goofed when they brought up the local Utah rule, implying IBM didn't give them proper notice of what they were after. They were working from an incomplete fax, they claim, but happily they have since found IBM's addendum and "SCO apologizes to this Court for filing a motion deficient in that manner." They acknowledge they did have notice. They tell the judge the case is so complex that just turning over the code IBM is demanding wouldn't tell the complete story and that is why they need more time. Translation: we don't want to turn over the code this exact minute. And when we do, don't expect it to be convincing. It looks to me like they are quite worried about IBM being too effective in telling the judge why SCO shouldn't get more time to respond to IBM's Motion to Compel, and it also sounds like they are trying to spin the ball just right, because they know they have to hand over the code, and we all know how effective that will be. Not. So here they are preparing the judge, and the world, by saying that it isn't central to their case anyhow. It all comes across as a kid telling the teacher why he didn't do his homework. How convincing do you find this, for example?: "The drafters of the first Motion for Enlargement worked largely from faxed documents that were incomplete and did not contain the Addendum to IBM's Motion to Compel. Since the filing of the original motion, the contents of the Addendum were discovered." Your dog ate your homework. They frame it all in a way that the judge won't be totally able to ignore, though because they are saying, unless they have more time, the judge won't understand the issues properly. This is just my impression of the document. Here it is in full so you can form your own: Plaintiff's Substitute Motion for Enlargement of Time to Respond to Defendant IBM's Motion to Compel Discovery October 20, 2003 Plaintiff/Counterclaim Defendant, The SCO Group, Inc. ("SCO"), through its undersigned counsel, pursuant to Rule 6(b) of the Federal Rules of Civil Procedure and applicable Local Rules, respectfully submits this Substitute Motion for Enlargement of Time to Respond to IBM's Motion to Compel Discovery. [1] The issue underlying IBM's Motion to Compel is not really a dispute about one party's intransigence in turning over documents in its possession. Such motions are relatively straightforward. Rather, as SCO will amplify in its response, IBM has framed the facts underlying the motion in such a tendentious way that it leaves SCO little choice but to address numerous contentions outside the proper scope of a discovery matter. Specifically, IBM's Motion to Compel attempts to reframe the entire subject matter of SCO's dispute with IBM as the misuse of trade secrets. [2] Yet, SCO's amended complaint has six counts. The first three constitute the core of the complaint, and are for breach of the licensing agreements to which SCO is a successor in interest. The remaining counts -- including Count VI for misappropriation of trade secrets under Utah Code Ann. § 13-24-1 et seq. -- flow from this transgression and are ancillary to the breach of the agreements. Thus, contrary to IBM's mischaracterization, trade secret misappropriation in this case involves merely one count that recasts one aspect of the injuries caused by IBM's breach. These injuries would exist even in the absence of any trade secret misappropriation. IBM's frustrations, expressed in its Motion to Compel, seem to flow from its unwillingness to admit that SCO's claims about trade secret misappropriation extend beyond merely lines of source code and computer files to methods, that is, to ways of doing things. Thus, contrary to IBM's assertion that "the only dispute here is whether SCO can meet its obligation to provide meaningful responses to the interrogatories through a general reference to the documents it has or will produce," IBM Memorandum 10, the dispute appears to be of a completely different magnitude. To properly apprise this Court of these facts and the applicable case law, SCO respectfully requests an extension of time to October 24, 2003 to respond to IBM's Motion to Compel Discovery. No prejudice will come to IBM by the granting of this Motion; nevertheless, IBM has opposed it. Respectfully submitted, DATED this 20th day of October, 2003. [1] The drafters of the first Motion for Enlargement worked largely from faxed documents that were incomplete and did not contain the Addendum to IBM's Motion to Compel. Since the filing of the original motion, the contents of the Addendum were discovered. The Addendum does provide the requisite notice as to IBM's objections to SCO's responses. SCO apologizes to this Court for filing a motion deficient in that manner. This substitute motion again addresses the need for a brief enlargement of time without reference to the procedural requirement imposed by DUCivR 37-1(b). [2] For example, IBM has claimed that "[t]he gravamen of SCO's complaint is that IBM misappropriated or misused alleged trade secrets," IBM Memorandum 2; IBM likewise implies that trade secrets are the fundamental issue at stake when it claims that "[i]nterpreting SCO's discovery requests absent identification of the trade secrets at issue has, however, proven very difficult." IBM Memorandum 18. comment [] 9:29:28 AM     Ballmer Says Commercial Software is Better Because Someone's Rear End is on the Line You know I couldn't resist covering this story. Microsoft's Steve Ballmer picked up his glove and slapped Linux across the face in a speech given at an industry conference thrown by...who else, Gartner? In his speech, he said some peculiar things about security: "Ballmer ... disputed the notion that open-source code is more secure than Windows. 'The data doesn't jibe with that. In the first 150 days after the release of Windows 2000, there were 17 critical vulnerabilities. For Windows Server 2003 there were four. For Red Hat (Linux) 6, they were five to ten times higher,' he said. "'The vulnerabilities are there. The fact that someone in China in the middle of the night patched it--there is nothing that says integrity will come out of that process. We have a process that will lead to sustainable level of quality. Not saying we are the cat's meow here--I'm saying it is absolutely not good reasoning to think you will get better quality out of Linux.'" Ballmer's being a naughty boy again. China indeed. "In the middle of the night." Trying to frighten the children with overtones. And playing with numbers. What year is it again? Red Hat 6? Pardon me for pointing it out, but they are up to 9 now. He's choosing a 150-day period from back in the day -- and I wonder how long it took to pick the best segment of time to use -- and using that for comparison? There is a lot that can be said about this, but it's not really necessary to do any research on this sad subject, I don't think. Everyone on a Windows box just went through the worst summer and fall of security issues of all time. They already know he's just ...well, what would be the precise word here? You hate to say lying. It's so cold. However, let's do a little research, just for fun. Judge for yourself which operating system is more vulnerable to security problems by going down the list on CERT's Incident Notes page. It goes back to 1998. And here is their Current Activity page. It's almost all Microsoft issues. Here's their Vulnerabilities Notes page. It's all Microsoft, except for one, which isn't Linux. Here is their most recent quarterly summary. And here is a chilling article. After you look at all the data, what do you think now? Was Mr. Ballmer accurate? The only way I could find Linux prominently on any list was to type it into the Customized Search engine by itself on this page , and then when you get to the list, it's a list for all vulnerabilities of all the distributions of Linux, not just Red Hat. I couldn't find anything equivalent to Microsoft announcing a vulnerability and then saying there was no patch and you should just shut that particular functionality down. Ballmer said there were 17 critical vulnerabilities in Windows 2000 in the 150-day period and that Red Hat had considerably more. But look at the list: it shows only 16 vulnerabilities for all flavors of Linux for the entire year of 2000. CERT only lists the big ones, but Ballmer did say "critical". It makes you wonder where he got his numbers from or how he defines "critical". Funny he would choose such an old time period, don't you think, for his comparison? Maybe it's because looking at July through October of this year would be devastating? I see only two Linux vulnerabilities on the list for that time period, both buffer overflow vulnerabilities, so evidently there has been considerable improvement on the Linux side. Look at what could happen to you on a Windows box in the first two weeks of September 2003, though, just using a handful of the many recent vulnerabilities here and here and here and here and here and here and here. I didn't include July and August or October or the rest of September, out of kindness. Now, what Mr. Ballmer needs to do is show me anything like that kind of news coverage of security vulnerabilities in GNU/Linux, for any two week period. And speaking of critical, look at what the results could be from the Windows security issues: "'An attacker who successfully exploited these vulnerabilities could be able to run code with local system privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges,' Microsoft warns." Defying these facts, here's what Ballmer said about the built-in superiority of commercially produced software: "The Microsoft chief executive also contrasted the quality of software that's produced by commercial makers to that of software that's developed under the open-source model. 'Should there be a reason to believe that code that comes from a variety of people around the world would be higher-quality than from people who do it professionally? Why is its pedigree better than code done in a controlled fashion? I don't get that,' he said. "'There is no road map for Linux, nobody who has his rear end on the line. We think it's an advantage a commercial company can bring--we provide a road map, indemnify customers. They know where to send e-mail. None of that is true in the other world. So far, I think our model works pretty well,' Ballmer said." Oooo. Scary. "The other world." More ominous overtones. He doesn't get it, or claims he doesn't, so I will explain. The very openness he and SCO criticize is what makes Linux more secure. Why? First, there are no artificial roadblocks. All their moats and chains and gates and laws and terror tactics to make sure no one looks at their code or "steals" it create blockades that can get in the way of fixing problems. In GNU/Linux, anybody can fix anything and offer it to the world as a cure. Then someone else can test it and verify it, and pass on that info. You don't have to use what they write, but you can if you want to. Someone is awake somewhere 24 hours a day, and so things tend to get fixed fast. As George Bernard Shaw pointed out, talent can crop up anywhere, and anyway, not even MS can hire all the talented people in the world. And here's another secret: Linux users help out with bug reports. Yes. We do that. For nothing. Just to help. Millions of us. This is the secret sauce of GNU/Linux, a significant part of its power. If we users try software and something doesn't work perfectly, we let the authors know. That is Linux' secret. Hidden problems don't stay hidden, when anyone can bump into them and let the authors know they need to fix it. If the user knows how to fix it, he or she can fix it and send the fix back to the author. And the author doesn't charge you to contact them either. It's a very efficient system. Ever try to call Microsoft? As someone wrote me the other day, Windows comes from a box. Linux comes from a community. So the result is, although Mr. Ballmer can't believe it, Linux really is more secure. And the data does jibe. It appears IT professionals are catching on now. They just released the results of a survey of IT pros, and their opinions of Linux security versus Microsoft does not match Mr. Ballmer's views. There has been a rise in confidence in Linux in the past 6 months: "New research shows that confidence in Linux as a secure platform is up. A recent survey conducted by the research firm Evans Data shows that Linux's reputation as stable and secure operating system is growing among people who write code for a living. . . . "The survey also found that open source code, modules and tools are used more widely among developers than they were a few years ago. In a 2001 survey, Evans Data found that 38% of the 500 developers it surveyed said they used open source code in the applications they write. The most recent findings showed that 63% of developers incorporate open source today. "Overall confidence in Linux as a mission-critical serving platform was also up from past year's surveys. While 34% of the 500 developers surveyed in 1999 said they thought Linux was ready for prime time, 64% said in the latest survey that they would trust mission critical applications to run on Linux." So when Ballmer says the "data doesn't jibe", the question is, which data? Or, more precisely, whose? Look at the spike in security incidents this year, compared with last year, 114,855 in the first three quarters of this year and only 82,094 incidents for all of last year. It's a good time to be thinking about security. Have you been thinking about trying Linux? HP will let you test drive various Linux environments to see how you like them. It's really a tool for developers, but the web site doesn't list any restrictions as to who can do a test drive. They offer Red Hat, Debian, Mandrake, SuSE, and others. If any of you journalists or CEOs out there have never tried Linux, why not give it a whirl? (I hope the rest of you leave them room by not crowding ahead of them. Obviously, there's limits to how many can do this at once.) Or get yourself a Knoppix CD and try Linux on your own computer here. It runs off the CD, so when you are finished, your Windows software is still there, if you insist. Knoppix is a Debian version of GNU/Linux, by the way, and some consider Debian a very secure environment indeed. It's fun. If you try it just one time, it will open your eyes. comment [] 9:25:59 AM

© Copyright 2003 PJ. Last update: 10/24/03; 9:29:40 AM. This work is licensed under a Creative Commons License.