Computing

OPINION

Indemnification and Linux Insanity

Recently, a letter from the Linux community to SCO supposedly addressed the concerns SCO has created in the industry about open-source software.

However, the letter fails to accomplish its apparent goals and, in my opinion, actually increases SCO’s short-term chances of successfully getting funding from large corporate Linux users. In fact, in reading the letter, I wondered whether it was actually written by someone being paid by SCO, which probably means I’m spending too much time with the open-source software folks and have begun to become as paranoid as they are about secret conspiracies.

I really doubt there is a conspiracy here, but it is hard to understand why the Linux community would feel the need to write a widely distributed letter that once again would showcase the risk. As I look at the companies mentioned in the letter — and the implication that each one is apparently willing to go into litigation — I can only wonder what kinds of conversations are suddenly going on between IT, marketing and legal departments in those firms.

My sense is that at least some of these IT groups are suddenly regretting using a product that might now represent — because of this letter — unplanned career risk.

Customer Indemnification

Shooting at an enemy while consistently hitting your supporters is never a very good method for achieving success. This tactic highlights one of my biggest concerns with the open-source software strategy: the inability to move against a threat strategically or in well-coordinated fashion.

In that regard, I am becoming increasingly convinced that while there are many very intelligent and measured people backing open source and Linux, the community also has become a home for techno-insanity. A case in point is the recent response to HP’s indemnification of its Linux customers.

Basically, HP looked at its IP portfolio and determined it could, at virtually no cost, indemnify its customers to some degree against the risk that SCO represents — to make the SCO claims a nonissue for the customers.

I don’t know of any IT organization that aspires to spend its time and money in litigation. I’m one of those who feels strongly that no IT manager should buy any software product without some assurance that the company selling it will protect the rights he or she just bought.

But instead of indemnifying its customers, IBM has criticized HP for not going far enough, and some in the open-source community have even made accusations that HP is now in bed with SCO. Let’s reset.

Microsoft’s Product Set

Microsoft’s vast product set is widely exposed. The net result is that Windows is more likely to be hit by the kinds of problems associated with intellectual property claims than Linux is. But until recently, Microsoft was the only company providing indemnification for its customers.

In my mind, this indemnification, if enforceable, makes Microsoft’s platforms more secure against this kind of threat than Linux (as a platform) is — with one exception. The exception is HP, which recently agreed to indemnify its Linux customers much as Microsoft does for its own customers. Now, if you buy from HP, the whole SCO thing is someone else’s problem.

If you’ve been reading my columns, you’ve seen that I’ve continually argued that were I to do Linux I would only choose HP. The reason is that, out of all vendors, HP has solidly focused on the needs of the customers rather than on the war with SCO.

HP is the only entity moving strategically to mitigate the threat that SCO represents, and it is one of the few companies that can handle the services, hardware and software needed to deploy Linux with the most favorable balance of cost and benefits.

HP also is the only vendor in this class that offers AMD platforms and experience. AMD is, in my experience, often favored as more cost effective than Intel for Linux users. Moreover, on Intel Itanium (currently dominated by 64-bit Linux), HP is, as the codeveloper, preeminent.

IBM Source Problem

IBM, on the other hand, appears to be the source of much of the problem. It was IBM’s dispute with SCO that bled over into an overall threat to the platform. IBM has done almost nothing to mitigate the threat and absolutely refuses to indemnify its customers, which, at the very least, adds credibility to SCO’s arguments.

Now IBM is attacking HP’s efforts. The letter that started off this column should have been written by IBM, which has both the resources and the experience to do it properly.

This situation reminds me of IBM’s parentage of OS/2. With OS/2, the company stood firmly behind the product even years after it had pulled all resources and abandoned the platform’s supporters, who were mostly recruited by IBM in the first place.

What many don’t know is that IBM had actually developed native 32-bit Windows support for OS/2 but refused to release it because of the fear that developers wouldn’t develop for OS/2 native code. The lack of third-party and IBM support was what eventually killed the product.

Earthquake Insurance

Individually, IBM employees maintain a very high ethical standard, but the company’s corporate messages can’t be trusted because these messages don’t really represent the distributed will of the company. To see proof of this, the next time you go to an IBM location, take a look at what it uses to run its offices. You’ll quickly see that it is not a company that believes in eating its own dog food.

Like Microsoft, IBM has a tendency to want to control the technologies in which it participates. With the amount of resources that the company brings to bear on each new situation, it is incredibly hard to tell the company to back off. With Unix and AIX, for example, IBM created the least standard of the Unix variants, and the company’s largest contributions to Linux are the most likely to balkanize the platform.

Free software has never been a problem for IBM. Its operating systems started out being free, and it was that unfair competitive advantage that resulted in the U.S. consent decree that fostered Unix, Windows and eventually Linux. Today, for every “free” Notes seat that IBM gives away, the company still pulls in over US$650 of additional revenue.

Most of the other Linux distributions — with the exception of those funded by the various governments — don’t have the resources to make indemnification believable. The situation is like buying earthquake insurance from a very small insurance firm that offers insurance for a lower rate but might not be around if there were ever a large earthquake.

Community Must Strategize

In the end, the Linux community must start thinking strategically and move against the real threat that SCO represents — fear, uncertainty and doubt. The community must encourage more companies to indemnify customers and stop fertilizing SCO’s efforts.

The community must make a commitment to operate strategically to benefit the decision-makers who support open-source software, rather than use these decision-makers as cannon fodder in the war against SCO.

There are thousands of hard-working people who are beginning to support open-source software and Linux. It would be great if the leaders of the movement put more effort into protecting these loyalists and less effort into inflaming avoidable religious fights.


Rob Enderle, a TechNewsWorld columnist, is the Principal Analyst for the Enderle Group, a company founded on the concept of providing a unique perspective on personal technology products and trends.


56 Comments

  • Indemnification, is a difficult thing to do, because unless you put severe limits on it, you don’t have control. If your lawyer allows you to be exposed to legal liability, where you don’t have control then your lawyer should be shot, hung, drawn and quartered, disbarred, and fired.
    IBM for example can’t indemnify Linux because they don’t control it, they can contribute to it, but for installation purposes, they simply buy it from soneone else, usually RedHat or Suse, it’s like asking IBM to Indemnify Windows.
    HP indemnified, but put severe limits on it, for example only versions that come with an HP computer, or versions certified by HP are covered, make any changes, and your not covered. Notice how it’s also restricted to SCO, if Joe Blough decides to sue, then your not covered.
    Personally I don’t see SCO selling many licences, at least not until the courts rule on the IBM and Redhat cases, even if they win, then one of two things will happen:
    1) The code involved will be removed and replaced with clean-room implementations that are SCO free, in a very short period of time.
    2) Linux will die and a lot of talent will be looking for a new home, probably landing in one of the BSD Unixes.
    In either case SCO will not sell many licences. It will also lose whatever friends it still has in the industry, this would not be good for SCO, the share price will drop to the <5 cent level, and someone will buy up the pieces for next to nothing.
    If SCO loses then they will need to settle with IBM and Redhat, and that will either force them to give up Unix SysV or to sell it. I wouldn’t be surprised if IBM forces them to give it up, and someone like The Open Group ends up with it. This will leave SCO with lots of debt to there lawyers, and no real assets, anyone who has taken accounting 101 can tell you the results here.
    W

    • Yes, I was at Dataquest at the time and the code had actually been created by the PC unit to address the problem. The IBM software unit refused to allow them to use it. I tried to use whatever influence I had to change this position.

      • Here is my problem, I believe in SCO’s right to protect what they’ve bought; I also believe that IBM and the Linux community are actually pushing them into this extreme behavior. Do I condone it? No, in the end I can’t but think it will be an incredibly painful process where no one, including SCO will like the result. People need to start thinking of an exit strategy or this will likely get worse before it gets better. Someone needs to make a move that isn’t warlike.

        • I’ve posed the link to the new Microsoft license above (in another response); it removes the limit that was in the earlier agreement. By contract Microsoft must indemnify now. I’m not sure why we shouldn’t require this of all software companies, given the risk, it would seem a natural thing to ask them to take it.

          • Actually there was no attempt to "smear" the authors. This letter, in my opinion, was just a mistake and one often made by inexperienced people. They lost track of the goal in their need to strike back at SCO and, were I SCO, I’d like them to write more letters like this. I’m not and now know a lot of really great OSS people (a very large number) one of which asked me to address this issue. I find it interesting that so many people assume that just because I don’t agree with something that the Linux folks have done I must be a "Microsoft Shill", trust me when I say that they too would actually appreciate more letters like this. It makes their stuff look so much safer in comparison.

          • Concerning MS’s license, who cares? Their software is proprietary, they don’t have to worry about people digging through their source code to find stolen software because no one can get at their source code.
            Indemnification is a red herring. HP’s indemnity is real only for as long as you don’t change their Linux or add stuff that doesn’t come from HP to it. That kills the entire advantage of open source software, which is precisely why you and others are bringing it up. And lets not forget that IBM doesn’t distribute their own version of Linux so what exactly are they supposed to indemnify?

          • With SCO, HP (IBM’s main competitor), Rob Enderle and Laura Didio all chanting the Indemnificaton FUD theme-song, one must reasonably suspect that it is one of two things:
            *
            1) A Red Herring
            2) Bait for a Set-up
            *
            Based on the roster of those espousing it, let alone all of the valid points made in the GrokLaw Response (which you have conveniently avoided in taking on in a point by point basis) is by itself more than enough reason for IBM to stand its ground and not take a bite from Eve’s green apple.
            *
            Instead, IBM has decided to take on the SCO devil and slay him with the GPL sword. When that happens (and it will), don’t be too surprised.

          • "People need to start thinking of an exit strategy or this will likely get worse before it gets better. Someone needs to make a move that isn’t warlike."
            Linus Torvalds has already offered SCO an exit strategy: identify the infringing code and it will be removed. SCO can still collect damages from IBM and Linux can continue to provide cost savings to millions of users.
            We all know SCO wants to construct a toll bridge on the public park we call Linux. Tough luck. We don’t want that. If IBM slipped some SCO code into Linux then we want it REMOVED. No compromise. No excuses. SCO will get nothing else from the Linux community.

          • Do you believe in the right that a defendant is innocent until *proven* guilty? Do you believe people should be fined or jailed for an alleged crime before there has been a trial proving the people commited the crime?
            Enlighten us as to how the Linux community and IBM are forcing SCO’s behavior when they are the defendants, and how is sueing for 3 billion dollars not a warlike act itself Rob?

          • <<Here is my problem, I believe in SCO’s right to protect what they’ve bought; I also believe that IBM and the Linux community are actually pushing them into this extreme behavior.>>
            .
            How is IBM pushing SCO into this extreme behavior. In June, the ONLY comment IBM made with regard to SCO was that the AIX license was irrevokable – they said nothing else, and SCO had their same extreme behavior then as they do now.
            .
            The OSS community has just been asking SCO to identify the code in the Linux that SCO claims is theirs so the history can be examined. In response, SCO claimed that Linux developers had no respect for IP rights and were thieves.
            .
            <<Do I condone it? No, in the end I can’t but think it will be an incredibly painful process where no one, including SCO will like the result.>>
            .
            This is only painful for SCO because they keep painting themselves in a new corner every few weeks. They’ve been caught in at least a half a dozen lies. This is merely entertainment for the OSS community now.
            .
            <<People need to start thinking of an exit strategy or this will likely get worse before it gets better. Someone needs to make a move that isn’t warlike.>>
            .
            This was an exit strategy from the beginning. Competent analysts pointed out back in March of last year that this appeared to be an attempt to be purchased by IBM. You think this is just an attempt by SCO to "protect what they bought".
            .
            When Caldera bought AT&T’s Unix they stated the reason they purchased it was to take the best parts out of Unix and place it into Linux. Just ask Ransom Love about it.

          • "By contract Microsoft must indemnify now. I’m not sure why we shouldn’t require this of all software companies, given the risk, it would seem a natural thing to ask them to take it."
            I’m not sure why you think it’s necessary. Why AM I, a user, responsible for something that a developer or a company did? If I purchase a car and Ford illegally used a trade secret owned by Toyota during production, is Toyota allowed to sue me? It’s a ludicrous idea. Yet you seem to think software plays by different rules.
            I’m willing to entertain the idea that the law really is that stupid, and that innocent third parties are responsible for intellectual property infringements between two rivals, but I want to see you quote court case and page number before I accept it.
            You want to talk about indemnity? You claim to be an analyst? Great. Then do some analysis. Find documented proof that I, a user, can be held responsible for something that IBM allegedly did to SCO.

          • From the updated MS license that you are referring to
            —-
            Our obligations will not apply to the extent that the claim or adverse final judgment is based on

            (v) use of, or access to, the product or service deliverables by any person or entity other than an employee of you or one of your affiliates;
            —-
            So the SQL developers who develop software based on SQL server for third party clients will not be eligible for indemnification under the new license, although they are the ones who would have to pay for any additional Timeline licenses.

            http://www.eweek.com/article2/0,3959,985554,00.asp

          • Rob,
            |
            You’re right about the FUD. The letter makes it clear that we should Fear SCO, be Uncertain about SCO’s claims, and Doubt SCO’s honesty and sanity. However, I don’t see the problem with that.
            |
            All joking aside, I dislike your position on indemnification. Had you come out before this lawsuit hit and complained that software licenses didn’t give the vendor enough responsibility, I would respect that position. However, your language makes it clear that you accept SCO’s ideas on the subject.
            |
            You see, when SCO pushes the idea of indemnification, they push it in a matter contrary to all law and common sense. Let’s start by examining the question of proof. While SCO has made some claims, the preliminary evidence is not in their favor at all. Go to http://www.groklaw.com and read the whole thing – you’ll understand very quickly that SCO’s case has serious problems which range from the way it interacts with current case law to the evidentiary foundation upon which the case is built.
            |
            Further, SCO hasn’t yet been to court, and there will not be a verdict in the case until at least April of 2005. (That’s the current schedule. Now that IBM has filed two seperate counter-claims and is requesting paperwork from Canopy as well as SCO, I suspect that it will take much longer for a verdict. Then there’s the Red Hat suit…) I suspect that resolving the case at the lower court level will take until at least 2006. The appeals process will probably consume another couple years, so chances are that SCO will not have a verdict until somewhere in the neighborhood of 2008.
            |
            Meanwhile, without having proved their case, SCO is claiming the right to bill users and restrict the rights those users have under the software’s already existing license. Unfortunately, that’s not correct. SCO won’t have the right to bill users until after they’ve proved their case. Doing so is certainly illegal in some jurisdictions, and I doubt that any judge would rule that SCO has a right to be paid before winning in court. Unfortunately for Joe User, getting a judge to rule that SCO can’t bill him is expensive and stressful. He has to hire a lawyer, go to court, etc.,
            |
            So what SCO is really saying when they offer a license is that they will not attempt to bill or sue the end user. In other words, sale of their license is not based on any right to bill someone. It is based, purely and simply on the naked threat of harassment.
            |
            SCO is not saying, "Buy a license because you legally need a license to run our software." That has yet to be proved. SCO is saying, "This is a rough neighborhood. If ya buys our license, nothing bad will happen to ya."
            |
            I don’t need IBM or Red Hat granting me indemnification to keep someone like that away. When Guido comes to my door, I simply call the police. If SCO bills me, I’ll call the police and make a fraud complaint.
            |
            Now let’s assume that somehow SCO wins their case against IBM. Do they have a right to bill someone then? Probably not. Legally, an end user who buys a copyrighted work in good faith is not liable. For example, if I go to the bookstore and buy a copy of "Harry Potter and the Sorcerer’s Stone," and it turns out that the book was pirated, neither J.K. Rowling nor her publisher can sue me. However, they can sue the publisher and distributor(s) of the pirated book, and they might be able to sue the bookstore, but I’m in the clear. (If this was a patent case, the story would be a little different, but SCO does not own any Unix patents and has not protected their Unix trade secrets, most of which can be found on the internet and in many college textbooks. IBM, on the other hand, has both copyrights and patents on RCU, NUMA, JFS, etc.,)
            |
            If SCO wins the case, they can certainly charge a license fee for updates, and they could charge a license fee before fixing my software. They could, for example, keep me from posting a kernel patch to the internet or publishing their code. But they couldn’t charge me for what I had already bought in good faith.
            |
            However, if SCO wins, they can, however, bill IBM, Red Hat, HP, and perhaps even any website that offered Linux for free downloading. They might even be able to sue Linus Torvalds, Alan Cox, or the Free Software Foundation and anyone else who’s responsible for distributing and infringing kernel. These would be the entities which are responsible for SCO’s business losses. However, if they sue me and have also sued IBM, Red Hat, etc., that’s considered "double dipping" and judges don’t like double dipping. In other words, I’m protected even if SCO wins. So I don’t need indemnification in that case either.
            |
            The really sad thing about all this is that if SCO wins they still might not make any money off the software. There are thousands of contributors to the kernel. If SCO succeeds in destroying the GPL those contributors will still have copyright on anything that is not infringing. They can demand that SCO pay them for the code, and they can sue SCO for damages if SCO continues to distribute the code without offering them renumeration. SCO could get everything they want in court and end up with a kernel they can’t distribute. That makes their suit worse than useless. There’s a "We’re going to kill you simply because we are dying." AM biance about the whole thing that’s just plain disturbing.
            |
            Alex

          • I fail to see how the letter "increases the FUD and the ability that SCO has to collect money". Please explain how exactly you come to that conclusion. I believe you are all talk, and won’t be able to back up your statement.
            .
            You also state that it’s "convoluted logic" to claim that indemnification is a bad thing for IBM. If SCO prevails in court then it gives SCO free reign to to sue all IBM customers for $$$$$, if SCO loses in court which seems extremely likely, SCO will claim that IBM couldn’t have suffered loss of business and hence there will be no liability for loss of IBM’s business. I frankly see no advantage to IBM, only to SCO, and especially CANOPY in IBM indemnifying customers.
            .
            I seriously doubt there have been any IBM customers that have more faith in a washed up company like SCO than they do in IBM. I doubt IBM has lost any business because of SCO, but that won’t prevent IBM from claiming they have and then going after Canopy’s money. Don’t forget SCO is trying to get out of going to court against Red Hat. If only IBM would indemnify, perhaps they could claim that their threats against Red Hat don’t constitute a threat to Red Hat’s business.
            .
            SCO dug this grave, now they can lie in it. There has been no evidence that SCO’s empty threats and multitude of lies has hurt Linux adoption, and even if it had, it’s not hurt Linux *development* which is really the only thing the developers care about. When companies benefit from Linux deployment that’s icing on the cake, that’s not why people develop for Linux. If it was, Linux wouldn’t exist.

          • As yet SCO have offered no evidence of anything, no basis on which to charge end users for anything, no legal proceedings based on *any* copyright infringement and have admitted that IBM owns the copyright to the code they have placed in Linux. The outcome of the case is many years (probably a couple of roll-outs of new systems for most companies)
            SCO have shipped Linux code under the GPL for over two years. Either they are guilty of multiple instances of copyright theft or they have accepted the terms of the GPL for the software they have shipped, they have flatly refused to mitigate any losses they might be incurring, instead offering no material evidence of any of their claims.
            So it seems to me SCO needs urgently to either indemnify any and all individuals that have SCO, or Caldera products from legal action in respect of SCOs (perhaps inadvertant) mass copyright infringements- or agree that they accept the terms of the GPL.
            So Mr Enderle, are we going to see you press for SCO to offer indemnity to all their Linux customers- since there is far more evidence of actual infringement here – both the code and statements disavowing the GPL from SCO are public – it seems a vastly more urgent issue. Currently it seems only to be the forbearance of the Linux Kernel Hackers that are preventing the death by a thousand writs that SCO’s customers are facing.

          • Actually you’re assuming that the threat will go away when SCO does, that is one huge assumption given how much protected IP is out there. HP did what they could, they can’t protect against what you put in the product. Universal indemnification just isn’t done by anyone.

          • Cute but why do all of Linux users have to be on the battlefield. I don’t disagree with all of the points the letter makes only that it seems to increase concern not eliminate it. Linux says this, SCO says that, the average Joe can’t tell who is right and SCO makes money by default. Why is that a good thing?

          • SCO has never been a client (can’t help but think that is a good thing). Most of the vendors have been clients of mine at one time or another and likely will be again including Microsoft. At this moment they aren’t though. I’m an ex-IBM employee, they trained me how to take an initiative like Linux and turn it to our advantage. But I generally suspect any large company. I just know that IBM has a mixed history with this stuff.

          • Let me be more direct:
            .
            Mr. Enderle:
            .
            In the interests of full disclosure:
            Is Microsoft currently a client of yours right now, and if not, when was the date of the start and end of the last business you did with Microsoft? Also, since Microsoft was a client of your’s in the past, does Microsoft currently owe you any money at all? The AM ount they owe is irrelevant.

          • Linus’ approach was, honestly, more of an attack. There needs to be some effort to mediate this, or at least make it go away as a problem while it goes through the trial process. It just makes no sense to continue to inflame the situation, particularly when that benefits SCO.

          • Where have I even suggested that anyone buy anything from SCO? Who in their right mind would buy from a company under this kind of litigation cloud? Indemnification is meaningless from them, they don’t have the resources to back it up.

          • That would be another agreement anyway. These are Volume License agreements, typically not done with developers.

          • If we’re talking about some yet undefined threat, well, of course there is always going to be freeloaders like SCO that will try this kind of BS. We’ll take those one by one, of course.
            As for what HP did, it’s useless. What good does it do to anyone when the main feature (open source) of the product isn’t there any more with their indemnification? It’s just a sales pitch and a pretty obvious one too. IBM have 10 times more integrity, IMHO.
            Why are you so hung on this indemnification business anyway? I had a chat to SCO over the phone recently and when I asked them about GPL and modifications, they hung up the phone on me. That’s how "rock solid" their position and case is. Please, they are just a bunch of lawyers that think they can get a free lunch on the back of people that actually do something useful for a living. That won’t fly, I’m afraid.

          • > Actually it was Laura DiDio over and Yankee that convinced me of this…
            |
            Would that be the one that can’t read C? The one that claimed how SCO has a strong case, based on seeing code that’s in public domain and/or clean implementation by Linux developers? Such an authority…

          • <<Where have I even suggested that anyone buy anything from SCO? Who in their right mind would buy from a company under this kind of litigation cloud? Indemnification is meaningless from them, they don’t have the resources to back it up.>>
            .
            When have you ever suggested that anybody ignore SCO? When have you ever suggested that SCO didn’t have a case? I’ve seen you state that SCO had a 55% – 65% of victory. When have you criticized SCO for anything?

          • To say Linus’s statements are an attack is silly compared to what SCO has been saying. Linus just wants them to prove their claims.
            How do you mediate with terrorists, Rob? No, SCO isn’t a terrorist, but they are trying to *destroy* Linux, and set precedents that would hamper other software companies, and IBM can’t negotiate with that. Its SCO who is forcing this into litigation, they sued first remember? They could have just said "Please remove this code because its ours" but they didn’t do that, they went straight to litigation and still refuse to show us the code they claim is theirs.
            Only someone hostile to open-source and Linux can look at this situation and say that the *defenders* are more belligerent than the *attackers*.

          • <<Linus’ approach was, honestly, more of an attack.>>
            .
            Really? How so? What exactly was "Linus’ approach"? He asked SCO to identify the code so it could be examined, and if indeed it was SCO’s *removed*. I.E. he offered to mitigate the problem.
            .
            How is that an attack? Honestly?

          • "why do all of Linux users have to be on the battlefield"
            |
            As end-users, we’ve been called thieves by Darl McBride and threatened with litigation. SCO has made no attempt at an AM icable resolution. The kernel developers have stated a willingness to resolve any IP issues that may exist, and have been ignored. We appear to be under attack by a failed software company turned litigation machine. It’s enough to make anyone a little testy.

          • > Cute but why do all of Linux users have to be on the battlefield.
            |
            Maybe because we want to be? We are sick and tired of characters like SCO. They have nothing to contribute, they just want to get something for nothing.

          • "it seems to increase concern not eliminate it" To me that sounds like you DO disagree with the points made, because if you believe the points made, then the prospects for an SCO victory are DRAMATICALLY reduced.
            "the average Joe can’t tell who is right" Of course YOU aren’t an average Joe, and you KNOW who’s right, right Rob?
            Give us a break Rob, we aren’t idiots. You’re ducking the points made on Groklaw, and you’re ducking the other evidence shown by the Linux community, and you continue to attack the Linux community, so forgive us for being just a little cynical.

          • Actually, in litigation, a bunch of lawyers like this are dangerous. I do think they are in a mess now though. This is way too complex and they need to keep a lot of balls in the air for this to work. I actually think HP was trying to do the right thing, for a lot of folks I don’t think it is worthless. My 6 cents.

          • I can’t argue that and would feel the same way, however my sense is they are tricking you folks into making this a highly visible fight which works to their favor. They don’t appear to be betting on the court outcome (this will likley settle out eventually) it is the process that will provide them with the most benefit and I don’t understand why anyone in the OSS comunity wants to make SCO money.

          • You make a good point – if their only hope of making money is to coerce license fees from risk-intolerant companies, then raising the profile of the argument is free publicity for them.
            |
            Unfortunately, if we keep quiet, they’ll be the only ones talking in the press. Non-technical types who might be inclined to adopt OSS will have a distinctly negative view about our processes and products. And if we offer little or no resistance to SCO, then others of their ilk will use the same tactics.

          • Please make some sense. Its SCO whose making this as visible as possible with their press releases, and their "bills" to other companies, and their willingness to talk to any reporter who comes along. THEY want this to be visible, not us.
            There will be a few gullible companies that pay them their blood money *before* a court has ruled, but most companies aren’t biting. SCO still has to win their primary case before any judge would say that their "bills" to other companies are legal.

          • I would normally agree with that kind of response. Just evaluate the claims, find all the relevant facts that prove it false, publish the whole thing in a comprehensible manner and there, the claim is dead.
            BUT, the problem with SCO’s case is that the claim is completely baseless. All the supposed proof they published has been shown to be completely false. So right now all the press and all the stories are about "alegations". You can’t kill the story because SCO, probably in a very successfull attemp to make the story last longer, has yet to prove anything.
            Linux is scaring the hell out of a lot of software companies because basically, they know a lot of them if not most of them will not survive. There IS a war going on and just like the RIAA is trying to stop file sharing, software companies have to try to stop or at least slow down the progress of free software. This was SCO’s attempt…who will be next.

          • SCO’s behavior in this is fairly transparent; they’re trying to scare businesses into buying licenses because nobody’s interested in buying their actual product. Their claim to ‘derivative works’ will probably last just long enough for the judge to review the USL v BSD documents and put the whole SysV codebase into public domain. This would explain why they’re doing everything possible to drag this out; they’re backpedaling about the Red Hat countersuit because it would short-circuit the IBM case. The code they showed off as infringement was in fact BSD code they had no rights to, which shows how well they know the background of their own product. They claim showing the code would get it replaced out, but failing to allow the defendant a good-faith effort to fix the problem reduces the damages they can claim. McBride has said a buyout ‘would make this all go away’; I think he was expecting IBM to shut them up with a buyout and he could have opened a nice golden parachute; now SCO’s facing the Mongol Horde of IBM’s Legal Department and trying to figure out where to run to.

          • Agree, in the end SCO won’t be the last to do this. (They aren’t the first either), if they can muddy the waters enough they may even win their case.
            I still think IBM screwed up someplace, this is not usual behavior for them, I’m missing something because on the surface SCO doesn’t look particularly strong right now. Yet, IBM can’t seem to make this go away and everything they do seems to inflame the situation.
            Think about it, when has IBM ever put their brand at risk like this? Not since the Microsoft war and that didn’t go well. It just feels like we are missing something.
            Back to the point though, just running around screaming back at SCO doesn’t fix anything. Whatever the approach is it should be strategic and aimed at accomplishing something other showcasing that OSS can be just as nasty as SCO can. Seriously, if you step back, doesn’t this start to look like two children screaming at each other that they are right and the other is wrong? How do you pick the right side in a situation like that?
            I’m not the best with kids but I know one thing, when this happens my tendency (and the tendency of a lot of others) is to walk away and let someone else deal with the problem.
            To me, that tendency doesn’t work for OSS….

          • If ‘derivative works’ fall under SCO’s control, then what about the fact that according to Open Group [who actually own the right to the UNIX definition], that OS/390 is technically a UNIX-compatible system because of their POSIX libraries? You think IBM is going to let SCO get a tap into the cash cow that is their bread-and-butter? Not bleeping likely… whatever IBM’s legal fees for this are going to run is pocket change by comparison. The fact that they’re covering Linux in the bargain is almost an afterthought vs. the potential drain on their mainframe revenues. Think about it…

          • You know, hind sight is 20 20, when we looked at the code the OSS folks were saying SCO didn’t have any evidence which is why both she, and I went down that path. To her credit, Laura discovered that at least some of the code she saw traced back to work IBM did seperate from UNIX and she reported that as well.
            They had evidence, if the OSS folks had done their homework first (they clearly could have looked and found the same stuff the SCO folks did) rather then denying it even existed this thing would have been nipped in the bud and we likely wouldn’t even be having this conversation.
            Stories have changed on both sides since this thing started and I’m having more and more trouble seeing white hats anyplace.

          • "Back to the point though, just running around screaming back at SCO doesn’t fix anything. Whatever the approach is it should be strategic and aimed at accomplishing something other showcasing that OSS can be just as nasty as SCO can." Are you reading the same OSS sources that I AM ? Groklaw, SPI’s position paper on the case, ers’s expose of the alleged copied code that got public, sources posted to LinuxToday, sources posted to SlashDot, etc, etc. It sounds to me that you are going to some militant newsgroup/website with a few Linux hotheads, like comp.os.linux.advocacy, and are claiming they represent the OSS world. What I’ve seen is credible evidence that leaves SCO position in serious doubt.
            Seriously Rob, what else are we supposed to do, given that the evidence against us hasn’t been made public?

          • Rob, I’ve been following this exhange for a couple days now, and I think you don’t understand the scope and nature of the problem. Getting the real news about SCO out is very difficult, almost impossible.
            |
            SCO’s claims have been researched very carefully by many, many people in the Open Source community, and that research is available on line. The research includes careful legal reasoning, cites, URL’s, interviews, and very careful sourcing. To see that research, you have only to surf on over to http://www.groklaw.com. In the last forty-eight hours, Groklaw has reported on no less than six SCO stories, including one story, RedHat’s Memorandum in Opposition to SCO’s Motion to Dismiss, which as far as I know has only been covered at Groklaw. In each case, the stories include analysis, links, and primary source material (for example, PDF copies of all the filings and judicial decisions in the IBM and RedHat cases.) Each story includes a comments section where anyone can discuss the story. Certainly Groklaw isn’t perfect – it’s rabidly anti-SCO and you’ll find the occassional bit of self-referential reasoning there – but in terms of making the whole story available and discussing it in terms of standard case law and proper legal reasoning Groklaw is head and shoulders above every other site or paper which reports on the case.
            |
            The same is true of the research done by Eric Raymond and Rob Landley. Their position papers are much better than ninety percent of the mainstream reporting I’ve seen. Once again, this material contains URLs which link to the original source material, cites, and footnotes.
            |
            The work done by Peren’s, Raymond, and Greg Lehey on the supposedly copied code SCO showed at SCO Forum is very good and clearly makes the point that SCO has no case. It has been massively unreported.
            |
            Getting reporters and analysts to actually go to these websites, read what’s there, follow up the cites and URLs, then apply the careful research to the stories they print is like pulling teeth. Most of the stories I’ve seen look nine out of ten paragraphs were copied from SCO press releases.
            |
            Stories that have been ignored or covered poorly include Caldera’s efforts, (pre SCO) to make sure that SMP was put into the Linux kernel, the shakiness of SCO’s legal claims, Caldera’s contributions to the Linux kernel, the possibility that some SCO boardmembers may be guilty of insider trading, SCO’s legal problems in Germany and Australia, the issue of whether SCO can legally send out invoices for Linux lincensing when they have not proved their case in court, Caldera’s plans to unite SCO and Linux, McBride deliberately misquoting Perens in his open letter, the USL vs BSD case, (which will likely have a major influence on the upcoming cases,) the fact that IBM owns the patents and copyrights to RCU, JFS, and NUMA, the fact that the JFS filesystem was originally designed for OS/2, and SCO’s clear lack of any understanding of the history of UNIX and Linux or their own corporate history. I could go on, but I think I’ve made the point adequately.
            |
            The resources exist to get the story right. They’re out there on the web, at courthouses (How did Groklaw get ahold of RedHat’s Memorandum before any other news service reported the story at all?) and from the participants. With a couple important exceptions – Vaughn McNichols and Sam Varghese come immediately to mind – most of the reporters and analysts simply aren’t doing their jobs. In the case of Groklaw these "reputable" journalists are getting scooped almost daily and don’t even know it. So it doesn’t surprise me at all that you think the OSS community is clueless. The press simply hasn’t covered the other side of the story.

          • > Seriously, if you step back, doesn’t this
            > start to look like two children screaming
            > at each other that they are right and the
            > other is wrong? How do you pick the right
            > side in a situation like that?
            .
            No, it looks like one person screaming threats at another while the threatened person calmly points out that the threats have no substance. IBM didn’t start this thing; SCO did. SCO is willing to say and do anything, no matter how ludicrous, because they are going out of business anyway. IBM, like the rest of us, has better things to do.

          • "They had evidence," What evidence? The only evidence which has reached the public is from the slides that SCO used at their pep-rally. That evidence has been destroyed by the Linux community when they showed its true origins.
            "if the OSS folks had done their homework first" This is what SCO should have done with the code they showed at their pep rally.
            "(they clearly could have looked and found the same stuff the SCO folks did)" We did look, and found the same code in hundreds of places, released in text books, under other open licences, and clearly beyond the control of SCO.
            "rather then denying it even existed" Prove that Rob. You’re spouting FUD again. Linus nor anyone else ever said at first that it didn’t exist, they just asked for the proof. The only "proof" so far (from the pep-rally) turned out to be a non-issue so everyone is getting more and more skeptical. The people best qualified to decide the origins of this code are still prevented from seeing the code in question. You and Lara and the others who signed NDAs are not programmers or professors of CompSci, and you were shown things in a controlled environment, shown only what SCO wanted you to see and nothing else. Pardon us if we wait for the discovery phase and let the real experts take a look.
            "I’m having more and more trouble seeing white hats anyplace." Except in Redmond of course.

          • <<You know, hind sight is 20 20, when we looked at the code the OSS folks were saying SCO didn’t have any evidence which is why both she, and I went down that path.>>
            .
            How about that – the OSS people were right, and not in hindsight and you were wrong. I seem to also recall that you were claiming that SCO had a 55% – 65% chance of prevailing against IBM and you wrote that article on September 2nd, AFTER SCO’s claims of evidence were debunked.
            .
            http://www.technewsworld.com/perl/story/31479.html
            .
            I guess *your* hindsight isn’t quite 20/20.
            .
            <<To her credit, Laura discovered that at least some of the code she saw traced back to work IBM did seperate from UNIX and she reported that as well.>>
            .
            She reported that? Where? I’m genuinely curious about that. Provide a URL and a quote please. Laura Didio today is claiming she never signed SCO’s NDA now. Did you realize that?
            .
            <<They had evidence, if the OSS folks had done their homework first (they clearly could have looked and found the same stuff the SCO folks did) rather then denying it even existed this thing would have been nipped in the bud and we likely wouldn’t even be having this conversation.>>
            .
            "They had evidence"? You mean the 30 old code that Kerrnigan and Ritchie wrote and released into the public domain in the most famous C programming book in the world, or the code that SCO stole from Berkeley – the Berkeley Packet filter?
            .
            Also: I’m curious exactly how was the OSS community expected to "do their homework" without access to SCO’s code? From day one, Linux developers have been asking SCO to identify the code so the problem could be mitigated and their claims checked and SCO still hasn’t done this.
            .
            <<Stories have changed on both sides since this thing started and I’m having more and more trouble seeing white hats anyplace.>>
            .
            Be more specific. I know that SCO claimed that they were going to audit AIX users, and didn’t have the legal authority to do it. I know SCO claimed they were going to present proof in June of code theft, and didn’t. I know that that Darl McBride claimed to have unassailable evidence of theft, and still hasn’t supported it. I know that SCO claimed to have revoked IBM’s AIX license but didn’t have the legal authority to do it. I know that SCO threated to invoice Linux users, and didn’t. SCO even claimed to have sold Linux licenses but now, they’ve recanted on that story.
            .
            How has the story changed on the other side – the OSS side? Provide support for your claims.

          • Ed, you don’t need source code to determine that the underlying code is equivalent or stolen. It’s more difficult, but not that much more difficult. You’d have the same signatures for function entries, nearly the same stack usage, and what is often the tell tale sign – the same bugs.
            .
            You are right however, indemnification is a red herring. Somehow the software industry managed to get along without it until now for the last 30 years. It would be interesting though for Microsoft to be liable for all their security vulnerabilities.

          • What I’ve noticed is that if you get involved in a "discussion" on one of those web sites you often get branded a "SCO Lover" or worse and you are personally attacked. The whole sense is our truth is the only truth "or else". I had a friend of mine just walk through SCO’s litigation strategy, chatted about it today. What is AM azing is this apparently was not only anticipated it is being used to strengthen their case. That’s what I mean about being measured and having a strategy, no you don’t know what they have; they do know what you have and, apparently are planning to make good use of it.
            One of the reasons you hold this till trial is you don’t want the other side to have unlimited time to discredit your evidence. There are always two sides, right now OSS is showing all its cards, SCO clearly isn’t and they appear to be playing off the OSS hand. Worse, I think all of the threats that are used against anyone that questions the OSS position create the sense that the position can not be supported any other way and, the first trial is a Jury trial.
            It always worries me when one side gets convinced that they will win before they see what cards the other side is going to play. SCO has two top litigation teams on this, everything they are doing is designed to produce an outcome, they have a plan, and are still executing on it. It is not clear that IBM and OSS are even working together let alone have a plan. Anyone that has done protracted litigation should be really concerned about that.

          • Just think about it – Rob Enderle claims that Groklaw’s letters to McBride has problems, but he doesn’t give a single concrete example of even ONE problem with it. The real problem is that Groklaw might just shut SCO up!

          • <<What I’ve noticed is that if you get involved in a "discussion" on one of those web sites you often get branded a "SCO Lover" or worse and you are personally attacked. The whole sense is our truth is the only truth "or else". I had a friend of mine just walk through SCO’s litigation strategy, chatted about it today. What is AM azing is this apparently was not only anticipated it is being used to strengthen their case.>>
            .
            Tell me, how does your friend believe this "strengthen’s their case"? I AM curious exactly how anything that’s happened in the last 6 months strengthens SCO’s case in court. Please enlighten me as to how anything that is said by a bunch of people on the internet strengthens SCO’s case. I AM dumb, and cannot comprehend such things.
            .
            Also, I AM curious – is your friend imaginary or real?
            .
            <<That’s what I mean about being measured and having a strategy, no you don’t know what they have; they do know what you have and, apparently are planning to make good use of it.>>
            .
            IBM knows what they have. They have full access to the AT&T code base, just as HP does, and Sun, and SGI. IBM has a pretty good track record of settling when they get their hands caught in the cookie jar – why haven’t they settled? Why is HP distancing themselves? Why did Sun try to keep their involvement with SCO secret. Why is SGI not settling?
            .
            <<One of the reasons you hold this till trial is you don’t want the other side to have unlimited time to discredit your evidence.>>
            .
            This is an utter lie. This is a *civil* trial. No new evidence will be admitted in court. All evidence is presented in the discovery phase which is happening now – the court date is 2005. There are no Perry Mason dramatics in a civil trial. I suggest you stop watching so much television Mr. Enderle and learn the basics of law.
            .
            <<There are always two sides, right now OSS is showing all its cards, SCO clearly isn’t and they appear to be playing off the OSS hand.>>
            .
            The OSS "side" has nothing to hide. If there is SCO code in Linux, they want to mitigate. It’s also somewhat difficult to hide your cards when all your code is in the public and you have thousands of people contributing in the complete daylight.
            .
            <<Worse, I think all of the threats that are used against anyone that questions the OSS position create the sense that the position can not be supported any other way and, the first trial is a Jury trial.>>
            .
            What threats? Why don’t you provide some links to those threats.
            .
            <<It always worries me when one side gets convinced that they will win before they see what cards the other side is going to play. SCO has two top litigation teams on this, everything they are doing is designed to produce an outcome, they have a plan, and are still executing on it. It is not clear that IBM and OSS are even working together let alone have a plan. Anyone that has done protracted litigation should be really concerned about that.>>
            .
            Boies has all but disappeared from this case. He was highly vocal during the Microsoft anti trust trial, and he was very vocal during Gore’s litigation, and during the Napster case. But in this case – he didn’t even show up at SCO Forum. Did you read their initial filing against IBM? It was so rife with errors that it was astounding.
            .
            But, you think they have a plan and that all this, their empty threats, their lies, Canopy being subpoenaed, their CTO quitting, all the insider sales, their public evidence being utterly debunked, being sued by Red Hat, losing against LinuxTag in Germany, being sued in Australia, being countersued by IBM for patent infringement, copyright violations, and the Lanham act – that all that is part of a master plan?
            .
            I have a crazier possibility: SCO doesn’t have a clue what their doing. I know it seems crazy, but I apply this bizarre little known principle called "Occam’s Razor" that is the underlying principle of all science.
            .
            I know it’s REALLY STUPID to think that the simplest explanation is probably the correct one, but that’s me – stupid. I guess we should all really be scared of SCO and stuff because they have this unfathomable diabolical master plan which is going to destroy Linux and perhaps the tech industry itself!
            .
            I mean just because SCO has been caught lying a half dozen times – why, that’s no reason to doubt their crediblity! Hey, if I get a full frontal lobotamy, can I get a job as an analyst too?

  • It seems to me you might be overlookong a pertinent fact: IBM does not sell or distribute a version of Linux. So who would they indemnify? Anyone who runs a version of Linux on an IBM system? Does this include anyone who installs a Linux distribution on a Think Pad? Further, for what would they provide an indemnity? Would they indemnify users against IP claims in the kernel – what version and what about modifications made by the user or by the distributor? It seems to me that there are some real practical problems with your position. I don’t have any problem with HP providing an indemnity, but I also recognise that it really has little, if any, practical value to the end customer. For example, I have several HP Pavilion systems on which I run Linux derived from various distributions – Red Hat, Suse and even Mandrake. Are my systems covered by the HP indemnity? What AM I protected from?
    It seems to me that what you suggest is really not practical and I think that is why SCO keeps harping on it – there really isn’t any practical way for any vendor — including SCO itself — to provide a meaningful indemnity. Further, the noise distracts people from the real issue here – SCO has a legal obligation to minimise any damages caused by IP infringement they claim – i.e. they have a legal obligation to specify precisely what code infringes their intellectual property so that the "infringing" parties can remedy the alleged infringement. They are not meeting this legal duty. If they met their duty under the law, indemnity, by any party, would be unnecessary. That is the key issue here, not whether the various parties in the Linux development and distribution chain offer indemnity.
    My tuppence….
    Cheers

  • Mr. Enderle:
    Are you now or have you in the past been paid for services by Microsoft or SCO?
    Have you had some negative experience with IBM that may cause you to look at that company with suspicion?

  • HP’s indemnification is not worth the paper it is printed on. Just today, I have released some patches for Red Hat’s beta kernel, and guess what, HP doesn’t cover that. On the other hand, the real friends at Big Blue are all over SCO. That’s the best damn indemnification one can get.
    <br/>
    And just to make things clear, SCO is up for a lose-lose. If GPL is invalid, they are copyright infringers for distributing copyrighted works without a valid licence. If GPL is valid, they are copyright infringers for licensing copyrighted works of others under the licence the copyright holders didn’t agree to. I like…

  • > In fact, in reading the letter, I wondered
    > whether it was actually written by someone
    > being paid by SCO, which probably means I’m
    > spending too much time with the open-source
    > software folks and have begun to become as
    > paranoid as they are about secret conspiracies.
    This is clever. You manage to smear the authors of the letter without actually addressing any of their claims (not surprising, since they’re unassailable), and at the same time you mount a preemptive defense against the charge that you yourself are a paid shill for SCO/Microsoft– which you clearly are.
    Nice try.

  • Microsoft indemnifies it’s customers? What about the timeline suit brought against microsoft, which microsoft refused to indemnify it’s customers even though they were found guilty of infringement in a court of law. SCO has proved nothing yet, in court or otherwise. If IBM did indemnify it’s customers, it would give SCO one single point of attack to spread it’s FUD. It would also set a precedent which no sane company would want. HP is using it as a marketing ploy to gain more customers, not out of some sense of misguided duty. They will be sorry down the line when their customers start expecting indemnity for everything.

  • If you really want to help, why don’t come out solidy against SCO, a useless, dying company whose only hope for survival is to
    either be bought out or convince a judge and jury that their dubious legal ideas about derivatives, ownership, and copyright are valid? Why don’t you note that every technical claim they’ve made has been proven invalid and that SCO insiders are selling stock at a huge rate?
    |
    You’ve got a huge audience and your story has already been quoted over at LinuxWorld. If you really want to help, why don’t you stand up and tell the world what those of us who’ve been following the case have known for months – that SCO is a nasty little crooked organization which is trying very hard to get rich off someone else’s hard work?
    |
    Alex

  • Are you certain that IBM had, and was able to include native Win32 support into OS/2?
    I was always under the impression that they either didn’t have this technology or were not allowed to use it due to some agreement with Microsoft.
    If OS/2 was able to run 32bit Windows apps natively, then Windows 95 would not have been able to compete with it. Everyone would have switched to OS/2 because it was far more stable.
    Who wants to run OS/2 when 95% of the applications only run under Windows 95?

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Rob Enderle
More in Computing

Technewsworld Channels