decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal


User Functions

Username:

Password:

Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
FTC "Dealing With SCO" - And More on Security From Karjala, Linus, Felton & MS
Tuesday, February 17 2004 @ 06:09 AM EST

Some interesting news from New Zealand. Complaints have been lodged with the Commerce Commission, alleging that SCO's demands for license fees run afoul of the Fair Trading Act, and a spokeswoman for the Commission, Jackie Maitland, told The New Zealand News that it is her understanding that the FTC in the US is "dealing with" SCO's demands for licenses. That's news to me, although I knew some complaints had been filed. That's not all she had to say.

She also said the Commission's preliminary view is that "no one should pay an invoice unless they are clear on the obligation to pay". Here's the rest of what she said:

"Furthermore, Maitland says that 'it is not clear that SCO are entitled to charge end-users who have downloaded a product on the condition they understood the product was free'.

"A person or a company falsely claiming to have ownership of a product or service or the rights to payment could breach the Fair Trading Act, said Maitland.

"The commission is at this stage not clear what if any representations have been made in NZ, but says it is aware that the ACCC in Australia and FTC in the US 'are dealing with [SCO's licensing demands]'."

Evidently, there is now a new legal front for SCO to cope with. And a new group of journalists are trying to comprehend what SCO is doing, but they do seem to be getting up to speed a great deal faster in NZ. Notice how the article ends:

"However, Linux itself has always been covered by the GNU General Public Licence, which states any software offered under its terms is freely distributable, copyable and modifiable. This apparent paradox has not prevented SCO from claiming licence fees."

At least it's apparent to the journalist that SCO's position is paradoxical. Other words spring to mind as well.

Meanwhile, Microsoft is dealing with the leak of its code, but it seems a certain female analyst, whose name shall no longer cross Groklaw's lips (why should we make her more famous?) was wrong, once again, in her analysis. It seems the leak is not expected to have serious security consequences after all, so all of your ankles are probably safe. Here's what the New Zealand Herald found out from McAfee and Microsoft spokespersons, neither of whom supported her gloomy forecast:

"David Emm, product marketing manager at McAfee, which produces antivirus and 'firewall' products to protect PCs, said the leak was more embarrassing than dangerous: 'the bad guys don't need source code to latch on to vulnerabilities.'

"A source within Microsoft agreed: 'It's not going to make a whole lot of difference in the hacking world, because what they tend to do is to look at the fixes we send out, and then try to work backwards to see what hole we're fixing.'"

How do you get to be an analyst, anyway, I wonder? If you don't need to know much about your subject but need to have strong opinions on the subject regardless, and you can be wrong time after time and still keep your job, I'd like to get paid to give my incorrect opinions too. I know little or nothing about stocks and pump-and-dumps and things like that, so that seems a perfect assignment for me. I think I could come up with some factually inaccurate quotable quotes, with a splash of vivid imagery on a good day, and once I get really steamed up and on a roll, maybe some defamatory remarks here and there. If they paid me enough, I'd even tell a goofball joke now and then.

I also know pretty much nothing about physics, so I'm thinking I could surely be relied upon to say something didiotic about the universe, or maybe about NASA and Mars and things like that, if they'd only give me a chance. Journalists could ask me if we should be spending so much money to go to Mars, and I'm positive I'd be wrong almost always. If that's what journalists are looking for, I am so ready.

A segment of a Channel Web article, posted on Netcraft confirms that security experts agree the leak won't make a big difference, and they bothered to contact two people who actually know something about technology to get their opinions, Ed Felton and Linus Torvalds:

"'The leak will do some damage to the security of Windows machines, but it's not clear how much,' said Ed Felten of Princeton University, a security researcher who has reviewed Windows source code and was an expert witness in the antitrust case against Microsoft. . . . 'This will only matter, though, if the bad guys would otherwise have trouble finding bugs, which may not be the case.'

"'It makes the sources potentially more available to crackers, and that has security issues - but I don't think that is anything really new,' Linux founder Linus Torvalds told ChannelWeb. 'At most, it just makes it easier for a bored teenager to find the thing. It may make some people realize that the protection of proprietary shrouded source code really isn't a protection at all. It's just a guarantee that the code doesn't get any good outside code review.'"

Speaking of security, would you like to know how SCO makes sure its code isn't exported to forbidden places? I found this notice on its download page for SCO OpenServer Release 5.0.7:

"Please read the following export notice:

"Please note that the electronic transfer of this data to a destination outside of the United States constitutes an export (as defined by the U.S. Bureau of Export Administration) and is authorized ONLY to the end user. Any subsequent re-exportation of this data requires that the end user obtain an additional export license. Also note that it is illegal to re-route SCO product to Cuba, Iran, Iraq, Libya, North Korea, Sudan or Syria and that you must file a special license if you intend to re-route goods to the embargoed regions of Serbia or the Taliban controlled areas of Afghanistan. Placement of this order constitutes an agreement to comply with these stipulations."

I'm sure no one who wished to get their software but was in, oh, North Korea, would violate a promise as sacred as that. And none of them have friends or relatives in the US who would buy it for them and the bring it home to hand-deliver it. Such a high-tech workaround wouldn't occur to them, and it wouldn't be right, anyway, so I'm sure no "bad guys" would ever do that. And as we all know, it's simply impossible to find bookleg software in Asia.

FOSS has similar notices, where appropriate, by the way. All US software is under the same restrictions. I think SCO forgot to tell Congress in their letter that it was their own employees who helped write the very kernel they now complain about, who added to its high-end functionality the features they now say are so dangerous, and that they distributed the kernel on their servers too.

Woops. Old business plan.

Finally, I ran across the Free Software Foundation's legal directions on accepting contributions of code safely. They were in a manual put out some years back. Here's the careful way they handled contributions of code to make sure the code could never have a courtroom date with the likes of SCO:

"Accepting Contributions

"If the program you are working on is copyrighted by the Free Software Foundation, then when someone else sends you a piece of code to add to the program, we need legal papers to use it--just as we asked you to sign papers initially. _Each_ person who makes a nontrivial contribution to a program must sign some sort of legal papers in order for us to have clear title to the program; the main author alone is not enough.

"So, before adding in any contributions from other people, please tell us, so we can arrange to get the papers. Then wait until we tell you that we have received the signed papers, before you actually use the contribution.

"This applies both before you release the program and afterward. If you receive diffs to fix a bug, and they make significant changes, we need legal papers for that change.

"This also applies to comments and documentation files. For copyright law, comments and code are just text. Copyright applies to all kinds of text, so we need legal papers for all kinds.

"We know it is frustrating to ask for legal papers; it's frustrating for us as well. But if you don't wait, you are going out on a limb--for example, what if the contributor's employer won't sign a disclaimer? You might have to take that code out again!

"You don't need papers for changes of a few lines here or there, since they are not significant for copyright purposes. Also, you don't need papers if all you get from the suggestion is some ideas, not actual code which you use. For example, if someone send you one implementation, but you write a different implementation of the same idea, you don't need to get papers.

"The very worst thing is if you forget to tell us about the other contributor. We could be very embarrassed in court some day as a result.

"We have more detailed advice for maintainers of programs; if you have reached the stage of actually maintaining a program for GNU (whether released or not), please ask us for a copy."

The manual had another page that mentions Unix and says: "Don't in any circumstances refer to Unix source code for or during your work on GNU! (Or to any other proprietary programs.)"

Speaking of proprietary programs, I got a followup from Dennis Karjala, Professor of Law at Arizona State University, on the Microsoft code. I mentioned that I got a lot of email and comments about that and I specifically asked him this time if looking at the leaked code might result in increased liability in any copyright infringement action. Here is his reply:

***************************************************

I recently wrote a short piece outlining the formal legal position of people who come into possession of portions of Microsoft source code that have recently been leaked to the internet. My main point was that, while distributing, saving, calling to the screen, or printing any of that code would be copyright infringement (absent fair use), merely reading a copy independently made by someone else would not. Many readers have asked the next, quite logical, question: How vulnerable are we if, having read (without infringement) a copy of Microsoft's code, we now write new code incorporating some of the knowledge gleaned from that reading?

This question is the crucial one relating to the copyright protection of computer software. Like many crucial legal questions, it is not amenable to an easy answer. We can start by saying that, for sure, Microsoft's literal code is protected, so copying all or a substantial part of it verbatim and including it in a new program would infringe, much like copying a chapter out of John Grisham's latest novel and incorporating into your own work would infringe. Close paraphrases of Microsoft's code, for example by changing little more than the names of the variables, will infringe, as will translating it line-by-line into a different programming language. At the other extreme, it is not infringing simply to duplicate the functionality of Microsoft's code via independently written new code. So, if one person examines the Microsoft code, describes its functionality in a set of specifications, and gives those specifications to a second person who has not seen the Microsoft code (a "clean room"), the resulting program written by the second person does not infringe.

In between these extremes, we are in the murky gray area. The generally accepted rule derives from a Second Circuit decision of about 12 years ago (Computer Associates v. Altai), which says that we determine the "protected elements" of Microsoft's program by looking at various stages of abstraction running from literal code to overall function and filtering out (at each stage) elements dictated by efficiency, compatibility, or external factors. I have long argued that this test means that nothing besides literal code and close paraphrases can be protected, because everything in a program is there for a functional reason. (Whether the particular solution arrived at by Microsoft is "good" or "bad" in engineering terms is not, and should not, be a concern of copyright courts. No software engineer deliberately tries to make his or her program "bad" just so broader copyright protection can be claimed.) So, program structure (so-called "SSO" for "structure, sequence, and operation") should not be protected by the program copyright. I believe that the subsequent judicial decisions generally support this argument, at least in their results. However, no court to my knowledge has formally adopted my simpler and policy-based argument. Courts still rely on the unnecessarily complex formula laid out in the Computer Associates case.

That means, if Microsoft is on the other side, you should not be surprised to find yourself litigating a copyright infringement case if, after examining the Microsoft code, you build a program incorporating elements like SSO from that Microsoft code in order to achieve compatibility with all the programs that now run on the Microsoft platform. I believe you should win that case, but I also believe that there are more enjoyable things to do in life than litigate against a litigious company that has a bottomless supply of cash.

*********************************************

Proprietary software companies like Microsoft and SCO speak against free software, but they surely don't seem to mind using it. Alexy writes that SCO's new recently (1/30/2004) released 2nd update pack for their OpenServer 5.0.7 includes:

  • "PostgeSQL (relational database manager distributed under BSD licensed - http://www.postgresql.org/),
  • CUPS printer subsystem (Common UNIX Printing System distributed under GPL - http://www.cups.org/index.php),
  • ESP Ghostscript (customized version of GNU ghostscript distributed under GPL - http://www.cups.org/ghostscript.php).
  • Just for the record, the 1st Update Pack (7/31/2003) was including extended shells, specifically GNU bash (you can guess yourself what license it uses ;-))) - http://www.gnu.org/directory/bash.html). They did not mention bash in the description of 1st update pack, but in 2nd update pack they say that latest version is included, and that they originally included it in the 1st update pack.
"It's also interesting how they claim to start supporting hyper-threading technology in their update packs. (What HT does is it essentially makes single CPU with HT support to look like two individual CPUs, so the system can run in SMP mode.) And strictly speaking, you don't need to do anything special - if your OS is capable of running on SMP machine it is capable of running on CPU with HT enabled. And that's pretty much what they recommend in that update pack - to enable SMP support. How they can make that much hype of supporting HT is beyond my comprehension.

"This is a link to readme of 2nd update pack (it has link the 1st update pack inside): http://sco.com/support/update/download/osr507up.html "

News.com is reporting that the leaked Microsoft code shows they aren't above using GPL code either:

"Despite Microsoft's ill will toward open source, it may be benefiting. The apparent inclusion of several community-created programs--such at the GZIP compression program and the program builder GnuMakefile--in the source code shows that the company is not above using open-source software itself, when it can do so without license restrictions."

UPDATE: Microsoft has put out a statement:

"Microsoft source code is both copyrighted and protected as a trade secret. As such, it is illegal to post it, make it available to others, download it or use it. Microsoft will take all appropriate legal actions to protect its intellectual property. These actions include communicating both directly and indirectly with those who possess or seek to possess, post, download or share the illegally disclosed source code.

"Specifically, Microsoft is sending letters explaining to individuals who have already downloaded the source code that such actions are in violation of the law. Additionally, Microsoft has instituted the use of alerts on several peer-to-peer clients where such illegal sharing of the source code has taken place. These alerts are designed to inform any user who conducts specific searches on these networks to locate and download the source code that such activity is illegal."


  


FTC "Dealing With SCO" - And More on Security From Karjala, Linus, Felton & MS | 303 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
FTC "Dealing With SCO" - And More on Security From Karjala, Linus, Felton & MS
Authored by: jmc on Tuesday, February 17 2004 @ 06:25 AM EST

GNUMakefile. Hmm. Wonder what they need that for?

Well they can't use SCO Make can they - it's hopelessly buggy even (especially?) on SCO OSes and you can't do "make"s within "makes" without weird things happening.

No wonder they want to cover it up...

[ Reply to This | # ]

  • GNU Makefile - Authored by: Anonymous on Tuesday, February 17 2004 @ 06:55 AM EST
    • GNU Makefile - Authored by: Anonymous on Tuesday, February 17 2004 @ 07:13 AM EST
      • GNU Makefile - Authored by: Anonymous on Tuesday, February 17 2004 @ 08:21 AM EST
      • GNU Makefile - Authored by: Anonymous on Tuesday, February 17 2004 @ 09:30 AM EST
      • GNU Makefile - Authored by: dcs on Tuesday, February 17 2004 @ 09:36 AM EST
      • GNU Makefile - Authored by: Anonymous on Tuesday, February 17 2004 @ 09:36 AM EST
        • def: BMP - Authored by: Anonymous on Tuesday, February 17 2004 @ 10:04 AM EST
          • def: BMP - Authored by: Anonymous on Tuesday, February 17 2004 @ 12:35 PM EST
          • def: BMP - Authored by: Philip Stephens on Tuesday, February 17 2004 @ 12:43 PM EST
            • def: BMP - Authored by: Anonymous on Tuesday, February 17 2004 @ 03:35 PM EST
      • BMP, PNG - Authored by: _Arthur on Tuesday, February 17 2004 @ 03:06 PM EST
    • GNU Makefile - Authored by: Anonymous on Tuesday, February 17 2004 @ 09:08 AM EST
      • GNU Makefile - Authored by: Anonymous on Tuesday, February 17 2004 @ 07:33 PM EST
    • GNU Makefile - Authored by: Anonymous on Tuesday, February 17 2004 @ 02:08 PM EST
  • gnumakefile - Authored by: Anonymous on Tuesday, February 17 2004 @ 07:49 AM EST
If I were Darl
Authored by: RedBarchetta on Tuesday, February 17 2004 @ 06:27 AM EST
This cannot be good for Darl's already-fouled sleep pattern...

[ Reply to This | # ]

FTC "Dealing With SCO" - And More on Security From Karjala, Linus, Felton & MS
Authored by: Anonymous on Tuesday, February 17 2004 @ 06:31 AM EST
I've read comments from others suggesting that the GNU makefiles may originate
from Mainsoft (purported to be the company from which the code was derived).
Mainsoft is known to have engaged in porting Microsoft apps to Linux.

[ Reply to This | # ]

So Can the F/OSS Community now sue MS?
Authored by: TerryC on Tuesday, February 17 2004 @ 06:31 AM EST
Assuming that this alleged inclusion of GPLd code into Windows is true, can MS
be successfully sued?

Morally of course, they should be sued, but it would probably take a strong
stomach and deep pockets to achieve it. Plus the fact that MS would undoubtedly
countersue because whoever brought the suit must have copied the code to have
been able to read it.

Who says that the law doesn't favour the rich and powerful.

---
Terry

[ Reply to This | # ]

FTC "Dealing With SCO" - And More on Security From Karjala, Linus, Felton & MS
Authored by: RSC on Tuesday, February 17 2004 @ 06:41 AM EST
It's good to hear that the ACCC might be handling SCO in OZ. Also good to see
the NZ counterpart actually come out and say it's not a good idea to pay up. Why
isn't the US govt. doing something along the same lines?

RSC


---
----
An Australian who IS interested.

[ Reply to This | # ]

Nice touch....
Authored by: ssubra on Tuesday, February 17 2004 @ 06:44 AM EST
>> ... I'm thinking I could surely be relied upon to
>> say something didiotic about the universe,

"didiotic".....

It was an especially nice touch.......

Ouch !!!!

-Subra

[ Reply to This | # ]

Leaked code leads to exploit
Authored by: Anonymous on Tuesday, February 17 2004 @ 06:57 AM EST
I read on <a
href="http://slashdot.org/article.pl?sid=04/02/16/1737200&mode=thread&a
mp;tid=126&tid=172&tid=185&tid=190&tid=201"
target=_top>slashdot</a> that the leaked code has lead to an exploit of
Internet Explorer 5. The code is for a service pack to windows 2000. I wonder
what other exploits are waiting to be found in other microsoft source? If it had
been foss it would have been found and corected long ago.

[ Reply to This | # ]

Spelling Mistake ?
Authored by: Greebo on Tuesday, February 17 2004 @ 07:08 AM EST
I'm sure it was a typo, but 'Idiotic' is not spelt with Two D's !

I also know pretty much nothing about physics, so I'm thinking I could surely be relied upon to say something didiotic about the universe, or maybe about NASA and Mars and things like that, if they'd only give me a chance.

lol.

Excellent! That's made my day.

---
-----------------------------------------
Recent Linux Convert and Scared Cat Owner

[ Reply to This | # ]

Context
Authored by: Anonymous on Tuesday, February 17 2004 @ 07:14 AM EST
"It seems the leak is not expected to have serious security consequences
after all, so all of your ankles are probably safe."

Pretty much a given, simply because the source code could have been the wazzy
taskbar collapsing, or the skin code rather than the encryption algorithms. It
was a chicken-little guess from our favourite analyst, simply because nobody
remembers when you're wrong, but if you're right, riches ahoy.

This is exactly the same principle that most of the astrologers work on. Forget
the misses, but talk about your hits over and over; run the charts of famous
dead people and elevate the stuff that confirms what their life was like.
Funnily enough large sections of the population follow that too, although I'm
sure that the purchasing managers of large fortune 500 companies wouldn't like
to be compared with trailer housewives, but...

"A source within Microsoft agreed: 'It's not going to make a whole lot of
difference in the hacking world, because what they tend to do is to look at the
fixes we send out, and then try to work backwards to see what hole we're
fixing.'"

Wrong, wrong, wrong. They watch the security lists for the exploit demo code,
then rip and replace. Microsoft was trying for an embargo in reported
vulnerabilities or stopping people actually posting demo code for a while back
there, but someone pointed out that they'd still not closed some holes over six
months since they'd been reported.

Most of the vulnerabilities in windows have also been reported by outside third
parties rather than inhouse at Microsoft.

"I'm sure no one who wished to get their software but was in, oh, North
Korea, would violate a promise as sacred as that."

It's the minimum requirement for checking that the receiver is allowed to
receive it. Knowingly downloading source protected by export controls is a
crime, and one I committed on frequent occasions to get hold of high encryption
libraries when your government had them classified as 'munitions', which they
still do, although export controls were relaxed on encryption in 2000/2001(?).

This was after someone had tattooed the RSA algorithm on their arm and travelled
through a couple of borders.

"simply impossible to find bookleg software in Asia."

'Bootleg'. And it's actually getting harder. For one thing, various nations
are being pressurised into coming to heel over copyright regulations by dangling
the carrot of WTO membership, which caused a lot of legal and political
wrangling, particularly with China, as the markets want some method of getting
in there and stopping the bootlegging, while the majority of the Asia-Pacific
nations want cold hard cash, and to be left alone to execute dissendents for
internal organs. It's more about the money than the human rights issues, but
some will argue that real change has to be forced through the wallet.

Draconis

[ Reply to This | # ]

OT: claimed license fees
Authored by: Peter Smith on Tuesday, February 17 2004 @ 07:15 AM EST
Putting aside for the moment any dicussion of the merits of SCO`s baseless
claims, I have been wondering about the amount of their claimed license fee for
Linux.

Surely the several hundred dollars they claim in license fees would only be
applicable if they owned ALL rights to Linux?

Even their own acounting would give them rights to less then 0.01% of Linux. Now
if the fees were then calculated on a pro rata basis this would be rather less
than one dollar?

Surely then users could resist the license fees on the grounds that they are
unduly extortionate? Are there any legal grounds for this thinking or am I just
indulging in wishful thinking?

[ Reply to This | # ]

Small typo
Authored by: Anonymous on Tuesday, February 17 2004 @ 07:18 AM EST
s/bookleg/bootleg/

[ Reply to This | # ]

  • Small typo - Authored by: Anonymous on Tuesday, February 17 2004 @ 07:23 AM EST
I am one of the people who complained to the NZ Commerce Commission
Authored by: Anonymous on Tuesday, February 17 2004 @ 07:34 AM EST
The first time I sent them email outlining my concerns with SCO's licensing
campaign and it's breach of the NZ Fair Trading Act, they attempted to brush me
off and tell me it was the US FTC's problem.

I then launched into a polite tirade along the lines of 'how can it be the US
FTC's problem that NZ consumers are being threatened with extortion, would it be
the NZ commerce commissions problem if an NZ company was committing fraud in the
US?'

They emailed me back saying theyd look into it

So i email them again after hearing nothing for over a month, and this time
someone actually called back and talked to me about my problem with SCOs
actions, and I spent about half an hour detailing as best i could the
insupportability of SCO's licensing demands.

The guy I was talking to seemd to be pretty interested, but was a bit
overwhelmed I think by the depth of UNIX history you have to understand to
appreciate the total baselessness of SCO's claims.

They said they would look into it further, I told them to call Massey University
and Weta Digital for comment since they had specifically been identified in
older SCO articles I had read, but I dont know what, if anything, has happened
since then.

I also pointed them at groklaw, and sent them a number of web resources
including the OSI Position Paper.

I think the NZ CC doesnt quite know what to do, since nobody has actually been
invoiced by SCO, and there has been no formal representation made outside the
statements made by SCO's Australian guy, Kieran O'Shaughnessy.

However, though I had to hassle them a bit, they did actually listen to what I
was saying, and I think that if SCO was to approach New Zealand companies asking
for licensing fees, that the NZ Commerce Commission would be very interested to
hear about it.

I'm glad to have done my little bit to raise awareness where it might actually
count, and to stop SCOs blatantly false claims from being perpetuated.









[ Reply to This | # ]

FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: gressil on Tuesday, February 17 2004 @ 07:36 AM EST
PJ sez:
"I know little or nothing about stocks and pump-and-dumps and things like that, so that seems a perfect assignment for me."

Sorry PJ, it looks like that job is taken by Melanie Hollands:

SCOX investment article at IT Manager Journal

She uses the word "monetize", I wonder who she's been talking to for the research for this analysis?

Chris.

[ Reply to This | # ]

OT : Was Darl Gagged ?
Authored by: Greebo on Tuesday, February 17 2004 @ 07:37 AM EST
There was a lot of speculation after the hearing last week that the judge had told SCO to keep their mouths shut.

Well, I just saw this story, which would seem to say that either Darl wasn't told to keep his mouth shut, or is incapable of it.

Or maybe the reporter is quoting an earlier interview? What do you think?

---
-----------------------------------------
Recent Linux Convert and Scared Cat Owner

[ Reply to This | # ]

OT -- SCO's letter of the Month Club..
Authored by: Anonymous on Tuesday, February 17 2004 @ 07:53 AM EST
Whatever happened to McBride's/SCO's letter of the month? We were promised more
clueless quotes...

http://www.newsforge.com/trends/03/12/04/2024240.shtml?tid=85

Darl McBride: "Starting with this letter, I'd like to explain our positions
on the key issues. In the months ahead we'll post a series of letters on the SCO
website (www.sco.com). Each of these letters will examine one of the many issues
SCO has raised. In this letter, we'll provide our view on the key issue of U.S.
copyright law versus the GNU GPL (General Public License)."

[ Reply to This | # ]

Windows source code exploit released
Authored by: Anonymous on Tuesday, February 17 2004 @ 07:54 AM EST
A segment of a Channel Web article, posted on Netcraft confirms that security experts agree the leak won't make a big difference,

What's that you say? So much for your 'experts'...

http://www.theregister.co.uk/content/55/35611.html

[ Reply to This | # ]

Good HT support is more than SMP
Authored by: Thue on Tuesday, February 17 2004 @ 08:12 AM EST

It's also interesting how they claim to start supporting hyper-threading technology in their update packs. (What HT does is it essentially makes single CPU with HT support to look like two individual CPUs, so the system can run in SMP mode.) And strictly speaking, you don't need to do anything special - if your OS is capable of running on SMP machine it is capable of running on CPU with HT enabled. And that's pretty much what they recommend in that update pack - to enable SMP support. How they can make that much hype of supporting HT is beyond my comprehension.

It is true that a normal OS with Symmetric Multi Processing (SMP) capability would support Hyper-Threading HT.

But it is possible to support HT better if the Operating System (OS) is aware of it. I think that is what SCO is talking about.

The advantage is that if you have 2 cores in your computer with 2 HTs each, and want to schedule 2 threads, it is most efficient to schedule one thread on each core, as otherwise the two threads would content for ressources on the same core.

[ Reply to This | # ]

I too dug didiotic
Authored by: Anonymous on Tuesday, February 17 2004 @ 08:16 AM EST
You said: Meanwhile, Microsoft is dealing with the leak of its code, but it
seems a certain female analyst, whose name shall no longer cross Groklaw's lips
(why should we make her more famous?)

And later used the term "didiotic".

The term has a beauty all of its own :) Thanks PJ for bringing a smile to this
Linux lover's lips :)

Cheers,

Anonymous Gordo
(from Canberra, Australia)

[ Reply to This | # ]

FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: blacklight on Tuesday, February 17 2004 @ 08:19 AM EST
All we know is what we have been told: that Microsoft lost control over 600MB
worth of code. We don't know if this code is obsolete systems code, code that
implements critical functionality such as security features, code that will
reveal vulnerabilities that were black box until that day. May be this unwanted
release will have zero impact, as Microsoft claims. Or it will turn out to have
plenty of impact, as we may find the hard way later. At this point, the most
plausible answer to me in the absence of any other information is a great, big
"We don't know!".

Microsoft argues for zero impact: I don't mean to nitpick but Microsoft has been
known to make a few self-serving public declarations over minor matters such as
the security of their products that are in negative deviance with the truth, to
put it charitably. Our beloved code experts and comment code specialists Rob
Enderle and Laura Didio also argue for little to no impact, no doubt after the
same type of exhaustive and meticulous examination that led them to assert that
the SCO Group has a compelling case. If there is one thing I admire about
Microsoft's marketing machine, it is that Microsoft and its third party sock
puppets speak with one voice.

It is time for Microsoft to perform a public service and admit what is at this
point almost public knowledge: its Windows 95, 98 and ME OSses are not designed
for security. It is time for Microsoft to recommend that Microsoft customers
need to migrate to Windows XP and Windows 2000 Professional for their own sanity
and safety - I just spent a week wresting control back to myself of my hijacked
IE on my obsolete home Win 98 machine, despite having previously secured that
machine, its OS and its applications as well I knowledgeably could, and I think
I am extremely knowledgeable: I am not in a good mood. If I find that someone
can still highjack my IE browser or run unauthorized binaries from Outlook on a
properly secured Windows 2000 machine, then I lose all interest in Microsoft
desktops.

[ Reply to This | # ]

Hyperthreading
Authored by: rol on Tuesday, February 17 2004 @ 08:28 AM EST
It's also interesting how they claim to start supporting hyper-threading technology in their update packs. (What HT does is it essentially makes single CPU with HT support to look like two individual CPUs, so the system can run in SMP mode.) And strictly speaking, you don't need to do anything special - if your OS is capable of running on SMP machine it is capable of running on CPU with HT enabled. And that's pretty much what they recommend in that update pack - to enable SMP support. How they can make that much hype of supporting HT is beyond my comprehension.

This is not entirely correct. SMP support is neither required nor sufficient for proper HT support (it does help, though). I don't know what SCO's code actually does, but proper HT support goes beyond mere SMP.

For the technically inclined who'd like to see a rationale: Consider, for instance, that CPU caches are shared between logical CPUs of an SMT enabled CPU (HT is the Intel marketing name for SMT). If you have a system with two physical CPUs (i.e. four logical CPUs), your kernel is basically looking at a NUMA system. This has an impact on scheduling, process migration, etc.

All this is quite straight-forward in theory but takes some time to implement and fine-tune even in a NUMA-aware kernel. Linux HT support is still being worked on.

[ Reply to This | # ]

  • Hyperthreading - Authored by: Anonymous on Tuesday, February 17 2004 @ 09:21 AM EST
    • Thank you. - Authored by: OK on Wednesday, February 18 2004 @ 12:34 AM EST
Microsoft gets worst of both worlds
Authored by: mitphd on Tuesday, February 17 2004 @ 08:43 AM EST
There was an interesting point made on Slashdot: with this code release, Microsoft gets the worst of both worlds.
  • Criminals and vandals will happily troll through the code to find weaknesses to expliot, and will announce their findings in very unpleasant ways (by releasing viruses and worms).
  • Ethical programmers and scientists will not seek or download the code. If they run across the code legally (because someone else illegally printed it out), and find a vulnerability, the last thing they will do is tell Microsoft, since that would be tantamount to self-immolation by lawsuit.

I'm not as sanguine as PJ regading the security problems that might flow from the code release. Depending on what part of Windows was released, there could be a rich trove of new bugs to exploit, or the crackers could find the cupboard relatively bare. Since, as I said above, the people analyzing the code aren't talking, the only way we'll find out is if the steady drumbeat of Windows exploits rises to a deafening crescendo in the coming weeks and months.

[ Reply to This | # ]

FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: Anonymous on Tuesday, February 17 2004 @ 08:46 AM EST
I'm sorry to use an off-topic comment to this thread to post this, but I'm
unable to send mail to PJ due to an excessive spam filter on
smpt.secureserver.net.

In any case, here is a new doc I just found on the TSG web site:

http://www.thescogroup.com/scosource/scoip_eula_feb204.pdf
(http://www.thescogroup.com/scosource/eula.html)


[ Reply to This | # ]

A question about Microsoft's "Shared Source" program
Authored by: darthaggie on Tuesday, February 17 2004 @ 08:54 AM EST
I have a vague question about Shared Source, and hopefully someone can comment, and then I can perhaps ask a more tightly focused question.

The question: What code protections does Microsoft employ to keep their Shared Source offerings...ummm...unshared with the wider world? obviously, you must sign a license or NDA. But what physical safegards must be employed?

I'm thinking that my concern is with foreign governments. Approach the right official with the right amount of briefcases containing the right amount of unmarked, non-serialized pictures of Dead US Inventors (Ben Franklin on the US$100), you could probably walk out of his/her office with your very own copy of Windows source code, with no one none the wiser. Please tell me I can keep that scenario in with my worst nightmares.

I can't imagine (Russian) any organized group (Spammers) that might like to acquire such code...

[ Reply to This | # ]

FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: Anonymous on Tuesday, February 17 2004 @ 08:58 AM EST
...I'm thinking I could surely be relied upon to say something didiotic about the universe...

Wondering if there really was such a word, and not just a funny reminder of our unnamed analyst, I looked up didotic at www.dict.org and found this:

No definitions found for "didiotic", perhaps you
mean:

web1913:  Idiotic
wn:  idiotic

Heh. PERFECT!

[ Reply to This | # ]

OT: New 13-G/A Canopy/Yarro
Authored by: KevinR on Tuesday, February 17 2004 @ 08:59 AM EST
A new 13-G/A from Canopy & Yarro has been filed.

on EDGAR

Having problems spotting the right document to compare it with to see if the share holdings have gone up or down. Maybe someone else can learn more.

[ Reply to This | # ]

MS Using GNU Make
Authored by: Anonymous on Tuesday, February 17 2004 @ 08:59 AM EST
GNUMakefile. Hmm. Wonder what they need that for?

John Stuart Mill said that liberty resides in the rights of those whose views you find most odious, and that applies here, too. As much as some of us (myself included) detest Microsoft, they have as much right to use GNU Make as anybody else. They're using it as a tool, not redistributing it, and there's a crucial difference. Had the code to Microsoft's make leaked out and there was code from GNU Make in it, that would be another story entirely. (Although it would be interesting to hunt down any GPL'd code in the leaked source.)

The SAMBA project set the right example when they decided not to re-license its code so SCO couldn't use it. If your code is going to be licensed under terms that don't restrict anyone's freedoms, then when people you don't like start using it, you have to live with it.

C'est la poop, folks.

[ Reply to This | # ]

OT: Someone to sue...
Authored by: Anonymous on Tuesday, February 17 2004 @ 09:16 AM EST
OT: Someone to sue...

uptime.netcraft.com/up/graph/?host=www.wipo.org

[found the suggestion on the messageboard at Yahoo Finance]

[ Reply to This | # ]

OT: But pertinent, Intergraph v Intel
Authored by: Anonymous on Tuesday, February 17 2004 @ 09:35 AM EST
Has anyone else been following this? Will Intergraph legal battle be the next SCO? [ integratedmar.com ] They are using the i(demnify) word an awful lot and it would appear on the surface that about the only PC maker out there that doesn't need to be concerned is IBM.
Sean

[ Reply to This | # ]

Microsoft and GPL - what's OK, what's not.
Authored by: valdis on Tuesday, February 17 2004 @ 09:35 AM EST
First off, there's nothing illegal about using GNU Make to control your software builds, or using the gcc compiler. It's slimy, but not illegal.

A certain amount of tap dancing needs to be done if you're using the GNU c++ compiler, as that will generate references to routines in libstdc++, which is GPL and not LGPL. As a result, although it's possible to build closed source C programs that link against glibc (which is LGPL), it's hard to build closed source C++ programs with the GNU toolchain.

"Mere aggregation" - it's perfectly OK to ship a CD that contains a bunch of tools, and throwing gzip in there as well just because it's mind-bogglingly useful, as long as you remember to comply with the GPL requirements for making source available (usually, parking a copy of the source .tar.gz file off in the corner of the CD suffices).

Another thing that's not OK is if you step over the "mere aggregation" bounds - if some of that code that you ship actually uses the gzip tools, then you have to go back and deal with the fact that your code just became GPL as well...

Most likely, Microsoft (and Mainsoft) is doing nothing wrong as far as the letter of the law is concerned - it's just morally slimy to trash-talk GPL code and then use it yourself.

[ Reply to This | # ]

I'm not so sure.
Authored by: rsteinmetz70112 on Tuesday, February 17 2004 @ 09:36 AM EST
My first Post, I've been following closely.

"If one person examines the
Microsoft code, describes its functionality in a set of specifications, and
gives those specifications to a second person who has not seen the Microsoft
code (a "clean room"), the resulting program written by the second person does
not infringe."

I'm not sure I agree with this, IANAL, but is seems to me a
"clean room" usually involves reverse engineering, A la Samba, and that if both
parties cooperated in this endevor, then there might exist a conspiracy,
especially if there is a direct relationship. Suppose, for example, someone
stole code and released it over the internet, then someone printed the code out,
then someone read the code and wrote a detailed description or specification,
and then finally someone wrote a functionally equivelent program. Now suppose
that all of these people acting independantly work for the same company, but
have never met. Fill in the name of your favorite big bad company (IBM,
Microsoft, Novell, SCO). Sorry, forget the last one SCO doesn't have enough
people who don't know each other.

If these people were connected, even without
the same employer, it seems to me it could easily be considered a consipracy.
This arguement does not even consider other types of IP such as trade secrets
and patents.

[ Reply to This | # ]

Refutations
Authored by: cybervegan on Tuesday, February 17 2004 @ 09:44 AM EST
>> You really shouldn't speculate so much PJ.

Why not? She's not expressing her opinions as if they were facts, and this *IS*
her blog...


>> The issue of Gnu Makefiles... the company the source
>> leak came from ports other OS software to Unix and
>> Linux. Sections of Windows were ported to Unix. On
>> Unix, the best make program by far is gnu make. It
>> would be no wonder that a company that ports windows
>> software to Unix would use Gnu makefiles. There is
>> absolutly nothing illegal about Mainsoft using Gnu
>> make as they only used Gnu style makefiles and
>> probably built them with make. They did not include any
>> gnu make code in windows!

>> Implying anything illegal/immoral using Gnu style
>> makefiles would be about as correct as someone
>> accusing you or doing something illegal/immoral for
>> using .doc files with open office. This does not
>> imply in the least bit that Microsoft uses Gnu make,
>> either. Quite the contrary. Since there are just a
>> few gnu style make files in there (less than 5 IIRC)
>> it would make perfect sense that Mainsoft created
>> those NOT Microsoft.

PJ never said (or implied) they did. She's just noting that they think it's
good enough to use, contrary to what they say in public! Furthermore, it was
News.com's quote, which rightly says that MS have benefitted from using GNU make
- that's true.

>> You've really gotten a bit out of hand with the
>> speculation.

Just who are you (you anonymous coward) to go telling PJ exactly what she can
speculate?


>> Furthermore, no one really knows the possible
>> effects of the win2k source leak. 13 million lines
>> of code that includes winsock2 and IE code is
>> nothing small. That's over twice the size of the
>> Linux kernel. It is very possible there will
>> be 1 huge 0-day exploit. All it takes is one
>> buffer overflow in network code. One. There's
>> already been one exploit found and a proof of
>> concept made and it's been less than 5 days
>> (5 days at the time it was released). There are
>> people who can make a lot of money off of finding
>> exploits in this code.

Erm, does PJ need to use a more prominent method to indicate quotations?
Re-read the article, and you'll see that the speculations as to the seriousness
of the leak were attributed to McAffee and Microsoft themselves. *they* said it
wasn't serious, not PJ. I think PJ *does* believe it's serious, but not
necessarily in the way you think!

>> It's not just bored kids as Linus suggests. Spammers,
>> phishers, adware/spyware, extortionists. But on top
>> of that, someone's got to find the buffer overflows.
>> We just don't know until someone releases the worm.

At least you noticed this one came from Linus. Don't you think that Linus
*could* have just said "well, there you go - this proves the proprietary
development model is flawed". The buffer overflows (if any) are old, and
may have already been patched... but if they haven't, doesn't it *really*
underline the flaws in MS's process? Even if it *was* Mainsoft's fault?

Contrary to your post, I would say that *you* need to back off on *your*
speculation, and maybe read the articles a bit more carefully before posting.

-cybervegan

---
Stand and fight we do consider
Reminded of an inner pact between us
That's seen as we go
And ride there
In motion
To fields in debts of honor
Defending

[ Reply to This | # ]

...d'Idiotic BBC is in the doghouse...
Authored by: T. ProphetLactus on Tuesday, February 17 2004 @ 09:45 AM EST
...also, over a bit of bias and fact-checking-gone-pear-shaped, according to this yahoo story

"The documents, which the newspaper said had been drawn up by "senior civil servants", also suggested that the job of ensuring the BBC's impartiality could be taken away from the corporation's board of governors."

Not really related, but a bit of an indictment over their lack of responsiveness in such matters.

TPL

[ Reply to This | # ]

FTC/SEC - Govt Agencies - FOIA
Authored by: Anonymous on Tuesday, February 17 2004 @ 09:49 AM EST
In terms of the FTC/SEC, and getting information. What would one likely get back
on a FOIA request - especially if there are ongoing investigations, reviews,
etc.

[ Reply to This | # ]

Tainting is reciprocal.
Authored by: Anonymous on Tuesday, February 17 2004 @ 09:50 AM EST
The copyright law being the same for every body,
the effect of reading (legally) source code copyrighted
by Microsoft is the same as reading source code licensed
under the GPL.

The obvious conclusion is that any tainting resulting
from reading copyrighted code apply more to proprietary
software authors than to free software authors since they
have far more opportunuity to read GPL source code that
free software authors to read proprietary source code.

[ Reply to This | # ]

FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: Anonymous on Tuesday, February 17 2004 @ 10:05 AM EST
"'It may make some people realize that the protection of proprietary
shrouded source code really isn't a protection at all. It's just a guarantee
that the code doesn't get any good outside code review.'" - Linus


Let's hope so. The argument and ideas that proprietary closed source software is
a more secure alternative to open source needs to be smashed. Common sense tells
you that it's nonsense, but common sense isn't rampant amoung all those that
participate in the argument. Thus SCO and others.

[ Reply to This | # ]

OT topic - message titles
Authored by: Anonymous on Tuesday, February 17 2004 @ 10:07 AM EST
What's up with all the "&amp;&quot" stuff ? Methinks somebody
needs to parse the subject lines in their code.

[ Reply to This | # ]

Becoming an Analyst
Authored by: richg74 on Tuesday, February 17 2004 @ 10:32 AM EST
... I'm thinking I could surely be relied upon to say something didiotic about the universe ...

PJ, that is really lovely -- 10 out of 10 for that one! :-)

More seriously ... I've been working in the IT field since I got out of grad school in 1976. I've met quite a few of these analysts, and have also met (and been interviewed by) some of the journalists they talk to. I have not, on the whole, been impressed.

Most of them appear to have only a superficial knowledge of the field they cover; and, what's worse, don't seem to have any particular desire to learn. The primary personality trait that seems to be required is arrogance. The analysts and consultants are the type who will borrow your watch and then charge you to tell you the time. (I once had to work with someone from the late and unlamented Arthur Anderson who had been hired by the business area as an accounting "expert". It didn't take too long to teach him the inter-relationships between the balance sheet, income statement, and cash flow statement.)

The journalists are as bad. One time, when I was interviewed, I wondered when I read the results whether I had ever met the person who the reporter claimed to have spoken to. (That reporter also refused to make a correction of fact: that we were using Sun hardware, not HP.)

Of course, there are some good guys and gals in both areas, and they are pearls beyond price. But the good analysts have enough real work to do that they don't want to waste time in fatuous interviews with equally clueless journalists.

[ Reply to This | # ]

A new word?
Authored by: rkrishnam_can01 on Tuesday, February 17 2004 @ 10:46 AM EST
PJ Have you discovered a new word here? I burst out laughing when I read this line... relied upon to say something didiotic [emphasis added] Thanks for the wonderful research and updates

[ Reply to This | # ]

Didiotic???
Authored by: jbeadle on Tuesday, February 17 2004 @ 10:51 AM EST
Shame, shame, shame... <g>

-jb

[ Reply to This | # ]

Appalled by financial analysts
Authored by: Anonymous on Tuesday, February 17 2004 @ 10:53 AM EST
Check out this from yesterday. SCOX as an "A" rated investment. Of course, this is the type of information my 401(k) and other investment plan managers use to throw my money away.

[ Reply to This | # ]

FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: wvhillbilly on Tuesday, February 17 2004 @ 11:17 AM EST
At the other extreme, it is not infringing simply to duplicate the functionality of Microsoft's code via independently written new code. So, if one person examines the Microsoft code, describes its functionality in a set of specifications, and gives those specifications to a second person who has not seen the Microsoft code (a "clean room"), the resulting program written by the second person does not infringe.
True, maybe, on copyrights. But could you not get skewered by patents in such a case? As I understand it patents do protect ideas, methods, procedures and such like. I understand Microsoft has quite a portfolio of patents and I suspect they would not hesitate to use them in such a case.

Disclaimer: IANAL, just an interested Linux user.

---
What goes around comes around, and it grows as it goes.

[ Reply to This | # ]

PJ tone it down a notch
Authored by: Anonymous on Tuesday, February 17 2004 @ 11:18 AM EST
Quote: "I also know pretty much nothing about physics, so I'm thinking I
could surely be relied upon to say something didiotic about the universe, or
maybe about NASA and Mars and things like that, if they'd only give me a
chance."


The use of the term "didiotic" is uncalled for. PJ tone it down a
notch. The facts stand for themself.

[ Reply to This | # ]

FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: John Hasler on Tuesday, February 17 2004 @ 11:33 AM EST
> FOSS has similar notices, where appropriate, by the way. All
> US software is under the same restrictions.

Not entirely true. FOSS is less restricted than proprietary software. It is
sufficient to send a copy of anything involving encryption to a special Commerce
Dept. email address. The software can then immediately be distributed without
restrictions or notices unless the government says otherwise (they never have).
That's why Debian moved encryption into main. Last I heard proprietary vendors
were still required to get export licenses (though AFAIK the licenses are easy
to get).

[ Reply to This | # ]

SCO hearing?
Authored by: grubber on Tuesday, February 17 2004 @ 11:40 AM EST
Any news yet from the hearing? I'm on the edge of my seat. It's been over a
week!

[ Reply to This | # ]

  • SCO hearing? - Authored by: Anonymous on Tuesday, February 17 2004 @ 01:51 PM EST
FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: pogson on Tuesday, February 17 2004 @ 11:44 AM EST
What about the purveyor of that other OS charging outrageous licencing fees to developers who wish to write software for that other OS if the stuff they distribute to the developers includes GNUmake? In that case they are required to include the source or make it available? Should they be charging a licence fee for using GNUmake?

---
We used to optimize the innermost loop. Now it fits in the cache of a chip.

[ Reply to This | # ]

Laura Didio's name
Authored by: Anonymous on Tuesday, February 17 2004 @ 12:16 PM EST
I think it's important that we properly attribute the nonsense from Laura Didio
to improve the odds of people finding some perspective on her opinions. If all
the critical articles on her fail to cite her name, the only hits for
"Laura Didio" will be for things that affirm her opinions.

P.S. The use of the word "nonsense" is an opinion on my part, of
course. :-)

[ Reply to This | # ]

"Clean Room" and Software Patents
Authored by: Anonymous on Tuesday, February 17 2004 @ 12:42 PM EST
How does the "Clean Room" approach to duplicating the functionallity
of software fit in with software patents?

lvteacher

[ Reply to This | # ]

Oxymoron...!!!
Authored by: Anonymous on Tuesday, February 17 2004 @ 12:55 PM EST
...hey PJ...

Your words have made me think of a new oxymoron. You know, like the one in the
same spirit that soldiers laugh at...ie. military intelligence. Well the new
one can be...

...responsible journalism!!!

[ Reply to This | # ]

Didiotic
Authored by: Anonymous on Tuesday, February 17 2004 @ 12:58 PM EST
Instead of using "didiotic" (which I admit, is clever), let's be more specific and refer to all outrageous quotes from people who claim to be experts but clearly aren't as a "didio".

For example, "Did you read that didio on CNeT?" or "The author of the article used so many didio's that he lost all credibility." etc.

It worked darn well for santorum (WARNING: that link may be offensive to some)!

[ Reply to This | # ]

FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: Anonymous on Tuesday, February 17 2004 @ 02:28 PM EST
GNUMakefile. Hmm. Wonder what they need that for?
If the early analysis was correct, and the source leaked from MainSoft, it would make sense that they use the GNU tools to build (or at least control the build). MainSoft is in the business of providing a Windows compatibility layer for UNIX (and Linux). It would be surprising, given their platform, if they didn't use GNU make.

[ Reply to This | # ]

Security Flaw Found from Leak
Authored by: Clay on Tuesday, February 17 2004 @ 04:28 PM EST
The Register: Windows source code exploit released

---
---------------------------
newObjectivity, Inc. supports the destruction
of all software patents.

[ Reply to This | # ]

Australian ACCC - Giving the Same Advice
Authored by: Beam-me-up on Tuesday, February 17 2004 @ 04:44 PM EST
I recieved similar advice from the ACCC in Australia.

Not to pay SCO for any Licencing for Linux and to wait untill al the dust
settles from the cases in the US. Unless SCO can actually prove or show excatly
what they want us to pay for they a skimming very close to the wrong side of the
Law.

I cant see any cases against Users in OZ anytime soon.

Question from an Australian!!
How can SCO sue end users for copyright infringment in the US when those same
copy rights are under dispute?
And no oportunity is given to remedy the problem?

I just dont understand!!

---
Beam Me Up Scotty, There no Intelligent life in SCO

[ Reply to This | # ]

Relief of Monopoly remedies
Authored by: newbee on Tuesday, February 17 2004 @ 04:52 PM EST
I do wonder if in some sense MS isn't happy some of it's code has been leaked,
especially by some third party to whom they licenced their code because of
remedies for being a monopoly.

Reminds me a bit of my sisters who would just have LOVED to share some of their
clothes if only the other one had taken good care of them before. Yeah right.

JAN

[ Reply to This | # ]

source leak & WinXP upgrades
Authored by: Anonymous on Tuesday, February 17 2004 @ 05:50 PM EST
While everyone is busy reassuring each other that leaked NT4/W2K source is not a
security problem because its obsolete may I remind you: substantial numbers of
corporate users are actively resisting upgrading to WinXP.

Far from being obsolete substantial numbers of users are still using these old
OS's and believing all the problems have since been patched is just wishful
thinking.

This leak must seem like a wish come true for Microsoft, they couldn't force
upgrades with licencing changes, new features or massive advertising. A massive
security hype might just do the trick. That's not to say they leaked it
themselves but I bet marketing are partying hard waiting for the upgrade rush to
start.

[ Reply to This | # ]

FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: Eric Damron on Tuesday, February 17 2004 @ 06:25 PM EST
"A source within Microsoft agreed: 'It's not going to make a whole lot of
difference in the hacking world, because what they tend to do is to look at the
fixes we send out, and then try to work backwards to see what hole we're
fixing.'"

LOL! Yeah that's the way they did it BEFORE they had a big hunk of the source!
Looks to me like they may have a better way now.

[ Reply to This | # ]

FTC &quot;Dealing With SCO&quot; - And More on Security From Karjala, Linus, Felton &amp; MS
Authored by: Anonymous on Wednesday, February 18 2004 @ 09:41 AM EST
Nice to see Microsoft "stealing" OSS stuff, GPL code. It's not just
GZIP, its LIBPNG, ZLIB, etc etc

So where are all the GPL notices? and where are the notices to where you can
download all the GPL code they include?

Do I smell a GPL license violation? :)

So why does windows need an "ELF" (Linux) makefile ? Is (was)
Microsoft planning to do something nasty? We may never know.

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )