decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal


User Functions

Username:

Password:

Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
Wednesday, March 02 2005 @ 05:18 PM EST

Here's Chris Sontag's latest declaration, in which he tries to support SCO's accusation IBM broke the law when it downloaded, from SCO's website, GPL'd Linux kernel code IBM itself wrote and owns the copyright on. IBM at the time was looking for evidence of copyright infringement, by the way. You know, like SCO's hero, the RIAA? SCO was in violation, IBM says, of the GPL by distributing that code in the first place, and hence SCO had no right to distribute that code to anyone, because they were violating IBM's copyright by so doing.

SCO's defense is to allege IBM deliberately bypassed "security measures" -- in this case, we find out, a password prompt that didn't actually require a password or hinder free access in any way, due to SCO's incompetence -- and so they allege IBM "hacked" into their site. If that is illegal, could someone please rewrite that law so it isn't stupid any more?

We also learn that SCO is not an avid reader of either Slashdot or the SCOX Yahoo message board. News that no password was needed to access SCO's Linux files was posted on Slashdot, they say, on October 31, 2003, and on February 18, 2004 on the Yahoo SCOX board. It was on March 4, 2004 that SCO finally "became aware of the problem and immediately fixed it." Immediately meaning after 4+ months, that is. Then it happened again in July, when SCO reintroduced the bug, as they call it, and over a month later, SCO realized they had done it again, and fixed it a second time. IBM is, therefore, to hear Mr. Sontag tell it, guilty of bypassing a buggy security system that didn't work to keep anybody out, if I have understood his argument. They claim there was a notice there, but I've heard and read conflicting stories about that.

I have read that many persons said that on the sites visited, there was no password required at all to gain access. It was, I've been told, like Windows 98, where they confront you with a password prompt, but if you hit Return, you access without one. Is that hacking? IBM is guilty of hitting the Return key. If that is "hacking", maybe we need to redefine our terms as well as rewrite the law. In any case, according to this declaration, SCO's distribution of Linux files was terminated on December 31, 2004.

Mr. Sontag appears to make the argument that SCO had to continue to violate the GPL, because it was contractually obligated to offer updates to previous customers. This is the same company that would like IBM held to the strictest -- one might even say the most ridiculous -- possible interpretation of the laws on "hacking". First, SCO's argument is like saying you had to steal the Hope diamond because you were under a contractual obligation to do it and had already been paid to steal it.

Second, they could offer updates without doing so from a website, instead of making it so easy for anyone to access. They could have sent out CDs by mail, for example. Their excuse for making the files readily downloadable to the public is that they were incompentent and kept goofing. And of course, IBM is to blame for that, I suppose. This all assumes that IBM wasn't a previous customer and neither were any of their employees.

Third, SCO seems to think that as long as it didn't charge any new customers, they were permitted to continue to distribute to their previous customers. I think they don't understand the GPL. If you lose your right to distribute, you lose your right to distribute. The issue isn't whether you charge for the distribution, just that you did it after you lost your right to distribute. And by any GPL measure that I know, SCO continued to distribute after they lost their right to distribute.

I am puzzled by one of Sontag's claims. He says that when SCO participated in the UnitedLinux project, it had no idea that JFS was derived from SCO'S proprietary software or that it had been contributed to Linux by IBM "in violation of IBM's agreements with SCO." He also claims they hadn't a clue that the other features SCO marketed, like asynchronous I/O, enterprise volume management systems, and better SMP scaling, were developed by IBM. They just went by what the rest of the UL consortium told them.

Aside from the unbelieveability of such a claim, which depends on SCO executives reading nothing but the comics for several years, never once really looking at the code it was selling, the copyright notices, for example, and being totally incompetent, how exactly can it be that functionality that you don't have at all in your software is derived from your code when it does things you can't do with your code? I would like SCO to explain that, because I can't understand how that is possible.

It must be me, because of not being a programmer. But if you want to program something new, why would you start with something old that doesn't do what you want and hack on that, instead of just writing something new? To me it's like saying the New York Times owns Groklaw, because I write news stories sometimes, and they did news stories first. Groklaw is doing something the Times, venerable though it is, never even thought to do. Even if GL and the Times had once been contractually bound, say over earlier templates the Times might have invented for covering the news and even if there was a clause saying that any modification of the templates remained under the control of the Times, when GL did something entirely different, open source legal research, how would that be covered by any NYTimes "news template" contract? I'm doing something utterly new and not even trying to do things the way the Times does, even though in the big picture we are each covering the news. It must be SCO's theory of "derived", meaning if you ever drove within 50 miles of Unix System V, your code is now barnecled onto the mother ship, and your brain is owned in perpetual serfdom until you die and are set free at last. In heaven, should you go there, you can code again in freedom.

There is one other odd thing. Paragraph 30, to my reading, says that instead of attaching their Intellectual Property License for Linux, they tell the judge to look at a "similar" one that IBM attached as Exhibit 33 on its Motion for Summary Judgment on its Eighth Counterclaim. I must have that SCO IP License for Linux somewhere, but I'm not at home, so I can't retrieve it. Any of you have it handy? If they can't find it, let's help them out.

This is another of the paper documents Frank Sorenson got for us from the courthouse. And thanks also to belzecue for the OCR, BobDowling for transcribing, and justjeff for the html (although, sadly, I didn't see his until after I had done it myself -- I still appreciate it though), and robert and Chris Lingard for proofing.

Note that they mention some exhibits, which we will have ready soon. Here is Exhibit E, the product announcement, and Exhibit C, the termination letter to Sam Palmisano. Here's the one you are waiting for, the logs, Exhibit F. Also, note that their pagination is off, and I didn't follow it, simply because it was too confusing, and I followed the PDF pagination instead. There are also a couple of tempting [sic] moments, but I restrained myself.

*********************************

Brent 0. Hatch (5715)
BATCH, JAMES & DODGE
[address, phone, fax]

Robert Silver (admitted pro hac vice)
Edward Normand (admitted pro hac vice)
Sem Eskovitz (admitted pro hac vice)
BOIES, SCHILLER & FLEXNER LLP
[address, phone, fax]

Stephen N. Zack (admitted pro hac vice)
Mark J. Heise (admitted pro hac vice)
BOIES, SCHILLER & FLEXNER LLP
[address, phone, fax]

Attorneys for Plaintiff

____________________________

IN THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF UTAH, CENTRAL DIVISION

THE SCO GROUP, Inc.

Plaintiff,

v.

INTERNATIONAL BUSINESS
MACHINES CORPORATION,

Defendant.

Case No. 2:03CV0294DAK

Hon. Dale A. Kimball
Magistrate Judge Brooke C. Wells

DECLARATION OF
CHRISTOPHER SONTAG


1

1. My name is Christopher S. Sontag, and I am Senior Vice President and General Manager of The SCO Group, Inc. ("SCO"). Unless otherwise noted or evident from context, this declaration is based on my personal knowledge.

2. I submit this Declaration in support of SCO's Memorandum in Opposition to Defendant/Counterclaim-Plaintiff IBM's Motion for Partial Summary Judgment on SCO's Contract Claims, and in support of SCO's Memorandum in Opposition to IBM's Motion for Partial Summary Judgment on IBM's Copyright Infringement Claim (the Eighth Counterclaim).

3. I have participated in the management, administration, and enforcement of SCO's UNIX System V ("SVRX") software agreements since 2002. Other than through express written agreements and for due consideration, SCO has never intended to waive and has always sought to protect and enforce its rights under those agreements. I am not aware of any instance -- other than through such written agreements -- in which SCO has intentionally waived any right to enforce any provision of any of those agreements.

4. IBM and Sequent are among SCO's SVRX licensees. SCO has concluded that IBM (which acquired Sequent after Sequent became an SVRX licensee) has violated its (and Sequent's) SVRX agreements by contributing to the Linux operating system source code from a derivative or modified work that IBM developed based on SVRX after entering into its SVRX agreements.

5. SCO did not know that IBM had contributed source code to Linux in violation of its (and Sequent's) SVRX licenses until December 2002 or January 2003.

6. In selling SCO Linux 4.0 and other products, SCO marketed features such as asynchronous I/O, enterprise volume management systems, better SMP scaling, and

2

journaling file system support ("JFS") because, according to SCO's partners in the UnitedLinux consortium, these features were included in the version of Linux contained in the pertinent SCO product.

7. With the sole exception of JFS, all the features were known simply by their appearance in Linux, not by where they originated. SCO had no knowledge that they were developed by IBM, or that they were derived fiom SCO's proprietary software licensed to IBM, or that they were contributed by IBM to Linux in violation of IBM's agreements with SCO.

8. SCO identified JFS in its marketing as "developed by IBM," but SCO did not know that JFS was derived from SCO's proprietary software licensed to IBM, or that it was contributed to Linux by IBM in violation of IBM's agreements with SCO.

9. SCO filed suit against IBM for breaching the IBM and Sequent software agreements within months of concluding that IBM had done so. SCO thereby expressly acted on and manifested its intent to enforce those licenses.

10. The same day it filed suit against IBM for breaching the SVRX agreements, on March 6, 2003, SCO sent a termination letter to IBM's Chief Executive Officer explaining that IBM's right to use or distribute any software product based on UNIX System V, including AIX, would be terminated on June 13, 2003, unless IBM cured those breaches. Exh. A hereto. SCO sent a similar letter to IBM regarding Sequent, and Dynix/ptx, on May 29, 2003. Exh. B hereto.

11. On July 12, 2003, SCO further demonstrated its intent to enforce its rights under those agreements by delivering a termination notice to IBM pursuant to Section 6.3 of the SVRX agreement. Exh. C hereto. After sending its termination letters, SCO had attempted to meet and confer with IBM, including through a meeting held on June 2,

3

2003, but IBM had failed to cure its breaches during the 100-day period provided in SCO's termination letter to IBM and the two-month period provided in SCO's termination letter to Sequent. Accordingly, effective June 13, 2003, SCO terminated IBM's SVRX agreements; and effective July 30, 2003, SCO terminated the Sequent SVRX agreements. Exhs. C and D hereto. SCO thus further demonstrated its intent to enforce its rights under those agreements.

12. After filing suit against IBM, SCO considered whether to continue to sell and market all of its Linux-related products, including SCO Linux Server 4.0. I was personally involved in those discussions at SCO.

13. In analyzing that question, an important consideration SCO took into account was its obligations to its existing customers. SCO took the view that SCO's customers were entitled to order SCO's products and updates from SCO for a period of time after becoming customers. See, e.g., Exh. E hereto ("Product Announcement for Linux Server 4.0," dated November 19, 2002, in which SCO promises to offer purchasers the "SCO Linux Update Service" for twelve months, including "Access to an up-to-date repository of UnitedLinux and other updates for their system."). SCO did not want to abandon its current customers unless there was no other alternative.

14. SCO decided that the most sensible solution was to suspend its sale and marketing of all of its Linux-related products effective May 14, 2003, but to continue to allow SCO's current customers (to whom SCO had obligations) to order such products.

15. By suspending the sale of its Linux-related products, including the operating system, services, support, professional services, education, and layered applications, SCO eliminated approximately 5-10% of its revenues. From May 14, 2003, until May 31,

4

2004 (when SCO last sold a unit of Linux Server 4.0), SCO sold 83 units and had 79 units returned, for a gross revenue of $1,849.

16. In taking into account the foregoing considerations and reaching the foregoing decisions, SCO never intended to waive its right to enforce its SVRX agreements, including against IBM and Sequent.

17. In compliance with its contractual obligations, SCO has provided customers who purchased SCO Linux Server 4.0 Server files with access to the product through a secret, individual password that the customer could use at the log-in screen to SCO's website, and will continue to provide such access through December 31, 2004.

18. I understand that IBM claims that SCO made sixteen of IBM's copyrighted works available to the public through SCO's website. IBM's Kathleen Bennett contends (Bennett Decl. (8/5/04) ¶ 4; Bennett Decl. (8/16/04) ¶ 10) that access to these works was available on the following four web pages:

a. http://linuxupdate.sco.com/scolinux/update/RPMS.updates,
b. http://Linuxupdate.sco.com/scolinux/SRPMS,
c. http://linuxupdate.sco.com/scolinux/update/RPMS.scolinux, and
d. ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/server/CSSA-2002-026.O/SRPMS.

19. The first three of the above-listed sites contained files related to SCO Linux Server 4.0 products. In accordance with SCO's agreements with its customers and with the UnitedLinux consortium, access to these and all other SCO Linux 4.0 download sites has always required password-protected authentication. For that purpose, those who registered SCO Linux 4.0 product received a login username and password to access the files. The website had a legal notice that access was limited to SCO's customers.

5

20. On September 23, 2003 an upgrade was done to the authentication mechanism on the download site, linuxupdate.sco.com. Through this upgrade, a bug in the authentication software was inadvertently introduced. If someone entered an invalid username or password (or both), they would simply have the login prompt re-represented to them up to 3 times. After three failed attempts, they would get an error message and be denied access. However, if they left the username and password fields blank on any attempt, the authentication process was delayed (by approximately 15-30 seconds) and access was eventually allowed.

21. Anyone who accessed the site by exploiting this bug would have known they were bypassing a security login -- that is, hacking into the system.

22. On October 31, 2003, someone explained this password-bypass procedure on the internet at Slashdot.org. On February 18, 2004, news of this bug was posted on the SCOX message board at messages.yahoo.com. On March 4, 2004, SCO became aware of the problem and immediately fixed it.

23. On July 18, 2004, the authentication bug was inadvertently reintroduced when a SCO programmer was fixing an unrelated problem. SCO was unaware of this reoccurrence until August 23, 2004, when the problem was immediately repaired again.

24. SCO maintains server logs showing access to its download sites. The log files I analyzed demonstrate conclusively that the Ms. Bennett's IBM "team" never attempted to log in with a valid username on January 9, 2004. Instead, they immediately bypassed authentication by exploiting the bug.

25. The logs also show that between October 31 and December 1, 2003, IBM repeatedly accessed the SCO log-in site but did not obtain access to the SCO Linux Server 4.0 files.

6

The first successful exploit of the authentication bypass by an IBM host occurred on December 1, 2003. Apparently understanding the bug by that date, the Bennett team thereafter entered the site without authorization several more times between then and January 9, 2004. True and accurate excerpts from the pertinent logs, along with explanatory notes, are attached as Exh. F hereto.

26. According to the server log files, IBM never attempted to exploit the bug between March 4 and July, 18, 2004, the period when the initial repair of the authentication bug was in place. Therefore, IBM would have been unaware that SCO had repaired the bug in the authentication process when, as shown on Exh. F hereto, Ms. Bennett's team returned to the site without authorization on August 4, 2004, during the second period that the bug was active.

27. The logs confirm unauthorized accesses from IBM IP addresses, during which 51 files were downloaded, from January 9, 2004, to August 4, 2004, including the very files that IBM now relies on in its motions for summary judgment. Complete logs of all unauthorized downloads by IBM are available.

28. This the text of the legal notice that was posted to sco.com on August 8, 2003:

NOTICE: SCO has suspended new sales and distribution of SCO Linux until the intellectual property issues surrounding Linux are resolved. SCO will, however, continue to support existing SCO Linux and Caldera OpenLinux customers consistent with existing contractual obligations. SCO offers at no extra charge to its existing Linux customers a SCO UNIX IP license for their use of prior SCO or Caldera distributions of Linux in binary format. The license also covers binary use of support updates distributed to them by SCO. This SCO license balances SCO's need to enforce its intellectual property rights against the practical needs of existing customers in the marketplace.

Dear SCO customer,

7

Starting on November 1, 2003, SCO will institute new procedures for you to access binary updates and source rpms. If you own an SCO licensed copy of Linux (such as OpenLinux, eDesktop, etc.) it will be necessary for you to register (or re-register) in order to continue to receive support files. During the registration process you will receive instructions on how the new access procedure will work or you can visit: http://www.sco.com/support/linux_infc.html

This or similar text was on the site at all times IBM attempted (and obtained) access.

29. Access to the fourth website mentioned by Ms. Bennett, which contained only one of the sixteen programs (the Omni Print Driver), became subject to password protection on August 13, 2004. No files for SCO Linux Server 4.0 were ever available at that site.

30. The SCO Intellectual Property License for Linux is sold pursuant to written agreements, with the licensing clause worded similarly to that of the Questar agreement attached as Exhibit 33 to IBM's Motion for Summary Judgment on its Eighth Counterclaim. These licenses contain a release of claims, a covenant not to sue, and a waiver of any infringement claims SCO may have against the licensee. These licenses are solely for SCO's UNIX software.

31. Other than SCO Linux Server 4.0 and SCO Open Linux 3.1.1, no SCO product contained any of the sixteen programs at issue. SCO never modified any of the sixteen programs.

8

I declare under penalty of perjury that the foregoing is true and correct.

November 30, 2004

____[signature]___
Christopher Sontag


  


Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text | 356 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Corrections Here.
Authored by: DBLR on Wednesday, March 02 2005 @ 05:39 PM EST
Place corrections here so PJ may correct them.

Charles

---

"Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is
a well-armed lamb contesting the vote."
Benjamin Franklin.

[ Reply to This | # ]

OT-Off Topic Here.
Authored by: DBLR on Wednesday, March 02 2005 @ 05:40 PM EST
Please use link code to make your links clickable:
<a href="http://www.example.com"> Link Text </a>

Charles

---

"Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is
a well-armed lamb contesting the vote."
Benjamin Franklin.

[ Reply to This | # ]

Selling Linux...
Authored by: Anthony on Wednesday, March 02 2005 @ 06:12 PM EST
In points 6, 12, 13, 14, 15 and 17, the declaration refers to SCO selling or
sales of Linux.

Someone should be able to set me straight pretty quickly. I thought, as GPL
software, that SCO couldn't sell Linux. They can sell support, they can sell
packaging, they can even the CD's upon which they've burned it...

but can they really sell Linux? Did they own it so that they could sell it?

It seems like an odd phrasing to me.

[ Reply to This | # ]

SCO Linux and IBM
Authored by: rsteinmetz70112 on Wednesday, March 02 2005 @ 06:13 PM EST
I bet IBM has at least one boxed copy of SCO Linux somewhere. If they don't they
can still buy one on eBay. It's been pretty much availible there continuously
since this thing began.

I'm not sure what this has to do with anything anyway. IBM only brought this up
to show that SCOG was still distributing Linux after they violated the GPL which
terminated their right to do so.

I hope IBM gets to reply to this thing and point out the defect was widely
published.


---
Rsteinmetz

"I could be wrong now, but I don't think so."
Randy Newman - The Title Theme from Monk

[ Reply to This | # ]

The judges are getting what they deserve
Authored by: jbb on Wednesday, March 02 2005 @ 06:16 PM EST
I wouldn't wish this mess on anyone, but the judges are getting exactly what they deserve.

SCO lies, prevaricates, whines and distorts. They are rewarded with everything they asked for and more. Since the judges have given positive reinforcement for this type of behavior, it should be no suprise that the rewarded activity is repeated.

Insanity is rewarding bad behavior and expecting different results.

---
SCO cannot violate the covenants that led to and underlie Linux without forfeiting the benefits those covenants confer.

[ Reply to This | # ]

Unbelievability and weasel words.
Authored by: whoever57 on Wednesday, March 02 2005 @ 06:20 PM EST
Sontag actually said:
SCO did not know that IBM had contributed source code to Linux in violation of its (and Sequent's) SVRX licenses until December 2002 or January 2003.
This means that SCO did not know one (or both) of 2 possible things
  • That IBM contributed code to Linux
  • That the contributions were "in violation of its (and Sequent's) SVRX licenses"

    Mr. Sontag does not make clear which of these two possiblities is the case, so he can weasel out on the basis that SCO did not know of the "license violations" until Dec 2003/Jan 2003.

    [ Reply to This | # ]

  • Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: DeepBlue on Wednesday, March 02 2005 @ 06:25 PM EST
    Here's a rotated version of the Server Logs for those who might find that easier to read.

    If PJ wants to grab it and put it here that's fine - will help my bandwidth!

    ---
    All that matters is whether they can show ownership, they haven't and they can't, or whether they can show substantial similarity, they haven't and they can't.

    [ Reply to This | # ]

    Yet another patsy?
    Authored by: Saturn on Wednesday, March 02 2005 @ 06:25 PM EST
    I'm seeing a queue of SCO people lining up to be ritually humiliated. First Erik
    'million billion lines of copied code' Hughes, now Chris 'no password' Sontag.
    And precious few statements from Darl McBride these days. The threats are
    laughable, their case is not even remotely credible. Sad to say but it has
    finally got to the point where it is pure comedy.

    ---
    ----------------------------------------
    My own opinion, and very humble one too.
    I'm not a lawyer.

    [ Reply to This | # ]

    What about infringment lawsuits from kernel contributers against SCO?
    Authored by: Anonymous on Wednesday, March 02 2005 @ 06:28 PM EST
    Has anyone ever heard an opinion from Linux Torvalds, Alan Cox, or any of the
    other kernel contributers on whether they may be interested in pursuing
    copywrite infringement cases against SCO?

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: producer on Wednesday, March 02 2005 @ 06:51 PM EST
    WARNING - NO ENTRY!
    STAY OUT!
    THIS MEANS YOU!
    This door is to remain locked at all times.
    Access is restricted to all but those with proper identification.
    Proof of ID must be presented upon entry.
    The only other circumstances under which access will be possible are:
    1-When there is nobody here to check said ID at the door; or,
    2-When previously referenced door is, in fact, well......, not locked.

    [ Reply to This | # ]

    Did Sontag just admit SCO's guilt?
    Authored by: Jude on Wednesday, March 02 2005 @ 06:59 PM EST
    If SCO's Linux was properly distributed under GPL, SCO's Linux customers were
    free to give a copies to any number of other parties. Those parties would have
    a right to ask for source code, and SCO would be obliged to provide it.

    If SCO restricted source code access to only SCO's customers, then I think they
    violated GPL right there. Once they were in volation, continuing to make the
    code available to their customers was copyright infringement.

    Perhaps I'm all wet, or perhaps SCO's lawyers missed this because it never
    occurred to them that it was necessary to distribute the code to avoid copyright
    infringement.

    IANAL, and all that.

    [ Reply to This | # ]

    If I were the one in charge of security on their servers...
    Authored by: GrueMaster on Wednesday, March 02 2005 @ 07:17 PM EST
    I would never put it on my resume.

    Actually, if I remember correctly, the "Secure Login" screen was
    easily bypassed by just going to ftp.sco.com with login as anonymous.

    Yes sir, all the screen doors on the sub are latched. We're ready to dive.

    ---
    You've entered a dark place. You are likely to be eaten by a Grue!

    [ Reply to This | # ]

    Letter to Palmisano
    Authored by: Christian on Wednesday, March 02 2005 @ 07:20 PM EST
    The letter to Palmisano has one detail that caught my eye.
    We then met with your lawyers on June 2, 2003 to clarify for them IBM's improper use of the protected Software Products, including derivative works and methods. David Boies presented the overall impropriety of donating AIX to open source in violation of the Related Agreements, including a PowerPoint presentation showing IBM's contribution of protected methods to open source.

    David Boies. There's a name I haven't heard in a while. So heavy hitter Boies was sent to intimidate the lawyers from IBM with a powerpoint presentation. IBM was not intimidated, and Boies has apparently dropped out of the picture.

    When did IBM hire CSM? It would have been hard for Boies to bluff his own previous bosses.

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: kberrien on Wednesday, March 02 2005 @ 07:24 PM EST
    Two thoughts on PJ's summary....

    >Mr. Sontag appears to make the argument that SCO had to
    >continue to violate the GPL, because it was contractually
    >obligated to offer updates to previous customers.

    I'm sorry, SCO's support/service contracts take priority over the licensing for
    the software at issue? So why do they have an issue with IBM continuing to
    sell/support AIX after SCO "terminated" their license? Didn't they
    add a few billion to the claims over this?

    >Third, SCO seems to think that as long as it didn't charge
    >any new customers, they were permitted to continue to
    >distribute to their previous customers.

    But they charged customers for support initially. Offering the source, besides
    complying with the GPL, is in effect payment for services which were pre paid.
    I would assume you could actually prove this by looking at how its all
    credited/debited on their books.

    [ Reply to This | # ]

    Irrelevant Legal Notice
    Authored by: Anonymous on Wednesday, March 02 2005 @ 07:37 PM EST
    Item 28 ("the text of the legal notice that was posted to sco.com on August 8, 2003") seems to me to be completely irrelevant to the accesses they complain about. Analyse the text for information about authorisation to download files from SCO's site. The first paragraph claims that SCO has suspended [new] distribution of SCO Linux. This is a factual claim, not an AUTHORISED PERSONEL ONLY sign. The second paragraph is only addressed to SCO customers, so doesn't apply in an obvious way to IBM. This paragraph says there are new (unspecified) procedures for owners of licensed SCO Linux products. Since the IBM team weren't owners of such licensed products, that didn't apply to them. All we are left with is whatever was on the Login/Password box, which isn't mentioned by Sontag.

    Looking at old Slashdot SCO posts, I ran across this insightful gem from June 2003:

      I bet they are monitoring the downloads for IP addresses. Then they serve the service providers with subpoenas for the identity of whoever is using that address. Then they sue everyone.
    Okay, so so far they are just accusing IBM of hacking based on their access logs, and haven't got around to suing anyone else for accessing those files. But if by chance they happen to win the point, I wouldn't put it past them to try to sue everyone else in their server logs...

    [ Reply to This | # ]

    He can read server logs but not know what he's selling??
    Authored by: Anonymous on Wednesday, March 02 2005 @ 07:40 PM EST
    This guy is amazing. He can read server logs, identify IBM's IP addresses and
    yet not know what he is selling?

    Also, wasn't IBM also part of UnitedLinux?

    [ Reply to This | # ]

    SCO violating IBM's copyright
    Authored by: KBellve on Wednesday, March 02 2005 @ 07:42 PM EST


    I am not sure what SCO is trying to protect themselves from.

    By using password protection to limit public access to a ftp site doesn't mean
    they didn't violate IBM's copyrights.

    If any of SCO's customers were allowed to copy any GPL code would put SCO in
    violation of IBM's copyrights, if SCO violates the GPL.


    Also, Sontag lists 4 "FTP" sites...but 3 of them are were actually web
    sites. Did they actually use the same notice on their FTP server as their WEB
    server? Did they use the same authentication mechanism?

    I found it strange that they would use HTTP:// without it being encrypted
    (HTTPS://) if they were so concerned about logins and passwords. This would mean
    logins/passwords would be sent as plain text across the internet.

    Does anyone know for sure that SCO didn't offer anonymous FTP access? I assumed
    that was the way IBM accessed SCO's ftp site, and not submitting blank
    logins...


    [ Reply to This | # ]

    Incremental Development
    Authored by: Mouse on Wednesday, March 02 2005 @ 07:53 PM EST
    It must be me, because of not being a programmer. But if you want to program something new, why would you start with something old that doesn't do what you want and hack on that, instead of just writing something new?

    Yes, that is how most software is developed. When a new version of something is released with new features, it's not usually a complete rewrite from the previous version. Usually the new features were added on to the pre-existing code.

    This can be the case even when the two "versions" were written by different people. For example, UC Berkeley wrote a version of Unix that was based on an older version of Unix from AT&T. Eventually, Berkeley's Unix had little in common with AT&T's Unix, but there was that big kerfuffle as they argued about who had written which bits.

    I don't know anything about JFS, but it's conceivable that it could have been developed from an older file system that didn't support journaling. That's what Sontag is implying (and he's also saying that SCO owns some of that basic code).

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: Anonymous on Wednesday, March 02 2005 @ 07:56 PM EST
    I think it is a lie. I can't tell you everything. Except that the webpage was to
    allow access for customers.

    There should be a trail - like an email trail of SCO distributing the required
    user names and passwords to their customers who were supposed to have access. I
    don't think this trail exists. Also a user name and password database should
    exist that correspond with the customer list.

    In any event I would like IBM to verify the existence or non existence of such a
    trail.

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: dmomara on Wednesday, March 02 2005 @ 08:03 PM EST
    "28. This the text of the legal notice that was posted to sco.com on August
    8, 2003:

    NOTICE: SCO has suspended new sales and distribution of SCO Linux until the
    intellectual property issues surrounding Linux are resolved. SCO will, however,
    continue to support existing SCO Linux and Caldera OpenLinux customers
    consistent with existing contractual obligations. SCO offers at no extra charge
    to its existing Linux customers a SCO UNIX IP license for their use of prior SCO
    or Caldera distributions of Linux in binary format. The license also covers
    binary use of support updates distributed to them by SCO. This SCO license
    balances SCO's need to enforce its intellectual property rights against the
    practical needs of existing customers in the marketplace."

    My copy of the page at http://linuxupdate.sco.com of the scolinux SRPM
    repository has no such "legal notice" in it on the date 12/20/03. Only
    directories above the SRPM subdir contained a notice.

    [ Reply to This | # ]

    Legal and ethical questions aside ...
    Authored by: m_si_M on Wednesday, March 02 2005 @ 08:05 PM EST

    would anyone even consider buying server software from a company admitting things like these?

    20. On September 23, 2003 an upgrade was done to the authentication mechanism on the download site, linuxupdate.sco.com. Through this upgrade, a bug in the authentication software was inadvertently introduced. If someone entered an invalid username or password (or both), they would simply have the login prompt re-represented to them up to 3 times. After three failed attempts, they would get an error message and be denied access. However, if they left the username and password fields blank on any attempt, the authentication process was delayed (by approximately 15-30 seconds) and access was eventually allowed.

    [...]

    22. On October 31, 2003, someone explained this password-bypass procedure on the internet at Slashdot.org. On February 18, 2004, news of this bug was posted on the SCOX message board at messages.yahoo.com. On March 4, 2004, SCO became aware of the problem and immediately fixed it.

    23. On July 18, 2004, the authentication bug was inadvertently reintroduced when a SCO programmer was fixing an unrelated problem. SCO was unaware of this reoccurrence until August 23, 2004, when the problem was immediately repaired again.

    Disgusting!

    [ Reply to This | # ]

    October 31 2003 Slashdot link
    Authored by: Anonymous on Wednesday, March 02 2005 @ 08:11 PM EST
    The Slashdot disclosures in October 2003 seem to be this thread, where user Jaysyn answers the question "Anybody have the username and PW to download?" with "You don't need it, leave it blank, really....", and this thread, where an Anonymous Coward points out the same thing, specifically for the url http://linuxupdate.sco.com/scolinux. In the latter thread user frkiii wishfully muses "I hope someone working for SCO doesn't read this particular comment in /. for a while. :)" Apparantly they got their wish!

    [ Reply to This | # ]

    Apache security is easily botched
    Authored by: RedBarchetta on Wednesday, March 02 2005 @ 08:12 PM EST
    At the time this all occured, access to the SCO ftp server was restricted by a password/login dialog box. This is a standard Apache (i.e., web server) security feature. It's also standard for alot of sysadmins to screw up this portion of the Apache setup.

    The Apache "directory access" security setup has two components:

    1) The user/password database
    2) The HTTP server setup

    The first component requires issuing shell commands to create a name/password database. Since there are oodles of rookie system administrators who aren't comfortable with the Linux/UNIX command line, this step is often bypassed accidentally, or botched due to improper syntax (sometimes it's just plain old ignorance).

    The second component, telling the Apache HTTP server how to restrict directory access, involves editing a simple text file (.htaccess) located in each directory to be restricted. Since most Linux/UNIX distributions come with a GUI-based text editor, this part is the least botched.

    So it's entirely possible to completely botch the user/database setup, AND configure Apache to restrict access, AND have the appearance of working security. If a user attempts access to the "protected" directory, they will receive a name/password dialog. But here's the rub: it won't restrict access unless the user database is setup.

    Your chain is only as strong as your weakest link.

    In this case, the user/database setup was probably incorrectly administered, and as a result people were able to bypass the dialog box. How? By pressing OK without so much as entering a name or password.

    Had the administrators bothered to test their setup, they would have quickly discovered the hole. Or they DID test the setup, realized they had a hole, but knew nothing on how to resolved the problem. I elect the latter.


    ---
    Collaborative efforts synergise.

    [ Reply to This | # ]

    ftp.sco.com accepts anonymous connections
    Authored by: yscydion on Wednesday, March 02 2005 @ 08:16 PM EST

    Just out of interest (and from home not work) I typed "ftp://ftp.sco.com/" into the address box of my web browser and there I was looking at the top level directory of their FTP server with no prompt, and no visible text telling me to go away. There was a file called "Legal_Notice", but I don't know what it says because I did not download it. If I had gone to "ftp://ftp.sco.com/pub" directly, I would not even have known that there was such a file. The directory 'pub' (for public) is a convention going back to before the web was invented for a place where you put files that are being made publicly available for anyone to download, so going directly there would be a normal thing to do.

    Turning off anonymous FTP is not rocket science, see for example http://docsrv.sco.c om/NET_tcpip/ftpT.anon_access.html "Controlling access to anonymous FTP". Even if you don't have a convenient management interface like that, it is not hard for anyone who has any idea how to manage internet facing servers.

    I did not probe very far, but there were various empty directories with Linux in their name, and modification dates in December 2004 or January 2005. I can't know what was there back then, but it all looks very suspicious to me.

    Sontag's paragraph 29 claims that the fourth listed "web site"[sic] "became subject to password protection on August 13, 2004". The fourth URL takes you to the FTP server, not a web site, and if Sontag's declaration is correct, then the access control must have been removed since then. This seems highly unlikely to me.

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: Anonymous on Wednesday, March 02 2005 @ 08:59 PM EST
    "20. On September 23, 2003 an upgrade was done to the authentication mechanism on the download site, linuxupdate.sco.com. Through this upgrade, a bug in the authentication software was inadvertently introduced. If someone entered an invalid username or password (or both), they would simply have the login prompt re-represented to them up to 3 times. After three failed attempts, they would get an error message and be denied access. However, if they left the username and password fields blank on any attempt, the authentication process was delayed (by approximately 15-30 seconds) and access was eventually allowed. 21. Anyone who accessed the site by exploiting this bug would have known they were bypassing a security login -- that is, hacking into the system. "

    This is simply nonsense, it may show a prompt for a password and user name from Internet explorer for example but may not show anything if you use another software to access this link from many Linux FTP applications or numerous other software capable of downloading; I know because I just from curiosity accessed this files by entering the link posted on many internet sites and I could downloaded anything I want. Beside it was clear to me that it is GPL’ed software so it is readily available to me. It is really silly for them to claim that they are the UNIX owners and they posses the UNIX "secret" knowledge, but in the same time are so incompetent, because they distribute under the GPL its own allegedly stolen code to the public. What is it? Are they are really experts or incompetent computer literate novice claiming to be experts. Shouldn’t they test its "protected" site against most popular application people may use to access it? After all the world is not turning only around MS Internet Explorer.. Shouldn’t they employ some of theirs advanced UNIX method and concepts to maintain a simple site, the same methods and concepts they want billions for? For many FTP agents or http browsers capable of ftp protocol there was no any restriction to access to this files.. empty string is after all an empty string and an empty string gets you in.. seamlessly anyone could get access to it at any time.. it something doesn’t add up here.. It makes me wonder if it was really password protected in a first place.

    [ Reply to This | # ]

    But they *DID* charge for it.
    Authored by: darkonc on Wednesday, March 02 2005 @ 09:00 PM EST
    PJ wrote: The issue isn't whether you charge for the distribution, just that you did it after you lost your right to distribute. And by any GPL measure that I know, SCO continued to distribute after they lost their right to distribute.

    Their plea for leniency is based on the fact that they never really made that much money off of SCO code , after they restricted who whey would sell the stuff too. They also subtract the cost of returns from the income from downloads so that it's a bit harder to figure out exactly how much (gross) they took in for distributing Linux in this time period -- my calculations come to $41,118 presuming that they didn't charge any sort of 'restocking fee' for returns.

    As for 'hacking' the site with a null login/password... This would be (for me) a standard way of checking to see if the FTP site was still up..
    Ftp downloads.ftp.com
    [cr] [cr]
    exit

    That this allowed you to login would just be am add-on.

    If I knew that a site allowed me to use enter/enter instead of ftp/some_random_string, I'm lazy. I wouldn't bother with the extra typing.

    It should also be noted that the FTP/email hack exists because the original FTP daemon refused to allow access without a login and password, and this was easier than changing the protocol (lazy programmers with a hack of their own).

    ---
    Powerful, committed communication. Touching the jewel within each person and bringing it to life..

    [ Reply to This | # ]

    Reconcile this Mr Sontag
    Authored by: Anonymous on Wednesday, March 02 2005 @ 09:11 PM EST
    1. Sontag claims that SCO was not aware that they were distributing Linux to all and sundry from their web site.

    This claim is belied by their spokesman's (Blake Stowell's) own public statements to the press, in which he not only acknowledges that SCO continued to distribute Linux, but even attempted to justify it.

    For example, emphasis added, www.computerweekly.com/Ar ticle125252.htm

    SCO has not sold the SCO Linux software in question since 12 May, but the company continues to distribute it via the internet to honour existing support contracts, said SCO spokesman Blake Stowell.

    Stowell disputed the idea that SCO could no longer distribute Linux. "We're the copyright holder for the core Unix operating system. If we want to charge someone a licensing fee for using our copyrighted software that's gone into Linux, then we have that prerogative," he said.

    "If we want to continue to distribute Linux to our existing customers, we can do that because we own the copyrights on that Unix software."




    2. Sontag claims that SCO was not aware that it was IBM who contributed certain code to Linux, despite the fact that SCO was marketing these very features.

    While this claim maybe appear implausible on its fact (didn't SCO know what product they were selling), it is further belied by SCO's own documents, some of which have already been presented as exhibits to this case.

    I am of course refering to the slideshow that SCO presented at their SCOforum, in August 2003. A copy of which can be found at perens.org/SCO/SCOSlideShow.html< /A>. In one of the slides (page 21 in the PDF version), SCO even goes so far as to point to an IBM copyright notice!


    Quatermass
    IANAL IMHO etc

    [ Reply to This | # ]

    OpenLinux Base 1.1 1997 Caldera Inc
    Authored by: Anonymous on Wednesday, March 02 2005 @ 09:22 PM EST
    Legal Notice ------------ LISA (Linux Installation & System Administration) is Copyright (C) 1994-1995 Ralf Flaxa & Stefan Probst ---------------------------------------- GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. xx

    [ Reply to This | # ]

    • yikes! - Authored by: Anonymous on Wednesday, March 02 2005 @ 11:26 PM EST
      • yikes! - Authored by: belzecue on Thursday, March 03 2005 @ 01:47 AM EST
    website versions
    Authored by: Anonymous on Wednesday, March 02 2005 @ 09:26 PM EST
    Why can't IBM go after discovery of every single version of SCO's website?
    Surely that's trivial to provide, why is SCO withholding?

    JRH

    [ Reply to This | # ]

    Exhibit F
    Authored by: Anonymous on Wednesday, March 02 2005 @ 09:26 PM EST
    IBM doesn't need their proof of SCO distributing linux anymore.

    Exhibit F seems to take care of that.

    [ Reply to This | # ]

    Comix by PJ?
    Authored by: Anonymous on Wednesday, March 02 2005 @ 09:31 PM EST
    ".....SCO executives reading nothing but the comics for several years......"

    Facts:

    - PJ frequently writes in a droll and/or sarcastic fashion.

    - PJ's writings often point out, in a light-hearted fashion, the hypocracy of all sorts of individuals and organizations.

    - Many people read PJ's writings for entertainment of the humorous variety.

    Conclusions:

    - PJ is, among others things, a comic writer, hence a comic (at least some of the time).

    - Reading PJ's writings amounts to at least perusing part of the universe of "reading the comics".

    Conundrum:

    If PJ writings are considered part of reading the comics, and the SCO execs were only reading the comics for a couple of years, wouldn't they have likely found they were distributing Linux when they thought they weren't? Especially as PJ is not the only humorist to have pointed this out. Wouldn't this make here comment untrue and therefore not funny? But it is funny. Funny how that works out. Or maybe only if SCO goes down - soon?

    [ Reply to This | # ]

    "Hacking" is easy!
    Authored by: Anonymous on Wednesday, March 02 2005 @ 10:29 PM EST

    ``IBM is guilty of hitting the Return key. If that is "hacking", maybe we need to redefine our terms as well as rewrite the law.''

    The bar is so low on what constitutes "hacking" that it's almost difficult not to hack. Just ask the poor slob in Great Britain who's been arrested for "hacking" into a web site created for tsunami relief. His hacking tool of choice: lynx.


    [ Reply to This | # ]

    I'm shocked. SHOCKED!
    Authored by: Anonymous on Wednesday, March 02 2005 @ 11:04 PM EST

    IBM downloaded SuSE Linux kernel sources from the SCO web site. Why... those cads!

    Seriously... Is there any hard evidence that IBM didn't get into the FTP site using a valid username and password? An outfit like IBM probably has a copy of every piece of software ever written to evaluate it for compatibility, etc. Who's to say they didn't have the access to the software accorded any SCO user? SCO's say-so? Excuse me if I don't find their credibility as rock-solid as they'd like us all to find it.

    Finally, what SCO presents as access logs aren't anything of the sort. They are a spreadsheet of information that SCO purports to have come from FTP server logs. Where are the actual log files? IBM ought to ask to see the raw data rather than some SCO "Reader's Digest" condensation of the logs.


    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: eamacnaghten on Wednesday, March 02 2005 @ 11:50 PM EST
    IBM was is a Technology Partner (with HP and AMD and maybe others) of United Linux.

    Also - there is a rather good spin on their web site about their "inactivity" ....

    We believe that the mission of UnitedLinux has been accomplished. Connectiva, SUSE LINUX and Turbolinux continue to support,and maintain products powered by UnitedLinux. Conectiva, SUSE LINUX and Turbolinux also continue to market their respective UnitedLinux distributions and are working together to enhance the capabilities of the UnitedLinux based system. Each of the three companies will support its customers throughout the lifecycle of version 1.0. There are no plans for a version 2.0 at this time.
    So they did not die because SCO messed them about - but are not doing anything more because they achieved their objectives :-)

    Web sig: Eddy Currents

    [ Reply to This | # ]

    So I can use SCO's Plan to beat the RIAA?
    Authored by: Anonymous on Thursday, March 03 2005 @ 12:00 AM EST
    I can load a FTP site full of mp3's, put in a file that says this is only for my
    custmers, even put up a real password system. Sell passwords online. When the
    riaa catches me distrubiting Usher, Madona, or Tim Magraw files by the
    thousands. Is all I have to do then is say they had unclean hands by hacking in?
    If that didnt work, maybe I was contractualy obligated to the people I sold
    password to?

    Not in a million years will that get me off the hook for copyright infringment.

    [ Reply to This | # ]

    A Recap on all this
    Authored by: Anonymous on Thursday, March 03 2005 @ 12:05 AM EST

    Am I right in assuming that all this noise, clutter & fluff regarding
    derived works & unix copies & linux, is still 100% dependant on SCO
    proving they obtained copyright to unix and following that, to all derived
    works.

    My reason for asking is that surely the core matter for everyone involved in the
    case is did tSCOg purchase the core ip & all rights & copyrights of
    Unix, from Novell (Santa Cruz Op ?).

    All the other stuff flying around & the massive efforts in discovery &
    much of the follow on claims (excluding some of IBMs CCs) all must amount to
    nothing if tSCIg don't, didn't and haven't got the copyright rights to Unix ?.

    Just wanting to understand if I have this right ?

    (it would help me understand better why tSCOg seem so desperate to avoid any
    decision on this)

    Tks

    Doug Marker

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: Bill The Cat on Thursday, March 03 2005 @ 12:21 AM EST
    I am puzzled by one of Sontag's claims. He says that when SCO participated in the UnitedLinux project, it had no idea that JFS was derived from SCO'S proprietary software or that it had been contributed to Linux by IBM "in violation of IBM's agreements with SCO." He also claims they hadn't a clue that the other features SCO marketed, like asynchronous I/O, enterprise volume management systems, and better SMP scaling, were developed by IBM. They just went by what the rest of the UL consortium told them.

    I think I recall that SCO actually promoted their Linux as having JFS, SMP etc. I may be wrong but didn't this come up some time ago? Didn't SCO at one point say they didn't know this stuff was in there but at a previous point in time actually distributed press releases touting the fact that their Linux had these features?

    Can someone correct or confirm this?

    Thanks

    ---
    Bill Catz

    [ Reply to This | # ]

    Someone Alert SCO!!!!
    Authored by: rm6990 on Thursday, March 03 2005 @ 12:32 AM EST
    Their FTP server's security is botched again!!! Go to
    ftp://ftp.sco.com/
    and watch as you gain access and no password is requested.

    What a bunch of morons.

    [ Reply to This | # ]

    "No password" is a common convention for public access
    Authored by: dwheeler on Thursday, March 03 2005 @ 01:31 AM EST
    Now this is getting silly (well, okay, this case got silly a while back). A blank password is a common convention for public access. Claiming that pressing RETURN at a password request is "hacking" defies common conventions.

    Many systems, particularly old ones, aren't able to disable their security/login mechanisms. To compensate, it's been a convention for decades that if you don't want some mechanism controlled by a password, you set its password to an empty password.

    If I'm told something is publicly available, and then asked for a "password", I reflexively hit "return" with a blank password. If that works, then clearly the provider didn't intend for it to actually be protected, or they would have set a password. Otherwise, how the heck are people supposed to provide public access with systems whose login mechanisms cannot be disabled?

    And of course, it's not even clear that the system even prompted IBM for a password at all.

    But bottom line, if all that was done was pressing "Enter" at a password prompt, then IBM was simply following standard computing conventions. Doing a password guessing attack (even if they use lynx) would be a real attack, and if they were accused of that the accusation would make more sense. But following standard conventions for anonymous use should be fine.

    [ Reply to This | # ]

    Mini timeline: a context for Sontag and the FTP sessions
    Authored by: anwaya on Thursday, March 03 2005 @ 03:19 AM EST
    In his declaration at 14, Sontag tells us that "SCO decided that the most sensible solution was to suspend its sale and marketing of all of its Linux-related products effective May 14, 2003."

    On June 13, 2003, The 2.4.21 kernel was released.

    On December 19, 2003, SCO published the "ABI Files letter", which says specifically that certain files in the 2.4.21 kernel "were never intended or authorized for unrestricted use or distribution under the GPL in Linux."

    On January 13, 2004, pixpat.austin.us.ibm.com downloaded kernel-source-2.4.21-138.i586.rpm from /scolinux/updates/RPMS.updates.

    On February 18, 2004, kernel-source-2.4.21-138.i586.rpm was downloaded again.

    Previously, on January 9, 2004, there was a fetch of the directory, but the only kernel downloads that day were 2.4.19-SuSE.10[46].i586.rpm. None of the sessions SCO presents list the 2.4.21 kernel before January 2004.

    At some date after Sontag's involvement in the decision to cease sales and marketing of Linux, SCO decided to provide its customers with an update to the kernel on the FTP site. They chose to provide a version, under the GPL, which must have contained files they said should not be distributed under the GPL, or otherwise be non-functional.

    I wonder what their justification for this was? Did they look to see if it was a kernel they felt didn't infringe on the IP rights they assert? Or check that it didn't add new infringements? Did they consider that distributing a new version of the Linux kernel might look like approval of the kernel?

    I should like to know what Sontag's answers are. Does anyone else have more questions for Sontag?

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: Anonymous on Thursday, March 03 2005 @ 05:08 AM EST
    Next time Christopher Sontag enters a store, we'll call the police and accuse
    hime of tresspassing. Although the door was not locked, he pushed it open and
    entered the shop. This is clearly illegal, he should have known that the door
    was normally locked and only due to a bug the door was open.
    Silly SCO

    [ Reply to This | # ]

    Note that the terms of download were "on the site"
    Authored by: Anonymous on Thursday, March 03 2005 @ 05:54 AM EST
    Which is not the same as saying that they were on the actual pages which IBM
    visited in order to obtain the source.

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: Steve Martin on Thursday, March 03 2005 @ 06:45 AM EST

    "The SCO Intellectual Property License for Linux is sold pursuant to written agreements, ... These licenses are solely for SCO's UNIX software."

    Which of course immediately raises the question of why it's a "License for Linux" if it's "solely for SCO's UNIX software", and was only sold to people running Linux.

    ---
    "When I say something, I put my name next to it." -- Isaac Jaffee, "Sports Night"

    [ Reply to This | # ]

    RIAA analogy
    Authored by: Anonymous on Thursday, March 03 2005 @ 07:09 AM EST
    Interesting analogy with the RIAA... if SCO wins this argument does that mean
    the RIAA is illegally "hacking" the P2P networks for downloading stuff
    from them without an invitation.

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: mossc on Thursday, March 03 2005 @ 08:03 AM EST
    on oct 29th 2003 this worked without a password prompt:


    wget
    ftp://ftp.sco.com/pub/scolinux/server/4.0/updates/SRPMS/kernel-source-2.4.19.SuS
    E-340.nosrc.rpm
    wget ftp://ftp.sco.com/pub/scolinux/Legal_Notice

    Chuck

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: mossc on Thursday, March 03 2005 @ 08:09 AM EST
    "27. The logs confirm unauthorized accesses from IBM IP addresses, during
    which 51 files were downloaded, from January 9, 2004, to August 4, 2004,
    including the very files that IBM now relies on in its motions for summary
    judgment. Complete logs of all unauthorized downloads by IBM are
    available."

    Lets see the complete logs of authorized downloads.

    [ Reply to This | # ]

    Lamlaw got me thinking... Did oldSCO ever distribute Linux?
    Authored by: jdg on Thursday, March 03 2005 @ 09:21 AM EST
    Lamlaw got me thinking... Did oldSCO ever distribute Linux? Any single
    distribution of Linux by oldSCO would stop newSCO from using this excuse because
    they cannot make this excuse for oldSCO. If oldSCO did distribute Linux to
    anyone, then newSCO "bought" the waiver when they bought Unix rights
    from oldSCO. Too bad for newSCO.:>)

    ---
    SCO is trying to appropriate the "commons"; don't let them [IANAL]

    [ Reply to This | # ]

    Incriminating documents
    Authored by: LarryVance on Thursday, March 03 2005 @ 10:02 AM EST
    I am surprised by some of the attachments. They appear to be very incriminating
    against tSCOg. Why would they publish their software specification that
    expressly provides for linux a license restriction of usage on a limited number
    of CPUs or an additional license for each implementation. This is in direct
    conflict with the GPL, which they have claimed they do not repudiate.

    The log files for the IBM access demonstrates that there was no hacking
    involved. The column of status clearly states "ACCESS GRANTED". They
    by their own admission granted access to the repository. If they try to pursue
    illegal entry to IBM for this repository and apply it singularly to them and not
    SUN, and M$, and HP, and SGI, and CA, and ad infinitum then they are IMO going
    to be causing themselves big troubles by selective application.

    Either Sontag is a total idiot or has no scruples. Maybe a combination of the
    two. I think this declaration and the attachments I have seen are actually very
    damning for tSCOg.

    ---
    NEVER UNDERESTIMATE YOUR INFLUENCE!
    Larry Vance

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: Anonymous on Thursday, March 03 2005 @ 10:41 AM EST
    If they kept distributing due to being required to by customer contracts, does
    this mean that when they stopped distributing it, they no longer had any such
    customers?

    Quite shocking then; I'd have figured they were out of customers long before
    that.

    [ Reply to This | # ]

    Not sure why it matters
    Authored by: Anonymous on Thursday, March 03 2005 @ 10:43 AM EST
    Since anyone who downloads GPL'd sources is free to redistribute them, IBM could
    have a registered SCO user download it and give it to them. Therefore, the only
    damage potentially inflicted on SCO is unauthorized use of their website, not
    disclosure of their kernel. Even if this were proven, so what? Damages would
    have to be minimal.

    [ Reply to This | # ]

    This is total cobblers!
    Authored by: aug24 on Thursday, March 03 2005 @ 11:24 AM EST
    Looking at the server logs, they are just the http command logs (typically
    access.log).

    There's nothing whatsoever in there to indicate whether IBM logged with a
    password or not. All that part of Sontag's declaration is supposition.

    Justin.

    ---
    --
    You're only jealous cos the little penguins are talking to me.

    [ Reply to This | # ]

    Being incomponent/amature is not against the law
    Authored by: Anonymous on Thursday, March 03 2005 @ 11:26 AM EST
    1) The security was not setup correctly (and still isn't)
    -->not illegal but shows intent to secure

    If fact that seems to be the strategy here...honest we tried to keep them out we
    did like security and they broke in.

    2) We thought we quit distributing the product. (honest)
    --> our security was poor but we didn't know unauthorised people were
    actually getting the code. (bad people and IBM was a bad person also)

    this is a difficut issue to force .... from IBM point of view...

    1) you are a computer software company...(no your Honor we're a lic./IP
    administration company now)

    2) You had to read those outside sources...(no sir not during work hours and
    they are not my hobbies so I don't check them)

    3) You got emails from people...(well sir we get alot of emails and usually
    answer the ones form people we know first the others can take months)

    this silly little game is very hard to contain and by showing intent they are
    trying to cover the issues...

    p.s. please show us the infringment SCO the ones you found before trail and the
    fishing expedition started...

    a subtle ogre





    [ Reply to This | # ]

    sco's litigation strategy...
    Authored by: Anonymous on Thursday, March 03 2005 @ 11:53 AM EST
    reminds me of a street corner hustler. they have their three cups and they keep
    shuffling the ball [complaint] from cup to cup in an attempt to confuse the
    opposition [and judges] as to which cup their claims are in...

    sum.zero

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: Anonymous on Thursday, March 03 2005 @ 11:54 AM EST
    I am glad that he did not presented his opinion as an expert.. ;-)


    For those
    unfamiliar with this program "Wget" is a popular a non-interactive network
    retriever, bundled with any Linux distribution.

    Open a shell console and
    type:
    wget -r -l 2 ftp://ftp.sco.com/pub/

    -r is for recursive
    -l is for
    recursion depth ( 0 will get you all)

    It is a common convention that /pub
    contains publicly accessible files.
    As you see there is no any restriction,
    warning, disclaimer or password prompt.


    [alec@develop alec]$ wget -r -l 2
    ftp://ftp.sco.com/pub/
    --08:32:51-- ftp://ftp.sco.com/pub/
    =>
    `ftp.sco.com/pub/.listing'
    Resolving ftp.sco.com... 216.250.128.13
    Connecting to
    ftp.sco.com[216.250.128.13]:21... connected.
    Logging in as anonymous ... Logged
    in!
    ==> SYST ... done. ==> PWD ... done.
    ==> TYPE I ... done.
    ==> CWD /pub ... done.
    ==> PASV ... done. ==> LIST ... done.

    [
    ] 2,437
    --.--K/s

    08:32:54 (94.42 KB/s) - `ftp.sco.com/pub/.listing' saved
    [2437]

    Removed `ftp.sco.com/pub/.listing'.
    Creating symlink
    ftp.sco.com/pub/OpenLinux3.1.1 -> OpenLinux311/

    --08:32:54--
    ftp://ftp.sco.com/pub/README
    => `ftp.sco.com/pub/README'
    ==>
    CWD not required.
    ==> PASV ... done. ==> RETR README ... done.
    Length:
    789

    100%[====================================================>] 789
    --.--K/s

    08:32:54 (123.66 KB/s) - `ftp.sco.com/pub/README' saved
    [789]

    --08:32:54-- ftp://ftp.sco.com/pub/du-s
    =>
    `ftp.sco.com/pub/du-s'
    ==> CWD not required.
    ==> PASV ... done. ==>
    RETR du-s ... done.
    Length:
    11

    100%[====================================================>] 11

    --.--K/s

    08:32:55 (2.64 KB/s) - `ftp.sco.com/pub/du-s' saved
    [11]

    --08:32:55-- ftp://ftp.sco.com/pub/ls-lR
    =>
    `ftp.sco.com/pub/ls-lR'
    ==> CWD not required.
    ==> PASV ... done. ==>
    RETR ls-lR ... done.
    Length: 4,884,219

    11% [=====>
    ] 583,072 75.48K/s ETA 00:56
    [1]+ Stopped
    wget -r -l 2 ftp://ftp.sco.com/pub/

    I stopped here ...

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: Anonymous on Thursday, March 03 2005 @ 12:29 PM EST
    "In heaven, should you go there, you can code again in freedom."

    In hell, should you there, you will code for M$.

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: ChubbyTiger on Thursday, March 03 2005 @ 02:03 PM EST
    This is lovely. Anon login to ftp.sco.com. The legal notice is:
    NOTICE: SCO has suspended new sales and distribution of SCO Linux until the intellectual property issues surrounding Linux are resolved. SCO will, however, continue to support existing SCO Linux and Caldera OpenLinux customers consistent with existing contractual obligations. SCO offers at no extra charge to its existing Linux customers a SCO [sic] UNIX IP license for their use of prior SCO or Caldera distributions of Linux in binary format. The license also covers binary use of support updates distributed to them by SCO. This SCO license balances SCO's need to enforce its intellectual property rights against the practical needs of existing customers in the marketplace. The Linux rpms available on SCO's ftp site are offered for download to existing customers of SCO Linux, Caldera OpenLinux or SCO UnixWare with LKP, in order to honor SCO's support obligations to such customers.
    In /etc/passwd one can find
    root:*:0:0::: bin:*:1:1::: operator:*:11:0::: ftp:*:14:50::: nobod y:*:65534:65534:::
    Had I wished, I could have downloaded any bit of OpenLinux I wanted without ever being asked for a password or being warned that I'm not supposed to be there if I'm not a current customer. Morons. CT

    [ Reply to This | # ]

    New SCO 8K - Accounting Irregularities!
    Authored by: chris_bloke on Thursday, March 03 2005 @ 05:02 PM EST

    According to the new 8K filed at the SEC

    On February 28, 2005, on management's recommendation, the Audit Committee of the Board of Directors of The SCO Group, Inc. (the "Company") concluded, and KPMG LLP, the Company's independent auditors agreed, that, due to certain accounting errors, the Company's financial statements for the quarters ending January 31, 2004, April 30, 2004 and July 31, 2004 should no longer be relied upon and should be restated.

    Specifically

    For the first, second and third quarters, the Company expects to reclassify amounts related to certain shares of common stock that the Company may have issued under its equity compensation plans without complying with the registration requirements of federal and applicable state securities laws from permanent equity to temporary equity in the amounts of approximately $272,000, $231,000, and $557,000, respectively. The Company may make a rescission offer to holders of certain shares and expects an amount to be classified as temporary equity until the completion of a rescission offer or until the Company no longer has an obligation to the holders of such shares.
    For the first quarter and the second quarter, the Company expects to reclassify accrued dividends related to the Company's previously issued Series A and Series A-1 Convertible Preferred Stock from equity to current liabilities in the amounts of approximately $879,000 and $1,619,000, respectively. In October 2003, the Company issued shares of Series A Convertible Preferred Stock in connection with its $50,000,000 private placement, which shares were subsequently exchanged for and replaced with shares of Series A-1 Convertible Preferred Stock. When the Company repurchased all outstanding shares of Series A-1 Convertible Preferred Stock in July 2004, the Company's obligation to pay dividends on such shares terminated. The accrued dividends were never paid and ultimately were recorded in equity upon the completion of the repurchase transaction. In addition, the dividends were properly captured in the calculation of earnings per share in the periods above.
    For the first and second quarter, the Company expects to restate approximately $233,000 of stock-based compensation expense which was recorded in the second quarter, but incurred in the first quarter. There will be no change to the total stock-based compensation expense for the fiscal year ended October 31, 2004.

    [ Reply to This | # ]

    Declaration of SCO's Chris Sontag of December, 2004 (SCO v. IBM) - PDF & text
    Authored by: Anonymous on Thursday, March 03 2005 @ 05:42 PM EST
    I think that SCO could claim that a password prompt represented a security
    measure, even if an ineffectual one. For the benefit of the Judge and various
    lawyers in the trial it should be made very clear that the socially accepted
    convention for ftp servers is that if the ftp server allows logins with the
    username "anonymous" and any password, then the ftp server is
    considered open to public access.

    [ Reply to This | # ]

    Groklaw © Copyright 2003-2013 Pamela Jones.
    All trademarks and copyrights on this page are owned by their respective owners.
    Comments are owned by the individual posters.

    PJ's articles are licensed under a Creative Commons License. ( Details )