More on the invoices. a must read, I' say

ht tp://www.zdnet.com.au/newstech/os/story/0,2000048630,20278277,00.htm

[ Reply to This | # ]

One puzzle piece that I'm waiting to place is how Novell fits into the Canopy group plan. They really seem to be an odd couple at this point. Don't get me wrong...I'm a major fan of Novell right now...just can't figure out why the Canopy influence hasn't rained on Novell's parade. Must be stupidity ;)

That's my two cents and by the way, kudos to PJ for the site and quatermass, MathFox, Brenda, and all the other regular posters...you make this site addictive to all of us lurkers.

[ Reply to This | # ]

Oh and PJ keep up the great work! This site is head and shoulders above the rest!

[ Reply to This | # ]

Keep up the good work!

[ Reply to This | # ]

GenWer, you may be right after all. I just read this: http://www.zdnet.com.au/newstech/security/story/0,2000048600,20278272,00.htm

K., I wish I'd thought of what you wrote. It's such a great addition. Being free to build on other peoples' work has a lot of benefits, and not just in software, huh?

[ Reply to This | # ]

I really wish Linus would do one email interview a week. It would go a really long way in undoing damage Darl, Blake and company seem to be deliberately doing to the reputation of Linux.

[ Reply to This | # ]

[ Reply to This | # ]

I think that puts too much liability on the admins. Software vendors have been known to go for a full year without fixing security bugs. Software vendors always advertise their products as secure, even though they have had a history of security problems.

One solution is to assign all software a security rating based on the track record for the passed year. It would look like the nutrition information that is displayed on foods. This way, if you bought a boxset you could just look at the side and see that the software had 9 remote root exploits last year.

This solution costs nothing, but it would make software vendors care more about security.

(PS. On an unrelated note. I recieved a form letter today from my State Attorney General's office thanking me for reporting SCO's behavior.)

[ Reply to This | # ]

[ Reply to This | # ]

Glenn

[ Reply to This | # ]

I'm stunned. That link you posted on the computer systems that just "walked" out of the airport in Sydney has blown my mind. In this day and age, how do two people walk into a computer room, unplug computers, and walk them out the door without anyone saying anything.

I maintain networks for several companies and I can't walk out the door with much more then a keyboard without someone looking at me sideways! And I'm well known and trusted by most of the staff at these companies.

I guess having complete strangers show up to customers sites and remove hardware must be a normal course of business at EDS? Either that or the security is just that good at the Sydney airport. Wow, I hope they do a better job of screening bags!?

[ Reply to This | # ]

See Design, Development, Deployment 'load marks'.

[ Reply to This | # ]

But, regulating the vendors won't work either because they'll market their way around any bad publicity and continue with business as usual. In Microsoft's case, where a substantial portion of their business is a monopoly on Operating Systems, users don't even get a choice because Windows is still bundled with a hardware purchase.

Enforcing Liability may be the best way, as Bruce Schneier argues. (Schneier is a principal of Counterpane Security and a well-respected member of the computer security community.) As he summarizes:

"There's no reason to treat software any differently from other products. Today Firestone can produce a tire with a single systemic flaw and they're liable, but Microsoft can produce an operating system with multiple systemic flaws discovered per week and not be liable. This makes no sense, and it's the primary reason security is so bad today."

One major problem with software liability is how to avoid burdening the authors of Free or Open Source software with a risk they're not being paid to accept. I suspect there are exceptions to strict liability with other "free" products, so perhaps there's a way around the dilemma.

Liability is the Sword of Damocles we all have to live with, whether it occurs when our dog bites the neighbor, our employee damages a client's property or a product we sell injures a customer. Why should the software industry be exempt?

[ Reply to This | # ]

I read your post to Enderle's article (and all the others - none supported him); you did an excellent job of pointing out the flaws in his statements and his complete lack of research.

It may be too much to hope that he'll take it to heart...

[ Reply to This | # ]

Dick,

In UK law a vendor cannot disclaim *all* warranty or liability for a good if it is sold. There is a nice set of guidelines here: http://www.dti.g ov.uk/ccp/topics1/guide/tradersguide.htm

For example, if I *buy* a boxed set of SuSE Linux then irrespective of the disclaimer on the box I am still entitled to a refund if the goods are not "fit for their purpose." At present SuSE might say that only applies to physical defects, but I would reckon that if it failed to install on a PC on their own stated compatibility list that would also qualify.

However, if something is given away free then there is no exchange of consideration and no contract of sale, so the situation is different. So if I download the free FTP version of SuSE Linux and my house explodes, my tough luck (as far as consumer law goes.)

I see no reason why software couldn't be covered along the same lines as physical goods.

[ Reply to This | # ]

[ Reply to This | # ]

This is that dumbest thing I have ever read, and I was in the Navy. Any bubblegum computer tech knows the best way to increase a system's performance is to add RAM. The second part of the statement is only partially correct. I do admit it is always best to use matched RAM in any system but if the Main Board and the RAM Sticks used can adjust to a mis-match it certainly does not make the software system unstable, rather hardware doesn't function at its best level. Of course an IT person worth a grain of salt knows this already.

I will agree however that IT types need to keep in mind that they can't blame MS for all their security woes. I have been on the internet 5 years and I have never been hit with a Virus, Trojan, or a Worm. Spyware has nailed me a couple of times though. Why? One simple way, A Good Firewall. If you have no purpose for a port to be on the Internet Stealth it. If it has to be on the net lock it and make every connection coming from the Net authenticate. If you need to have an wide open port run it on a server in a DMZ so that it's segregated from the rest of the network. All points Mr. Enderle never mentioned. MS needs to be more thorough on the security audits as well. IT Managers need to step up checking the critical updates and get them installed once they work out the issues on (gasp) a test platform. Okay My server is Linux and My Windows clients are protected because the Linux server has a full stealth Firewall configured. IT Managers use a test system keep it updated. Fix the issues from the updates and then deploy them once you know what to expect and do. (Some companies still Have SP2 on W2K) Come on lets place blame where it belongs MS distributes a POS OS product full of bugs and holes. Script Kiddies are out there looking to take advantage of them serious hackers even more so. MS gets out an update to fix a discovered security hole and issues a patch to fix it. A month later A script Kiddie in AZ has halted your network because they have been taken over and are running a DDoS on some site. Sorry a month is long enough to test and resolve any issue.

--Shaun

[ Reply to This | # ]

(You really ought to change your handle - you're far from it!).

Here on the other side of the pond, vendors (at least of software) can disclaim everything, although some state laws override that. Nevertheless, getting a refund from Microsoft (or Dell, etc.) for your copy of IIS or Windows is scant comfort after you've lost irreplaceable data or had to spend a week on reconstruction of a system because a security flaw let some cretin in.

If you're saying that software should be treated under the law in exactly the same way as physical goods, including liability for damages, then I agree.

There is a complete lack of incentive for software vendors to exercise care in the release of their products. I'm sure that in both our countries, a civil engineer who makes a single error of the magnitude of say, the Blaster worm, might have a new career asking "Would you like fries with that?" and might even be spending some quiet time in a prison cell. Software vendors can shrug and say "Sorry about that - we'll fix it in the next release.".

Something needs to be done to correct this situation, whether by bringing the software world into line with every other industry with respect to product liability, or with some sort of regulatory regimen.

[ Reply to This | # ]

A trader dealing with a consumer or dealing on his own written standard terms of business cannot exclude or restrict his liability for breach of contract or allow himself to provide an inadequate service unless he can show that the clause satisfies the 'test of reasonableness' (see paragraph 20). Nor can a trader require a consumer to indemnify him against any loss he may incur through negligence or breach of contract unless he can show that the clause satisfies the same test.

I seriously wonder what the clause would mean for the MS-EULA's in europe; I know similar wording is in Dutch contract law. IIRC there has been an EU directive that forces all member states to implement this consumer protection clause in their law. Will it mean that the GPL exclusion of warranty is void, not nescessarily:

This is called the 'test of reasonableness'. In deciding whether a clause meets this test the courts will consider the circumstances that were (or ought reasonably to have been) known to the parties when the contract was made and to pay particular attention to such matters as the relative bargaining strength of the parties, whether the customer received any special inducement to accept the exclusion clause (such as a special discount), whether the goods or suitable alternatives could be obtained elsewhere without the exclusion clause, whether the customer knew or ought reasonable to have known of the clause, and whether to goods were made to the customer's specification.

In providing software for free, GPL developers can defend that exclusion of warranty is fair. This doesn't automaticly extend to distributors selling GPL software. I expect that large chunks of the MS EULA wold be found unenforcable in european courts, but I haven't heard of any of such cases yet!

[ Reply to This | # ]

Further, security is not fun, and it's hard to show progress; managers tend to like "click here and it does nice things", and tend to be unable to see "I audited 5000 lines of code and corrected 2 remote root exploits" as actually doing things.

[ Reply to This | # ]

On the subject of MS software quality, the best thing to say about it is that it is improving. I have the impression that they are seriously working on it and that they may reach a "sufficient" level in a few years. If MS had more incentives, improvements would go faster.

About secure progamming: Good and secure programming isn't that difficult, but it requires that a programmer knows his tools. When psychology dropouts with three months of "computer training" are offered as "Oracle consultants" by consulting agencies I am seriously worried about the quality of their software! Programming is a craft that requires time to master.
Making good software also requires serious testing and reviewing procedures. (Security problems are more commonly found by reviews than by testing.) Security and reliability are aspects that run through all stages of system design and implementation and can not be "bolted on" half way to the process.

[ Reply to This | # ]

If I sell you a glass of lemonade and it tastes of raw chicken brains, you are not only entitled to a refund but also potentially further compensation for consequential loss. This is because the sale creates an implied contract.

If I just *give* you a glass of lemonade and it tastes of raw chicken brains, you can't sue me for anything because no contract has been created. (I might have comitted some other offence against public health legislation though! ;)

In this context remember that the GPL is a licence, not a contract.

[ Reply to This | # ]

On laws, I just can't help but see that as a negative, at least until legislators and judges figure out the tech. I deal with HIPAA in my paid work sometimes and if you read what they did in that law, it makes your hair stand on end, and they were actually trying to get it right. Their concept of what is enough when it comes to security was ...well, not enough to actually get the job done. How do you solve that problem, when the problem is human-based? My presumption is that MS has the tech down, so it's just a matter of motivation. My question is: why aren't they motivated now when it's obvious their name is mud in the corporate world on this subject? Isn't losing customers enough of a motive? It's a puzzlement, which is why I am trying to figure out what are the other possibilities.

[ Reply to This | # ]

Under German law, apparently, you cannot exclude any warranty completely. If damages were caused by intention or gross negligence, then you are liable, even if you gave away the faulty item for free. See http://www.tilljaeger.de/art10.pdf (pp 17-22) for an explanation how that affects the GPL.

[ Reply to This | # ]

If I meet you in person and we exchange t-shirts, I think we executed a contract.

[ Reply to This | # ]

[ Reply to This | # ]

Thorsten, Ernest Jones once described Jung's psychoanalytical theories as "metaphysical spinach". I would describe the paper you link to as legal spinach. I have touched on it before, but I may do an in-depth article on it. First, my understanding is it was more or less commissioned by proprietary software assn; second, it's just some lawyer's theory; third, it doesn't actually say what the headlines made it out to say; and fourth, the author seriously misunderstands how the GPL works and what it means, throwing his or her conclusions off by a mile.

[ Reply to This | # ]

MathFox gave the example "If I meet you in person and we exchange t-shirts, I think we executed a contract." This is also the case in the UK, but if I give you a T-shirt and receive no consideration in return (consideration doesn't have to be money, it can be goods, services, or even a promise regarding future conduct) - i.e. it really is with "no strings attached" then there is no contract.

However, I do strongly suspect that if I intentionally or through gross negligence caused the free T-shirt I gave you to be covered in some harmful subtance, I would be liable under some other (non contractual) legislation here (UK.)

[ Reply to This | # ]

[ Reply to This | # ]

The answer is rather simple - it has not cost them customers, at least to this point. MS has mediocre to poor products, but they are an excellent company (from a corporate $ka-ching$ perspective). They are very much aware of the issues with their products and they are very much aware of their customers' feedback.

Up until recently nobody at all gave a hoot. No matter how bad things were, it was accepted that this was "just the way (microsoft) software is" (flawed and buggy). When people (customers) began to actually say "I am looking at alternatives and it is because your software is so buggy/insecure", then you get a memo proclaiming "Trustoworthy Computing". They didn't decide to (attempt to) make their products more secure because it is the right thing to do - they did it because they ran the numbers and said if we spend X dollars on security we can make back x++ dollars in return.

I read the piece that you referenced and I have to say I concur with the gentelman from General Motors. I am sure I am in the minority (on this and other tech-related sites) with this view.

[ Reply to This | # ]

if they send me an invoice i'll sue them (or report them, not sure how it works) for mail fraud and extortion. you can't send invoices w/o justification. go file papers to trade as "floyd's office supplies" and open a bank account in that name. then invoice a few companies for pens and paper giving those banking details - see what happens next.

some companies will pay you. some will call and question it. and eventually one will alert an post and they'll send the gardaí or a pack of solicitors after you.

companies couldn't function if it was legal to send their accounts departments bogus invoices. neither could your average joe on the street. just imagine if every month you had to figure out which phone bill was real and which wasn't? "oh that kevin lyda and his 'lyda phone company' invoice nearly had me this month i tell ya!"

and EVEN IF sco's copyrights are violated, they can't invoice end users. maybe my assumption that the law has common sense goes too far, but i fail to see how it can be legal to allow copyright holders to go after end-users and still have a functioning economy.

not that long ago some singer (i think it was george michael?) lost a copyright infringment case. a song he recorded was a copy of someone elses. that person got damages from him. can that person now invoice every person who bought that album? if so that means that every cd you own is an unknown liability.

in fact the same is true for every book, every software product, every copyrighted work in your house could potentially cost you hundreds of euro. each.

if sco can legally invoice every linux user then anyone who has ever purchased copyrighted works is in fiscal peril. all public libraries should be shut down immediately since it's possible that they could bankrupt the town/city/county/province/state/nation that owns them.

if sco can legally invoice every linux user then it means that no sale of a copyrighted work is ever final. ever. how can an information economy work if no sale of information is final?

[ Reply to This | # ]

There are some things you, as the *owner* of a copy of a copyrighted computer program (on CD, say) can do *without* a grant of licence and thus without having to accept any EULA offered. You can install it and use it on one machine. You can reverse engineer it for interoperability or educational purposes. And so forth, as defined in the copyright laws of your country.

The rights you have under copyright legislation need not be inviolable rights: that is to say, while it may not be legal to sign oneself into slavery, it is probably legal for you to agree not to reverse engineer a product as part of a transaction.

EULAs are ubiquitous because people are led to believe that they cannot legally run a program they have bought on CD without agreeing to a grant of licence. That is false, as Eblen Moglen and others have pointed out. Software companies use techniques like "by opening this packet you accept the EULA" or making the software display an EULA during the installation, and it's very hard to bypass these. Such techniques can invalidate the EULA in some jurisdictions, but actually this isn't the core issue - which is that users (a) don't read EULAs and (b) accept them without thinking.

Suppose you bought a new car and on delivery the dealer said "ahh, before I give you the keys you must sign this agreement" and shoved something the length of a typical MS EULA under your nose. I don't think your reaction would be very positive. In fact you might well tell the dealer to take the car back, refund your money and then report them to the Office of Fair Trading (in the UK.)

It's taken a long time in other areas (banking, medicine) for consumers to stop taken what they're given and start asserting their power. It might well take a long time too in what is actually still a very young market and industry.

[ Reply to This | # ]

That's one part of the answer. The other is to have a competitive market- products in competitive markets tend to be better products. And one good way to have a competitive market is to come down hard on companies that behave unethically....

[ Reply to This | # ]

I'm not so sure of that. When it comes to R&D, M$ is pretty dismal. From the start they have approached software development from a "let's not develop it here" angle. M$ didn't develop DOS, they bought it from someone. Ditto for any number of their products. At the time, there were other far superior products even in the DOS world, like ConCurrrent DOS.

While they did develop NT, it was not done by their own programmers- they hired Dave Cutler (the VMS man) and crew from DEC (Cutler stayed on afterwards). What Billy and Stevie are real good at is marketing, and figuring new and innovative ways to extract cash from their customers. I don't know if Gates still claims to chart the software architectures used by M$, but if he does it probably isn't a good idea. Years ago I looked at his Basic compiler code (100% Billy-programmed) and wasn't real impressed.

[ Reply to This | # ]

"and EVEN IF sco's copyrights are violated, they can't invoice end users. maybe my assumption that the law has common sense goes too far, but i fail to see how it can be legal to allow copyright holders to go after end-users and still have a functioning economy."

I found a worrying paragraph in the German author's rights law ("Urheberrechtsgesetz") (see http://www.transpatent.com -> Gesetzesvolltexte -> Urheberrechtsgesetz) :

If I read it correctly, §32a (1) says that if an author has given another person the right to use her work, and the use gives the user capital gains that are clearly disproportionate in relation to the reward of the author, then the author has the right to claim additional rewards. §32a (2) says that if the rights to use for transferred to a third person, then the third person is directly liable to the author of the work.

I.e., if Linux did contain i.p. from SCO, then a German end user would be liable, even if the distro was bought from e.g. SuSE.

OTOH, the German patent law says that patent protection does not extend to cover home users, so you can use a protected invention at home without having to pay license fees. And I assume that copyright protection is even weaker than patent protection, so that home users would not be liable, "only" commercial users of Linux. Provided, SCO would ever prove that Linux contained their i.p., that is. Which I doubt.

[ Reply to This | # ]

Seems ubsurd, but if you read the EULA it says you can get a refund if you don't agree. But, if that EULA came with a new Dell or Toshiba, try calling them up and asking for the money back for the software you don't agree to license. Dell, Toshiba, etc. will tell you to call Microsoft. Microsoft will tell you to call the computer maker.

I agree, one day consumers will understand how much they are getting shafted and politicans who spout on about "free markets" will have to admit that the current situation isn't particularly free.

[ Reply to This | # ]

No, our markets are not particularly free, but our unfree markets make certain individuals alot of cash. I married a woman from the PRC; we met when I was back in school taking some grad courses. I learned alot about America and China by talking to her- she wasn't your average Chinese (had traveled worldwide, dealt with the West in business matters, etc.- she did not have an insular worldview). She told me that the Chinese think the Americans are the "real communists," because over in China they have none of the free-lunch type programs that America has. Not much of a welfare system either- the state only feeds and clothes people as a last resort. If someone is in need of being fed and clothed, and they have ANY living relatives, the courts make the relatives support this person. And in many ways their markets are freer than ours are also, because the goal is economic development, and they realize too many controls kills development.

[ Reply to This | # ]

[ Reply to This | # ]

Britannica backed down, and apologized.

[ Reply to This | # ]

[ Reply to This | # ]

It's more likely that the law refers to money made from the work *directly* - e.g. a publishing company grossly underpaying an author for publishing rights and making a ton of cash from selling the book.

But this is speculation, so some concrete examples would be helpful.

[ Reply to This | # ]

Well, the Linus comment is very old news, but it seemed refreshing to me to see a man who calls a spade a spade. It is a much truer statement than something like "The people at SCO have issues;" which is a typical sanitized and business-ized comment that doesn't really cut to the heart of the matter <G>. It's designed to make one's position and opinions vague and "protect us from getting sued" and "allow us not to upset anyone we may have to do business with"- not to convey truth.

But I will agree that esr goes a bit off sometimes- like with the comments regarding the <supposed> DOS attacks on SCO- I think the man was manipulated by SCO or a SCO flunky, and what he spouted was definitely counter-productive. This had the sewer smell of a sh*t instigated from MickeySoft's dirty tricks division.

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

http://australianit.news.com.au/articles/0,7204,6873464%5e15317% 5e%5enbv%5e15306,00.html

[ Reply to This | # ]

Clause 36 is apparently known as the "BestSeller clause" and its purpose was to stop publishers ripping off authors with flat fees. A recent tweak to German law has made this a right the author cannot sign away. The sample, and the other mentions I've found all relate to percentage royalties, i.e. to *sales* of the work and its derivatives.

So it would seem that in the case of SuSE selling boxed Linux sets, a copyright holder might be able to ask for a proportional percentage of the revenue, but couldn't ask for millions on the grounds that users of the product had, say, saved money on their TCO.

Similarly, the third party clause is to cover one publisher selling its exploitation rights to another.

The applicability to something released under the GPL is unclear, since in this case the author might just put his work "out there" for anyone to download. I don't know whether downloading such a program would be considered by a court to be entering into a contract with the author. Given the German courts' pretty good track record to date on the SCO case, I doubt it.

[ Reply to This | # ]

SCO and its lawyers say that even if that were a solution, they would still want damages for the illegal use of their code in Linux until the "fix" was implemented. Who, they ask, would compensate them under this scenario? Your thoughts on this?

Hey, until they can be bothered to show something real, I don't think it's even worth discussing.

THe correct answer is that, since they didn't register the copyright, they legally aren't entitled for damages for past infringement. (Assuming infringement can be proved.)

[ Reply to This | # ]

However, open source advocates have been called terrorists, endured witless 'pass the bong' ordinances from lapdog 'analysts' and, worst of all, have been accused of theft and incompetence. While I consider the 'They are all on IBM's payroll' statements to be outright goading that got the desired results, you must remember that, while this issue is huge to many of us, it means nothing to the majority of people out there. Most people don't know who Linus or ESR are, and they are not likely to be reading their comments, position papers, open letters, etc. Those who do care are already aware of the vernacular of geeks, and no doubt can tell the difference between a jest ('They are smoking crack') and a truly malicious attack ('They stole our code'). Ultimately, the courts will decide who wins, so I don't think anyone is 'trying to win public opinion' here. Also, as this amazing site demonstrates, there is no shortage of dignified, well researched comment being tirelessly generated to refute SCO's 'case'. If you want a taste of some truly juvenile and damaging anti-SCO blather, check out my blog: http://timransomsfeeblemind.blog spot.com You can blame me if everything goes south, but leave Linus alone.

[ Reply to This | # ]

I don't know if there was already a court case with reference to §32a, since it's only a year old. Anybody here who can access the juris.de database?

[ Reply to This | # ]

COMPLAIN HERE https: //www.usps.com/postalinspectors/fraud/MailFraudComplaint.htm

A lot of people are saying, "wait until you get an invoice to get USPS involved." Here's some information on invoice fraud as the USPS sees it. http://www.usps. com/websites/depart/inspect/falsbill.htm

But why wait? There's already an extortion racket operating, a co-ordinated racket involving advertising, press releases, conference calls, interviews and staged presentations and part of that extortion racket campaign was conducted by mail. 1500 letter were sent to corporations as part of a shakedown. The mails have already been used in an extremely suspicious manner.

When you complain make sure to include a few links to invoice /threat stories http://www.linuxworld.com/story /33993.htm http://www.idg.com.sg/idgwww.nsf/unidlookup/8A82F436CD6D4CA4482 56D97000A5F6C?OpenDocument

Draw a diagram for the US Postal Inspection Service showing a pattern of conduct using the mails to defraud, a pattern that started with those letters. http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,81712 ,00.html

Some phrases to use may be 'using the mails as part of a co-ordinated campaign of fraud, some computer analyst types have already called this entire scheme "extortion"'
'playing around, using the Internet to make actual threats, combined with suggestively threatening mails'
'making actual threats in the media, in interviews, over the internet, in press releases, and as part of the company's quarterly analyst conference calls, and using the mails to send veiled threats that reinforce these other threats.'

[ Reply to This | # ]

[ Reply to This | # ]

The issue is nevertheless interesting since it could be of relevance to anyone selling GPLed code in Germany. Are there any other countries with similar provisions guaranteeing authors "fair royalties"? To my knowledge the UK and USA don't.

[ Reply to This | # ]

I've no idea if html tags are honoured so forgive any stray '
' you might see.

With regard to Enderle's comments on governments getting interested in platforms, and I know that I could be getting into tin-foil hat territory, it's always handy to check out the PR spin from the biggest company that has the government's attention. Bear in mind that Microsoft has been playing 'whack-a-mole' with vulnerabilities while talking about trustworthy computing and touting DRM as a way around the problem of viruses and worms (and lobby groups 'protected' content), which is in government's best interests to stop.

I personally believe the next step will be Microsoft touting this PR flak as real progress in terms of locking down security and might start to try and challenge *nix on the basis that it doesn't have a product that is _exactly_ the same. Before anyone starts thinking that government won't be dumb enough to fall for this, go check out Arlene McCarthy's recent press releases on software patents in the EU. It's a scary world once the incompetant start dictating to the competant.

[ Reply to This | # ]

O'Shaughnessy [regional general manager for the company in Australia and New Zealand] said he was unsure about the question of invoices being sent in the US even though there are reports on the web about just such a thing being planned.

[ Reply to This | # ]

The only reference I found so far is here: http://www.grur.de/Seiten/Themen/entscheidungen/leitsaetz e/2001/Urheber1.html#Anchor-UrhG-10615 (it's about the old §36, and states among other things that the additional rewards can be declined if the author's contribution to a compound work was only ancillary)

BTW, let's not forget that this UrhG law deals with the *author's* rights, not the copyright holder's rights. So it's (probably) only AT&T, not SCO, who could ask SuSE for royalties. Is there anything that SCO claims i.p. for that was actually developed when the rights to UNIX belonged to Caldera/SCO?

[ Reply to This | # ]

I suspect that Linus is incredulous to the claims. He's remained a rock up to the point of that interview, staying out of the way of the wider debate in the hope that it will all come out in the wash. But I suspect that he has limits, and the changing SCO position on everything from the infringements, to who found them, to even their own history has meant that virtually everyone even remotely informed on the case agrees with him.

Yes, there is a moral high ground, but a rabid dog like SCO will just stick around biting people without some soundbite comments from the Free software foundation 'personalities'...we just have to avoid descending to the level of virus writers and script kiddies in petulant, arbitary vigilantism. Personally I think the Samba guys had the best viewpoint, as this whole case appears to be trying to poison the GPL by forcing a 'change' which could be pointed to as something that could happen in the future.

As a brief aside, it would be useful to timeline the places where people have offered to remove the offending code. The SCO Australia sockpuppet did mention that SCO's actions (litigation) are a direct result of refusals to remove the offending code, but doesn't mentioned who they contacted. In relation to the case, this is the linchpin, IMO, especially to Red Hat.

[ Reply to This | # ]

True (though as I mentioned I don't think SuSE is the point at which the royalties come in, it's the person/entity who first put the AT&T code into the kernel.)

I think that AT&T though would be highly unlikely to pop up in Germany asking for money - it could be argued that the large sums of money they generated from selling UNIX licences were not disproporionately small.

"Is there anything that SCO claims i.p. for that was actually developed when the rights to UNIX belonged to Caldera/SCO?"

As far as I know, the only development that went on was either Caldera's voluntary contributions to the kernel or the Monterey project. SysV UNIX was in mothballs because originally Caldera bought Old SCO's code in order to merge it with Linux.

SCO's allegations revolve around (1) direct copying of the old SysV code (pre 2002), (2) JFS/NUMA etc for which SCO admit they don't own the copyright, and (3) so called derivative methods/concepts which are not covered by copyright.

So it's pretty clear that SCO have no route to pursue in Germany via this particular law.

[ Reply to This | # ]

re the "legal spinach": you wrote that the paper was "commissioned by proprietary software assn". Could it be you're thinking of the paper written by Gerald Spindler for the VSI (software industry association)? (http://www.vsi.de /inhalte/aktuell/studie_final_safe.pdf , in German. Critical review in English here: http://www.if ross.de/ifross_html/home2_2003.html#ARTIKEL28a)

[ Reply to This | # ]

1. Both sides will have to rely on experts. Independent types that will analyze SCO's claims and say either it came from SCO Unix or not.

2. The actual coders, if possible, will take the stand. They will have to answer tough questions of what they had available to them when they coded the section in question.

3. People near and around the SMP code team will be brought in even if they didn't write the code in question. "Did so-and-so have access to _______?"

It will be they said, we said to people who are barely or not technical.

OK I don't have any problem with Linus comments even in this light, but its clear why SCO did its little show at the conference. They wanted to accomplish two goals. 1. see what the opposition had to say. I.e. show their cards. 2. convince SCO loyalists that every thing is fine and under control.

According to ComputerWorld they convinced quite a number of people positively.

We need to remember that its not just about the legal actions of SCO but also about convincing people the Linux is ready for the Enterprise and more reliable/better than UnixWare. Linux is IN the Enterprise EVERYWHERE. Just because you pay a lot of money for SCO doesn't make it better.

[ Reply to This | # ]

http://lwn.net/Articles/47881/

Also, if they tell everyone to get a license but don't *really* sell it is that a legal problem or just a PR problem...hum...

[ Reply to This | # ]

http ://www.linuxjournal.com/article.php?sid=7117&mode=thread&order=0

I think that there is an effect. Why say your product/site/enterprise has linux inside if that just brings attention to the evil SCO lawyers?

[ Reply to This | # ]

Well they better have sold at least two, for their sakes

Because they issued a press release saying they had sold one. If they didn't and told investors they did, hello SEC.

Second they made statements to the press, saying they had sold a 2nd one, and maybe more. Same issue.

[ Reply to This | # ]

According to ComputerWorld they convinced quite a number of people positively. "

But they weren'r cross-examined by IBM lawyers at the conference, as they will be in court.....Oh, BTW, Ms. Laura DiDiot was senior editor, networking, at ComputerWorld for a time. ComputerWorld's coverage of the SCO lawsuit has been dismal until very recently.

[ Reply to This | # ]

[ Reply to This | # ]

But perhaps his reference was to the "million lines" SCO claims. His reference may be to the subject of what SCO owns not being a millions lines of code, but a million lines of something else. It would make as much sense as what SCO is claiming, right up to why they suddenly need that much money, and are willing to do anything to get it. I.e. they are behaving as the worst of addicts.

[ Reply to This | # ]

Laura went to Fordham, which is a good school, but earned a degree in communications, which is pure fluff. Probably prepared her for her job as a Windows and networking analyst almost as much as her minor in French. I'm sorry, but nowhere in her bio do I see any mention of her TECHNICAL qualifications. Has she ever swapped out a NIC, or installed a hub or configured a router? Administered a network perhaps? I tend to get very skeptical about these things since I have seen dumb-ass*s with Master's degrees in CIS that didn't know how to format a floppy disk under windows or write a genuinely simple bash script....

[ Reply to This | # ]

1. Every indication is they didn't want the slides to leak. The press reported it was under NDA originally. The initial reports they encouraged is "wow this is convincing stuff" from their allies. Heise got the pictures despite an NDA. Only then was it analyzed.

2. Every indication is that these are the slide shows used previously. Ian Lance Taylor's, the Byte article, and then German guy who didn't sign an NDA, give general descriptions which closely match either of 2 examples.

3. There is a whiff of a hint of a suggestion that having released the code slides without NDA to Bob McMillan of IDG, they are using the same stuff again back under NDA. Their is a McBride interview with Wired, post SCO forum, that might possibly suggest this - read it carefully. I can't say for sure, whether they are still using the same slides or not.

4. If they used the slide show we've seen to make allegations against say IBM. Then turn up in court with a different presentation, and perhaps different allegations, and say the original slide show was just a ruse. In my view, that would be almost admitting to having disparaged IBM in an untrue way. IANAL, so I'm not sure if falls under the definition of trade libel, but I would think it might be part of the way there, just on that.

[ Reply to This | # ]

[ Reply to This | # ]

1. Every indication is they didn't want the slides to leak. The press reported it was under NDA originally. The initial reports they encouraged is "wow this is convincing stuff" from their allies. Heise got the pictures despite an NDA. Only then was it analyzed.

2. Every indication is that these are the slide shows used previously. Ian Lance Taylor's, the Byte article, and then German guy who didn't sign an NDA, give general descriptions which closely match either of 2 examples.

3. There is a whiff of a hint of a suggestion that having released the code slides without NDA to Bob McMillan of IDG, they are using the same stuff again back under NDA. Their is a McBride interview with Wired, post SCO forum, that might possibly suggest this - read it carefully. I can't say for sure, whether they are still using the same slides or not.

4. If they used the slide show we've seen to make allegations against say IBM. Then turn up in court with a different presentation, and perhaps different allegations, and say the original slide show was just a ruse. In my view, that would be almost admitting to having disparaged IBM in an unfair way. IANAL, so I'm not sure if falls under the definition of trade libel, but I would think it might be part of the way there, just on that.

[ Reply to This | # ]

1. Every indication is they didn't want the slides to leak. The press reported it was under NDA originally. The initial reports they encouraged is "wow this is convincing stuff" from their allies. Heise got the pictures despite an NDA. Only then was it analyzed.

2. Every indication is that these are the slide shows used previously. Ian Lance Taylor's, the Byte article, and then German guy who didn't sign an NDA, give general descriptions which closely match either of 2 examples.

3. There is a whiff of a hint of a suggestion that having released the code slides without NDA to Bob McMillan of IDG, they are using the same stuff again back under NDA. Their is a McBride interview with Wired, post SCO forum, that might possibly suggest this - read it carefully. I can't say for sure, whether they are still using the same slides or not.

4. If they used the slide show we've seen to make allegations against say IBM. Then turn up in court with a different presentation, and perhaps different allegations, and say the original slide show was just a ruse. In my view, that would be almost admitting to having disparaged IBM in an unfair way. IANAL, so I'm not sure if falls under the definition of trade libel, but I would think it might be part of the way there, just on that.

[ Reply to This | # ]

Libel - is a published or broadcast false and defamatory statement which damages the reputation of an individual.

[ Reply to This | # ]

I ran into a previous professor who is the head of the IS dept. at one of the local Community Colleges and she wanted a copy when I was done. She hasn't really gotten the full Linux story, she is always frightfully busy, so add twenty nore links :)

Just to let you know, I am not ducking your request.

From the tone of this article I would say you might make a "conspiracy theorist" yet.

[ Reply to This | # ]

On Linus' choice of words, I was a bit put off by the phrasing, personally, but I also know that English isn't his first language, and having learned foreign languages myself, I know that you can learn a slang expression and misuse it because of not capturing the full flavor of the phrase. I think he's read that expression on places like slashdot or in emails, because it's commonly used to mean basically crazy, and just used it without catching appropriate context issues.

Thorsten, yes I did confuse the two. But I actually read the one you linked to, and I stand by the legal spinach assessment. Thank you for all the links and the in-depth coverage. You and Dr. Stupid have brought some matters to my attention I hadn't thought through clearly before.

Dr Stupid, I agree. You need a new handle. Stupid is what you are not.

On old news, please be aware that my choices of what to put up aren't the same as on, say, a strictly news site like /. My purpose is different. I am trying very hard to convince people, including the many reporters who use this site as a resource. So sometimes I choose to include things because of my editorial feel for what is good to say at that point in time, and sometimes it's used because it ties in with something else that I want to say, and sometimes it is used because I have finally checked into it and know it's true and can be used with accuracy. I try hard not to put anything in an artice, as opposed to a comment, that I haven't checked carefully myself. I didn't put up anything about what the code was or wasn't until now on Groklaw, because I wasn't sure myself, there were different opinions, and not being a programmer, it took some time to decide how to handle that. Having now decided that I can put it up, I wanted to do so in order to have a complete record of the history of this case. That is a secondary goal, and I don't mean secondary in importance.

Anyway, just letting you know my methods and why I do what I do.

I do believe that convincing the public is vital and that what "leaders" say is important. Juries are made up of the general public. Judges are in that same category. And that is the third purpose behind the site, to consistently and as often as necessary to put out the truth, so FUD falls flat. It can only thrive when people don't know any better. If I didn't believe it mattered, I surely wouldn't be losing sleep doing Groklaw.

[ Reply to This | # ]

She became more flustered at this point- took my name and number, and I am waiting for a call from SCO sales. Should be interesting. Oh yeah- she asked me if I used my Linux for home or business use. I said both, and asked her where the heck my invoice was because I had notified SCO that I was using 2.4 distros over a month ago and provided them with my address and all that.

The response almost had me rolling on the floor with laughter. "We're not sending out invoices at this time- we're only taking credit card orders!" My response wasn't "I wasn't born yesterday," but "Sorry, I can't pay up until I see an invoice." Should be fun to yank the SCO salesman's chain when/if he calls back.

[ Reply to This | # ]

This site is referenced A LOT by those with a clue trying to keep everyone informed about the whole SCO v. IBM thing. BTW you would know better then me, is the description I gave of a court case on this accurate? Would it most likely be a jury or just a judge? Can venue change or is it Utah all the way? These things can be settled out of court, when would it be tipping point for a settlement metting? Does the jury and/or judge get to look at the code or is it just expert testimony?

Mostly just curious.

[ Reply to This | # ]

So, when/if the salesman calls back, I will act as though I am very concerned about this Linux licensing deal, and want to "continue to run my business uninterrupted without misusing SCO's Intellectual Property. Since I have run these 2.4 kernel distros for a long time, and in a business environment, I am surely eligible to pay up. If they ask me for a cc number, well- I will demand that invoice first, for my "accounting records." Might be interesting.....

[ Reply to This | # ]

[ Reply to This | # ]

Take P.J.'s advice, document everything & if you run into something that hasn't been linked in here, link it. When it comes time to sit in the seat the more documentaion of those uncomfortable facts the harder it becomes to "fudge" what you meant...

And P.J., this site is great, restored my faith that there could still be intelligent conversations not full of flames on the 'net...I recommend reading it to all my clients & freinds.

Thomas

[ Reply to This | # ]

[ Reply to This | # ]

you HAVE to comment on this one:

ht tp://story.news.yahoo.com/news?tmpl=story&u=/nf/20030905/bs_nf/22226

Actually an article with some research and thought behind it. One thing that should be noted here. SCO is not MS. The unix business is actually growing overall if you inlcude linux, hp-ux, aix, max os X, etc. SCO SHARE of this market is what is declining. Users of SCO can usually easily switch to something else, such as Sun.

If you want to increase market SHARE you don't go pissing of potential customers already in the unix market. You bet this will backfire on SCO.

[ Reply to This | # ]

He's said that about me before when he didn't know why I had spent the time to code something he thought was "insane". And I was somewhat offended, yes, and it made it into the trade press (but my project went huge anyway :-)

J

[ Reply to This | # ]

[ Reply to This | # ]

uClinux ROCKS. We use it on a board that only costs $32 to make. No kidding. uClinux is a BIG reason why Linux is in the enterprise and going to make linux everywhere.

[ Reply to This | # ]

[ Reply to This | # ]

SCO's Road to Salvation ""SCO can still license Unixware or SCO Open Server even if they lose this case," Haff pointed out. [not if IBM wins the the patent argument.]

IDC analyst Dan Kusnetzky ... questioned SCO's continued success in the software realm. "One cannot hope to have a long-term relationships with customers or suppliers once you threaten them."

Forrester analyst Ted Schadler also sees alternate revenue streams in the company's future. ... "They could make that problem go away by spinning out the licensing business." he said. "They could sell the licensing business to IBM, for example, and keep the software business." [yeah, sure they can. Sell the right to collect illegal licence fees to the company that is suing them for violating enouhg patents to shut down their software sales. I can certainly see that happening.]

[ Reply to This | # ]

I spoke to a lawyer over lunch today (not getting formal advice you understand) who confirmed that libel of a business is still a valid tort - the difference with libel of a person is that malice is a requirement for a business to claim it. The best bit is with the truth defense (i.e. the defendant says that the defamatory claim was true, surely SCOs only possibility) under UK law the burden of proof falls with the defendant.

So if SCO were sued for libel by a linux-supplying firm over here, SCO's only viable defense would be to prove their claims. This would have the effect of forcing out their evidence (if it were to exist).

[ Reply to This | # ]

I think it might be worth trying to document what licenses SCOsource has actually sold so far.

The first one to Microsoft, noone is really sure what it is for except that it might be related to "Services for Unix" or something to do with Posix compatibility. Where MS would have obtained infringing code from to need a license is an interesting question, possibilities are either that they still had Xenix source code but no license to use it which seems unlikely, they had missapropriated it from the Linux kernel but MS seem scared enough of the GPL they probalby wouldn't risk that or they didn't have the code but wanted to give SCO some money. No-one seems to know if MS got any stock options on this deal which could have cancelled out the license cost.

The next licensee was Sun. This was supposedely for some device drivers for Solaris/x86. I really hope that Sun have checked that those drivers aren't identical to ones that were in Linux before Unixware supported the same devices. Sun already had an SVRx license but it didn't include modern x86 device drivers. Sun got a pile of stock options which at SCOs current share price are worth about as much as the license cost.

The third license was an undisclosed Linux using Fortune 500 company. Press release here. No-one knows what they paid or if they got any stock options. I'm sure I read that SCO had said this company was not Microsoft and I'm pretty sure I posted the link in another comment but I can't find it. Will the new site have a search facility?

There has been talk that a second fortune 500 company has signed up for the linux compliance license but I haven't seen any hard evidence. I can find stories like this that mention another fortune 500 company signing up but the date corresponds to the first compliance license so it is another license but only the first compliance license. Has anyone got a good link for a second compliance license.

Looking at all this I also noticed that SCOs last press release was back on 19 Aug. There have been no press releases about invoices being sent etc. Is this because they don't want to officially say they are sending invoices or is it because they want to create a share sales window?

[ Reply to This | # ]

One error you missed "For its courtroom battles, SCO has retained star legal gun David Boies" - except they haven't, Boise has handed over to newcommer Heise

also ""Much of Linux's appeal is that it's cheap," he noted" - this has been much discussed here before, the fact that source code is available and it is reliable has got a lot more to do with its use. The reason users wouldn't pay if the case was proven is because the license would destroy the development process.

[ Reply to This | # ]

I am bewildered by this. I have been assuming, like everyone else, that SCO's plan was to scare Linux users into giving them lots of money for licenses they don't need.

But if that is the case, then they would have put gotten the sales program going immediately. But it has been a whole month since the licensing program started, and still no way to make a purchase.

Does this mean they aren't really trying to sell licenses? If so, why? Or are they just really totally incompetent? Anybody have any ideas? And has anybody else tried to buy a license?

[ Reply to This | # ]

Bringing libel actions is notoriously expensive, particularly if you lose: several prominent people have gone bankrupt when libel suits failed. (Johnathan Aitken comes to mind).

[ Reply to This | # ]

After reading the same article it occured to me. We have all suspected this was about money. But let's complete the thought.

May be this is a cheap way to raise capital like venture capital without having to spin off ownership rights. MS pony ups $10Mill. A few others kick in smaller amounts behind the lead investor (just like a group VC deal). Canopy uses SCO to go for some long shot money with the license stuff. They gut SCO. Drop the suit. Take the money and put in what they really want to spend it on. Its legal and doesn't involve running VC in and out with their questions. You keep more ownership of the company. They also get the plus up, which they might not have anticipated, of the stock rising so much. Usually just sueing someone and generating some PR does not cause the stock to jump like it has. They can use the inflated stock as a purchasing weapon. Only bad thing here is the IBM/Redhat counter-suits. They would have to settle those somehow for this to work.

Tsu: one of the things these analysis in this article don't seem to understand is how easy it is to switch from SCO to something else. Unlike MS, your apps will probably run or can be compiled to run on other unix like platforms. It's not a 15 year decision anymore. Its 1 year decision to run unix or windows, other than that OS's can be swapped out just like hardware.

[ Reply to This | # ]

I'm going with incompetent on this one. Seriously, try to buy UnixWare from them. They are just stupid.

[ Reply to This | # ]

Sure did. E-mailed SCO over a month ago, told them all the distros I was running on machines for business use, and asked for an invoice. No response. Very slow today- so I called SCO and asked them to invoice me for my 2.4 kernel distro linux usage. they wouldn't- said they are only "taking cc orders." (See my earlier posts).

The Customer Care person said they were not mailing invoices and sales would call me back. Haven't received a call yet. SCO's "plan that isn't a plan" is falling apart rapidly.

Oh yeah- if I ever do see an invoice, I meet with someone from the state's AG's office, said invoice in hand.

[ Reply to This | # ]

If that theory holds any water, I wonder if we're shooting ourselves in the foot when attempting to
get ourselves billed by SCO for using their alleged IP.

[ Reply to This | # ]

[ Reply to This | # ]

Not at all, and here is why. SCO has threatened me, a business user, on their website. If I call and request that they send an invoice for what they claim I owe them, I am in no way telling them that I want to pay them anything- only that I want to see what this company claims that I owe them. And that's how it was presented for me by a friend who is an attorney at the AG's office.

And here is how one requests an invoice- "SCO salesman, if you say I owe your company money, please send me an invoice so that I may examine it. In no means am I requesting purchase of any sort of license from you, because I have already paid for my Linux distro." If they do send an invoice, I hear it will get them in real hot water.

In other words, SCO threatened me via their website. Put up or shut up.

[ Reply to This | # ]

[ Reply to This | # ]

http://www.securityfocus.com/news/ 6865

[ Reply to This | # ]

I don't think Microsoft is involved with any of the SCO shenanigans. Microsoft is greedy and plays dirty, but it ain't stupid. They still a federal judge with her foot standing on their coporate neck. Them being under the eye of the federal judge. If they are caught in any dirty tricks, it could have grave consequences.

My own opinion is that Microsoft bought the license irregardless of whether they needed it or not. Microsoft say a way of getting back at IBM, Linux (and as things have turned out) the GPL. And they could do it with clean hands by purchasing a SCO License for X millions of dollars. With 40 billion in the bank, that's petty cash.

[ Reply to This | # ]

Posted on IBM's site in multiple video formats.

Quite powerful, even Mohammad Ali is there!

[ Reply to This | # ]

[ Reply to This | # ]

[ Reply to This | # ]

SCO's chief financial officer, Robert Bench, has a side job as a partner in a Utah consulting firm that last year billed SCO for $71,200. Still doesn't explain why he needs to sell 7,000 shares a month to pay his tax bill.

[ Reply to This | # ]

I agree that MS are probably not directly involved but paying somewhere between 7 and 12 million dollars for a license for something you haven't even got and getting some questionably legal marketing in the process doesn't count as clean hands in my book.

Unfortunately even if it did become clear to IBM during discovery that that was what had happened I'm not sure IBM would say as they'd probably rather not have MS as a co defendant to their counter claims, it does them more good to totally destroy SCO rather than having to fight the better lawyer MS could afford.

[ Reply to This | # ]

Oh yeah- one more thought- why is SCO only accepting credit card orders? Because they can put ANYTHING THEY WANT on the receipt for that order. Sort of absolving themselves of any liability in the matter........

1) at the begining of the call state that your recording the phone calls for audit purposes.

2) Ask for a receipt to be mailed to you along with a hard copy of the licence.

3) If they put something else (not agreed on over the phone) on the receipt you could then question the CC transaction with the bank and have them investigate it.

[ Reply to This | # ]

This REAKS of fraud! How can one company buy something that another company cannot. The rep also said that licneses were being sold on a user specific basis what ever that mean.

[ Reply to This | # ]

Yeah, always have to get that permission with telephone calls. One can get away with bugging meeting rooms and offices and even their own person, but man- bug a phone call and you can get into deep doo-doo <G>.

If the SCO salesman ever calls back, I will ask for permission to record the call. My guess is that the suggestion will fly like a brick.

[ Reply to This | # ]