As you know, LinuxInsider printed an attack on me by Blake Stowell last week. Because they had not contacted me before they printed it, and because they got a lot of letters, the free-lance journalist, David Halperin, asked if I'd care to do a followup interview. I agreed. The resulting article is now online.
I do have some issues with the article as printed, which I have expressed to Halperin, but in all honesty, he seems a decent guy trying to understand the story and actually trying to be fair, even though the end result, in my opinion, misses the mark a little bit. I do appreciate the opportunity to answer, and I thank him for that.
They left out some of what I answered, which is to be expected, but I think the choices are interesting. The article begins by giving Stowell even more space to amplify his criticism, saying that they are including it for fairness' sake. Maybe that increases the fairness. Maybe not. Out of a 24-paragraph story, Stowell gets 6 to 8 paragraphs, depending on how you count, and that is about how much they cut from the answers I gave them. Since he had the original article all to himself, and I had no opportunity at all to speak, I wouldn't see that as altogether equal or fair. That is an editorial question, however, and that rests with them. It rests with us, however, to draw conclusions as we see fit.
I want you to know, though, that it's partly my fault, because I didn't understand that they intended to use the example as a part of the story. He had sent me the Stowell quotation a couple of days prior to sending me the actual interview questions, and while their first question was referring to his criticism of Groklaw as publishing "misinformation", I didn't understand that they would publish his specific example. I probably would have answered differently had I realized that was the plan. Because of rushing to meet their deadline and as a result not actually having the Stowell comment in front of me when I finally had a minute to answer the questions they had sent, which is my fault, not theirs, I thought they were just asking in general about how I felt about being accused of printing "misinformation".
I'm explaining all this because I'm trying to figure out this media business, and while I'm new to all this and learning on the job, I'm sharing what I learn with you, so we can learn together and help each other to interact more effectively with the mainstream media. I also think it's useful to politely let the media understand how we perceive their coverage and exactly why we think they are not being altogether impartial in their coverage, when they are not. My view is that we can be friendly and helpful to each other -- with some clear exceptions, some journalists with a hostile agenda I wouldn't interact with under any circumstances -- and respectfully try to understand the other's point of view, despite differences. Most journalists are just doing their job, under severe restraints as to space and time, and it's certainly true, as Halperin explained to me, that just because they quote someone like Stowell, it doesn't necessarily mean they support what he says.
One of the things they asked me about was whether I thought the community's alleged "religious zeal" causes it to overreact to criticism and if so, if it is counter-productive. You'll notice that they imply it in the introduction in describing hostile letters they got from the first article, but they don't include my response to the question. If they don't wish to be perceived as hostile to GNU/Linux, and I'm guessing by their name they would not wish to be so perceived, likely they will take those letters seriously, particularly if the letters are polite and written in a businesslike manner. At least they should, if they want readership longterm in the FOSS community. If that is not what they want, perhaps they should choose a different name, one that more accurately describes who they are.
Here is what was left out:
Question 2: At the close of the story, Mr. Stowell made serious insinuations about you, your motives and your backers. What is your response to them?
PJ: I would add this: By trying to get journalists to print where they think I live, they are putting me in danger. If you think I am exaggerating, take a look at what a SCO zealot posted on Yahoo's Finance message board, that if I was as pretty as Erin Brokovitch, he'd ... well, he seemed to have rape in mind.
Here is the message by a fervent long-time SCO booster, ledite, in message 102401.
Ask yourself, if you were me, how would you feel on reading that? My site also has been attacked and my email account has been abused.
SCO has crossed the line. They are bullies, and they have put me in danger. They make a big fuss about Darl "needing" bodyguards because it suits their PR, but there is no proof. At the same time, they have caused me potential harm and their supporter is threatening me. And will they repudiate that remark by their supporter, ledite? They should. They ought to find out from Yahoo who this individual is and make sure no harm comes to me. Otherwise, they are hypocrites.
Question 4: British security vendor and analyst mi2g recently issued a research report suggesting that while Linux was pretty secure if set up and administered properly, it was not, any more than any other OS, 100 percent secure, and that attacks on Linux servers online were not significant and increasing.
The response to that report from the open source community was, mi2g said, "as if a church had been desecrated."
They said, "there is a widespread reluctance to accept criticism in the Linux community even when it is genuinely in regard to the scarcity of skills available to administer Open Source OS servers or desktops", and, "the management of mi2g has been threatened with damage to reputation and online property unless more is preached in favour of Linux. mi2g would like to record that it carries no bias in favour of BSD or Apple Mac OS X, nor does it maintain any bias against Windows or Linux. Various allegations have been made in a variety of forums that mi2g is somehow biased in favour of proprietary software vendors. This is not true."
PJ: mi2g do not have a stellar reputation, not since the Y2k debacle. It's hard for some to take anything they say too seriously after that.
It's true that no operating system is totally safe unless you set it up properly. But it's also true that Linux is designed to be safer. For example, if you get a virus, even if it goes off (and you have to take several affirmative steps to make that happen), it's limited as to the damage it can do. You operate not as root, but in a partition for a user, so normally the user space might be affected but not the whole thing. Windows isn't designed that way. They designed it to all be interoperating, so if a virus hits you, it hits the works. To be safe, you pretty much have to turn off all the gismos that make it easy to use and turn off ports left open by default, etc. It's a design problem, which they know about and presumably will try to fix in Longhorn. Meanwhile, trying to portray GNU/Linux as if it had security issues as bad as or worse than Windows is a joke to anyone with any tech knowledge at all. It's just PR. I wrote an article about the difference in security on Groklaw , and Bruce Schneier's Cryptogram for November 15, 2003 linked to it and said: "Excellent analysis of the security of Windows vs. Linux."
The media doesn't understand why people react when lies or falsehoods are printed. It's because people don't like lies and falsehoods. The tech media is used to Microsoft users, who mostly don't know their nose from their big toe when it comes to computers. So they don't react to stories with inaccuracies. People who use GNU/Linux know computers well, so they spot nonsense a lot quicker, and yes, I suppose they get sick of reading nonsense, particularly nonsense they perceive to have been written for hire, so to speak, with MS money in the background tilting the stories against FOSS.
Question 4 cont.: I can understand such almost religious fervor when you consider that open source is to a great degree an idealistic movement, and that many people have invested a great deal of themselves in it personally. The emotion is to be expected. But if that pattern does indeed exist (please comment whether you think it does), do you think it is good for the open source movement? Is such ultra-defensiveness a useful weapon in a cut-throat world, or is it counter-productive?
PJ: To the extent it exists, I think it's counterproductive. I know it isn't likely Groklaw folks though. I've gotten lots of positive feedback from journalists about letters they have gotten from my readers, and I've asked everyone to always be polite. I personally think politeness is important.
The reference to Darl saying he needs bodyguards refers to a Bloomberg report. The LA Times had the Bloomberg report by Jonathan Berr that Darl is packing a gun [registration required] and also available here:
"Darl McBride, chief executive of SCO Group Inc., says he sometimes carries a gun because his enemies are out to kill him. He checks into hotels under assumed names. An armed bodyguard protected him when he gave a speech last month at Harvard Law School."
They cut the story. As sent by Berr, there was this added detail:
"McBride said he sometimes carries a gun, declining to
specify the type, and travels with armed guards. The gun is licensed, he said. Security officials have told him that convicted felons are behind the death threats, McBride said. 'When those are the types of people who are making threats on your life, you tend to take it more seriously,' he said."
This story worries me, because it seems to me that every time Darl starts with this type of gratuitous PR about threats, within a short time, SCO claims another "attack" on their servers or some such. Whether or not that is so, I have formed the impression that they are deliberately defaming the community as part of an overall strategy of trying to get the public to view users of GNU/Linux software as breakers of the law.
You'll remember that Darl has spoken about death threats from a felon before:
"Still, the attacks on SCO Group have at times gone beyond the bounds of the computer world. The company spokesman said that SCO executives' lives have been threatened. When SCO Group chief executive officer Darl McBride appeared at the Mandalay Bay Convention Center in Las Vegas in November to deliver a keynote speech at CD Expo, the company brought a sharpshooter along for protection.
"'We were aware of specific threats from someone who had already served time behind bars,' the spokesman said. 'If they've been there [in prison] before and evidently aren't afraid to go back, we have to take them seriously.'"
So, let me get this story straight, if that is possible. Back in November of 2003, the authorities knew that death threats were coming from one specific person, an individual who had been fingerprinted and imprisoned at one time, a felon. They knew who was allegedly doing this but now, four months later, they are still warning Darl about felons, now allegedly in the plural, and yet the authorities haven't made any arrests? Does that sound credible to you? Why didn't Berr follow up with this question? Your guess is as good as mine. I don't know. But it certainly seems like a valid question. Maybe he will now. Another question: why is Darl bringing it up now, again, out of the blue? Why continue to talk about it? And why, if there is nothing new, do a "news" story like this? What is new here?
Let me ask you another question: in all your time using GNU/Linux software, have you ever met anybody in the community with a criminal record? Heard about any felons?
As Richard Stallman has pointed out, any large community that is made up of millions of people may have a bad apple here or there. The number of users of GNU/Linux software is greater than the population of some countries in the UN. Linus doesn't screen who gets to use his kernel. That's how Darl got to use it. Neither does the FSF screen and choose who can use their software. Not yet, anyway. By the way, they are having their Second Annual FSF Associate Membership meeting on March 27, and this year, the meeting's speakers, I understand, will focus on SCO and related issues.
Fyodor does restrict SCO from using nmap, based on violations he charges them with regarding the GPL. He says that SCO appears to have stopped distributing nmap, but he asks if anyone notices them doing so, to let him know. "If anyone catches them distributing it again, please drop me an email so that I can take the next steps. -Fyodor @ Insecure.Org"
Stallman has used the analogy of New York City. There are murders in NYC every year, but the majority of New Yorkers are not murderers. People don't call on New Yorkers to repudiate murder, as if the fact that there are a minority of persons in NYC who murder means every New Yorker is a murderer or condones murder. SCO's "guilt by association" PR against the Linux community, asking the entire community to repudiate any attacks on SCO as if all users of this software are responsible for the actions of every other user of the software, is just that insulting and silly. Even if a user of GNU/Linux software were to commit a crime someday, it wouldn't reflect on the software or the greater community of people in all walks of life who use it. I don't personally know anyone who would *not* condemn such an attack, if it happened. Last I heard, MyDoom was written by professional Windows virus writers connected to spammer gangs in Russia, though.
If SCO calls on the Linux community, whatever that is, to repudiate such threats, and they have, then SCO needs to do the same. They need to repudiate the threat against me publicly and make it clear that they do not approve of such criminal threats. And they need to stop attacking me personally with false accusations and stop giving out to journalists where they believe I live, because in doing so, they are putting me in danger, not only creating a climate of danger but helping any maniac on the Internet to find and harm me. Stowell gave Halperin the name of the city in which he thinks I live. The exact city. Halperin redacted it, because he thought it wasn't appropriate to publish it. He was right. It isn't. If anything were to happen to me as a result, Stowell would be at least in part responsible, I feel. Darl can afford bodyguards. At the moment, my guess is I may need them more than he does.
Rape is a crime. One of SCO's fervent supporters has indicated that he would rape me, assuming I meet his beauty test. Applying Darl's logic, SCO's side are thus criminals who condone rape.
No? Not fair? SCO isn't responsible for one morally-debased SCO fan's threat against my person?
Then neither is the FOSS community responsible for the words of some lone felon, even if that tale is true, a fact not yet in evidence, even if he uses Debian or SuSE or Mandrake or Red Hat.
Journalists have a responsibility not to let themselves be used to spread Big Lies. Sometimes if you just sit and think a matter through logically to the end, it helps to avoid it happening.
By the way, Linus is quoted in the Berr report:
"'The real reason why people don't like SCO, and Darl McBride in particular, is that he is so dishonest,' Torvalds, 34, said in an e-mail."