Letters to the editor

Blessing and cursing

Good morning (well, it's morning here), Mr Weisman;
 
WRT http://www.iht.com/articles/2004/12/28/business/code.html -
> The improper use of open-source components, in the worst-case
> scenario, could subject companies to costly litigation from
> parties like SCO Group of Lindon, Utah.
 
I very much hope so. The more of these idiots that get spectacularly shot down
like TSG is, the fewer fellow idiots are going to try barratry as a career
path.
 
However, doing business today in any form exposes you to an ever-increasing
risk of suit. Open Source has nothing to do with the problem. Your article is
trying to draw a connection which does not exist.
 
> SCO says it owns intellectual property in the Linux open-source
> operating system
 
No they don't. Not in court, at least.
 
"Intellectual Property" comes in four basic forms: Patents, Copyrights,
Trademarks and Trade Secrets.
 
None of these are at issue in TSG vs IBM.
 
The case revolves around a contract dispute, and even the bulk of the material
involved in the contract dispute turns out to have been already Opened one
way or another.
 
> Jothy Rosenberg, chief executive and chief technical officer of
> Service Integrity,
 
Quoting an officer of a company with an immediate vested interest in the kind
of uncertainty generated by your article is hardly clever, to say nothing of
what it does to the authority of the quote.
 
> who this month ordered a 24-hour scanning of his company's Sift 3.5
> software during a "code freeze" before its introduction.
 
> "In this day and age, anybody building a commercial piece of software
> has got to do this. It's like buying insurance on your building."
 
It also has nothing substantial to do with Open Source.
 
If anything, Open Source makes Rosenberg's job much easier. Can you imagine
the fun and games involved in getting hold of a copy of (say) MS-Office's
source code so you can scan your software against it for copyright clashes?
 
> anyone who acquires and modifies open-source code must make their
> modified versions freely available to the public. Depending on how
> many files of code are covered and what is in them, such a
> requirement can sometimes be a major impediment for a proprietary
> software company.
 
Robert, this issue has long been dead and buried. It's hardly credible that
anyone writing with authority in any IT field can now claim to be ignorant of
this.
 
If you don't like the GPL, simply eschew the head-start gained by basing your
own code on it. Don't use it. Write your own code! Nobody's putting a gun to
your temple and forcing you to use anyone else's code, now, are they?
 
And again: can you imagine the trauma and hullabaloo which would ensue if you
based an application on the source code for Adobe Illustrator?
 
In every way, Open Source software gives you the advantages, the safety and
the choices and yet you're presenting it here as if it's a bad thing.
 
If Open Source software is the big risk-and-expense that you claim, then why
are these companies so eager to use it in the first place?
 
> Among the scariest aspects of the problem is that many business
> executives do not know whether open-source code is in their
> software, or they mistakenly presume that they have none. Either
> way, they could be setting themselves up for a lawsuit.
 
Two things to note here are that (1) if their control of their own product is
so pathetic, they really do deserve to go to the wall; and (2) if they steal
someone else's code, Open or closed, then they really do deserve to go to the
wall. Please let it happen soon, let natural attrition work its way so they
can be off our collective backs!
 
> Software developers working on "value-added" applications routinely
> borrow pieces of open-source code as building blocks for such
> functions as encryption, security or platform interfacing.
 
Let's have a look at those. SSL and TLS are widely used security protocols
provided by the OpenSSL library. OpenSSL uses a BSD-ish licence. All you need
to do to comply with this is include three short sentences in your product's
documentation:
 
    This product includes software developed by the OpenSSL Project for
    use in the OpenSSL Toolkit (http://www.openssl.org/). This product
    includes cryptographic software written by
    Eric Young <eay@cryptsoft.com>. This product includes software
    written by Tim Hudson <tjh@cryptsoft.com>.
 
Having done this, you can modify and derive OpenSSL to your heart's content.
It's not like an entire encryption layer is going to magically appear
unnoticed in your product, so if this bites you on the butt, you get bitten
for gross stupidity, not for using Open Source. Once again, contrast the
consequences with what would happen if you sliced a TLS layer out of
MS-Windows 2000 and used that instead.
 
Now a typical GPL example: Samba. The first question to ask is since this is a
complete CIFS implementation, independently functional, why would you want to
modify it? If you don't modify it, you don't need to release any source.
 
For the case where it is indeed tempting to borrow and expand a Samba
component, say you wanted to modify the "smbtorture" diagnostic tool to do
something hinky with the CIFS protocol so you can use it for your own private
authentication scheme, there are two major cases:
 
 1. What you want to do is trivial, in which case either just release
    the modified code or write it from scratch yourself (as you would
    do if Samba didn't exist); or
 
 2. What you want to do is not trivial, in which case the modifications
    will be extensive: so write your own code, it won't be that much
    extra work.
 
Proprietary software companies like BabelMedia use Samba every day. It hasn't
caused them any licence problems, they haven't put any of their own software
at risk, and they haven't gone out of their way at all to achieve this.
 
City administrations are notoriously sensitive to licence issues, and yet a
major driver of the City of Bergen's move to (GPLed) Linux has been the cost
savings in using (GPLed) Samba for file-serving.
 
Even if you don't use any Samba code, you'll still be ahead of the game by
using their excellent documentation, which in many places more accurately
reflects what's happening on the wire than Microsoft's own documentation.
 
> SCO has since sued DaimlerChrysler, AutoZone and Novell
 
The DC suit has since been dismissed and the other suits made dependent on the
outcome of the IBM suit, which as I mentioned above is looking very gloomy
for TSG. All of this is a matter of public record, as accessible to IT
journalists as to anyone else.
 
When the rubble finally stops bouncing, TSG are going to be an eloquent object
lesson for anyone else selfish enough to try blackmail as a business model.
 
> Businesses fear that SCO's flurry of lawsuits may be a sign of
> trouble to come.
 
Only businesses that are silly enough to believe ill-researched (I hope, since
the alternatives are not as pleasant) articles like that one.
 
Think of it as evolution in action. By scaring these companies away from Open
Source, you are leaving their competitors a clear field in which to take
advantage of it. Eventually, the companies gullible enough to believe that
article will be crushed by the absence of that competitive advantage. In the
long term, you're doing in your own target audience!
 
> Scott Nathan, a lawyer,
 
...with a vested interest in the outcome, like all of your references so
far...
 
> said. "If SCO is successful, there are going to be copycats."
 
There's the sand in your vaseline. For TSG to be successful in any meaningful
way, they'd have to first prove ownership of some significant piece of Linux,
then prove that they suffered damage by its inclusion, then identify the
person responsible for its inclusion and sue _them_ for the damages, rather
than some random corporation among the thousands using Linux.
 
And by the time they got that far, any offending code would be ripped and
replaced fast enough to create a sonic boom. There would be no ongoing
damages.
 
So far, they're not up to Step One.
 
Every time TSG tried to increase their ownership claims, they wound up in a
poorer position, and with more of the evidence involved now a part of the
public record. Amongst other things, a lot of the mystery surrounding the
original BSD court case has been cleared up, and evidence clearly pointing
out that Novell still own the copyrights etc on that disputed code has been
turned up. Read all about it from the original court documents here:
 
    http://www.groklaw.net/
 
    http://scofacts.org/
 
> "[...] you might be seen as a deep pocket" by litigious SCO copycats,
> said Thomas Carey, an attorney
 
Vested interest again? Goodness me, do you have _any_ independent opinions?
When have you _ever_ seen a lawyer give a non-fear-based non-worst-case
answer to a journalist?
 
> "If we violated something and get sued, their investments would
> vaporize like that," Rosenberg, the chief of Service Integrity, said.
 
I should hope so. Venture capital _should_ vanish in the face of gross
negligence.
 
Even so, and speaking of gross negligence, there are several remedies to
pursue with an Open Source inclusion, and your article hasn't even hinted
that any of them might exist.
 
Unlike the Microsofts and Adobes of the world, very few Open Source providers
are highly litigious. This means that if _someone_else_ discovers Open Source
code buried in your software, the usual remedy is to simply replace it.
 
The exact case you're waving about portentously has actually happened many
times already, but you again don't even hint that this might be so. Was this
gross carelessness again, or is there an agenda tucked away in there?
 
LinkSys were discovered to be running a modified version of Linux on some of
their routers. The remedy so far employed has been the publication of the
sources to the modified software, but not to the "secret sauce" network
interface driver. Open Source RTL8xxx drivers were subsequently written by
others.
 
The LinkSys WRT54G and related routers have since seen an increasing amount of
use as a cheap and readily available embedded platform, and LinkSys are
selling more of them as a result of having released their modifications as
they originally should have.
 
They've also skipped the royalties other embedded systems would have required,
and the expense and lead time of writing it all themselves from scratch.
 
In another example, Minitar were found to be using modified Linux in their
routers without releasing source, and the solution in this case was to
convince the network card manufacturer to Open their drivers, so the entire
codebase for the router could be released.
 
Again, Minitar are selling more gear through having Opened their code than
they would be if they hadn't, so again the solution has been beneficial all
round.
 
These two examples are reasonably representative. If you had the best
interests of your readers at heart, you would have encouraged them to find
out more and ride the Open Source bandwagon for all it's worth instead of
spreading TSG's fear-and-doubt propaganda.
 
Unlike traditional business where each participant fights for the biggest
share of a fixed-size pie, Open Source is all about making the whole pie
bigger.
 
Please get it right next time, if there is a next time.
 
Cheers; Leon
 
--
http://cyberknights.com.au/ Modern tools; traditional dedication
http://plug.linux.org.au/ Vice President, Perth Linux User Group
http://osia.net.au/ Member, Open Source Industry Australia
http://slpwa.asn.au/ Member, Linux Professionals WA
http://linux.org.au/ Member, Linux Australia

Comments (8 posted)

My open letter to Wlodzimierz Marcinski

 
Preface: This is an open letter from Mikko Rauhala of the Department
of Computer Science of the University of Helsinki to Undersecretary
Wlodzimierz Marcinski of Poland. Reproduction and publication are
permitted and encouraged as long as the text is unmodified. The
author would be glad to be notified of such publications via
E-mail to mjrauhal@cs.helsinki.fi, but this is not required.
 
 
        Dear Undersecretary Wlodzimierz Marcinski,
 
I was positively elated to hear about you standing up to the pressures
of certain other parties in the EU Council of Ministers and getting
the Software Patent Directive in its current form off of the Agenda
of the Council of Agriculture and Fisheries. The citizens of EU owe you
a debt of gratitude for this upstanding act of defending democracy,
innovation and competition within the Union.
 
I am sure you are more informed than myself about the backhanded
dealings within the Council to completely disregard the Parliament's
view on software idea patents in their so-called compromise text.
You can also probably well imagine the dealings that have led to
some parties' insistence on wider patentability. Nevertheless, in the
hope that it might prove somehow useful, I would like to offer my
admittedly limited insight on how things seem to have progressed here
in Finland, if even just to affirm what you might already reasonably
suspect.
 
In the autumn of 2003 there was a hearing on the Parliament's version
of the directive text here in Helsinki. Among others, the Department
of Computer Science of the University of Helsinki was invited. I had
already been working there for a couple of years, and the department
head appointed me as our official representative at the hearing. Also,
as it happens, Electronic Frontier Finland¹, which concentrates on
defending civil and consumer rights in the digital age, did not
receive a timely invitation to the hearing. Luckily, I happened to be
on the board of EFFI at the time, and was recognized as representing
them also.
 
With the notable exception of Finland's Parliament member Jyrki Kasvi,
who had come to the hearing uninvited, there were no other opponents
of software idea patents present, and neither were there any other
representatives of the scientific community. In fact, mostly the
participants seemed to be composed of three interest groups: big
business (as represented by Nokia), lawyers and the National Board of
Patents and Registration of Finland. In other words, these were people
who were standing to gain personally from wide patentability of
software ideas: Nokia could better strong-arm smaller competitors into
submission, patent lawyers would become indispensable for everyone
wishing to write and market software, and the patent office wouldn't
have to worry about losing work or funding any time soon.
 
Even though software idea patent proponents tend to talk about
such high ideals as promoting the progress of science and useful
arts, it comes as no big surprise that the actual opinion of the
part of the scientific community I was representing didn't carry
much weight in the proceedings, and that the civil rights issues²
were likewise dismissed altogether. It was also widely argued that the
EU Parliament's directive text was too unclear on what was patentable.
Curiously, the correct remedy seemed always to be to clearly allow
wide patentability of software ideas. On the whole, I would summarize
the hearing as the aforementioned parties asking for our government
to please make others give them more money (albeit not in such a
straightforward manner). The government apparently thought this
to be a reasonable suggestion.
 
Thus it came to pass that Finland supported walking over the EU
Parliament and sacrificing the interests of both private individuals
and small and medium-sized enterprises in favor of lawyers and
aspiring monopolists. Sadly, not many have had the courage to oppose
this practice of perverting supposedly democratic processes into
something better described as plutocracy.
 
I know that this particular fight is not over yet, and that there are
many other issues where the interests of the rich and the powerful are
likely to take precedence also in the minds of many a politician.
However, Poland's example gives me some hope in a democratic Europe
once more. Hopefully it will also inspire others, especially the EU
newcomers, to take a similar stand as equal members of the Union
and not be intimidated into compliance by entrenched political powers.
 
 
        Yours Truly,
        Mikko Rauhala
 
¹ See <URL: http://www.effi.org/index.en.html >. EFFI is also a
  founding member of European Digital Rights (EDRi), see
  <URL: http://www.edri.org/ >.
 
² I do consider it a civil rights issue when the rights of
  individuals to write original software and earn a living off of
  their work is threatened by monopolizing programming practices.
  Strangely enough, some do not.
 
 
--
Mikko Rauhala <mjrauhal@cs.helsinki.fi>
University of Helsinki

Comments (none posted)

Page editor: Jonathan Corbet