Letters to the editor [LWN.net]

PLEASE do some real research before sounding off!

From:		Leon Brooks <leon@cyberknights.com.au>
To:		john.parkinson@cgey.com
Subject:		PLEASE do some real research before sounding off!
Date:		Thu, 3 Jul 2003 18:17:58 +0800
Cc:		thorgan@cio.com, koch@cio.com, letters@lwn.net

Dear John

Quoting http://www.cio.com/archive/070103/et_pundit.html -
> Second, a lot of the intellectual property in Linux is actually
> owned by companies that never officially agreed to make it
> available under an open-source license.

I'd like to see it named. If it is *ever* named, I can promise you it 
will be replaced with dizzying speed. The SCO Group (TSG, they are not 
The Santa Cruz Operation) won't tell us which of the IP they claim as 
their own supposedly is contained in Linux.

Mind you, TSG are claiming that everything since Babbage and Lovelace is 
conceptually included in their flavour of UNIX, which they have some 
licencing rights to (no patents, no trademark rights, and no official 
copyrights) and therefore they own everyone's OS, even Microsoft's.

Please, since you're obviously clear on what IP is involved, identify it 
for us so that we can wash our hands of it!

We play our cards with an open hand, John Parkinson. Everybody can see 
everything on our table. It makes no sense at all for us to steal code 
from anybody, because we know that it's out there for them to see, 
inspect, cross-reference, search, compare.

If TSG had any real evidence of plagiarism, they need only show it to us 
and it's gone, rewritten in a flash. The fact that they have so totally 
sanitised the handful of "evidence" so far seen (under NDA) that it 
can't possibly be identified among the 3 or 4 million lines of code in 
Linux speaks volumes for the weakness of their case.

I would expect TSG to sue people, and so should you - *if* you had done 
any serious research. Darl McBride has a history of being a suer, and 
The Canopy Group (the effective owners of TSG) are long-time suers too. 
If not Linux companies, then someone else.

Their barratry is against IBM alone, not any other Linux company or 
user, and it's over contractual limitations, not over patents or 
copyrights. TSG are disputing software that they never wrote.

> But there are others, including Microsoft, that could do the same
> if they chose. 

Yes, Microsoft are certainly at liberty to sue - but over what?

Microsoft's NT-series code-base is derived from MICA, a Vax/VMS variant 
so totally different to Linux even before it became MS-Windows that it 
would be much easier to write a new component from scratch than to try 
bending MS-Windows code to fit Linux. MS-Windows is alien to everything 
else. Linux, OS X, BeOS, Irix, FreeBSD all have more practices in 
common between them than MS-Windows has with anything else.

It's worth noting that VMS features military-grade security which can be 
enabled with very little effort, but MS-Windows NT and derivatives are 
notorious for their lack of security (to say nothing of MS-Windows 9X). 
Many of my own customers asked me to install Linux for them 
specifically because they knew it was more secure and robust than the 
MS-Windows systems they had previously been using.

> Open-source software is free in the sense of "free speech"
> (which carries with it the connotations of certain rights
> and obligations), not "free ride" (which implies something
> for nothing).

It can be both. The whole concept of price is a bit outdated when 
applied to Free/Open Source Software (FOSS). Someone who writes and 
releases FOSS can be "paid" in fame, in people improving his/her 
software for free, in people writing and improving related software for 
free, in work that was previously unavailable, in many ways.

For the company employing FOSS, the up-front cost can make a significant 
difference, and despite the many other advantages of FOSS it is often 
cited as the primary reason for adoption. But the real advantages of 
FOSS lie elsewhere, and the bigger ones are implicit in not being owned 
by a company. Microsoft's software, for example, can never enjoy these 
benefits to the same degree.

When a Microsoft employee writes software, it is Microsoft's software, 
not his/her own. When a FOSS programmer writes software, (s)he owns it. 
This one factor makes an enormous difference to the quality of product 
and responsiveness of support as viewed by the end user.

When a program is FOSS, somebody else can audit it for security flaws or 
useability, and change things to see what effect it has. This is much 
more effective than a company doing its own auditing, since the auditor 
brings very little of the author's corporate culture to the table with 
them; they test things in different and unexpected ways and so find 
more flaws.

When a program is FOSS, the authors are not as isolated from the end 
users as they are in a corporation. The feedback loop is so tight that 
it squeaks. When their program fails, the authors hear about it 
directly. They are often able to ask detailed questions on the spot 
that an ex-waiter with a tech-support knowledge base would never even 
think of.

When a program is FOSS, there's no doubt or prevarication about how it 
achieves any particular task. As well as debug-and-trace on a program 
that you're trying to get interoperating with it, you have complete 
access to the FOSS program for step-by-step and fine-grained diagnoses. 
And of course no point in mystery protocols or proprietary barnacles 
like lumps of binary amid one's XML.

If you want to learn about how a program, process or protocol works, you 
have a working practical real-world example before you to tweak and 
prod to your heart's content.

Nobody can force you to upgrade a FOSS program or accept new, intrusive, 
insecure, unstable or dangerous features of it; the same cannot be said 
of software with something to hide.

There are many, many ways besides the obvious ones in which FOSS saves 
you money, not just up front but also in TCO. Many of the TCO studies 
that I've seen do not even address these, yet time and time again I've 
seen an attribute peculiar to FOSS save an office several thousand 
dollars in consultancy time in ways that secret software could not.

> By my count, Red Hat issued more critical patches to its Linux
> distribution in 2002 than did Microsoft for the Windows 2000
> Server.

Which of RedHat's many Linux distributions? Did you remember to also 
count the patches for MS-SQL Server, MS-Office, MS-Exchange, 
MS-Outlook, Microsoft's games and so on?

Most modern Linux distributions include at least two each of SQL 
database servers, web servers, FTP servers, full-strength mail transfer 
agents, office suites, web browsers, email clients, instant messenger 
clients, multimedia players, integrated development environments, the 
list is endless. If Microsoft sold a CAD package, we'd even have 
something to compare patches with against with QCAD and friends.

From Microsoft, you get Windows, from Linux distributors, you get a full 
house. If you're going to compare, it must be on an apples-to-apples 
basis.

> The most successful open-source movement prior to Linux was the
> hacker movement

That statement is without rational meaning. There was no "hacker 
movement".

People swapped recipes long before Richard Stallman was born; his GNU 
tools long predate Linux (many of them predate the GNU Manifesto you 
mention) and were in their time wildly successful.

You mean "crackers" anyway, not "hackers". A cracker is malicious and 
destructive, a hacker is benign and constructive. Many crackers claim 
to be hackers, but they're mere wannabees.

Hardware hackers basically invented computers, built the working 
implementations that led to what you sit in front of today. All 
crackers really do is write viruses, boast, and destroy stuff.

Crackers are not predisposed to opening their sources, and often 
entertain themselves by burying unannounced back-doors in the 
closed-source "root kits" that they do release. Back Orifice, for 
example, is not Open Source.

> not exactly the kind of folks that corporate decision-makers
> want associated with their platform software

What you have done here is create that association ex nihilo. Without 
careless, destructive and purportedly authoritative statements along 
these lines, no other association between crackers and the people 
making quality FOSS code exists or can exist.

Have a look at the list of authors that contribute to a typical FOSS 
project: engineers, IT managers, scientists, system administrators. 
They are talented, constructive people. They exemplify the *enemies* of 
the destructive people you here claim sit in their places.

Do you get both fresh water and salt from the same spring? Do car 
thieves suddenly turn around to tune your car, add a towbar and fix any 
scratches for free?

To say that your assertion insults me as a FOSS developer is a gross 
understatement.

> Some of these folks (reportedly from the fringes of the
> open-source community) surfaced last week and shut down the
> SCO website with a targeted denial-of-service attack that
> used knowledge of Linux's innerworkings to improve its
> effectiveness.

And your evidence for that is...? Who reported that? Wouldn't it make 
more sense to assume that the attackers were black-hats glad to feel 
justified in doing something destructive?

If you're going to badmouth people, John, at least have enough sense to 
be able to defend yourself against the libel charges when they arrive.

> Is open source mature yet? Probably not-but it's certainly
> getting closer.

This statement is completely meaningless without comparison, and mostly 
meaningless with it. And do you use the software you damn with mixed 
praise? Would you really know what it's like?

Is KMail more mature than virus-flypaper MS-Outlook? Yes. Is PostFix 
more mature than resource-hog management-nightmare MS-Exchange? Yes. Is 
Linux more mature than lets-shove-everything-in-slash-etc SCO? Yes. Is 
The GIMP more mature than PhotoShop? No, but it can do things that 
PhotoShop can't. Is Apache more mature than IIS? Yes. Is OpenOffice.org 
more mature than MS-Office? That depends on what you're doing with it.

Software will never be "mature." There will always be more things you 
can do with it, more areas it can include and which it will be 
immature.

You should be asking questions like "Is a FOSS product available to do X 
which is at least as functional, secure and reliable as its secret 
counterparts?"

How does FOSS stack up on those terms? Web server? Check. FTP server? 
Check. SQL database? Check. File server? Check. Office suite? Check. 
Operating system? Check. VPN technology? Check. Mail application? 
Check. Web browser? Check. CD/DVD burner? Check. Development suite? 
Check. Sound editor? Check. Clustering? Check. Network management? 
Check. And so on. Pick a topic.

Many of those are wildly more successful than most privately held 
counterparts, and/or have two or more candidates for the slot.

For examples: Linux is pushing for the top seats in clustered computing, 
the same Linux that runs your workstation and maybe your router. The 
only other systems which seriously compete with it in the supercomputer 
arena are purpose-built Unices. Microsoft competes in TPC benchmarks 
only by using machines with twice the horsepower. Apache powers more 
than twice as many websites as IIS. Yes, "and so on".

> Encouraging independent developers is an important part of the
> innovation process in the software industry; and widely shared,
> adequately protected intellectual property is a powerful
> incentive for innovation.

You're describing the GPL. It encourages independent development by 
adequately protecting the intellectual property of FOSS developers 
against poaching, and innovation by providing enough prerequisites that 
each innovator doesn't have to re-invent the wheel by themselves.

But your article doesn't encourage independent development, it actively 
discourages it by undermining confidence in the very breed of software 
which is presently undergoing the most innovation.

The bottom line is that the "issues" you raise are all phantoms, mostly 
wrong and often insulting. If you were trying to write a balanced 
article, you failed. If you were trying to cast destructive doubt upon 
Linux, you succeeded.

Naysayers will be pointing to your article for years to come, not 
because they think it is in any way fair or balanced but because of the 
fear-inducing assertions in it.

I'd very much appreciate you publishing a retraction.

Cheers; Leon

-- 
http://cyberknights.com.au/     Modern tools; traditional dedication
http://plug.linux.org.au/       Committee Member, Perth Linux User Group
http://slpwa.asn.au/            Committee Member, Linux Professionals WA
http://linux.org.au/            Committee Member, Linux Australia

Comments (5 posted)

Opinion Piece: Taking the wind out of SCO's sails

From:		"conradsandx ." <conradsandx -at- junglemate -dot- com>
To:		<editor@lwn.net>, <lwn@lwn.net>
Subject:		Opinion Piece: Taking the wind out of SCO's sails
Date:		Thu, 3 Jul 2003 13:40:27 -0000

Opinion Piece: Taking the wind out of SCO's sails

The open-source community prides itself in being able to develop
useful and good quality software as well as quickly addressing bugs
& security issues. If a problem/obstacle appears on our path, we fix
it or work around it.

Why not take this to the next step, and apply it to legal matters ?
What I'm talking about is taking the wind out of SCO's sails,
by removing and/or replacing the code in the Linux kernel that
they have contention with; we have a pretty good idea what this
code is (I'll expand on this point later). While pre-emptively removing
code may seem like capitulating to SCO, it is not. We can always put
the code back in after the SCO vs IBM dust settles.

In the larger picture we all want the Linux/GNU system to replace
expensive and closed proprietary systems. To do this, we need the right
atmosphere, which has been brewing for quite some time. The problem
here is that SCO's legal actions have put question marks around
open-source software in people's minds (never mind that only the Linux
kernel is affected) - in effect the atmosphere for open-source is being poisoned.
Incidentally (or on purpose), this benefits Microsoft. The SCO vs IBM
lawsuit can last for _years_, with the very real possibility of stifling adoption
of open-source products for the foreseeable future.

We have a pretty good idea what areas in the Linux kernel SCO has
a problem with. After all, they're suing IBM, so the contributions
must have come from IBM (or from the companies that IBM recently
acquired, such as Sequent). Specifically, we have a clear idea that
the problem is with NUMA {Non Uniform Memory access} and
RCU {Read Copy Update} (see [1] and [2] for more information on this).
IBM's JFS should also be removed. I have nothing against JFS,
but what is at stake here is more than a replaceable file system;
moreover, I don't know how many people actually use JFS, but I'd
put a bet that it's a lot less than other journaling systems,
such as Ext3 and ReiserFS.

There's also the question of SMP. I'm not suggesting that SMP should
be removed (after all, the Linux kernel had SMP way before IBM got
interested in it) but a careful search should be done to see if IBM has
contributed to the SMP infrastructure.

I'm sure that Linux will be slower without NUMA and RCU, but it will
still work. Some people could be annoyed at the removal of JFS, but
we have other journaling file systems. As mentioned before, these
removed pieces could be put back in, once the legal wrangling is over.
In the meantime, the open-source community would have shown that
it is serious about respecting intellectual property rights (even if SCO's
case is proven to be baloney), which would go a long way to repairing
the atmosphere; ... and a good atmosphere is needed for the progress
of open-source.

References

[1] "Does SCO own read-copy-update?", http://lwn.net/Articles/36164/
[2] "Analyst who saw SCO 'evidence' ...",
http://www.theage.com.au/articles/2003/06/13/1055220751243.html