The Tide Turns
By Pamela Jones
Groklaw
July 26, 2003
When Gartner [ http://news.com.com/2100-1016_3-5055697.html ] put out its cautionary
message [ http://news.com.com/2100-1016-1012162.html?tag=nl ], telling companies
to hold off on Linux for now and consider going with MS or UNIX instead, I didn't
post it, because I was waiting for more analysts to react. Besides, this is an anti-FUD
site. Aside from Gartner and the lovely and tireless Ms. DiDio, I can't find anyone
taking SCO's licensing plan seriously.
Oh, wait. I forgot Bill Gates [ http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=43532
]. This SCO wannabe now says that Microsoft code is in Linux and that Linux will
suffer in the commercial market because of the lawsuit and the GPL. Here's his "reasoning":
"However, Gates said the controversy has exposed a fundamental weakness of Linux--that
the General Public License (GPL) makes it difficult for companies to engage in the
cross-licensing deals that have become standard in the software industry.
"That's a big Achilles heel, Gates said. Under the GPL, all tweaks and applications
developed for the operating system must be released to the community. That restriction
does not hold true on commercial versions. Gates predicted that the intellectual
property and GPL issues will eventually create enough inertia to hurt Linux's acceptance
in commercial settings. . . .
"However, Gates said intellectual property from SCO and other companies--including
Microsoft--has found its way into the code.
"'There's no question that in cloning activities, IP from many, many companies,
including Microsoft, is being used in open-source software,' Gates said. 'When people
clone things, that often becomes unavoidable.'
"'Linux is a form of Unix, like FreeBSD was...'"
um...no, it isn't, Bill. BSD is, but Linux isn't. Summer school for you. It's no
headline he doesn't like the GPL, but did you catch his reason? It's different than
what he is used to in the proprietary world. That's like saying cars are no good
because they don't have horses to pull them. It's not a bug, Bill. It's a feature.
This is part of the problem, and it's also why the tide is turning: SCO and its
cronies do not get the GPL. This is their Achilles heel. A lot of reporters don't
get it yet either, although I am sure with time they will, particularly if they
follow Stephen Shankland's example [ http://news.com.com/2100-1012_3-5055061.html
] and actually start asking lawyers about it. I would suggest that he start talking
to some GPL legal experts, but at least he's trying.
He could ask IBM's lawyers. They went to law school, and they believe the GPL trumps
SCO. IBM has leaked a memo, to reassure its customers. Or at least I believe they
must have, because IBM employees don't speak out when they are told not to, do they
IBM tech guys? Whoever leaked it, it's helpful, because IBM says the GPL stands
squarely against SCO's claims:
"'SCO itself has distributed Linux under the GNU General Public License (GPL), which
grants a free copyright license and requires that users be granted the right to
freely redistribute the code free of claims,' Bob Samson, vice president of IBM's
systems sales, said in the message, which was seen by CNET News.com. IBM confirmed
the authenticity of the memo. 'SCO has not explained how it can now make a claim
in the face of its distribution of Linux under these terms,' Samson said."
Do you think IBM's attorneys understand both copyright law and the GPL?
Forced against the wall, SCO has finally given their explanation, but it makes no
GPL sense:
"On Friday, SCO spokesman Blake Stowell reiterated the company's earlier position
that the GPL provisions don't apply because SCO is the Unix copyright holder and
it never placed the copyrighted code under the GPL.
"'Distributing a product is not the same as contributing to a product,' Stowell
said Friday. In other words, the mere act of distributing GPL-covered code isn't
sufficient; the copyright holder also has to deliberately release the code as open-source,
he said. 'The copyright holder has to knowingly contribute this code.'"
Um... off to GPL summer school for Blake. You can join Bill's class. At least Bill
sort of gets that part, as he explained in the aforementioned article, "The way
the GPL works, if you license any Linux, you have to license all Linux." Why, yes,
Bill, almost. Under the GPL, distribution under the GPL means you've chosen the
GPL, irrevocably. Those are its terms. It's a license on top of copyright. Homework
assignment: reread the GPL [ http://www.gnu.org/licenses/licenses.html#GPL ]. Extra
credit if you read Eben Moglen's statement [ http://www.fsf.org/philosophy/sco-statement.html
] about SCO and the GPL.
If you never bothered to look and see what you were distributing, well, you coulda,
woulda, shoulda. Not that I, for one, believe for a minute that this is what happened.
Cf. here [ http://radio.weblogs.com/0120124/2003/07/20.html ] and here [ http://radio.weblogs.com/0120124/2003/07/17.html
] and here [ http://radio.weblogs.com/0120124/2003/07/08.html ] and here [ http://radio.weblogs.com/0120124/2003/07/12.html
] and here [ http://radio.weblogs.com/0120124/2003/06/13.html ].
There's more to the IBM memo:
"'This appears to be another desperate, unfair and unsupported attack on Linux in
an attempt to wring money from customers without providing any factual basis as
to why they should pay,' Samson said. 'SCO's statements consist of bare allegations
without supporting facts. SCO has yet to identify the code which it claims is infringing
in Linux, nor has it offered to openly disclose the code to the Linux community.'"
Here's [ http://news.com.com/2100-1016_3-5055697.html ] who is not on Gartner and
DiDio's side of the fence:
Illuminata's [ http://news.com.com/2100-1016_3-5055697.html ] Gordon Huff --"That SCO's claims are not laughable, but merely enormously suspect, is no reason for
corporations to start a Chicken Little routine at significant cost."
RFG [ http://news.com.com/2100-1016_3-5055697.html ] -- "RFG believes corporate
users of Linux should not discontinue their deployments, because the merits of SCO's
case appear to be extremely thin," said RFG analyst Chad Robinson. "SCO appears
to be attempting to extort funds from the Linux market without substantiating its
claims in ways that allow users to respond."
Forrester Research [ http://news.com.com/2100-1016_3-5055697.html ] --"Stacey Quandt
said companies must proceed according to their tolerance for risk, but that so far
SCO hasn't shown enough information to convince companies they need to sign up for
a Unix license. 'Signing a license based on allegations and not facts just doesn't
make sense,' she said."
IDC [ http://www.infoworld.com/article/03/07/25/29NNsco_1.html ] --"'This is more
of a PR move in an attempt to put pressure on end-user organization to put pressure
on IBM to settle quickly,' said Dan Kuznetsky, an analyst at Framingham, Mass.-based
IDC. Like other observers, he questioned the wisdom of buying an SCO license sight
unseen. 'What happens if they lose? Are they going to issue refunds? The cart and
the horse are in reverse order here.'"
Jeffrey Neuberger [ http://www.infoworld.com/article/03/07/25/29NNsco_1.html ],
an IP lawyer at the New York firm Brown Raysman Millstein Felder & Steiner --"I
think everybody who is involved should be monitoring the situation, but I don't
think there is any cause for sudden alarm or hasty actions. . . .History shows that
these things have a way of working out. This is a very high-profile case, but it's
very likely that it will be resolved in a way that leaves the user base untouched."
Bill Claybrook [ http://www.technewsworld.com/perl/story/31196.html ], the first
analyst to honestly tell the world that there was no way to know in which direction
identical code travelled (see second article down [ http://radio.weblogs.com/0120124/2003/06/12.html
] ), after he saw the SCO lines of code, calls the license scheme "nonsense" and
says customers are just going to wait and see. --"'They're just waiting and seeing,'
he said, adding that the SCO-IBM legal fight might not be resolved for two years
or longer. 'They believe IBM will come out of this and they won't be hurt in the
meantime.' Calling SCO's attempts to sell licenses to Linux users 'nonsense,' Claybrook
questioned why any company should buy such a license before even determining whether
it is really required."
Datamonitor [ http://news.zdnet.co.uk/story/0,,t269-s2138189,00.html?rtag=zdnetukhompage
] expects a legal backlash against SCO -- "By targeting end users in its legal fight
against Linux, SCO is making some very powerful enemies, and should expect a legal
backlash, according to analyst firm Datamonitor."
Commentwire [ http://www.commentwire.com/commwire_story.asp?commentwire_ID=4634
] says the licensing scheme is designed to avoid a court fight, but SCO has made
big pocket enemies now, like IBM, Dell, Oracle, and HP -- "It is in the interests
of Linux vendors and users to challenge SCO's claims of copyright infringement and
to seek to force it to prove its claims in a court of law. While SCO's licensing
scheme is designed to keep the alleged Linux copyright infringements out of court,
it may well be that Linux supporters will prefer to argue their case in front of
a judge."
Meanwhile, Netcraft [ http://www.technewsworld.com/perl/story/31196.html ] reports
IT companies are not paying attention to SCO:
"Recent figures from British researcher Netcraft indicate that SCO's licensing scheme,
taking shape in a new business division at the Unix software seller, has not deterred
continued deployment of Linux in the enterprise IT shop.
"'It may well be that although SCO has generated an enormous amount of attention
from the media and the Linux evangelists, it does not presently have the attention
of IT practitioners in large companies,' Netcraft said in a statement.
"Netcraft credited three elements for the Linux operating system's penetration into
the IT departments of more than 100 major corporations in the past two months: A
successful conclusion to SCO's lawsuit is extremely unlikely; the costs of migrating
from Linux to FreeBSD at a later date are small; and companies are committed to
migration strategies and do not intend to change course."
Here is the kicker. While Gartner's George Weiss was suggesting MS and UNIX, the
research director [ http://www.vnunet.com/News/1142577 ] at Gartner says something
different: "'SCO is being opportunistic ahead of the lawsuit with IBM by exploiting
nervousness and trying to create as much fear, uncertainty and doubt as possible,'
said Andy Butler, research director at Gartner.
"He explained that Gartner is not authorised to give legal advice but has advised
clients that 'they should not be blasé and should follow events carefully if they
have significant Linux exposure.'
"'Users should not start waving their cheque books as there is no legal precedent
for what SCO is demanding and it is not clear what laws have been broken,' he added."
Maybe George didn't get the memo. Good for you, Andy. He says he believes this is
an attempt to "hobble the open source movement by depressing the market for evolving
the source code. Agreeing to using Linux in run-only, binary format would mean that
Linux code would become like proprietary Windows or Solaris code. Users would have
no right to change or distribute the source code. The source code would remain locked
away. SCO is trying to derail the Linux train." Somebody at Gartner's has a clue.
Linux users are also sticking with Linux. Here's [ http://www.vnunet.com/News/1142577
] a sample:
Reliance Mutual, an insurance firm -- "We will ignore SCO's demands and wait and
see what happens. We purchased Red Hat in good faith and are up and running and
have contractual agreements with them. We would be daft to set a precedent. I don't
see that SCO's claims will make a huge impact on the freeware market as it is so
well established."
Repton, a reseller --"Nobody is saying they need to be careful because of SCO. We
do a lot of work with software vendors in the finance and banking industry and they
are all migrating to Linux because that's what the customers say they want. Customers
are not saying that they'll stop using Linux. None have come to us expressing concern."
Netcraft also says [ http://www.techweb.com/wire/story/TWB20030725S0007 ] Linux
is actually gaining in the marketplace, reporting that in the last two months, Linux
has made a net gain of over 100 enterprise sites, including the following major
U.S. companies: Charles Schwab and European corporations such as Deutsche Bank.
ZDNET [ http://zdnet.com.com/2100-1104_2-5053636.html ] adds this:
"Schwab in particular is notable, Netcraft spokesman Mike Prettejohn said, because
its site has been one of the heaviest users of Secure Sockets Layer (SSL) encryption,
a demanding technology for which Linux faces more competition from commercial products.
"Schwab and T-Online had been using Sun Microsystems' Solaris operating system.
SunGard, Deutsche Bank and Royal Sun Alliance switched from various versions of
Windows.
"Linux lost some places, though. Colt switched from Linux to Windows Server 2003,
while National Service Industries and Valero switched to Windows 2000, Netcraft
said."
Before you switch to Microsoft as Gartner suggests, you might want to look before
you leap and consider your security issues mentioned this year by Cert here [ http://www.cert.org/advisories/CA-2003-18.html
] and here [ http://www.cert.org/advisories/CA-2003-16.html ] and here [ http://www.cert.org/advisories/CA-2003-14.html
] and here [ http://www.cert.org/advisories/CA-2003-08.html ] and here [ http://www.cert.org/advisories/CA-2003-04.html
]. Just today, there's this warning [ http://ww.computerworld.com/securitytopics/security/story/0,10801,83221,00.html
] about Windows Server 2003:
"It is probably the most serious vulnerability that we have seen from Microsoft
in the past 12 to 18 months," said Chris Rouland, director of Internet Security
Systems Inc. in Atlanta.
Then there's that pesky they-can-break-any-Windows-password in 14 seconds story
[ http://news.com.com/2100-1083_3-5055050.html ], from a few days ago. Others here
[ http://news.com.com/2100-1002_3-5055759.html?tag=lh ] and here [ http://www.computerworld.com/securitytopics/security/story/0,10801,83125,00.html
] and here [ http://silicon.com/news/500011-500001/1/5264.html ]. Or read the security
report [ http://www.macobserver.com/article/2003/07/25.4.shtml ] on voting machine
software on Windows CE, which found horrible security issues, which drew this reaction
[ http://news.com.com/2100-1009_3-5054088.html?tag=fd_top ] from Avi Rubin, an associate
professor of computer science at Johns Hopkins University:
"Windows has a long history of new releases of patch just about every week," he
said. "You can't run voting machines on Windows."
If you can't run voting machine software, which is fairly simple in functionality,
after all -- if you leave off deliberate back doors -- what can you safely run on
Windows?
Or just go to Google and search [ http://news.google.com/news?hl=en&edition=usa&q=Microsoft+security
] for "Windows security" and see what you find.
In fact, Robert X. Cringely said [ http://www.infoworld.com/article/03/07/25/29OPcringely_1.html
] today that he's training his dog to be a seeing-eye dog: "I thought I'd rent him
out to programmers who've gone blind trying to patch all the security holes in Windows
Server 2003."
Oh, Homeland Security is warning [ http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=43556
] us that hackers are about to exploit one of the above Windows vulnerabilities.
And before you choose UNIX or any other proprietary software, maybe you should read
this study [ http://arxiv.org/abs/cond-mat/0306511 ], just out and reported on in
Nature [ http://www.nature.com/nsu/030623/030623-6.html ] and Ars Technica [ http://arstechnica.com/archive/news/1056608182.html
], that shows that open source beats proprietary at finding and fixing bugs. I found
out about the study from this blog [ http://csamuel.org/ ]. The blogger left a comment
on Groklaw I only tonight noticed. He reports that SCO's site still has information
about LinuxIA64 up here [ http://www.sco.com/developers/ia64/ ], speaking of what
really happened. Note the url.
Do you like Ragu? Hellman's mayonnaise? Bertolli olive oil? I sure do now. The company
that makes them, Unilever, just joined [ http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,83397,00.html?SKC=news83397OSDL
], the first non-IT company to do so. The company plans to adopt Linux for its IT
systems in all 80 countries where it operates.
Ladies and gentlemen of the jury, I rest my case. When Hellman's mayonnaise goes
GNU/Linux, the tide has turned.
3:26:41 AM
Copyright 2003 http://radio.weblogs.com/0120124/ - http://creativecommons.org/licenses/by-nc-nd/3.0/