Welcome!

Linux Authors: Carmen Gonzalez, Pat Romanski, Elizabeth White, Victoria Livschitz, Ignacio M. Llorente

Related Topics: Open Source, Linux

Open Source: Article

SCO CEO Posts Open Letter to the Open Source Community

Slams fundamental flaws in Linux development and lousy business model

In an open letter to the OS community, Darl McBride writes: 'The most controversial issue in the information technology industry today is the ongoing battle over software copyrights and intellectual property. This battle is being fought largely between vendors who create and sell proprietary software, and the Open Source community. My company, the SCO Group, became a focus of this controversy when we filed a lawsuit against IBM alleging that SCO's proprietary Unix code has been illegally copied into the free Linux operating system...' Read the full letter here:

The most controversial issue in the information technology industry today is the ongoing battle over software copyrights and intellectual property. This battle is being fought largely between vendors who create and sell proprietary software, and the Open Source community. My company, the SCO Group, became a focus of this controversy when we filed a lawsuit against IBM alleging that SCO’s proprietary Unix code has been illegally copied into the free Linux operating system. In doing this we angered some in the Open Source community by pointing out obvious intellectual property problems that exist in the current Linux software development model.

This debate about Open Source software is healthy and beneficial. It offers long-term benefits to the industry by addressing a new business model in advance of wide-scale adoption by customers. But in the last week of August two developments occurred that adversely affect the long-term credibility of the Open Source community, with the general public and with customers.

The first development followed another series of Denial of Service (DDoS) attacks on SCO, which took place two weeks ago. These were the second and third such attacks in four months and have prevented Web users from accessing our web site and doing business with SCO. There is no question about the affiliation of the attacker – Open Source leader Eric Raymond was quoted as saying that he was contacted by the perpetrator and that “he’s one of us.” To Mr Raymond’s partial credit, he asked the attacker to stop. However, he has yet to disclose the identity of the perpetrator so that justice can be done.

No one can tolerate DDoS attacks and other kinds of attacks in this Information Age economy that relies so heavily on the Internet. Mr Raymond and the entire Open Source community need to aggressively help the industry police these types of crimes. If they fail to do so it casts a shadow over the entire Open Source movement and raises questions about whether Open Source is ready to take a central role in business computing. We cannot have a situation in which companies fear they may be next to suffer computer attacks if they take a business or legal position that angers the Open Source community. Until these illegal attacks are brought under control, enterprise customers and mainstream society will become increasingly alienated from anyone associated with this type of behavior.

The second development was an admission by Open Source leader Bruce Perens that UNIX System V code (owned by SCO) is, in fact, in Linux, and it shouldn’t be there. Mr Perens stated that there is “an error in the Linux developer’s process” which allowed Unix System V code that “didn’t belong in Linux” to end up in the Linux kernel (source: ComputerWire, August 25, 2003). Mr Perens continued with a string of arguments to justify the “error in the Linux developer’s process.” However, nothing can change the fact that a Linux developer on the payroll of Silicon Graphics stripped copyright attributions from copyrighted System V code that was licensed to Silicon Graphics under strict conditions of use, and then contributed that source code to Linux as though it was clean code owned and controlled by SGI. This is a clear violation of SGI’s contract and copyright obligations to SCO. We are currently working to try and resolve these issues with SGI.

This improper contribution of Unix code by SGI into Linux is one small example that reveals fundamental structural flaws in the Linux development process. In fact, this issue goes to the very heart of whether Open Source can be trusted as a development model for enterprise computing software. The intellectual property roots of Linux are obviously flawed at a systemic level under the current model. To date, we claim that more than one million lines of Unix System V protected code have been contributed to Linux through this model. The flaws inherent in the Linux process must be openly addressed and fixed.

At a minimum, IP sources should be checked to assure that copyright contributors have the authority to transfer copyrights in the code contributed to Open Source. This is just basic due diligence that governs every other part of corporate dealings. Rather than defend the “don’t ask, don’t tell” Linux intellectual property policy that caused the SCO v IBM case, the Open Source community should focus on customers’ needs. The Open Source community should assure that Open Source software has a solid intellectual property foundation that can give confidence to end users. I respectfully suggest to Open Source developers that this is a far better use of your collective resources and abilities than to defend and justify flawed intellectual property policies that are out of sync with the needs of enterprise computing customers.

I believe that the Open Source software model is at a critical stage of development. The Open Source community has its roots in counter-cultural ideals – the notion of “Hackers” against Big Business – but because of recent advances in Linux, the community now has the opportunity to develop software for mainstream American corporations and other global companies. If the Open Source community wants its products to be accepted by enterprise companies, the community itself must follow the rules and procedures that govern mainstream society. This is what global corporations will require. And it is these customers who will determine the ultimate fate of Open Source – not SCO, not IBM, and not Open Source leaders.

Some enterprise customers have accepted Open Source because IBM has put its name behind it. However, IBM and other Linux vendors are reportedly unwilling to provide intellectual property warranties to their customers. This means that Linux end users must take a hard look at the intellectual property underpinnings of Open Source products and at the GPL (GNU General Public License) licensing model itself.

If the Open Source community wants to develop products for enterprise corporations, it must respect and follow the rule of law. These rules include contracts, copyrights and other intellectual property laws. For several months SCO has been involved in a contentious legal case that we filed against IBM. What are the underlying intellectual property principles that have put SCO in a strong position in this hotly debated legal case? I’d summarize them in this way:

“Fair use” applies to educational, public service and related applications and does not justify commercial misappropriation. Books and Internet sites intended and authorized for the purpose of teaching and other non-commercial use cannot be copied for commercial use. We believe that some of the SCO software code that has ended up in the Linux operating system got there through this route. This violates our intellectual property rights.

Copyright attributions protect ownership and attribution rights –they cannot simply be changed or stripped away. This is how copyright owners maintain control of their legal rights and prevent unauthorized transfer of ownership. Our proprietary software code has been copied into Linux by people who simply stripped off SCO’s copyright notice or contributed derivative works in violation of our intellectual property rights. This is improper.

In copyright law, ownership cannot be transferred without express, written authority of a copyright holder. Some have claimed that, because SCO software code was present in software distributed under the GPL, SCO has forfeited its rights to this code. Not so – SCO never gave permission, or granted rights, for this to happen.

Transfer of copyright ownership without express written authority of all proper parties is null and void.

Use of derivative rights in copyrighted material is defined by the scope of a license grant. An authorized derivative work may not be used beyond the scope of a license grant. License grants regarding derivative works vary from license to license – some are broad and some are narrow. In other words, the license itself defines the scope of permissive use, and licensees agree to be bound by that definition. One reason SCO sued IBM is due to our assertions that IBM has violated the terms of the specific IBM/SCO license agreement through its handling of derivative works. We believe our evidence is compelling on this issue.

The copyright rules that underlie SCO’s case are not disputable. They provide a solid foundation for any software development model, including Open Source. Rather than ignore or challenge copyright laws, Open Source developers will advance their cause by respecting the rules of law that built our society into what it is today. This is the primary path towards giving enterprise companies the assurance they need to accept Open Source products at the core of their business infrastructure. Customers need to know that Open Source is legal and stable.

Finally, it is clear that the Open Source community needs a business model that is sustainable, if it is to grow beyond a part-time avocation into an enterprise-trusted development model. Free Open Source software primarily benefits large vendors, which sell hardware and expensive services that support Linux, but not Linux itself. By providing Open Source software without a warranty, these largest vendors avoid significant costs while increasing their services revenue. Today, that’s the viable Open Source business model. Other Linux companies have already failed and many more are struggling to survive. Few are consistently profitable. It’s time for everyone else in the industry, individuals and small corporations, to under this and to implement our own business model – something that keeps us alive and profitable. In the long term, the financial stability of software vendors and the legality of their software products are more important to enterprise customers than free software. Rather than fight for the right for free software, it’s far more valuable to design a new business model that enhances the stability and trustworthiness of the Open Source community in the eyes of enterprise customers.

A sustainable business model for software development can be built only on an intellectual property foundation. I invite the Open Source community to explore these possibilities for your own benefit within an Open Source model. Further, the SCO Group is open to ideas of working with the Open Source community to monetize software technology and its underlying intellectual property for all contributors, not just SCO.

In the meantime, I will continue to protect SCO’s intellectual property and contractual rights. The process moving forward will not be easy. It is easier for some in the Open Source community to fire off a “rant” than to sit across a negotiation table. But if the Open Source community is to become a software developer for global corporations, respect for intellectual property is not optional – it is mandatory. Working together, there are ways we can make sure this happens.

Best regards to all,

Darl McBride
CEO
The SCO Group

More Stories By Jeremy Geelan

Jeremy Geelan is Chairman & CEO of the 21st Century Internet Group, Inc. and an Executive Academy Member of the International Academy of Digital Arts & Sciences. Formerly he was President & COO at Cloud Expo, Inc. and Conference Chair of the worldwide Cloud Expo series. He appears regularly at conferences and trade shows, speaking to technology audiences across six continents. You can follow him on twitter: @jg21.

Comments (228)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Cultural, regulatory, environmental, political and economic (CREPE) conditions over the past decade are creating cross-industry solution spaces that require processes and technologies from both the Internet of Things (IoT), and Data Management and Analytics (DMA). These solution spaces are evolving into Sensor Analytics Ecosystems (SAE) that represent significant new opportunities for organizations of all types. Public Utilities throughout the world, providing electricity, natural gas and water, are pursuing SmartGrid initiatives that represent one of the more mature examples of SAE. We have s...
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons. In the IoT vision, every new "thing" - sensor, actuator, data source, data con...
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happens, where data lives and where the interface lies. For instance, it's a mix of architectural styles ...
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
An entirely new security model is needed for the Internet of Things, or is it? Can we save some old and tested controls for this new and different environment? In his session at @ThingsExpo, New York's at the Javits Center, Davi Ottenheimer, EMC Senior Director of Trust, reviewed hands-on lessons with IoT devices and reveal a new risk balance you might not expect. Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is co-author of t...
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, discussed how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money!
The Internet of Things will put IT to its ultimate test by creating infinite new opportunities to digitize products and services, generate and analyze new data to improve customer satisfaction, and discover new ways to gain a competitive advantage across nearly every industry. In order to help corporate business units to capitalize on the rapidly evolving IoT opportunities, IT must stand up to a new set of challenges. In his session at @ThingsExpo, Jeff Kaplan, Managing Director of THINKstrategies, will examine why IT must finally fulfill its role in support of its SBUs or face a new round of...
One of the biggest challenges when developing connected devices is identifying user value and delivering it through successful user experiences. In his session at Internet of @ThingsExpo, Mike Kuniavsky, Principal Scientist, Innovation Services at PARC, described an IoT-specific approach to user experience design that combines approaches from interaction design, industrial design and service design to create experiences that go beyond simple connected gadgets to create lasting, multi-device experiences grounded in people's real needs and desires.
Enthusiasm for the Internet of Things has reached an all-time high. In 2013 alone, venture capitalists spent more than $1 billion dollars investing in the IoT space. With "smart" appliances and devices, IoT covers wearable smart devices, cloud services to hardware companies. Nest, a Google company, detects temperatures inside homes and automatically adjusts it by tracking its user's habit. These technologies are quickly developing and with it come challenges such as bridging infrastructure gaps, abiding by privacy concerns and making the concept a reality. These challenges can't be addressed w...
The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup loading complex sites necessitates hundreds of DNS queries. In addition, as more internet-enabled ‘Things' get connected, people will rely on DNS to name and find their fridges, toasters and toilets. According to a recent IDG Research Services Survey this rate of traffic will only grow. What's driving t...
Connected devices and the Internet of Things are getting significant momentum in 2014. In his session at Internet of @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, examined three key elements that together will drive mass adoption of the IoT before the end of 2015. The first element is the recent advent of robust open source protocols (like AllJoyn and WebRTC) that facilitate M2M communication. The second is broad availability of flexible, cost-effective storage designed to handle the massive surge in back-end data in a world where timely analytics is e...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will want to use their existing identities, but these will have credentials already that are (hopefully) i...
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect at Hookflash, will walk through the shifting landscape of traditional telephone and voice services ...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Architect for the Internet of Things and Intelligent Systems at Red Hat, described how to revolutioniz...
Bit6 today issued a challenge to the technology community implementing Web Real Time Communication (WebRTC). To leap beyond WebRTC’s significant limitations and fully leverage its underlying value to accelerate innovation, application developers need to consider the entire communications ecosystem.
The definition of IoT is not new, in fact it’s been around for over a decade. What has changed is the public's awareness that the technology we use on a daily basis has caught up on the vision of an always on, always connected world. If you look into the details of what comprises the IoT, you’ll see that it includes everything from cloud computing, Big Data analytics, “Things,” Web communication, applications, network, storage, etc. It is essentially including everything connected online from hardware to software, or as we like to say, it’s an Internet of many different things. The difference ...
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world.