My Visit to SCO
This essay describes my visit to SCO on June 17, 2003, to discuss SCO's claim that Linux infringes on its intellectual property rights. I visited the SCO office in Lindon, Utah, for about one hour. I spoke with Chris Sontag, Senior Vice President, Operating Systems Division, and with Blake Stowell, Director of Public Relations. In order to speak with them, I signed a non-disclosure agreement.
The short version of this essay is SCO's claims are unproven, as I expected would be the case before I went. The amount of information SCO was willing to show me was extremely limited, and it did not by itself prove that SCO's claims were true nor that its claims were false.
I won't give the full background here, as it is well covered elsewhere, such as on Karsten Self's page. The short version, as of June 17, 2003, is SCO has sued IBM, alleging that IBM took work that was the intellectual property of SCO and incorporated it into Linux (when I say "Linux" in this essay, I mean specifically the Linux kernel, not a complete distribution). SCO is the current owner of Unix, which originally was developed by AT&T. SCO, which used to be named Caldera, purchased the rights to Unix from a different company named SCO, which has since changed its name to Tarantella. Along with Unix, SCO purchased a number of contractual agreements, including one with IBM. SCO is alleging that IBM has violated that contract.
SCO also sent a letter to some 1,500 commercial users of Linux distributions, warning them that Linux may be an unauthorized derivative of code owned by SCO. That is, SCO alleges that Linux actually to some extent is owned by SCO and may not be distributed under the GPL. The letter further claims that users of Linux may have legal liability because of this.
SCO said it would provide evidence that Linux is a derivative of Unix to independent analysts. With the help of Don Marti, Editor in Chief of Linux Journal, I contacted SCO and offered to be one of those analysts. SCO agreed, subject to my signing the NDA and traveling to its headquarters in Lindon, Utah.
SCO's legal case is complicated by the fact that when SCO was named Caldera it was itself a Linux distributor, and it may have distributed, under the GPL, the code which it now claims to own. It also complicated by allegations that SCO has incorporated Linux code under the GPL into UnixWare. These issues may indeed cause SCO's legal case to founder, but not in the way I would prefer it to founder.
I took the trouble to visit SCO because I care about what happens to free software in general and Linux in particular. The SCO claims have put a cloud over Linux. I have heard speculation from business acquaintances that the free versions of Linux will be shunned by corporate IT users, who will be unwilling to take the legal risk of using it. I don't think that would be good for Linux or for free software.
I remember the AT&T case against BSDI and the University of California, which arguably stalled BSD development for a few years. Indeed, it arguably was the root cause of Linux's popularity, because Linux development was not stalled. SCO's case against IBM is in some ways a reprisal of the AT&T case, and I fear that it has a similar potential to stall Linux development.
SCO was willing to speak only with people who signed a Draconian non-disclosure agreement (NDA), one which essentially permitted SCO to declare any information it provided to be confidential, regardless of whether the signer already knew it, and which offered no circumstances under which that information could be revealed. Most Linux developers are unable to sign such an NDA, as it easily could prevent them from ever again working on the kernel. Similarly, employees of any company that works with Linux cannot sign such an NDA.
I have never contributed to the Linux kernel myself. However, I have worked with free software for over 10 years, including acting as a maintainer for projects owned by the Free Software Foundation. I have plenty of personal knowledge of how free software development works. I currently am not employed by anybody, but simply working as a contractor on work not related to Linux.
Thus, I felt going in that I was in a good position to sign the NDA and to analyze the information that SCO presented to me. While SCO easily could have made it impossible for me to contribute to the Linux kernel, it had no reason to do so. In any case, I had no particular plans to do any kernel work.
Before going to meet SCO, I asked three times if it would be willing to change the NDA. I suggested that SCO should change the NDA to permit the disclosure of information when legally required by a court and to permit the disclosure of information when SCO specifically agrees to it. I also suggested the NDA should be changed so that information I already knew before meeting could not be treated confidential. The only response I received was SCO forwarded my suggestions to its counsel.
As it turned out, SCO actually showed me very little confidential information.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- The Death of RoboVM
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide