RealTime IT News

SCO CEO Chastises Open Source Community

Citing denial of service (DoS) attacks which took down the SCO Group Web site, and what he characterized as an admission by open source guru Bruce Perens that SCO's Unix System V code had been copied into Linux, SCO CEO Darl McBride Tuesday chastened the open source community for failing to police its own and using a "flawed" development model that doesn't respect intellectual property.

Since March, SCO has become the center of a whirlwind of controversy, with accusations that the open source Linux operating system is an unauthorized derivative of its Unix System V operating system.

In an open letter to the open source community Tuesday, McBride tore into the community over the denial of service (DoS) attacks that took down its Web site in August. McBride chastised the community for failure to police its own and said it risks its credibility with customers and the public.

"These were the second and third such attacks in four months and have prevented Web users from accessing our Web site and doing business with SCO," McBride said in an open letter to the community Tuesday. "There is no question about the affiliation of the attacker -- open source leader Eric Raymond was quoted as saying that he was contacted by the perpetrator and that 'he's one of us.' To Mr. Raymond's partial credit, he asked the attacker to stop. However, he has yet to disclose the identity of the perpetrator so that justice can be done."

In August, Raymond, president of the Open Source Initiative (OSI), acknowledged that the attacker was an "experienced Internet engineer." In a posting to internetnews.com sister site Linux Today, Raymond, while noting that he did not actually know the identity of the person responsible, said, "I had been hoping, and actually expecting, that the attacker would turn out to be some adolescent cracker with no real connection to the open-source community other than a willingness to stand down when one of its leaders asked. But no; I was told enough about his background and how he did it to be pretty sure he is one of us -- and I am ashamed for us all."

McBride said the failure of the community and Raymond to come forward and help apprehend the attacker raises questions about whether open source is ready to take a central role in business computing.

"We cannot have a situation in which companies fear they may be next to suffer computer attacks if they have a business or legal position that angers the open source community," McBride said in his letter. "Until these illegal attacks are brought under control, enterprise customers and mainstream society will become increasingly alienated from anyone associated with this type of behavior."

For his part, Raymond does not disagree that such attacks are harmful to the open source community.

"This attack was wrong, and it was dangerous to our goals," Raymond said, noting that many in the community feel that SCO is attempting to hijack their years of volunteer work on Linux. "I realize the provocation was extreme; since March, SCO has threatened, grossly insulted, and attacked our community and everything we've worked for. I'm certainly not without sympathy for the person who did this."

But Raymond also argued that the open source community must use the truth, not criminal methods, as its weapons.

"Nevertheless, we must never make this mistake again, whether against SCO or any other predator," he said. "When we use criminal means to fight them, no matter what the provocation is, we bring ourselves down to the level of the thieves and liars now running SCO. That is unethical and bad tactics to boot."

In his letter, McBride also jumped on an apparent admission by Bruce Perens, an oft-cited open source guru and former leader of the Debian project, that there is, in fact, some Unix System V source code in the Linux kernel.

"The second development was an admission by open source leader Bruce Perens that Unix System V code (owned by SCO) is, in fact, in Linux, and it shouldn't be there. Mr. Perens stated that there is 'an error in the Linux developer's process' which allowed Unix System V code that 'didn't belong in Linux' to end up in the Linux kernel," McBride said, citing an analysis of some SCO evidence (released by SCO at its August conference in Las Vegas) by Perens which was quoted by Computerwire. "Mr. Perens continued with a string of arguments to justify the 'error in the Linux developer's process.' However, nothing can change the fact that a Linux developer on the payroll of Silicon Graphics stripped copyright attributions from copyrighted System V code that was licensed to Silicon Graphics under strict conditions of use, and then contributed that source code into Linux as though it was clean code owned and controlled by SGI. This is a clear violation of SGI's contract and copyright obligations to SCO. We are currently working to try and resolve these issues with SGI."

McBride said the allegedly "improper contribution" by SGI is an example that reveals fundamental structural flaws in the Linux development process. Further, he said the intellectual property roots of Linux are flawed at a "systemic level" under the current model and raises the question whether open source "can be trusted as a development model for enterprise computing software."

But in the analysis cited by McBride, Perens claims the community did have a legal right to use the code, but it has been removed for technical reasons. He said it duplicated a function provided elsewhere, and shouldn't have been included.

"In this case there was an error in the Linux developer's process (at SGI), and we lucked out that it wasn't worse," Perens wrote. "It turns out that we have a legal right to use the code in question, but it doesn't belong in Linux and has been removed."

Perens said the code is included in code copyrighted by AT&T and released as open source under the BSD license by Caldera, which is now SCO.

McBride said open source developers need to shed their hacker roots, and develop a new model that incorporates contracts, copyrights and other intellectual property laws.

"If the open source community wants its products to be accepted by enterprise companies, the community itself must follow the rules and procedures that govern mainstream society," he said. "This is what global corporations will require. And it is these customers who will determine the ultimate fate of open source -- not SCO, not IBM, and not open source leaders."